david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,504 Commits 1 Branch 0 Tags
Commit Graph

73504 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Steffen Schulz
a2ee5ef587 fix runtime_usec wraparound in aux_buffer 
To reproduce the issue, launch fast running harness with aux_buffer->timeout_usec=0 and timeout_sec=1
 2022-05-11 18:00:11 +02:00
Sergej Schumilo
9959725652 fix warning: in vl.c 2022-05-11 18:00:11 +02:00
Sergej Schumilo
e6c25cbdee fix warning: remove unused variables 2022-05-11 18:00:11 +02:00
Sergej Schumilo
00da434bec
Merge pull request #13 from schumilo/qemu-nyx-4.2.0 
fix oobs read (in shadow_memory_read_page_frame)
 2022-04-18 19:27:19 +02:00
Sergej Schumilo
2c3b7a7873 fix oobs read (in shadow_memory_read_page_frame) 2022-04-18 19:24:58 +02:00
Sergej Schumilo
fc39d1d5da
Merge pull request #11 from schumilo/qemu-nyx-4.2.0 
improve shadow_memory_read_physical_memory()
 2022-04-09 06:51:44 +02:00
Sergej Schumilo
72a95d8bfb improve shadow_memory_read_physical_memory() 
this patch removes several limitations (size & alignment)
 2022-04-09 06:50:19 +02:00
Sergej Schumilo
1acaa75a8b
Merge pull request #10 from nyx-fuzz/qemu-nyx-4.2.0-dev-intel 
push qemu-nyx-4.2.0-dev-intel to qemu-nyx-4.2.0
 2022-04-07 11:04:36 +02:00
Sergej Schumilo
d86e2b05a4
Merge pull request #9 from schumilo/qemu-nyx-4.2.0-dev-intel 
several changes
 2022-04-07 11:01:57 +02:00
Sergej Schumilo
758e65871b update NYX_HOST_VERSION 2022-04-07 10:58:16 +02:00
Sergej Schumilo
0449772d10 fix compile script 2022-04-07 10:52:48 +02:00
Sergej Schumilo
164f449a02 fix several compiler warnings 2022-04-07 10:52:30 +02:00
Sergej Schumilo
ea4bdcd6d9
Merge pull request #7 from c01db33f/qemu-nyx-4.2.0 
Reimplemented x86_64 page table walking code.
 2022-04-07 07:09:14 +02:00
Sergej Schumilo
8c192d29a5
Merge pull request #8 from x86-sec/optarg-bug 
Qemu nyx options parsing / optarg bug
 2022-04-06 17:27:39 +02:00
Benoît Morgan
d45d4da277 Optarg bug 2022-03-25 10:38:34 +01:00
Mark Brand
e7f63f4401 Reimplemented x86_64 page table walking code. 2022-03-18 10:31:38 +01:00
Sergej Schumilo
c08e4ac942
Merge pull request #6 from schumilo/qemu-nyx-4.2.0 
bug fix: don't reuse ram_offset as physical address
 2022-03-04 03:32:33 +01:00
Sergej Schumilo
8e8f6e5b2b uncomment several fprintfs in state_reallocation 2022-02-23 10:28:44 +01:00
Sergej Schumilo
1f675b053a fix crash notifier injection 
Decide which crash notifier (32bit or 64bit) to inject, based on the
current memory mode instead of the current CPU mode. Otherwise, in the
case of a 32bit loader running on a 64bit operating system, the wrong
notifier code will be injected.
 2022-02-23 10:26:02 +01:00
Sergej Schumilo
b95d6b9236 fix a global oob read 
Use an additional constant to specifiy the size of the crash notifier
code in 32 bit mode (submit_panic / submit_kasan).
 2022-02-23 08:55:00 +01:00
Sergej Schumilo
954158c43a Revert "checkout specific libxdc commit" 
This reverts commit d5a7011ad20ba5ba91f1371f9d40154035d5d768.
 2022-02-23 08:39:36 +01:00
Sergej Schumilo
0f8447d93a
Merge pull request #4 from il-steffen/staging-upstream-3 
various improvements
 2022-02-22 23:26:27 +01:00
Sergej Schumilo
09d7d437b7
Merge branch 'qemu-nyx-4.2.0-dev-intel' into staging-upstream-3 2022-02-22 23:25:52 +01:00
Sergej Schumilo
67b3f2545c
Merge pull request #5 from schumilo/qemu-nyx-4.2.0-dev 
Bug Fix: don't reuse ram_offset to blocklist specific PF
 2022-02-22 20:26:44 +01:00
Sergej Schumilo
c023bfb750 bug fix: don't reuse ram_offset as physical address 
to register PF in snapshot blocklist
(breaks memory access and shared memory if address is above 0x0C0000000)
 2022-02-22 19:35:16 +01:00
Steffen Schulz
29f06964a9 fix hprintf EOL handling 
All other uses of misc buffer do not include 0 byte in length..
 2022-02-11 10:45:30 -08:00
Steffen Schulz
dacb4d5126 initial support for Q35 platform 
Add option for "-machine kAFL64-Q35"

Co-authored-by: Benoit Morgan <benoit.morgan@intel.com>
 2022-02-11 10:45:30 -08:00
Steffen Schulz
c1d29a2399 sharedir: allow reading anything stored or linked from sharedir 
In particular, we want to allow symlinks to external resources..
 2022-02-11 10:45:30 -08:00
Steffen Schulz
6b4661a758 dump_file hypercall: support mkstemps() template with suffix 2022-02-11 10:45:30 -08:00
Steffen Schulz
a572984289 virtio snapshot restore 
virtio-blk still fails for usermode fuzzing
 2022-02-11 10:45:30 -08:00
Steffen Schulz
46119f1f2c KVM unknown exit: only fail after default handler also fails 
Qemu default handler covers some corner cases and prints diagnostics.
Failing only afterwards seems to fix a KVM_EXIT_ENTRY_ERROR crash (code 9)
 2022-02-11 10:45:30 -08:00
Steffen Schulz
96aac23864 move alt_bitmap implementation to redqueen_trace.c 
alt_bitmap is only relevant in redqueen_trace mode, when libxdc does not
produce a bitmap on its own..
 2022-02-11 10:45:30 -08:00
Steffen Schulz
f348dcfc23 redqueen_trace: disable unless 'edge_cb_trace' option is provided 
Both, the legacy 'redqueen' trace via libxdc callback as well as new
dump_pt trace option are now toggled with aux-buffer trace_mode option.

This new qemu cmdline option allows to re-enable the old trace method,
or even use both trace methods at the same time.
 2022-02-11 10:45:30 -08:00
Steffen Schulz
84f1a1b67b move dump_pt logic to trace_dump.c, enable via aux_buffer 2022-02-11 10:45:30 -08:00
Steffen Schulz
7b9bd18dc3 refactor 'redqueen trace' to separate redqueen_trace.c 2022-02-11 10:45:30 -08:00
Steffen Schulz
d81b846608 dump_file: check for NULL filename, support mkstemp() template 2022-02-11 10:45:30 -08:00
Steffen Schulz
68f74353b2 record worker_id in state and report via KAFL_HYPERCALL_GET_HOST_CONFIG 
Modifies elements of host_config_t - update guest agent struct!
 2022-02-11 10:45:30 -08:00
Steffen Schulz
24e6f39e1c fix pt_dump feature (append on VMexit, truncate on new execution) 2022-02-11 10:45:30 -08:00
Steffen Schulz
56bc5571be dump_pt: create-open & truncate output file on each execution 
Previous implementation only opened the file once.
 2022-02-11 10:45:30 -08:00
Steffen Schulz
5c24050a64 page_cache: use file lock also for read access 
Without this there may be a risk of reading partially written
files...doesn't seem to happen in practice though?
 2022-02-11 10:45:30 -08:00
Steffen Schulz
b899572377 page_cache: auto-create workdir files or resume based on existing files 
- relieve frontend from having to create these files
- perhaps add some checks for resuming from existing page_cache files
 2022-02-11 10:45:30 -08:00
Steffen Schulz
6b008a1be4 error checking on payload remap + other 2022-02-11 10:45:30 -08:00
Steffen Schulz
f32d1cb3b7 add alt_bitmap for use in trace mode, truncate trace file on new exec 
libxdc does not create a bitmap in trace mode
This patch lets qemu create the bitmap instead

Note that the bitmap not compatible with libxdc bitmap since the trace
callback behavior is different.
 2022-02-11 10:45:30 -08:00
Steffen Schulz
0b6ec2cf72 kafl_dump_file: cleanups + select random filename if none provided 2022-02-11 10:45:30 -08:00
Steffen Schulz
7dbb64e7c2 compile-time option to restore kAFL style full edge traces 2022-02-11 10:45:30 -08:00
Steffen Schulz
81dbc38d46 print error on invalid hget(), minor bugfix for QEMU_PR_PRINTF enable 2022-02-11 10:45:30 -08:00
Steffen Schulz
169b084df5 report KVM_EXIT_SHUTDOWN and UNKNOWN_ERROR as panic events 2022-02-11 10:45:30 -08:00
Steffen Schulz
c12c6bd70d starved: signal if guest was reading beyond end of payload 2022-02-11 10:45:30 -08:00
Steffen Schulz
95742719f5 use 32bit kasan/panic notifier payload when on 32bit 2022-02-08 23:38:20 +01:00
Sergej Schumilo
31b8c05afe checkout specific libxdc commit 2022-02-08 23:38:20 +01:00