* afl-bridge: fix race between main thread and a vCPU thread
In some cases qemu_main_loop() can exit before libafl_sync_exit_cpu()
completes. This will case race between Rust code that restarts QEMU
and vCPU thread that updates last_exit_reason. What I observed is
libafl_exit_signal_vm_start() from a new iteration cleared
last_exit_reason.cpu before libafl_sync_exit_cpu() tried to
access *last_exit_reason.cpu. This caused NULL pointer dereference.
Fix this by not setting cpu->exit in prepare_qemu_exit() and updating
it only in rr_cpu_thread_fn() and MTTCG counterpart. This will ensure
that qemu_main_loop() waits for vCPU thread to actually stop before
returning control to the Rust code.
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
---------
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
* Refactor read/write hooks
* add PC to the callbacks
* simplify code, merge common code
* remove useless tcg frees
* use tcg_constant_tl as much as possible, removing most #if in libafl code.
* get rid of as many extern / function definition in QEMU codebase.
* mostly moved cpu / gdb related code.
* move qemu snapshot code in dedicated files.
* Add cpu_run pre/post exec hooks, to hook the cpu just before / after it runs target code.
* Refactor hooks to separate them in different files
* Remove most extern variables
* Reduce the amount of extra code in QEMU
* Add clang-format script
