david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

better nyx_abort()

Browse Source 
Let nyx_abort() take a format string and replace instances of
fprintf/nyx_debug with subsequent nyx_abort / abort / assert.
This commit is contained in:
Steffen Schulz 2022-11-04 16:46:40 -07:00 committed by Sergej Schumilo
parent e6159806aa
commit ab4fbeadef
5 changed files with 35 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nyx/helpers.c
View File

@ -1,6 +1,7 @@
#include "qemu/osdep.h" #include "qemu/osdep.h"
#include <linux/kvm.h> #include <linux/kvm.h>
#include <stdarg.h>
#include <stdint.h> #include <stdint.h>
#include <stdio.h> #include <stdio.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
@ -17,10 +18,19 @@
#include "nyx/memory_access.h" #include "nyx/memory_access.h"
#include "nyx/state/state.h" #include "nyx/state/state.h"
void nyx_abort(char *msg) void nyx_abort(const char *fmt, ...)
{ {
static char msg[512];
uint32_t msglen = 0;
va_list ap;
va_start(ap, fmt);
msglen = vsnprintf(msg, sizeof(msg), fmt, ap);
va_end(ap);
nyx_error("%s\n", msg);
set_abort_reason_auxiliary_buffer(GET_GLOBAL_STATE()->auxilary_buffer, msg, set_abort_reason_auxiliary_buffer(GET_GLOBAL_STATE()->auxilary_buffer, msg,
strlen(msg)); msglen);
synchronization_lock(); synchronization_lock();
exit(1); exit(1);
} }
@ -28,11 +38,7 @@ void nyx_abort(char *msg)
bool is_called_in_fuzzing_mode(const char *hypercall) bool is_called_in_fuzzing_mode(const char *hypercall)
{ {
if (GET_GLOBAL_STATE()->in_fuzzing_mode) { if (GET_GLOBAL_STATE()->in_fuzzing_mode) {
char *tmp = NULL; nyx_abort("Hypercall <%s> not allowed during fuzzing!", hypercall);
assert(asprintf(&tmp, "Hypercall <%s> called during fuzzing...", hypercall) !=
-1);
nyx_abort((char *)tmp);
free(tmp);
return true; return true;
} }
return false; return false;

2
nyx/helpers.h
View File

@ -7,7 +7,7 @@ typedef struct nyx_coverage_bitmap_copy_s {
void *ijon_bitmap_buffer; void *ijon_bitmap_buffer;
} nyx_coverage_bitmap_copy_t; } nyx_coverage_bitmap_copy_t;
void nyx_abort(char *msg); void nyx_abort(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
bool is_called_in_fuzzing_mode(const char *hypercall); bool is_called_in_fuzzing_mode(const char *hypercall);
nyx_coverage_bitmap_copy_t *new_coverage_bitmaps(void); nyx_coverage_bitmap_copy_t *new_coverage_bitmaps(void);

9
nyx/hypercall/debug.c
View File

@ -109,11 +109,6 @@ void handle_hypercall_kafl_debug_tmp_snapshot(struct kvm_run *run,
CPUState *cpu, CPUState *cpu,
uint64_t hypercall_arg) uint64_t hypercall_arg)
{ {
fprintf(stderr, "[QEMU-Nyx] Error: HYPERCALL_KAFL_DEBUG_TMP not enabled!\n"); nyx_abort("Error: HYPERCALL_KAFL_DEBUG_TMP not enabled!\n");
set_abort_reason_auxiliary_buffer(
GET_GLOBAL_STATE()->auxilary_buffer,
(char *)"HYPERCALL_KAFL_DEBUG_TMP is not enabled.",
strlen("HYPERCALL_KAFL_DEBUG_TMP is not enabled."));
synchronization_lock();
} }
#endif #endif

38
nyx/hypercall/hypercall.c
View File

@ -105,8 +105,7 @@ bool handle_hypercall_kafl_next_payload(struct kvm_run *run,
} else { } else {
if (GET_GLOBAL_STATE()->set_agent_config_done == false) { if (GET_GLOBAL_STATE()->set_agent_config_done == false) {
nyx_abort( nyx_abort("KVM_EXIT_KAFL_SET_AGENT_CONFIG was not called.");
(char *)"KVM_EXIT_KAFL_SET_AGENT_CONFIG was not called...");
return false; return false;
} }
@ -175,7 +174,7 @@ static void handle_hypercall_get_payload(struct kvm_run *run,
} }
if (GET_GLOBAL_STATE()->get_host_config_done == false) { if (GET_GLOBAL_STATE()->get_host_config_done == false) {
nyx_abort((char *)"KVM_EXIT_KAFL_GET_HOST_CONFIG was not called..."); nyx_abort("KVM_EXIT_KAFL_GET_HOST_CONFIG was not called...");
return; return;
} }
@ -189,9 +188,7 @@ static void handle_hypercall_get_payload(struct kvm_run *run,
// print_48_pagetables(GET_GLOBAL_STATE()->parent_cr3); // print_48_pagetables(GET_GLOBAL_STATE()->parent_cr3);
if (hypercall_arg & 0xFFF) { if (hypercall_arg & 0xFFF) {
fprintf(stderr, "[QEMU-Nyx] Error: Payload buffer is not page-aligned! (0x%lx)\n", nyx_abort("Payload buffer at 0x%lx is not page-aligned!", hypercall_arg);
hypercall_arg);
abort();
} }
remap_payload_buffer(hypercall_arg, cpu); remap_payload_buffer(hypercall_arg, cpu);
@ -518,8 +515,7 @@ void handle_hypercall_kafl_panic(struct kvm_run *run,
} }
synchronization_lock_crash_found(); synchronization_lock_crash_found();
} else { } else {
nyx_abort( nyx_abort("Agent has crashed before initializing the fuzzing loop...");
(char *)"Agent has crashed before initializing the fuzzing loop...");
} }
} }
} }
@ -545,22 +541,17 @@ static void handle_hypercall_kafl_panic_extended(struct kvm_run *run,
CPUState *cpu, CPUState *cpu,
uint64_t hypercall_arg) uint64_t hypercall_arg)
{ {
read_virtual_memory(hypercall_arg, (uint8_t *)hprintf_buffer, HPRINTF_SIZE, cpu);
if (fast_reload_snapshot_exists(get_fast_reload_snapshot()) && if (fast_reload_snapshot_exists(get_fast_reload_snapshot()) &&
GET_GLOBAL_STATE()->in_fuzzing_mode) GET_GLOBAL_STATE()->in_fuzzing_mode)
{ {
read_virtual_memory(hypercall_arg, (uint8_t *)hprintf_buffer, HPRINTF_SIZE,
cpu);
set_crash_reason_auxiliary_buffer(GET_GLOBAL_STATE()->auxilary_buffer, set_crash_reason_auxiliary_buffer(GET_GLOBAL_STATE()->auxilary_buffer,
hprintf_buffer, strlen(hprintf_buffer)); hprintf_buffer, strlen(hprintf_buffer));
synchronization_lock_crash_found(); synchronization_lock_crash_found();
} else { } else {
read_virtual_memory(hypercall_arg, (uint8_t *)hprintf_buffer, HPRINTF_SIZE, nyx_abort("Agent has crashed before initializing the fuzzing loop: %s",
cpu); hprintf_buffer);
char *report = NULL;
assert(asprintf(&report,
"Agent has crashed before initializing the fuzzing loop: %s",
hprintf_buffer) != -1);
nyx_abort(report);
} }
} }
@ -870,13 +861,11 @@ int handle_kafl_hypercall(struct kvm_run *run,
ret = 0; ret = 0;
break; break;
case KVM_EXIT_KAFL_GET_PROGRAM: case KVM_EXIT_KAFL_GET_PROGRAM:
nyx_abort( nyx_abort("Hypercall is deprecated: HYPERCALL_KAFL_GET_PROGRAM");
(char *)"Deprecated hypercall called (HYPERCALL_KAFL_GET_PROGRAM)...");
ret = 0; ret = 0;
break; break;
case KVM_EXIT_KAFL_GET_ARGV: case KVM_EXIT_KAFL_GET_ARGV:
nyx_abort( nyx_abort("Hypercall is deprecated: HYPERCALL_KAFL_GET_ARGV");
(char *)"Deprecated hypercall called (HYPERCALL_KAFL_GET_ARGV)...");
ret = 0; ret = 0;
break; break;
case KVM_EXIT_KAFL_RELEASE: case KVM_EXIT_KAFL_RELEASE:
@ -908,7 +897,7 @@ int handle_kafl_hypercall(struct kvm_run *run,
ret = 0; ret = 0;
break; break;
case KVM_EXIT_KAFL_INFO: case KVM_EXIT_KAFL_INFO:
nyx_abort((char *)"Deprecated hypercall called (HYPERCALL_KAFL_INFO)..."); nyx_abort("Hypercall is deprecated: HYPERCALL_KAFL_INFO");
ret = 0; ret = 0;
break; break;
case KVM_EXIT_KAFL_NEXT_PAYLOAD: case KVM_EXIT_KAFL_NEXT_PAYLOAD:
@ -920,12 +909,11 @@ int handle_kafl_hypercall(struct kvm_run *run,
ret = 0; ret = 0;
break; break;
case KVM_EXIT_KAFL_PRINTK_ADDR: case KVM_EXIT_KAFL_PRINTK_ADDR:
nyx_abort( nyx_abort("Hypercall is deprecated: KVM_EXIT_KAFL_PRINTK_ADDR");
(char *)"Deprecated hypercall called (KVM_EXIT_KAFL_PRINTK_ADDR)...");
ret = 0; ret = 0;
break; break;
case KVM_EXIT_KAFL_PRINTK: case KVM_EXIT_KAFL_PRINTK:
nyx_abort((char *)"Deprecated hypercall called (KVM_EXIT_KAFL_PRINTK)..."); nyx_abort("Hypercall is deprecated: KVM_EXIT_KAFL_PRINTK");
ret = 0; ret = 0;
break; break;
case KVM_EXIT_KAFL_USER_RANGE_ADVISE: case KVM_EXIT_KAFL_USER_RANGE_ADVISE:

15
nyx/trace_dump.c
View File

@ -30,9 +30,8 @@ void pt_trace_dump_init(char *filename)
test_fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644); test_fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644);
if (test_fd < 0) if (test_fd < 0)
fprintf(stderr, "Error accessing pt_dump output path %s: %s", nyx_abort("Error accessing pt_dump output path %s: %s",
pt_trace_dump_filename, strerror(errno)); pt_trace_dump_filename, strerror(errno));
assert(test_fd >= 0);
pt_trace_dump_filename = strdup(filename); pt_trace_dump_filename = strdup(filename);
assert(pt_trace_dump_filename); assert(pt_trace_dump_filename);
@ -47,9 +46,8 @@ void pt_truncate_pt_dump_file(void)
fd = open(pt_trace_dump_filename, O_CREAT | O_TRUNC | O_WRONLY, 0644); fd = open(pt_trace_dump_filename, O_CREAT | O_TRUNC | O_WRONLY, 0644);
if (fd < 0) { if (fd < 0) {
fprintf(stderr, "Error truncating %s: %s\n", pt_trace_dump_filename, nyx_abort("Error truncating %s: %s\n", pt_trace_dump_filename,
strerror(errno)); strerror(errno));
assert(0);
} }
close(fd); close(fd);
} }
@ -63,9 +61,8 @@ void pt_write_pt_dump_file(uint8_t *data, size_t bytes)
fd = open(pt_trace_dump_filename, O_APPEND | O_WRONLY, 0644); fd = open(pt_trace_dump_filename, O_APPEND | O_WRONLY, 0644);
if (fd < 0) { if (fd < 0) {
fprintf(stderr, "Error writing pt_trace_dump to %s: %s\n", nyx_abort("Error writing pt_trace_dump to %s: %s\n", pt_trace_dump_filename,
pt_trace_dump_filename, strerror(errno)); strerror(errno));
assert(0);
} }
assert(bytes == write(fd, data, bytes)); assert(bytes == write(fd, data, bytes));
close(fd); close(fd);