david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix runtime_usec wraparound in aux_buffer

Browse Source 
To reproduce the issue, launch fast running harness with aux_buffer->timeout_usec=0 and timeout_sec=1
This commit is contained in:
Steffen Schulz 2022-05-01 18:34:28 -07:00 committed by Sergej Schumilo
parent 9959725652
commit a2ee5ef587
3 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nyx/auxiliary_buffer.c
View File

@ -187,7 +187,7 @@ void set_pt_overflow_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer)
VOLATILE_WRITE_8(auxilary_buffer->result.pt_overflow, 1); VOLATILE_WRITE_8(auxilary_buffer->result.pt_overflow, 1);
} }
void set_exec_done_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer, uint8_t sec, uint32_t usec, uint32_t num_dirty_pages){ void set_exec_done_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer, uint32_t sec, uint32_t usec, uint32_t num_dirty_pages){
VOLATILE_WRITE_8(auxilary_buffer->result.exec_done, 1); VOLATILE_WRITE_8(auxilary_buffer->result.exec_done, 1);
VOLATILE_WRITE_32(auxilary_buffer->result.runtime_sec, sec); VOLATILE_WRITE_32(auxilary_buffer->result.runtime_sec, sec);

2
nyx/auxiliary_buffer.h
View File

@ -155,7 +155,7 @@ void set_asan_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer);
void set_timeout_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer); void set_timeout_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer);
void set_reload_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer); void set_reload_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer);
void set_pt_overflow_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer); void set_pt_overflow_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer);
void set_exec_done_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer, uint8_t sec, uint32_t usec, uint32_t num_dirty_pages); void set_exec_done_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer, uint32_t sec, uint32_t usec, uint32_t num_dirty_pages);
void set_state_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer, uint8_t state); void set_state_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer, uint8_t state);
void set_hprintf_auxiliary_buffer(auxilary_buffer_t* auxilary_buffer, char* msg, uint32_t len); void set_hprintf_auxiliary_buffer(auxilary_buffer_t* auxilary_buffer, char* msg, uint32_t len);

15
nyx/synchronization.c
View File

@ -245,15 +245,26 @@ void synchronization_lock_hprintf(void){
} }
void synchronization_lock(void){ void synchronization_lock(void){
timeout_detector_t timer = GET_GLOBAL_STATE()->timeout_detector;
pthread_mutex_lock(&synchronization_lock_mutex); pthread_mutex_lock(&synchronization_lock_mutex);
run_counter++; run_counter++;
if(qemu_get_cpu(0)->intel_pt_run_trashed){ if(qemu_get_cpu(0)->intel_pt_run_trashed){
set_pt_overflow_auxiliary_result_buffer(GET_GLOBAL_STATE()->auxilary_buffer); set_pt_overflow_auxiliary_result_buffer(GET_GLOBAL_STATE()->auxilary_buffer);
} }
long runtime_sec = timer.config.tv_sec - timer.alarm.it_value.tv_sec;
long runtime_usec = timer.config.tv_usec - timer.alarm.it_value.tv_usec;
if (runtime_usec < 0) {
if (runtime_sec < 1) {
fprintf(stderr, "Error: negative payload runtime?!\n");
}
runtime_sec -= 1;
runtime_usec = timer.config.tv_usec - timer.alarm.it_value.tv_usec + 1000000;
}
set_exec_done_auxiliary_result_buffer(GET_GLOBAL_STATE()->auxilary_buffer, set_exec_done_auxiliary_result_buffer(GET_GLOBAL_STATE()->auxilary_buffer,
GET_GLOBAL_STATE()->timeout_detector.timeout_sec - GET_GLOBAL_STATE()->timeout_detector.arm_timeout.it_value.tv_sec, runtime_sec, runtime_usec,
GET_GLOBAL_STATE()->timeout_detector.timeout_usec - (uint32_t)GET_GLOBAL_STATE()->timeout_detector.arm_timeout.it_value.tv_usec,
GET_GLOBAL_STATE()->num_dirty_pages); GET_GLOBAL_STATE()->num_dirty_pages);
/* /*
if(last_timeout){ if(last_timeout){