david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,486 Commits 1 Branch 0 Tags
Commit Graph

18 Commits

Author SHA1 Message Date
Sergej Schumilo
1f675b053a fix crash notifier injection 
Decide which crash notifier (32bit or 64bit) to inject, based on the
current memory mode instead of the current CPU mode. Otherwise, in the
case of a 32bit loader running on a 64bit operating system, the wrong
notifier code will be injected.
 2022-02-23 10:26:02 +01:00
Sergej Schumilo
b95d6b9236 fix a global oob read 
Use an additional constant to specifiy the size of the crash notifier
code in 32 bit mode (submit_panic / submit_kasan).
 2022-02-23 08:55:00 +01:00
Steffen Schulz
29f06964a9 fix hprintf EOL handling 
All other uses of misc buffer do not include 0 byte in length..
 2022-02-11 10:45:30 -08:00
Steffen Schulz
6b4661a758 dump_file hypercall: support mkstemps() template with suffix 2022-02-11 10:45:30 -08:00
Steffen Schulz
7b9bd18dc3 refactor 'redqueen trace' to separate redqueen_trace.c 2022-02-11 10:45:30 -08:00
Steffen Schulz
d81b846608 dump_file: check for NULL filename, support mkstemp() template 2022-02-11 10:45:30 -08:00
Steffen Schulz
0b6ec2cf72 kafl_dump_file: cleanups + select random filename if none provided 2022-02-11 10:45:30 -08:00
Steffen Schulz
169b084df5 report KVM_EXIT_SHUTDOWN and UNKNOWN_ERROR as panic events 2022-02-11 10:45:30 -08:00
Steffen Schulz
c12c6bd70d starved: signal if guest was reading beyond end of payload 2022-02-11 10:45:30 -08:00
Steffen Schulz
95742719f5 use 32bit kasan/panic notifier payload when on 32bit 2022-02-08 23:38:20 +01:00
Steffen Schulz
35c4f356ab patch KASAN hypercall back in 2022-02-08 23:38:20 +01:00
Sergej Schumilo
c2c69cfc52 abort if a configuration was not set or received 
(via GET_HOST / SET_AGENT) or if either was executed twice
 2022-01-21 20:23:52 +01:00
Sergej Schumilo
7af65d1fdc add various improvements: 
- root snapshot serialization / deserialization
	- abort if specific hypercalls are called during fuzzing
	- ignore requests to disable write protection
 2022-01-20 03:43:12 +01:00
Sergej Schumilo
42d434e28f add several improvements: 
- Intel PT page dump feature works now
- size of input and bitmap buffers are configurable
- new aux buffer layout
- various bug fixes
 2022-01-18 10:10:04 +01:00
Sergej Schumilo
17bf3b6fd6 cleanup in hypercall.c 2022-01-11 04:21:55 +01:00
Sergej Schumilo
dd9f586327 disable unused hypercalls 2022-01-11 04:16:34 +01:00
Sergej Schumilo
73b5a07740 report an error to the front-end in case the agent fails to initialize the fuzzing loop 2022-01-11 03:07:30 +01:00
Sergej Schumilo
681b4a8179 move hypercall.c / hypercall.h 2022-01-10 01:02:27 +01:00