david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,582 Commits 1 Branch 0 Tags
Commit Graph

73582 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergej Schumilo
09d7d437b7
Merge branch 'qemu-nyx-4.2.0-dev-intel' into staging-upstream-3 2022-02-22 23:25:52 +01:00
Sergej Schumilo
67b3f2545c
Merge pull request #5 from schumilo/qemu-nyx-4.2.0-dev 
Bug Fix: don't reuse ram_offset to blocklist specific PF
 2022-02-22 20:26:44 +01:00
Sergej Schumilo
c023bfb750 bug fix: don't reuse ram_offset as physical address 
to register PF in snapshot blocklist
(breaks memory access and shared memory if address is above 0x0C0000000)
 2022-02-22 19:35:16 +01:00
Steffen Schulz
29f06964a9 fix hprintf EOL handling 
All other uses of misc buffer do not include 0 byte in length..
 2022-02-11 10:45:30 -08:00
Steffen Schulz
dacb4d5126 initial support for Q35 platform 
Add option for "-machine kAFL64-Q35"

Co-authored-by: Benoit Morgan <benoit.morgan@intel.com>
 2022-02-11 10:45:30 -08:00
Steffen Schulz
c1d29a2399 sharedir: allow reading anything stored or linked from sharedir 
In particular, we want to allow symlinks to external resources..
 2022-02-11 10:45:30 -08:00
Steffen Schulz
6b4661a758 dump_file hypercall: support mkstemps() template with suffix 2022-02-11 10:45:30 -08:00
Steffen Schulz
a572984289 virtio snapshot restore 
virtio-blk still fails for usermode fuzzing
 2022-02-11 10:45:30 -08:00
Steffen Schulz
46119f1f2c KVM unknown exit: only fail after default handler also fails 
Qemu default handler covers some corner cases and prints diagnostics.
Failing only afterwards seems to fix a KVM_EXIT_ENTRY_ERROR crash (code 9)
 2022-02-11 10:45:30 -08:00
Steffen Schulz
96aac23864 move alt_bitmap implementation to redqueen_trace.c 
alt_bitmap is only relevant in redqueen_trace mode, when libxdc does not
produce a bitmap on its own..
 2022-02-11 10:45:30 -08:00
Steffen Schulz
f348dcfc23 redqueen_trace: disable unless 'edge_cb_trace' option is provided 
Both, the legacy 'redqueen' trace via libxdc callback as well as new
dump_pt trace option are now toggled with aux-buffer trace_mode option.

This new qemu cmdline option allows to re-enable the old trace method,
or even use both trace methods at the same time.
 2022-02-11 10:45:30 -08:00
Steffen Schulz
84f1a1b67b move dump_pt logic to trace_dump.c, enable via aux_buffer 2022-02-11 10:45:30 -08:00
Steffen Schulz
7b9bd18dc3 refactor 'redqueen trace' to separate redqueen_trace.c 2022-02-11 10:45:30 -08:00
Steffen Schulz
d81b846608 dump_file: check for NULL filename, support mkstemp() template 2022-02-11 10:45:30 -08:00
Steffen Schulz
68f74353b2 record worker_id in state and report via KAFL_HYPERCALL_GET_HOST_CONFIG 
Modifies elements of host_config_t - update guest agent struct!
 2022-02-11 10:45:30 -08:00
Steffen Schulz
24e6f39e1c fix pt_dump feature (append on VMexit, truncate on new execution) 2022-02-11 10:45:30 -08:00
Steffen Schulz
56bc5571be dump_pt: create-open & truncate output file on each execution 
Previous implementation only opened the file once.
 2022-02-11 10:45:30 -08:00
Steffen Schulz
5c24050a64 page_cache: use file lock also for read access 
Without this there may be a risk of reading partially written
files...doesn't seem to happen in practice though?
 2022-02-11 10:45:30 -08:00
Steffen Schulz
b899572377 page_cache: auto-create workdir files or resume based on existing files 
- relieve frontend from having to create these files
- perhaps add some checks for resuming from existing page_cache files
 2022-02-11 10:45:30 -08:00
Steffen Schulz
6b008a1be4 error checking on payload remap + other 2022-02-11 10:45:30 -08:00
Steffen Schulz
f32d1cb3b7 add alt_bitmap for use in trace mode, truncate trace file on new exec 
libxdc does not create a bitmap in trace mode
This patch lets qemu create the bitmap instead

Note that the bitmap not compatible with libxdc bitmap since the trace
callback behavior is different.
 2022-02-11 10:45:30 -08:00
Steffen Schulz
0b6ec2cf72 kafl_dump_file: cleanups + select random filename if none provided 2022-02-11 10:45:30 -08:00
Steffen Schulz
7dbb64e7c2 compile-time option to restore kAFL style full edge traces 2022-02-11 10:45:30 -08:00
Steffen Schulz
81dbc38d46 print error on invalid hget(), minor bugfix for QEMU_PR_PRINTF enable 2022-02-11 10:45:30 -08:00
Steffen Schulz
169b084df5 report KVM_EXIT_SHUTDOWN and UNKNOWN_ERROR as panic events 2022-02-11 10:45:30 -08:00
Steffen Schulz
c12c6bd70d starved: signal if guest was reading beyond end of payload 2022-02-11 10:45:30 -08:00
Steffen Schulz
95742719f5 use 32bit kasan/panic notifier payload when on 32bit 2022-02-08 23:38:20 +01:00
Sergej Schumilo
31b8c05afe checkout specific libxdc commit 2022-02-08 23:38:20 +01:00
Steffen Schulz
35c4f356ab patch KASAN hypercall back in 2022-02-08 23:38:20 +01:00
Sergej Schumilo
c2c69cfc52 abort if a configuration was not set or received 
(via GET_HOST / SET_AGENT) or if either was executed twice
 2022-01-21 20:23:52 +01:00
Sergej Schumilo
6ca723cb84 exit after nyx_abort() has been called if the frontend continues 
to send data
 2022-01-21 20:20:13 +01:00
Sergej Schumilo
586d46c86f bug fix: don't remap more guest page frames from 
the input buffer than required in case the input buffer size is
smaller than the initial value
 2022-01-21 18:11:32 +01:00
Sergej Schumilo
902306beb0 fix compile script (update only specific submodules) 2022-01-21 07:03:40 +01:00
Sergej Schumilo
389cf8fbab fix compile script 2022-01-21 06:57:10 +01:00
Sergej Schumilo
bc1219efeb
Update README.md 2022-01-21 04:25:28 +01:00
Sergej Schumilo
683b39826a Merge branch 'qemu-nyx-4.2.0' of github.com:nyx-fuzz/QEMU-Nyx into qemu-nyx-4.2.0 2022-01-21 04:17:48 +01:00
Sergej Schumilo
7af65d1fdc add various improvements: 
- root snapshot serialization / deserialization
	- abort if specific hypercalls are called during fuzzing
	- ignore requests to disable write protection
 2022-01-20 03:43:12 +01:00
Sergej Schumilo
b5798ba95a add missing free() call in interface.c 2022-01-20 03:29:17 +01:00
Sergej Schumilo
7cf685dcec fix compile script (disable GTK) 2022-01-20 03:28:11 +01:00
Sergej Schumilo
42d434e28f add several improvements: 
- Intel PT page dump feature works now
- size of input and bitmap buffers are configurable
- new aux buffer layout
- various bug fixes
 2022-01-18 10:10:04 +01:00
Sergej Schumilo
d5a7011ad2 checkout specific libxdc commit 2022-01-11 14:35:24 +01:00
Sergej Schumilo
646c85021e update libxdc submodule 2022-01-11 04:24:34 +01:00
Sergej Schumilo
39a646fb4c update configuration hypercalls 2022-01-11 04:22:34 +01:00
Sergej Schumilo
17bf3b6fd6 cleanup in hypercall.c 2022-01-11 04:21:55 +01:00
Sergej Schumilo
44e819cd10 update aux buffer 2022-01-11 04:21:41 +01:00
Sergej Schumilo
d03b5cef37 fix include in vl.c 2022-01-11 04:18:29 +01:00
Sergej Schumilo
a3264cfa83 update compile script (add debug_static option) 2022-01-11 04:18:21 +01:00
Sergej Schumilo
1d77722270 improve x86-64 page walker and add helper functions to resize inter-VM shared memory mappings 2022-01-11 04:17:49 +01:00
Sergej Schumilo
dd9f586327 disable unused hypercalls 2022-01-11 04:16:34 +01:00
Sergej Schumilo
6105067351 code cleanup in interace.c / interface.h 2022-01-11 04:15:02 +01:00