Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

QEMU filtering rework + paging filtering #1705

Merged
merged 11 commits into from
Dec 21, 2023
Merged

QEMU filtering rework + paging filtering #1705

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
4ec40a6
Added paging filtering.
rmalmain Nov 30, 2023
febf244
Fix: renamed remaining QemuInstrumentationFilter instances.
rmalmain Nov 30, 2023
acd4bd3
Fix: clippy + format
rmalmain Nov 30, 2023
ffb580a
Updated qemu-libafl-bridge
rmalmain Nov 30, 2023
985ef80
Fix QEMU userspace crash handler (#1706)
andreafioraldi Dec 1, 2023
9cb28db
libafl_cc custom llvm_config lookup for solaris/illumos (#1708)
devnexen Dec 3, 2023
059399d
fix simd (#1709)
tokatoka Dec 3, 2023
c177afe
Merge branch 'main' into paging_filter
andreafioraldi Dec 5, 2023
18aad5d
Updated qemu
rmalmain Dec 5, 2023
44fc6fa
Merge branch 'AFLplusplus:main' into paging_filter
rmalmain Dec 6, 2023
9177716
Merge branch 'main' into paging_filter
rmalmain Dec 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions fuzzers/qemu_coverage/src/fuzzer.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ use libafl_bolts::{
};
use libafl_qemu::{
drcov::QemuDrCovHelper, elf::EasyElf, emu::Emulator, ArchExtras, CallingConvention, GuestAddr,
GuestReg, MmapPerms, QemuExecutor, QemuHooks, QemuInstrumentationFilter, Regs,
GuestReg, MmapPerms, QemuExecutor, QemuHooks, QemuInstrumentationAddressRangeFilter, Regs,
};
use rangemap::RangeMap;

Expand Down Expand Up @@ -238,7 +238,7 @@ pub fn fuzz() {
let mut hooks = QemuHooks::new(
emu.clone(),
tuple_list!(QemuDrCovHelper::new(
QemuInstrumentationFilter::None,
QemuInstrumentationAddressRangeFilter::None,
rangemap,
PathBuf::from(coverage),
false,
Expand Down
15 changes: 10 additions & 5 deletions fuzzers/qemu_launcher/src/client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ use libafl_qemu::{
cmplog::QemuCmpLogHelper,
edges::QemuEdgeCoverageHelper,
elf::EasyElf,
ArchExtras, Emulator, GuestAddr, QemuInstrumentationFilter,
ArchExtras, Emulator, GuestAddr, QemuInstrumentationAddressRangeFilter,
};

use crate::{instance::Instance, options::FuzzerOptions};
Expand Down Expand Up @@ -59,7 +59,10 @@ impl<'a> Client<'a> {
Ok(start_pc)
}

fn coverage_filter(&self, emu: &Emulator) -> Result<QemuInstrumentationFilter, Error> {
fn coverage_filter(
&self,
emu: &Emulator,
) -> Result<QemuInstrumentationAddressRangeFilter, Error> {
/* Conversion is required on 32-bit targets, but not on 64-bit ones */
if let Some(includes) = &self.options.include {
#[cfg_attr(target_pointer_width = "64", allow(clippy::useless_conversion))]
Expand All @@ -70,7 +73,7 @@ impl<'a> Client<'a> {
end: x.end.into(),
})
.collect::<Vec<Range<GuestAddr>>>();
Ok(QemuInstrumentationFilter::AllowList(rules))
Ok(QemuInstrumentationAddressRangeFilter::AllowList(rules))
} else if let Some(excludes) = &self.options.exclude {
#[cfg_attr(target_pointer_width = "64", allow(clippy::useless_conversion))]
let rules = excludes
Expand All @@ -80,14 +83,16 @@ impl<'a> Client<'a> {
end: x.end.into(),
})
.collect::<Vec<Range<GuestAddr>>>();
Ok(QemuInstrumentationFilter::DenyList(rules))
Ok(QemuInstrumentationAddressRangeFilter::DenyList(rules))
} else {
let mut elf_buffer = Vec::new();
let elf = EasyElf::from_file(emu.binary_path(), &mut elf_buffer)?;
let range = elf
.get_section(".text", emu.load_addr())
.ok_or_else(|| Error::key_not_found("Failed to find .text section"))?;
Ok(QemuInstrumentationFilter::AllowList(vec![range]))
Ok(QemuInstrumentationAddressRangeFilter::AllowList(vec![
range,
]))
}
}

Expand Down
2 changes: 1 addition & 1 deletion libafl_qemu/libafl_qemu_build/src/build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use which::which;

const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
const QEMU_REVISION: &str = "32206d23c33a55c9e519e4ae67038ab27d713a24";
const QEMU_REVISION: &str = "c92d7c2ef66811278e8d665d4aec57661c980186";

fn build_dep_check(tools: &[&str]) {
for tool in tools {
Expand Down
21 changes: 12 additions & 9 deletions libafl_qemu/src/asan.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,10 @@ use rangemap::RangeMap;
use crate::{
calls::FullBacktraceCollector,
emu::{EmuError, Emulator, MemAccessInfo, SyscallHookResult},
helper::{HasInstrumentationFilter, QemuHelper, QemuHelperTuple, QemuInstrumentationFilter},
helper::{
HasInstrumentationFilter, IsFilter, QemuHelper, QemuHelperTuple,
QemuInstrumentationAddressRangeFilter,
},
hooks::{Hook, QemuHooks},
snapshot::QemuSnapshotHelper,
GuestAddr, Regs,
Expand Down Expand Up @@ -734,23 +737,23 @@ pub struct QemuAsanHelper {
detect_leaks: bool,
empty: bool,
rt: Pin<Box<AsanGiovese>>,
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
}

impl QemuAsanHelper {
#[must_use]
pub fn default(rt: Pin<Box<AsanGiovese>>) -> Self {
Self::new(
rt,
QemuInstrumentationFilter::None,
QemuInstrumentationAddressRangeFilter::None,
QemuAsanOptions::Snapshot,
)
}

#[must_use]
pub fn new(
mut rt: Pin<Box<AsanGiovese>>,
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
options: QemuAsanOptions,
) -> Self {
assert!(unsafe { ASAN_INITED }, "The ASan runtime is not initialized, use init_with_asan(...) instead of just Emulator::new(...)");
Expand All @@ -773,7 +776,7 @@ impl QemuAsanHelper {
#[must_use]
pub fn with_error_callback(
mut rt: Pin<Box<AsanGiovese>>,
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
error_callback: AsanErrorCallback,
options: QemuAsanOptions,
) -> Self {
Expand All @@ -798,7 +801,7 @@ impl QemuAsanHelper {
#[must_use]
pub fn with_asan_report(
rt: Pin<Box<AsanGiovese>>,
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
options: QemuAsanOptions,
) -> Self {
Self::with_error_callback(rt, filter, Box::new(asan_report), options)
Expand Down Expand Up @@ -922,12 +925,12 @@ impl QemuAsanHelper {
}
}

impl HasInstrumentationFilter for QemuAsanHelper {
fn filter(&self) -> &QemuInstrumentationFilter {
impl HasInstrumentationFilter<QemuInstrumentationAddressRangeFilter> for QemuAsanHelper {
fn filter(&self) -> &QemuInstrumentationAddressRangeFilter {
&self.filter
}

fn filter_mut(&mut self) -> &mut QemuInstrumentationFilter {
fn filter_mut(&mut self) -> &mut QemuInstrumentationAddressRangeFilter {
&mut self.filter
}
}
Expand Down
15 changes: 9 additions & 6 deletions libafl_qemu/src/calls.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,10 @@ use thread_local::ThreadLocal;
use crate::{
capstone,
emu::{ArchExtras, Emulator},
helper::{HasInstrumentationFilter, QemuHelper, QemuHelperTuple, QemuInstrumentationFilter},
helper::{
HasInstrumentationFilter, IsFilter, QemuHelper, QemuHelperTuple,
QemuInstrumentationAddressRangeFilter,
},
hooks::{Hook, QemuHooks},
GuestAddr,
};
Expand Down Expand Up @@ -215,7 +218,7 @@ pub struct QemuCallTracerHelper<T>
where
T: CallTraceCollectorTuple,
{
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
cs: Capstone,
collectors: Option<T>,
}
Expand All @@ -225,7 +228,7 @@ where
T: CallTraceCollectorTuple,
{
#[must_use]
pub fn new(filter: QemuInstrumentationFilter, collectors: T) -> Self {
pub fn new(filter: QemuInstrumentationAddressRangeFilter, collectors: T) -> Self {
Self {
filter,
cs: capstone().detail(true).build().unwrap(),
Expand Down Expand Up @@ -380,15 +383,15 @@ where
}
}

impl<T> HasInstrumentationFilter for QemuCallTracerHelper<T>
impl<T> HasInstrumentationFilter<QemuInstrumentationAddressRangeFilter> for QemuCallTracerHelper<T>
where
T: CallTraceCollectorTuple,
{
fn filter(&self) -> &QemuInstrumentationFilter {
fn filter(&self) -> &QemuInstrumentationAddressRangeFilter {
&self.filter
}

fn filter_mut(&mut self) -> &mut QemuInstrumentationFilter {
fn filter_mut(&mut self) -> &mut QemuInstrumentationAddressRangeFilter {
&mut self.filter
}
}
Expand Down
31 changes: 16 additions & 15 deletions libafl_qemu/src/cmplog.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ use crate::{
};
use crate::{
helper::{
hash_me, HasInstrumentationFilter, QemuHelper, QemuHelperTuple, QemuInstrumentationFilter,
hash_me, HasInstrumentationFilter, IsFilter, QemuHelper, QemuHelperTuple,
QemuInstrumentationAddressRangeFilter,
},
hooks::{Hook, QemuHooks},
GuestAddr,
Expand Down Expand Up @@ -48,12 +49,12 @@ libafl_bolts::impl_serdeany!(QemuCmpsMapMetadata);

#[derive(Debug)]
pub struct QemuCmpLogHelper {
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
}

impl QemuCmpLogHelper {
#[must_use]
pub fn new(filter: QemuInstrumentationFilter) -> Self {
pub fn new(filter: QemuInstrumentationAddressRangeFilter) -> Self {
Self { filter }
}

Expand All @@ -65,16 +66,16 @@ impl QemuCmpLogHelper {

impl Default for QemuCmpLogHelper {
fn default() -> Self {
Self::new(QemuInstrumentationFilter::None)
Self::new(QemuInstrumentationAddressRangeFilter::None)
}
}

impl HasInstrumentationFilter for QemuCmpLogHelper {
fn filter(&self) -> &QemuInstrumentationFilter {
impl HasInstrumentationFilter<QemuInstrumentationAddressRangeFilter> for QemuCmpLogHelper {
fn filter(&self) -> &QemuInstrumentationAddressRangeFilter {
&self.filter
}

fn filter_mut(&mut self) -> &mut QemuInstrumentationFilter {
fn filter_mut(&mut self) -> &mut QemuInstrumentationAddressRangeFilter {
&mut self.filter
}
}
Expand All @@ -99,12 +100,12 @@ where

#[derive(Debug)]
pub struct QemuCmpLogChildHelper {
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
}

impl QemuCmpLogChildHelper {
#[must_use]
pub fn new(filter: QemuInstrumentationFilter) -> Self {
pub fn new(filter: QemuInstrumentationAddressRangeFilter) -> Self {
Self { filter }
}

Expand All @@ -116,7 +117,7 @@ impl QemuCmpLogChildHelper {

impl Default for QemuCmpLogChildHelper {
fn default() -> Self {
Self::new(QemuInstrumentationFilter::None)
Self::new(QemuInstrumentationAddressRangeFilter::None)
}
}

Expand Down Expand Up @@ -219,14 +220,14 @@ pub extern "C" fn trace_cmp8_cmplog(_: *const (), id: u64, v0: u64, v1: u64) {
#[cfg(emulation_mode = "usermode")]
#[derive(Debug)]
pub struct QemuCmpLogRoutinesHelper {
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
cs: Capstone,
}

#[cfg(emulation_mode = "usermode")]
impl QemuCmpLogRoutinesHelper {
#[must_use]
pub fn new(filter: QemuInstrumentationFilter) -> Self {
pub fn new(filter: QemuInstrumentationAddressRangeFilter) -> Self {
Self {
filter,
cs: capstone().detail(true).build().unwrap(),
Expand Down Expand Up @@ -348,12 +349,12 @@ impl QemuCmpLogRoutinesHelper {
}

#[cfg(emulation_mode = "usermode")]
impl HasInstrumentationFilter for QemuCmpLogRoutinesHelper {
fn filter(&self) -> &QemuInstrumentationFilter {
impl HasInstrumentationFilter<QemuInstrumentationAddressRangeFilter> for QemuCmpLogRoutinesHelper {
fn filter(&self) -> &QemuInstrumentationAddressRangeFilter {
&self.filter
}

fn filter_mut(&mut self) -> &mut QemuInstrumentationFilter {
fn filter_mut(&mut self) -> &mut QemuInstrumentationAddressRangeFilter {
&mut self.filter
}
}
Expand Down
15 changes: 9 additions & 6 deletions libafl_qemu/src/drcov.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,10 @@ use serde::{Deserialize, Serialize};

use crate::{
emu::{GuestAddr, GuestUsize},
helper::{HasInstrumentationFilter, QemuHelper, QemuHelperTuple, QemuInstrumentationFilter},
helper::{
HasInstrumentationFilter, IsFilter, QemuHelper, QemuHelperTuple,
QemuInstrumentationAddressRangeFilter,
},
hooks::{Hook, QemuHooks},
Emulator,
};
Expand Down Expand Up @@ -39,7 +42,7 @@ libafl_bolts::impl_serdeany!(QemuDrCovMetadata);

#[derive(Debug)]
pub struct QemuDrCovHelper {
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
module_mapping: RangeMap<usize, (u16, String)>,
filename: PathBuf,
full_trace: bool,
Expand All @@ -50,7 +53,7 @@ impl QemuDrCovHelper {
#[must_use]
#[allow(clippy::let_underscore_untyped)]
pub fn new(
filter: QemuInstrumentationFilter,
filter: QemuInstrumentationAddressRangeFilter,
module_mapping: RangeMap<usize, (u16, String)>,
filename: PathBuf,
full_trace: bool,
Expand All @@ -75,12 +78,12 @@ impl QemuDrCovHelper {
}
}

impl HasInstrumentationFilter for QemuDrCovHelper {
fn filter(&self) -> &QemuInstrumentationFilter {
impl HasInstrumentationFilter<QemuInstrumentationAddressRangeFilter> for QemuDrCovHelper {
fn filter(&self) -> &QemuInstrumentationAddressRangeFilter {
&self.filter
}

fn filter_mut(&mut self) -> &mut QemuInstrumentationFilter {
fn filter_mut(&mut self) -> &mut QemuInstrumentationAddressRangeFilter {
&mut self.filter
}
}
Expand Down
Loading
Loading