make size of primary CoW buffer configurable

2021-12-10 01:11:47 +01:00 · 2021-12-10 01:11:47 +01:00 · 1927a0ab83
commit 1927a0ab83
parent 4134f7d64b
4 changed files with 25 additions and 0 deletions
--- a/config/src/config.rs
+++ b/config/src/config.rs
@ -131,6 +131,7 @@ pub struct FuzzerConfig {
    pub dump_python_code_for_inputs: Option<bool>,
    pub exit_after_first_crash: bool,
    pub write_protected_input_buffer: bool,
+    pub cow_primary_size: Option<u64>,
 }
 impl FuzzerConfig{
    pub fn new_from_loader(sharedir: &str, default: FuzzerConfigLoader, config: FuzzerConfigLoader) -> Self {
@ -159,6 +160,7 @@ impl FuzzerConfig{
            dump_python_code_for_inputs: config.dump_python_code_for_inputs.or(default.dump_python_code_for_inputs),
            exit_after_first_crash: config.exit_after_first_crash.unwrap_or(default.exit_after_first_crash.unwrap_or(false)),
            write_protected_input_buffer: config.write_protected_input_buffer,
+            cow_primary_size: if config.cow_primary_size != 0 { Some( config.cow_primary_size as u64) } else { None },
        }
    }
 }
--- a/config/src/loader.rs
+++ b/config/src/loader.rs
@ -39,6 +39,9 @@ pub struct FuzzerConfigLoader {
    #[serde(default = "default_write_protected_input_buffer")]
    pub write_protected_input_buffer: bool,

+    #[serde(default = "default_cow_primary_size")]
+    pub cow_primary_size: u64,
+
    pub workdir_path: Option<String>,
    pub bitmap_size: Option<usize>,
    pub mem_limit: Option<usize>,
@ -58,6 +61,10 @@ fn default_write_protected_input_buffer() -> bool {
    false
 }

+fn default_cow_primary_size() -> u64 {
+    0
+}
+
 #[derive(Clone, Serialize, Deserialize)]
 pub struct ConfigLoader {
    pub include_default_config_path: Option<String>,
--- a/fuzz_runner/src/nyx/mod.rs
+++ b/fuzz_runner/src/nyx/mod.rs
@ -38,6 +38,7 @@ pub fn qemu_process_new_from_kernel(sharedir: String, cfg: &QemuKernelConfig, fu
            Some(x) => x,
        },
        write_protected_input_buffer: fuzz_cfg.write_protected_input_buffer,
+        cow_primary_size: fuzz_cfg.cow_primary_size, 
    };
    let qemu_id =  fuzz_cfg.thread_id;
    let qemu_params = params::QemuParams::new_from_kernel(&fuzz_cfg.workdir_path, qemu_id, &params, fuzz_cfg.threads > 1);
@ -78,6 +79,7 @@ pub fn qemu_process_new_from_snapshot(sharedir: String, cfg: &QemuSnapshotConfig
            Some(x) => x,
        },
        write_protected_input_buffer: fuzz_cfg.write_protected_input_buffer,
+        cow_primary_size: fuzz_cfg.cow_primary_size, 
    };
    let qemu_id = fuzz_cfg.thread_id;
    let qemu_params = params::QemuParams::new_from_snapshot(&fuzz_cfg.workdir_path, qemu_id, fuzz_cfg.cpu_pin_start_at, &params, fuzz_cfg.threads > 1);
--- a/fuzz_runner/src/nyx/params.rs
+++ b/fuzz_runner/src/nyx/params.rs
@ -12,6 +12,7 @@ pub struct KernelVmParams {

    pub dump_python_code_for_inputs: bool,
    pub write_protected_input_buffer: bool,
+    pub cow_primary_size: Option<u64>,
 }

 pub struct SnapshotVmParams{
@ -26,6 +27,7 @@ pub struct SnapshotVmParams{

    pub dump_python_code_for_inputs: bool,
    pub write_protected_input_buffer: bool,
+    pub cow_primary_size: Option<u64>,
 }

 pub struct QemuParams {
@ -42,6 +44,7 @@ pub struct QemuParams {

    pub dump_python_code_for_inputs: bool,
    pub write_protected_input_buffer: bool,
+    pub cow_primary_size: Option<u64>,
 }

 impl QemuParams {
@ -108,6 +111,11 @@ impl QemuParams {
        nyx_ops += &format!(",worker_id={}", qemu_id);
        nyx_ops += &format!(",workdir={}", workdir);
        nyx_ops += &format!(",sharedir={}", params.sharedir);
+
+        if params.cow_primary_size.is_some(){
+            nyx_ops += &format!(",cow_primary_size={}", params.cow_primary_size.unwrap());
+        }
+
        //nyx_ops += &format!(",ip0_a=0x1000,ip0_b=0x7ffffffff000");
        //nyx_ops += &format!(",ip0_a=ffff800000000000,ip0_b=ffffffffffffffff");

@ -156,6 +164,7 @@ impl QemuParams {
            payload_size: (1 << 16),
            dump_python_code_for_inputs: params.dump_python_code_for_inputs,
            write_protected_input_buffer: params.write_protected_input_buffer,
+            cow_primary_size: params.cow_primary_size,
        };
    }

@ -227,6 +236,10 @@ impl QemuParams {
        nyx_ops += &format!(",workdir={}", workdir);
        nyx_ops += &format!(",sharedir={}", params.sharedir);

+        if params.cow_primary_size.is_some(){
+            nyx_ops += &format!(",cow_primary_size={}", params.cow_primary_size.unwrap());
+        }
+
        //nyx_ops += &format!(",ip0_a=0x1000,ip0_b=0x7ffffffff000");
        //nyx_ops += &format!(",ip0_a=ffff800000000000,ip0_b=ffffffffffffffff");

@ -266,6 +279,7 @@ impl QemuParams {
            payload_size: (128 << 10),
            dump_python_code_for_inputs: params.dump_python_code_for_inputs,
            write_protected_input_buffer: params.write_protected_input_buffer,
+            cow_primary_size: params.cow_primary_size,
        };
    }
 }