alwin.berger/FRET-qemu
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
120,845 Commits 13 Branches 3 Tags
Commit Graph

30 Commits

Author SHA1 Message Date
Alwin Berger
749db2de75 fixup! refactor hooks 2025-07-29 12:20:34 +00:00
Alwin Berger
208cf5be73 refactor hooks 2025-07-23 08:41:26 +00:00
Alwin Berger
d3fca27481 re-introduce native breakpoints 2025-07-23 08:41:26 +00:00
Alwin Berger
7f3f2188bd move instrumentation to hook file 2025-07-23 08:41:26 +00:00
Romain Malmain
e0b8df9655
fix systemmode compilation 2025-04-30 13:47:55 +02:00
Romain Malmain
9366380915
format 2025-04-29 14:29:00 +02:00
Romain Malmain
7633d5fce5
reorganize stuff 2025-04-29 14:26:42 +02:00
Romain Malmain
97bef506ee
Update syshook ret definition (#109) 2025-03-24 17:46:26 +01:00
Romain Malmain
4df4d2dcfa
Add crash exit request (#106) 
* add crash exit request.

* make it possible to choose between crashing methods
 2025-03-14 16:57:23 +01:00
Volodymyr Babchuk
0b9d8266e4
Fix race between main thread and a vCPU thread (#102) 
* afl-bridge: fix race between main thread and a vCPU thread

In some cases qemu_main_loop() can exit before libafl_sync_exit_cpu()
completes. This will case race between Rust code that restarts QEMU
and vCPU thread that updates last_exit_reason. What I observed is

libafl_exit_signal_vm_start() from a new iteration cleared
last_exit_reason.cpu before libafl_sync_exit_cpu() tried to
access *last_exit_reason.cpu. This caused NULL pointer dereference.

Fix this by not setting cpu->exit in prepare_qemu_exit() and updating
it only in rr_cpu_thread_fn() and MTTCG counterpart. This will ensure
that qemu_main_loop() waits for vCPU thread to actually stop before
returning control to the Rust code.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

---------

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
 2025-03-14 16:57:02 +01:00
Romain Malmain
a86bd6bbcb
rename symbols to fit with rust 2024. (#104) 
reformat code with more typedefs.
 2025-03-04 14:45:11 +01:00
Romain Malmain
695657e4f3
Refactoring of signal handling (#100) 
* refactor signal handling for qemu usermode
 2025-02-01 12:10:21 +01:00
Romain Malmain
7e0dc68430
Refactor read/write hooks (#99) 
* Refactor read/write hooks
* add PC to the callbacks
* simplify code, merge common code
* remove useless tcg frees
* use tcg_constant_tl as much as possible, removing most #if in libafl code.
 2025-01-27 12:32:35 +01:00
Marco C.
30ad91fb4f
Add systemmode hw_breakpoint libafl set/remove fns (#93) 
* Add systemmode hw_breakpoint libafl set/remove fns

* very bad kvm breakpoint hook yolo

* cleanup

* Prevent GDB from using HW breakpoints

* fix: hw breakpoint add/rm no loop over CPUs
 2025-01-24 15:47:33 +01:00
Romain Malmain
2b5e4bfcff
Fix wrong number of registers (#98) 
* fix num regs in case it's stored in xml file
 2025-01-13 11:11:56 +01:00
Romain Malmain
ace364678a
Nyx api support (#97) 
* add nyx support

* target independent helper call.
 2025-01-06 16:13:11 +01:00
Alessandro De Vito
e558cafe7c added libafl_get_initial_brk to properly change the heap mapping libafl side 2024-12-17 12:25:58 +02:00
Romain Malmain
b01a0bc334
Fix helper function calls & support for new x86 decoder (#92) 
* fix helper function calls

* cmp hooks: support for new x86 decoder
 2024-10-31 16:31:54 +01:00
Romain Malmain
0832bb4892
fix libafl side wih new version 2024-10-25 22:41:53 +02:00
Romain Malmain
d663793952
Early return from libafl edge generation if no exec hooks (#85) 
* bug with edges in systemmode, not fixed yet

* timeout request only for systemmode
 2024-09-20 13:42:52 +02:00
Romain Malmain
ee43af7f80
Run thread hooks for KVM mode (#84) 
* Run thread hooks for KVM mode

* Unify qemu init function symbol for systemmode and usermode

* get tid from caller instead of callee
 2024-08-21 15:36:05 +02:00
Romain Malmain
7f468ebba6
Second round of cleanups (#83) 
* get rid of as many extern / function definition in QEMU codebase.

* mostly moved cpu / gdb related code.

* move qemu snapshot code in dedicated files.
 2024-08-14 10:28:47 +02:00
Romain Malmain
86d38fbfa7
Add pre/post cpu_run hooks + Refactoring (#82) 
* Add cpu_run pre/post exec hooks, to hook the cpu just before / after it runs target code.
* Refactor hooks to separate them in different files
* Remove most extern variables
* Reduce the amount of extra code in QEMU
* Add clang-format script
 2024-08-13 16:56:00 +02:00
Romain Malmain
712661c820
Rename instruction hooks (#75) 
* rename instruction hooks
 2024-06-03 10:23:57 +02:00
Romain Malmain
9d2197b73b
Better typed syx snapshot check result (#74) 
* better typed snapshot check

* edit compile_commands.json to use the real compiler
 2024-05-22 18:49:59 +02:00
Romain Malmain
9f3e2399ee
QEMU host page size getter (#73) 
* QEMU host page size getter
* Rename to sync_exit
 2024-05-06 18:07:38 +02:00
Sebastien Foucher
a14f8eae8e
Unset object to free memory space allocated (memory leak) (#72) 
* Unset object to free memory space allocated (memory leak in fast snapshot implementation for libafl)

---------

Co-authored-by: Sebastien Foucher <sebastien.foucher@se.com>
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
 2024-05-04 13:41:10 +02:00
Romain Malmain
7c3c7877d8 Update to QEMU 9.0.0 (#67) 
* Update to QEMU v9.0.0

---------

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Ido Plat <ido.plat@ibm.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Gregory Price <gregory.price@memverge.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Lorenz Brun <lorenz@brun.one>
Signed-off-by: Yao Xingtao <yaoxt.fnst@fujitsu.com>
Signed-off-by: Arnaud Minier <arnaud.minier@telecom-paris.fr>
Signed-off-by: Inès Varhol <ines.varhol@telecom-paris.fr>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Benjamin Gray <bgray@linux.ibm.com>
Signed-off-by: Avihai Horon <avihaih@nvidia.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Joonas Kankaala <joonas.a.kankaala@gmail.com>
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Glenn Miles <milesg@linux.ibm.com>
Signed-off-by: Oleg Sviridov <oleg.sviridov@red-soft.ru>
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
Signed-off-by: Yajun Wu <yajunw@nvidia.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Signed-off-by: Lei Wang <lei4.wang@intel.com>
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Wafer <wafer@jaguarmicro.com>
Signed-off-by: Yuxue Liu <yuxue.liu@jaguarmicro.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com>
Signed-off-by: Zack Buhman <zack@buhman.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Yuquan Wang wangyuquan1236@phytium.com.cn
Signed-off-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
Signed-off-by: Cindy Lu <lulu@redhat.com>
Co-authored-by: Peter Maydell <peter.maydell@linaro.org>
Co-authored-by: Fabiano Rosas <farosas@suse.de>
Co-authored-by: Peter Xu <peterx@redhat.com>
Co-authored-by: Thomas Huth <thuth@redhat.com>
Co-authored-by: Cédric Le Goater <clg@redhat.com>
Co-authored-by: Zheyu Ma <zheyuma97@gmail.com>
Co-authored-by: Ido Plat <ido.plat@ibm.com>
Co-authored-by: Ilya Leoshkevich <iii@linux.ibm.com>
Co-authored-by: Markus Armbruster <armbru@redhat.com>
Co-authored-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Co-authored-by: Paolo Bonzini <pbonzini@redhat.com>
Co-authored-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Co-authored-by: David Hildenbrand <david@redhat.com>
Co-authored-by: Kevin Wolf <kwolf@redhat.com>
Co-authored-by: Stefan Reiter <s.reiter@proxmox.com>
Co-authored-by: Fiona Ebner <f.ebner@proxmox.com>
Co-authored-by: Gregory Price <gregory.price@memverge.com>
Co-authored-by: Lorenz Brun <lorenz@brun.one>
Co-authored-by: Yao Xingtao <yaoxt.fnst@fujitsu.com>
Co-authored-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Co-authored-by: Arnaud Minier <arnaud.minier@telecom-paris.fr>
Co-authored-by: BALATON Zoltan <balaton@eik.bme.hu>
Co-authored-by: Igor Mammedov <imammedo@redhat.com>
Co-authored-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Co-authored-by: Richard Henderson <richard.henderson@linaro.org>
Co-authored-by: Sven Schnelle <svens@stackframe.org>
Co-authored-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Co-authored-by: Helge Deller <deller@kernel.org>
Co-authored-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Co-authored-by: Benjamin Gray <bgray@linux.ibm.com>
Co-authored-by: Nicholas Piggin <npiggin@gmail.com>
Co-authored-by: Avihai Horon <avihaih@nvidia.com>
Co-authored-by: Michael Tokarev <mjt@tls.msk.ru>
Co-authored-by: Joonas Kankaala <joonas.a.kankaala@gmail.com>
Co-authored-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Co-authored-by: Stefan Weil <sw@weilnetz.de>
Co-authored-by: Dayu Liu <liu.dayu@zte.com.cn>
Co-authored-by: Zhao Liu <zhao1.liu@intel.com>
Co-authored-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Co-authored-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
Co-authored-by: Yajun Wu <yajunw@nvidia.com>
Co-authored-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Co-authored-by: Pierre-Clément Tosi <ptosi@google.com>
Co-authored-by: Wei Wang <wei.w.wang@intel.com>
Co-authored-by: Martin Hundebøll <martin@geanix.com>
Co-authored-by: Michael S. Tsirkin <mst@redhat.com>
Co-authored-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Co-authored-by: Wafer <wafer@jaguarmicro.com>
Co-authored-by: lyx634449800 <yuxue.liu@jaguarmicro.com>
Co-authored-by: Gerd Hoffmann <kraxel@redhat.com>
Co-authored-by: Nguyen Dinh Phi <phind.uet@gmail.com>
Co-authored-by: Zack Buhman <zack@buhman.org>
Co-authored-by: Keith Packard <keithp@keithp.com>
Co-authored-by: Yuquan Wang <wangyuquan1236@phytium.com.cn>
Co-authored-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
Co-authored-by: Cindy Lu <lulu@redhat.com>
 2024-05-01 16:10:20 +02:00
Romain Malmain
2edf778b1c
Add utils (#62) 
* add utils file
* user only guard.
 2024-04-17 18:08:38 +02:00
Romain Malmain
50b0c90e0a
Moving libafl related files in dedicating folders (#60) 
* Restructuration of libafl dirs. Formatting + export of maps struct and functions.

* Fix wrong header path.

* Fix misc path
 2024-04-11 16:45:36 +02:00