Don't run libxdc

2025-08-19 13:41:52 +02:00 · 2025-08-19 13:41:52 +02:00 · fd01132cad
commit fd01132cad
parent ff1c897321
4 changed files with 4 additions and 80 deletions
--- a/nyx/hypercall/hypercall.c
+++ b/nyx/hypercall/hypercall.c
@ -119,7 +119,6 @@ bool handle_hypercall_kafl_next_payload(struct kvm_run *run,
                            pt_enable_ip_filtering(cpu, i, true, false);
                        }
                    }
-                    pt_init_decoder(cpu);
                }
                request_fast_vm_reload(GET_GLOBAL_STATE()->reload_state,
                                       REQUEST_LOAD_SNAPSHOT_ROOT);
--- a/nyx/nested_hypercalls.c
+++ b/nyx/nested_hypercalls.c
@ -167,7 +167,6 @@ void handle_hypercall_kafl_nested_acquire(struct kvm_run *run,
                pt_enable_ip_filtering(cpu, i, true, false);
            }
        }
-        pt_init_decoder(cpu);


        qemu_mutex_lock_iothread();
--- a/nyx/pt.c
+++ b/nyx/pt.c
@ -21,7 +21,6 @@ along with QEMU-PT.  If not, see <http://www.gnu.org/licenses/>.

 #include "qemu/osdep.h"

-#include <libxdc.h>
 #include <linux/kvm.h>
 #include <sys/ioctl.h>
 #include <sys/mman.h>
@ -92,37 +91,11 @@ static inline int pt_ioctl(int fd, unsigned long request, unsigned long arg)

 void pt_dump(CPUState *cpu, int bytes)
 {
-    if (!(GET_GLOBAL_STATE()->redqueen_state &&
-          GET_GLOBAL_STATE()->redqueen_state->intercept_mode))
+    nyx_debug("Dumping file...");
+    if (GET_GLOBAL_STATE()->in_fuzzing_mode && !GET_GLOBAL_STATE()->dump_page)
    {
-        if (GET_GLOBAL_STATE()->in_fuzzing_mode &&
-            GET_GLOBAL_STATE()->decoder_page_fault == false &&
-            GET_GLOBAL_STATE()->decoder && !GET_GLOBAL_STATE()->dump_page)
-        {
-            GET_GLOBAL_STATE()->pt_trace_size += bytes;
-            pt_write_pt_dump_file(cpu->pt_mmap, bytes);
-            decoder_result_t result =
-                libxdc_decode(GET_GLOBAL_STATE()->decoder, cpu->pt_mmap, bytes);
-            switch (result) {
-            case decoder_success:
-                break;
-            case decoder_success_pt_overflow:
-                cpu->intel_pt_run_trashed = true;
-                break;
-            case decoder_page_fault:
-                // nyx_warn("Page not found => 0x%lx\n", libxdc_get_page_fault_addr(GET_GLOBAL_STATE()->decoder));
-                GET_GLOBAL_STATE()->decoder_page_fault = true;
-                GET_GLOBAL_STATE()->decoder_page_fault_addr =
-                    libxdc_get_page_fault_addr(GET_GLOBAL_STATE()->decoder);
-                break;
-            case decoder_unkown_packet:
-                nyx_warn("libxdc_decode returned unknown_packet\n");
-                break;
-            case decoder_error:
-                nyx_warn("libxdc_decode returned decoder_error\n");
-                break;
-            }
-        }
+        GET_GLOBAL_STATE()->pt_trace_size += bytes;
+        pt_write_pt_dump_file(cpu->pt_mmap, bytes);
    }
 }

@ -210,51 +183,6 @@ int pt_enable_ip_filtering(CPUState *cpu, uint8_t addrn, bool redqueen, bool hmp
    return r;
 }

-void pt_init_decoder(CPUState *cpu)
-{
-    uint64_t filters[4][2] = { 0 };
-
-    /* TODO time to clean up this code -.- */
-    filters[0][0] = GET_GLOBAL_STATE()->pt_ip_filter_a[0];
-    filters[0][1] = GET_GLOBAL_STATE()->pt_ip_filter_b[0];
-    filters[1][0] = GET_GLOBAL_STATE()->pt_ip_filter_a[1];
-    filters[1][1] = GET_GLOBAL_STATE()->pt_ip_filter_b[1];
-    filters[2][0] = GET_GLOBAL_STATE()->pt_ip_filter_a[2];
-    filters[2][1] = GET_GLOBAL_STATE()->pt_ip_filter_b[2];
-    filters[3][0] = GET_GLOBAL_STATE()->pt_ip_filter_a[3];
-    filters[3][1] = GET_GLOBAL_STATE()->pt_ip_filter_b[3];
-
-    assert(GET_GLOBAL_STATE()->decoder == NULL);
-    assert(GET_GLOBAL_STATE()->shared_bitmap_ptr != NULL);
-    assert(GET_GLOBAL_STATE()->shared_bitmap_size != 0);
-
-
-    if (GET_GLOBAL_STATE()->pt_ip_filter_configured[0] == false && 
-        GET_GLOBAL_STATE()->pt_ip_filter_configured[1] == false && 
-        GET_GLOBAL_STATE()->pt_ip_filter_configured[2] == false && 
-        GET_GLOBAL_STATE()->pt_ip_filter_configured[3] == false) {
-        nyx_abort("Intel PT mode cannot be enabled without any IP filters configured...\n");
-    }
-
-    GET_GLOBAL_STATE()->decoder =
-        libxdc_init(filters, (void *(*)(void *, uint64_t, bool *))page_cache_fetch2,
-                    GET_GLOBAL_STATE()->page_cache,
-                    GET_GLOBAL_STATE()->shared_bitmap_ptr,
-                    GET_GLOBAL_STATE()->shared_bitmap_size);
-
-    if (GET_GLOBAL_STATE()->decoder == (void*)-1) {
-        nyx_abort("libxdc_init() has failed ...\n");
-    }
-
-    libxdc_register_bb_callback(GET_GLOBAL_STATE()->decoder,
-                                (void (*)(void *, disassembler_mode_t, uint64_t,
-                                          uint64_t))redqueen_callback,
-                                GET_GLOBAL_STATE()->redqueen_state);
-
-    alt_bitmap_init(GET_GLOBAL_STATE()->shared_bitmap_ptr,
-                    GET_GLOBAL_STATE()->shared_bitmap_size);
-}
-
 int pt_disable_ip_filtering(CPUState *cpu, uint8_t addrn, bool hmp_mode)
 {
    int r = 0;
--- a/nyx/pt.h
+++ b/nyx/pt.h
@ -22,8 +22,6 @@ along with QEMU-PT.  If not, see <http://www.gnu.org/licenses/>.
 #ifndef PT_H
 #define PT_H

-void pt_init_decoder(CPUState *cpu);
-
 int pt_enable(CPUState *cpu, bool hmp_mode);
 int pt_disable(CPUState *cpu, bool hmp_mode);
 int pt_enable_ip_filtering(CPUState *cpu, uint8_t addrn, bool redqueen, bool hmp_mode);