david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,582 Commits 1 Branch 0 Tags
Commit Graph

44 Commits

Author SHA1 Message Date
David Venhoff
fd01132cad Don't run libxdc 2025-08-19 13:41:52 +02:00
Sergej Schumilo
1def26f83e fix non-ipt mode 2024-01-20 21:26:18 +01:00
Sergej Schumilo
a09d3ae2e6 add support to configure aux buffer size via args 2023-08-03 09:19:31 +02:00
Sergej Schumilo
5dae6ab764 split FDL and PT mode 
- PT mode now works with both FDL and dirty ring backend
as in-kernel dirty page trackers.
 2023-03-06 07:32:21 +01:00
Sergej Schumilo
37717f5ebf fix ram offset translation for pc_piix and q35 2023-01-19 17:01:38 +01:00
Sergej Schumilo
96f98e0b8d add debug hypercall (ram offset) 
- to test translation from virtual to ram offset addresses
 2023-01-19 17:01:38 +01:00
Sergej Schumilo
f35362b987 add debug hypercall for testing kcore-dumps 2023-01-19 17:01:38 +01:00
Steffen Schulz
21368bc0d9 minor 
- use more symmetric message for GET_HOST_CONFIG
- the char* cast won't be needed once we have 'better errors' merged
 2022-12-15 11:25:52 +01:00
Sergej Schumilo
ab9a1be9fe Fix previous patch (GET_HOST / SET_AGENT config) 
- fix debug mode (by including nyx/debug.h)
- call qemu_trace() only if host_config has already been requested once
- change nyx_abort message back to previous one (otherwise some tests will break)
 2022-12-15 11:25:52 +01:00
Steffen Schulz
2889f88a00 Allow multiple GET_HOST_CONFIG, but abort on SET_AGENT_CONFIG 
GET_HOST_CONFIG may be queried multiple times to verify host
magic/version info by different tools. Only inform in debug mode.
 2022-12-15 11:25:52 +01:00
Sergej Schumilo
eb1b6e6da6 change pre_image error message to debug msg 2022-12-15 11:23:53 +01:00
Steffen Schulz
2f869ed3e1 replace printf + exit() with nyx_abort() 
- Replace instances of error/printf + exit(1) with nyx_abort(), except
  for one instance where we don't give any useful error and a plain
  assert() seems more appropriate

- Remove [Qemu-Nyx] and Error: in arguments to nyx_error()
 2022-12-15 11:23:53 +01:00
Steffen Schulz
b40f7c60e9 more missing newlines, fix use of warn/error 
- replace several hardcoded fprintf()
- use of warn vs error or nyx_abort()
- several more missing newlines
- fixed up messages
 2022-12-15 11:23:53 +01:00
Steffen Schulz
ab4fbeadef better nyx_abort() 
Let nyx_abort() take a format string and replace instances of
fprintf/nyx_debug with subsequent nyx_abort / abort / assert.
 2022-12-15 11:23:53 +01:00
Steffen Schulz
3be0ec292e fix req_stream_data_bulk() return size 
Hypercall failed to handle the default case where 0 < ret_value < 4096.
The handler keeps looping over num_addresses, returning a too large
overall file size to the guest.

For a 4 byte test file, hget_bulk() would fetch + write 960 bytes.

Also moved struct definition to header + set __attribute__((packed)).
 2022-11-21 07:05:27 +01:00
Sergej Schumilo
8a88edc2a1 auto-apply clang-format 
- including vl.c & kvm-all.c
 2022-10-16 23:51:13 +02:00
Sergej Schumilo
e4269fc973 manual code cleanups (reviewed) 
Tried to minimize actual code modifcations but we got
- several comments/printf messages edited to meet line limits
- occasionally switch some lines to put declarations or printfs in blocks
- couple more places marked TODO or FIXME to avoid non-trivial changes
- fixed PAGE_SIZE define in helpers.h to avoid redeclaration warning
- remove several chunks of dead or commented code

Co-authored-by: Steffen Schulz <steffen.schulz@intel.com>
 2022-10-16 23:51:13 +02:00
Sergej Schumilo
80f22f77d6 fix usage of nyx_debug_p() (add missing prefix) 2022-09-22 05:19:45 +02:00
Steffen Schulz
e83025a145 replace custom printf with nyx_<level>() wrappers 
This introduces generic printf wrappers to replace the various
instances of debug_printf, fprintf, QEMU_PR_PRINTF etc.

Several more hardcoded printf() are still present and should probably be
replaced with nyx_debug_p().
 2022-09-22 05:07:37 +02:00
Steffen Schulz
bd34c46b85 fix printf format string errors 2022-09-22 05:07:37 +02:00
Sergej Schumilo
108fa3baf9 fix starved bug in vanilla kvm mode (caused by reading of uninitialized memory) 2022-05-11 18:00:12 +02:00
Sergej Schumilo
758e65871b update NYX_HOST_VERSION 2022-04-07 10:58:16 +02:00
Sergej Schumilo
ea4bdcd6d9
Merge pull request #7 from c01db33f/qemu-nyx-4.2.0 
Reimplemented x86_64 page table walking code.
 2022-04-07 07:09:14 +02:00
Mark Brand
e7f63f4401 Reimplemented x86_64 page table walking code. 2022-03-18 10:31:38 +01:00
Sergej Schumilo
1f675b053a fix crash notifier injection 
Decide which crash notifier (32bit or 64bit) to inject, based on the
current memory mode instead of the current CPU mode. Otherwise, in the
case of a 32bit loader running on a 64bit operating system, the wrong
notifier code will be injected.
 2022-02-23 10:26:02 +01:00
Sergej Schumilo
b95d6b9236 fix a global oob read 
Use an additional constant to specifiy the size of the crash notifier
code in 32 bit mode (submit_panic / submit_kasan).
 2022-02-23 08:55:00 +01:00
Steffen Schulz
29f06964a9 fix hprintf EOL handling 
All other uses of misc buffer do not include 0 byte in length..
 2022-02-11 10:45:30 -08:00
Steffen Schulz
6b4661a758 dump_file hypercall: support mkstemps() template with suffix 2022-02-11 10:45:30 -08:00
Steffen Schulz
7b9bd18dc3 refactor 'redqueen trace' to separate redqueen_trace.c 2022-02-11 10:45:30 -08:00
Steffen Schulz
d81b846608 dump_file: check for NULL filename, support mkstemp() template 2022-02-11 10:45:30 -08:00
Steffen Schulz
68f74353b2 record worker_id in state and report via KAFL_HYPERCALL_GET_HOST_CONFIG 
Modifies elements of host_config_t - update guest agent struct!
 2022-02-11 10:45:30 -08:00
Steffen Schulz
0b6ec2cf72 kafl_dump_file: cleanups + select random filename if none provided 2022-02-11 10:45:30 -08:00
Steffen Schulz
169b084df5 report KVM_EXIT_SHUTDOWN and UNKNOWN_ERROR as panic events 2022-02-11 10:45:30 -08:00
Steffen Schulz
c12c6bd70d starved: signal if guest was reading beyond end of payload 2022-02-11 10:45:30 -08:00
Steffen Schulz
95742719f5 use 32bit kasan/panic notifier payload when on 32bit 2022-02-08 23:38:20 +01:00
Steffen Schulz
35c4f356ab patch KASAN hypercall back in 2022-02-08 23:38:20 +01:00
Sergej Schumilo
c2c69cfc52 abort if a configuration was not set or received 
(via GET_HOST / SET_AGENT) or if either was executed twice
 2022-01-21 20:23:52 +01:00
Sergej Schumilo
7af65d1fdc add various improvements: 
- root snapshot serialization / deserialization
	- abort if specific hypercalls are called during fuzzing
	- ignore requests to disable write protection
 2022-01-20 03:43:12 +01:00
Sergej Schumilo
42d434e28f add several improvements: 
- Intel PT page dump feature works now
- size of input and bitmap buffers are configurable
- new aux buffer layout
- various bug fixes
 2022-01-18 10:10:04 +01:00
Sergej Schumilo
39a646fb4c update configuration hypercalls 2022-01-11 04:22:34 +01:00
Sergej Schumilo
17bf3b6fd6 cleanup in hypercall.c 2022-01-11 04:21:55 +01:00
Sergej Schumilo
dd9f586327 disable unused hypercalls 2022-01-11 04:16:34 +01:00
Sergej Schumilo
73b5a07740 report an error to the front-end in case the agent fails to initialize the fuzzing loop 2022-01-11 03:07:30 +01:00
Sergej Schumilo
681b4a8179 move hypercall.c / hypercall.h 2022-01-10 01:02:27 +01:00