yannick.naumann/RT-Task-Generator-QEMU
1
0
Fork 0
forked from alwin.berger/FRET-qemu
Code Pull Requests Activity

memopidx as gen rw hooks arg

Browse Source
This commit is contained in:
Andrea Fioraldi 2022-11-28 15:10:05 +01:00
parent 497078af2f
commit 82c6e1cc81
2 changed files with 75 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
accel/tcg/translate-all.c
View File

@ -76,10 +76,8 @@ TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,
target_ulong dst_block, int exit_n,
target_ulong cs_base, uint32_t flags,
int cflags);
void libafl_gen_read(TCGv addr, MemOp ot);
void libafl_gen_read_N(TCGv addr, size_t size);
void libafl_gen_write(TCGv addr, MemOp ot);
void libafl_gen_write_N(TCGv addr, size_t size);
void libafl_gen_read(TCGv addr, MemOpIdx oi);
void libafl_gen_write(TCGv addr, MemOpIdx oi);
void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot);
void libafl_gen_backdoor(target_ulong pc);
@ -222,7 +220,7 @@ static TCGHelperInfo libafl_exec_write_hookN_info = {
};
struct libafl_rw_hook {
uint64_t (*gen)(target_ulong pc, size_t size, uint64_t data);
uint64_t (*gen)(target_ulong pc, MemOpIdx oi, uint64_t data);
void (*exec1)(uint64_t id, target_ulong addr, uint64_t data);
void (*exec2)(uint64_t id, target_ulong addr, uint64_t data);
void (*exec4)(uint64_t id, target_ulong addr, uint64_t data);
@ -239,14 +237,14 @@ struct libafl_rw_hook {
struct libafl_rw_hook* libafl_read_hooks;
void libafl_add_read_hook(uint64_t (*gen)(target_ulong pc, size_t size, uint64_t data),
void libafl_add_read_hook(uint64_t (*gen)(target_ulong pc, MemOpIdx oi, uint64_t data),
void (*exec1)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec2)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec4)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec8)(uint64_t id, target_ulong addr, uint64_t data),
void (*execN)(uint64_t id, target_ulong addr, size_t size, uint64_t data),
uint64_t data);
void libafl_add_read_hook(uint64_t (*gen)(target_ulong pc, size_t size, uint64_t data),
void libafl_add_read_hook(uint64_t (*gen)(target_ulong pc, MemOpIdx oi, uint64_t data),
void (*exec1)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec2)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec4)(uint64_t id, target_ulong addr, uint64_t data),
@ -297,10 +295,10 @@ void libafl_add_read_hook(uint64_t (*gen)(target_ulong pc, size_t size, uint64_t
}
}
void libafl_gen_read(TCGv addr, MemOp ot)
void libafl_gen_read(TCGv addr, MemOpIdx oi)
{
size_t size = 0;
switch (ot & MO_SIZE) {
switch (oi & MO_SIZE) {
case MO_64:
size = 8;
break;
@ -314,20 +312,21 @@ void libafl_gen_read(TCGv addr, MemOp ot)
size = 1;
break;
default:
return;
break;
}
struct libafl_rw_hook* hook = libafl_read_hooks;
while (hook) {
uint64_t cur_id = 0;
if (hook->gen)
cur_id = hook->gen(libafl_gen_cur_pc, size, hook->data);
cur_id = hook->gen(libafl_gen_cur_pc, oi, hook->data);
void* func = NULL;
if (size == 1) func = hook->exec1;
else if (size == 2) func = hook->exec2;
else if (size == 4) func = hook->exec4;
else if (size == 8) func = hook->exec8;
if (cur_id != (uint64_t)-1 && func) {
if (cur_id != (uint64_t)-1) {
if (func) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv_i64 tmp1 = tcg_const_i64(hook->data);
TCGTemp *tmp2[3] = { tcgv_i64_temp(tmp0),
@ -340,19 +339,7 @@ void libafl_gen_read(TCGv addr, MemOp ot)
tcg_gen_callN(func, NULL, 3, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
}
hook = hook->next;
}
}
void libafl_gen_read_N(TCGv addr, size_t size)
{
struct libafl_rw_hook* hook = libafl_read_hooks;
while (hook) {
uint64_t cur_id = 0;
if (hook->gen)
cur_id = hook->gen(libafl_gen_cur_pc, size, hook->data);
if (cur_id != (uint64_t)-1 && hook->execN) {
} else if (hook->execN) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv tmp1 = tcg_const_tl(size);
TCGv_i64 tmp2 = tcg_const_i64(hook->data);
@ -374,20 +361,21 @@ void libafl_gen_read_N(TCGv addr, size_t size)
#endif
tcg_temp_free_i64(tmp2);
}
}
hook = hook->next;
}
}
struct libafl_rw_hook* libafl_write_hooks;
void libafl_add_write_hook(uint64_t (*gen)(target_ulong pc, size_t size, uint64_t data),
void libafl_add_write_hook(uint64_t (*gen)(target_ulong pc, MemOpIdx oi, uint64_t data),
void (*exec1)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec2)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec4)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec8)(uint64_t id, target_ulong addr, uint64_t data),
void (*execN)(uint64_t id, target_ulong addr, size_t size, uint64_t data),
uint64_t data);
void libafl_add_write_hook(uint64_t (*gen)(target_ulong pc, size_t size, uint64_t data),
void libafl_add_write_hook(uint64_t (*gen)(target_ulong pc, MemOpIdx oi, uint64_t data),
void (*exec1)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec2)(uint64_t id, target_ulong addr, uint64_t data),
void (*exec4)(uint64_t id, target_ulong addr, uint64_t data),
@ -438,10 +426,10 @@ void libafl_add_write_hook(uint64_t (*gen)(target_ulong pc, size_t size, uint64_
}
}
void libafl_gen_write(TCGv addr, MemOp ot)
void libafl_gen_write(TCGv addr, MemOpIdx oi)
{
size_t size = 0;
switch (ot & MO_SIZE) {
switch (oi & MO_SIZE) {
case MO_64:
size = 8;
break;
@ -455,20 +443,21 @@ void libafl_gen_write(TCGv addr, MemOp ot)
size = 1;
break;
default:
return;
break;
}
struct libafl_rw_hook* hook = libafl_write_hooks;
while (hook) {
uint64_t cur_id = 0;
if (hook->gen)
cur_id = hook->gen(libafl_gen_cur_pc, size, hook->data);
cur_id = hook->gen(libafl_gen_cur_pc, oi, hook->data);
void* func = NULL;
if (size == 1) func = hook->exec1;
else if (size == 2) func = hook->exec2;
else if (size == 4) func = hook->exec4;
else if (size == 8) func = hook->exec8;
if (cur_id != (uint64_t)-1 && func) {
if (cur_id != (uint64_t)-1) {
if (func) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv_i64 tmp1 = tcg_const_i64(hook->data);
TCGTemp *tmp2[3] = { tcgv_i64_temp(tmp0),
@ -481,19 +470,7 @@ void libafl_gen_write(TCGv addr, MemOp ot)
tcg_gen_callN(func, NULL, 3, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
}
hook = hook->next;
}
}
void libafl_gen_write_N(TCGv addr, size_t size)
{
struct libafl_rw_hook* hook = libafl_write_hooks;
while (hook) {
uint64_t cur_id = 0;
if (hook->gen)
cur_id = hook->gen(libafl_gen_cur_pc, size, hook->data);
if (cur_id != (uint64_t)-1 && hook->execN) {
} else if (hook->execN) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv tmp1 = tcg_const_tl(size);
TCGv_i64 tmp2 = tcg_const_i64(hook->data);
@ -515,6 +492,7 @@ void libafl_gen_write_N(TCGv addr, size_t size)
#endif
tcg_temp_free_i64(tmp2);
}
}
hook = hook->next;
}
}

12
tcg/tcg-op.c
View File

@ -2900,8 +2900,8 @@ static void plugin_gen_mem_callbacks(TCGv vaddr, MemOpIdx oi,
//// --- Begin LibAFL code ---
void libafl_gen_read(TCGv addr, MemOp ot);
void libafl_gen_write(TCGv addr, MemOp ot);
void libafl_gen_read(TCGv addr, MemOpIdx oi);
void libafl_gen_write(TCGv addr, MemOpIdx oi);
//// --- End LibAFL code ---
@ -2927,7 +2927,7 @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
//// --- Begin LibAFL code ---
libafl_gen_read(addr, memop);
libafl_gen_read(addr, oi);
//// --- End LibAFL code ---
@ -2979,7 +2979,7 @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop)
//// --- Begin LibAFL code ---
libafl_gen_write(addr, memop);
libafl_gen_write(addr, oi);
//// --- End LibAFL code ---
@ -3027,7 +3027,7 @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
//// --- Begin LibAFL code ---
libafl_gen_read(addr, memop);
libafl_gen_read(addr, oi);
//// --- End LibAFL code ---
@ -3091,7 +3091,7 @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop)
//// --- Begin LibAFL code ---
libafl_gen_write(addr, memop);
libafl_gen_write(addr, oi);
//// --- End LibAFL code ---