Skip to content

Commit

Permalink
libafl_qemu: update qemu to v9.1.1 (AFLplusplus#2636)
Browse files Browse the repository at this point in the history
* update qemu to v9.1.1

* adapting stuff to qemu 9.1

* fix for new qemu gen_callN and x86 decoder

* remove outdated qemu configuration option
  • Loading branch information
rmalmain authored Oct 31, 2024
1 parent c86e116 commit 6d55626
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 8 deletions.
1 change: 1 addition & 0 deletions fuzzers/binary_only/fuzzbench_qemu/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ libafl_qemu = { path = "../../../libafl_qemu", features = [
] }
libafl_targets = { path = "../../../libafl_targets", version = "0.13.2" }

env_logger = "0.11.5"
log = { version = "0.4.22", features = ["release_max_level_info"] }
clap = { version = "4.5.18", features = ["default"] }
nix = { version = "0.29.0", features = ["fs"] }
10 changes: 6 additions & 4 deletions fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs
Original file line number Diff line number Diff line change
Expand Up @@ -171,10 +171,11 @@ fn fuzz(
logfile: PathBuf,
timeout: Duration,
) -> Result<(), Error> {
env_logger::init();
env::remove_var("LD_LIBRARY_PATH");

let args: Vec<String> = env::args().collect();
let qemu = Qemu::init(&args).unwrap();
let qemu = Qemu::init(&args).expect("QEMU init failed");
// let (emu, asan) = init_with_asan(&mut args, &mut env).unwrap();

let mut elf_buffer = Vec::new();
Expand All @@ -197,7 +198,8 @@ fn fuzz(

let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap();
let mut ret_addr = [0; 8];
unsafe { qemu.read_mem(stack_ptr, &mut ret_addr) };
qemu.read_mem(stack_ptr, &mut ret_addr)
.expect("Error while reading QEMU memory.");
let ret_addr = u64::from_le_bytes(ret_addr);

println!("Stack pointer = {stack_ptr:#x}");
Expand Down Expand Up @@ -337,7 +339,7 @@ fn fuzz(
}

unsafe {
qemu.write_mem(input_addr, buf);
qemu.write_mem_unchecked(input_addr, buf);

qemu.write_reg(Regs::Rdi, input_addr).unwrap();
qemu.write_reg(Regs::Rsi, len as GuestReg).unwrap();
Expand Down Expand Up @@ -397,7 +399,7 @@ fn fuzz(
println!("Failed to load initial corpus at {:?}", &seed_dir);
process::exit(0);
});
println!("We imported {} inputs from disk.", state.corpus().count());
println!("We imported {} input(s) from disk.", state.corpus().count());
}

let tracing = ShadowTracingStage::new(&mut executor);
Expand Down
1 change: 0 additions & 1 deletion libafl_qemu/libafl_qemu_build/src/bindings.rs
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,6 @@ const WRAPPER_HEADER: &str = r#"
#include "tcg/tcg.h"
#include "tcg/tcg-op.h"
#include "tcg/tcg-internal.h"
#include "exec/helper-head.h"
#include "qemu/plugin-memory.h"
Expand Down
6 changes: 3 additions & 3 deletions libafl_qemu/libafl_qemu_build/src/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ use crate::cargo_add_rpath;

pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
pub const QEMU_REVISION: &str = "c3c9c2128566ff325aa1a2bdcedde717f7d86e2c";
pub const QEMU_REVISION: &str = "b01a0bc334cf11bfc5e8f121d9520ef7f47dbcd1";

#[allow(clippy::module_name_repetitions)]
pub struct BuildResult {
Expand Down Expand Up @@ -158,7 +158,7 @@ fn configure_qemu(
.arg("--disable-linux-aio")
.arg("--disable-linux-io-uring")
.arg("--disable-linux-user")
.arg("--disable-live-block-migration")
// .arg("--disable-live-block-migration")
.arg("--disable-lzfse")
.arg("--disable-lzo")
.arg("--disable-l2tpv3")
Expand All @@ -174,7 +174,7 @@ fn configure_qemu(
.arg("--disable-pa")
.arg("--disable-parallels")
.arg("--disable-png")
.arg("--disable-pvrdma")
// .arg("--disable-pvrdma")
.arg("--disable-qcow1")
.arg("--disable-qed")
.arg("--disable-qga-vss")
Expand Down

0 comments on commit 6d55626

Please sign in to comment.