From 56fa095b339886d2e058558a5de07848467f6a46 Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Mon, 28 Oct 2024 17:44:11 +0100 Subject: [PATCH 1/8] update qemu to v9.1.1 --- libafl_qemu/libafl_qemu_build/src/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index 7056b3cca9d..6154c9e613c 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -11,7 +11,7 @@ use crate::cargo_add_rpath; pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; -pub const QEMU_REVISION: &str = "805b14ffc44999952562e8f219d81c21a4fa50b9"; +pub const QEMU_REVISION: &str = "6bc81c2b3ae28fc80c6f938081066ac28a361c69"; #[allow(clippy::module_name_repetitions)] pub struct BuildResult { From 23293ffb9499b151a9abf6c3347d9b579faf5349 Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Mon, 28 Oct 2024 19:02:46 +0100 Subject: [PATCH 2/8] adapting stuff to qemu 9.1 --- libafl_qemu/libafl_qemu_build/src/bindings.rs | 1 - libafl_qemu/libafl_qemu_build/src/build.rs | 2 -- 2 files changed, 3 deletions(-) diff --git a/libafl_qemu/libafl_qemu_build/src/bindings.rs b/libafl_qemu/libafl_qemu_build/src/bindings.rs index 555931505d8..81ced938db0 100644 --- a/libafl_qemu/libafl_qemu_build/src/bindings.rs +++ b/libafl_qemu/libafl_qemu_build/src/bindings.rs @@ -80,7 +80,6 @@ const WRAPPER_HEADER: &str = r#" #include "tcg/tcg.h" #include "tcg/tcg-op.h" #include "tcg/tcg-internal.h" -#include "exec/helper-head.h" #include "qemu/plugin-memory.h" diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index 6154c9e613c..e2482171fc5 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -158,7 +158,6 @@ fn configure_qemu( .arg("--disable-linux-aio") .arg("--disable-linux-io-uring") .arg("--disable-linux-user") - .arg("--disable-live-block-migration") .arg("--disable-lzfse") .arg("--disable-lzo") .arg("--disable-l2tpv3") @@ -174,7 +173,6 @@ fn configure_qemu( .arg("--disable-pa") .arg("--disable-parallels") .arg("--disable-png") - .arg("--disable-pvrdma") .arg("--disable-qcow1") .arg("--disable-qed") .arg("--disable-qga-vss") From 8b2897aa31f9d260b60bd52ca731feef26cf36a6 Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Wed, 30 Oct 2024 08:48:48 +0100 Subject: [PATCH 3/8] qemu bugfix --- libafl_qemu/libafl_qemu_build/src/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index 7056b3cca9d..4fdecd4c130 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -11,7 +11,7 @@ use crate::cargo_add_rpath; pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; -pub const QEMU_REVISION: &str = "805b14ffc44999952562e8f219d81c21a4fa50b9"; +pub const QEMU_REVISION: &str = "513bd84b400a29544b3c2f63d1ec6f515859ace4"; #[allow(clippy::module_name_repetitions)] pub struct BuildResult { From 909b9e3aa0b2b9233b1005cf30e8fc2bb13ede35 Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Wed, 30 Oct 2024 11:08:01 +0100 Subject: [PATCH 4/8] wip fix --- fuzzers/binary_only/fuzzbench_qemu/Cargo.toml | 1 + fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs | 9 +++++---- libafl_qemu/libafl_qemu_build/src/build.rs | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml b/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml index 778d81194d2..0604ccf50e9 100644 --- a/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml +++ b/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml @@ -31,6 +31,7 @@ libafl_qemu = { path = "../../../libafl_qemu", features = [ ] } libafl_targets = { path = "../../../libafl_targets", version = "0.13.2" } +env_logger = "0.11.5" log = { version = "0.4.22", features = ["release_max_level_info"] } clap = { version = "4.5.18", features = ["default"] } nix = { version = "0.29.0", features = ["fs"] } diff --git a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs index 909a6511d0e..f34a4a1f455 100644 --- a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs +++ b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs @@ -171,10 +171,11 @@ fn fuzz( logfile: PathBuf, timeout: Duration, ) -> Result<(), Error> { + env_logger::init(); env::remove_var("LD_LIBRARY_PATH"); let args: Vec = env::args().collect(); - let qemu = Qemu::init(&args).unwrap(); + let qemu = Qemu::init(&args).expect("QEMU init failed"); // let (emu, asan) = init_with_asan(&mut args, &mut env).unwrap(); let mut elf_buffer = Vec::new(); @@ -197,7 +198,7 @@ fn fuzz( let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap(); let mut ret_addr = [0; 8]; - unsafe { qemu.read_mem(stack_ptr, &mut ret_addr) }; + qemu.read_mem(stack_ptr, &mut ret_addr).expect("Error while reading QEMU memory."); let ret_addr = u64::from_le_bytes(ret_addr); println!("Stack pointer = {stack_ptr:#x}"); @@ -337,7 +338,7 @@ fn fuzz( } unsafe { - qemu.write_mem(input_addr, buf); + qemu.write_mem_unchecked(input_addr, buf); qemu.write_reg(Regs::Rdi, input_addr).unwrap(); qemu.write_reg(Regs::Rsi, len as GuestReg).unwrap(); @@ -397,7 +398,7 @@ fn fuzz( println!("Failed to load initial corpus at {:?}", &seed_dir); process::exit(0); }); - println!("We imported {} inputs from disk.", state.corpus().count()); + println!("We imported {} input(s) from disk.", state.corpus().count()); } let tracing = ShadowTracingStage::new(&mut executor); diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index 4fdecd4c130..5d6ec12556b 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -158,7 +158,7 @@ fn configure_qemu( .arg("--disable-linux-aio") .arg("--disable-linux-io-uring") .arg("--disable-linux-user") - .arg("--disable-live-block-migration") + // .arg("--disable-live-block-migration") .arg("--disable-lzfse") .arg("--disable-lzo") .arg("--disable-l2tpv3") From b7b9f145070473951bb3bbbfce269b2d6285fdaa Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Thu, 31 Oct 2024 14:18:39 +0100 Subject: [PATCH 5/8] fix for new qemu gen_callN and x86 decoder --- libafl_qemu/libafl_qemu_build/src/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index 5d6ec12556b..dcfd8193a04 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -11,7 +11,7 @@ use crate::cargo_add_rpath; pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; -pub const QEMU_REVISION: &str = "513bd84b400a29544b3c2f63d1ec6f515859ace4"; +pub const QEMU_REVISION: &str = "940d21f35bc5e8b599075cc6519fdaa08cc69d2e"; #[allow(clippy::module_name_repetitions)] pub struct BuildResult { From 13c2d8aa8730f8160bdaa6061d9b681e1e5fb715 Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Thu, 31 Oct 2024 14:35:51 +0100 Subject: [PATCH 6/8] fmt --- fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs index f34a4a1f455..b41940adfb8 100644 --- a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs +++ b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs @@ -198,7 +198,8 @@ fn fuzz( let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap(); let mut ret_addr = [0; 8]; - qemu.read_mem(stack_ptr, &mut ret_addr).expect("Error while reading QEMU memory."); + qemu.read_mem(stack_ptr, &mut ret_addr) + .expect("Error while reading QEMU memory."); let ret_addr = u64::from_le_bytes(ret_addr); println!("Stack pointer = {stack_ptr:#x}"); From c99d715d45462c48f7b790b6f6e4008710130a0a Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Thu, 31 Oct 2024 16:33:30 +0100 Subject: [PATCH 7/8] remove outdated qemu configuration option --- libafl_qemu/libafl_qemu_build/src/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index dcfd8193a04..be05e99325d 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -174,7 +174,7 @@ fn configure_qemu( .arg("--disable-pa") .arg("--disable-parallels") .arg("--disable-png") - .arg("--disable-pvrdma") + // .arg("--disable-pvrdma") .arg("--disable-qcow1") .arg("--disable-qed") .arg("--disable-qga-vss") From 7b15ee271574f03cbbaa69c94a8b75eb709ec203 Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Thu, 31 Oct 2024 16:34:13 +0100 Subject: [PATCH 8/8] update qemu hash --- libafl_qemu/libafl_qemu_build/src/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index be05e99325d..6828b3fea30 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -11,7 +11,7 @@ use crate::cargo_add_rpath; pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; -pub const QEMU_REVISION: &str = "940d21f35bc5e8b599075cc6519fdaa08cc69d2e"; +pub const QEMU_REVISION: &str = "b01a0bc334cf11bfc5e8f121d9520ef7f47dbcd1"; #[allow(clippy::module_name_repetitions)] pub struct BuildResult {