starved: signal if guest was reading beyond end of payload
This commit is contained in:
Steffen Schulz
parent
95742719f5
commit
c12c6bd70d
@ -229,7 +229,12 @@ void reset_page_not_found_result_buffer(auxilary_buffer_t* auxilary_buffer){
|
|||||||
}
|
}
|
||||||
|
|
||||||
void set_success_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer, uint8_t success){
|
void set_success_auxiliary_result_buffer(auxilary_buffer_t* auxilary_buffer, uint8_t success){
|
||||||
|
//should refactor to let caller directly set the result codes
|
||||||
|
if (success == 2) {
|
||||||
|
VOLATILE_WRITE_8(auxilary_buffer->result.exec_result_code, rc_starved);
|
||||||
|
} else {
|
||||||
VOLATILE_WRITE_8(auxilary_buffer->result.exec_result_code, rc_success);
|
VOLATILE_WRITE_8(auxilary_buffer->result.exec_result_code, rc_success);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void set_payload_buffer_write_reason_auxiliary_buffer(auxilary_buffer_t* auxilary_buffer, char* msg, uint32_t len){
|
void set_payload_buffer_write_reason_auxiliary_buffer(auxilary_buffer_t* auxilary_buffer, char* msg, uint32_t len){
|
||||||
|
|||||||
@ -45,6 +45,7 @@ enum nyx_result_codes {
|
|||||||
rc_input_buffer_write = 4,
|
rc_input_buffer_write = 4,
|
||||||
rc_aborted = 5,
|
rc_aborted = 5,
|
||||||
rc_sanitizer = 6,
|
rc_sanitizer = 6,
|
||||||
|
rc_starved = 7,
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef struct auxilary_buffer_header_s{
|
typedef struct auxilary_buffer_header_s{
|
||||||
|
|||||||
@ -349,6 +349,13 @@ void handle_hypercall_kafl_release(struct kvm_run *run, CPUState *cpu, uint64_t
|
|||||||
if (init_state){
|
if (init_state){
|
||||||
init_state = false;
|
init_state = false;
|
||||||
} else {
|
} else {
|
||||||
|
//printf(CORE_PREFIX, "Got STARVED notification (num=%llu)\n", run->hypercall.args[0]);
|
||||||
|
if (run->hypercall.args[0] > 0) {
|
||||||
|
GET_GLOBAL_STATE()->starved = 1;
|
||||||
|
} else {
|
||||||
|
GET_GLOBAL_STATE()->starved = 0;
|
||||||
|
}
|
||||||
|
|
||||||
synchronization_disable_pt(cpu);
|
synchronization_disable_pt(cpu);
|
||||||
release_print_once(cpu);
|
release_print_once(cpu);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -89,6 +89,7 @@ void state_init_global(void){
|
|||||||
|
|
||||||
global_state.in_fuzzing_mode = false;
|
global_state.in_fuzzing_mode = false;
|
||||||
global_state.in_reload_mode = true;
|
global_state.in_reload_mode = true;
|
||||||
|
global_state.starved = false;
|
||||||
global_state.shutdown_requested = false;
|
global_state.shutdown_requested = false;
|
||||||
global_state.cow_cache_full = false;
|
global_state.cow_cache_full = false;
|
||||||
|
|
||||||
|
|||||||
@ -131,6 +131,7 @@ typedef struct qemu_nyx_state_s{
|
|||||||
|
|
||||||
bool in_fuzzing_mode;
|
bool in_fuzzing_mode;
|
||||||
bool in_reload_mode;
|
bool in_reload_mode;
|
||||||
|
bool starved;
|
||||||
|
|
||||||
bool shutdown_requested;
|
bool shutdown_requested;
|
||||||
bool cow_cache_full;
|
bool cow_cache_full;
|
||||||
|
|||||||
@ -291,6 +291,11 @@ void synchronization_lock(void){
|
|||||||
pthread_mutex_unlock(&synchronization_lock_mutex);
|
pthread_mutex_unlock(&synchronization_lock_mutex);
|
||||||
|
|
||||||
check_auxiliary_config_buffer(GET_GLOBAL_STATE()->auxilary_buffer, &GET_GLOBAL_STATE()->shadow_config);
|
check_auxiliary_config_buffer(GET_GLOBAL_STATE()->auxilary_buffer, &GET_GLOBAL_STATE()->shadow_config);
|
||||||
|
|
||||||
|
//set_success_auxiliary_result_buffer(GET_GLOBAL_STATE()->auxilary_buffer, 1);
|
||||||
|
if (GET_GLOBAL_STATE()->starved == true)
|
||||||
|
set_success_auxiliary_result_buffer(GET_GLOBAL_STATE()->auxilary_buffer, 2);
|
||||||
|
else
|
||||||
set_success_auxiliary_result_buffer(GET_GLOBAL_STATE()->auxilary_buffer, 1);
|
set_success_auxiliary_result_buffer(GET_GLOBAL_STATE()->auxilary_buffer, 1);
|
||||||
|
|
||||||
GET_GLOBAL_STATE()->pt_trace_size = 0;
|
GET_GLOBAL_STATE()->pt_trace_size = 0;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user