From 69fedf04318de624ed482c04527aaa4cf7cd5d18 Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Wed, 24 Apr 2024 14:41:22 +0200 Subject: [PATCH 1/4] Replace removed tb_invalidate_phys_addr --- cpu-target.c | 4 +++- scripts/meson-buildoptions.sh | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cpu-target.c b/cpu-target.c index 59790f205ea..97b7ed23e17 100644 --- a/cpu-target.c +++ b/cpu-target.c @@ -465,7 +465,9 @@ void list_cpus(void) #if defined(CONFIG_USER_ONLY) void libafl_breakpoint_invalidate(CPUState *cpu, target_ulong pc) { - tb_invalidate_phys_addr(pc); + mmap_lock(); + tb_invalidate_phys_range(pc, pc + 1); + mmap_unlock(); } #else void libafl_breakpoint_invalidate(CPUState *cpu, target_ulong pc) diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh index 22216d922ac..f626e0008c3 100644 --- a/scripts/meson-buildoptions.sh +++ b/scripts/meson-buildoptions.sh @@ -19,6 +19,7 @@ meson_options_help() { printf "%s\n" ' --disable-install-blobs install provided firmware blobs' printf "%s\n" ' --disable-qom-cast-debug cast debugging support' printf "%s\n" ' --disable-relocatable toggle relocatable install' + printf "%s\n" ' --disable-tests build tests' printf "%s\n" ' --docdir=VALUE Base directory for documentation installation' printf "%s\n" ' (can be empty) [share/doc]' printf "%s\n" ' --enable-block-drv-whitelist-in-tools' @@ -315,8 +316,6 @@ _meson_option_parse() { --disable-fuse-lseek) printf "%s" -Dfuse_lseek=disabled ;; --enable-fuzzing) printf "%s" -Dfuzzing=true ;; --disable-fuzzing) printf "%s" -Dfuzzing=false ;; - --enable-tests) printf "%s" -Dtests=true ;; - --disable-tests) printf "%s" -Dtests=false ;; --enable-gcrypt) printf "%s" -Dgcrypt=enabled ;; --disable-gcrypt) printf "%s" -Dgcrypt=disabled ;; --enable-gettext) printf "%s" -Dgettext=enabled ;; @@ -495,6 +494,8 @@ _meson_option_parse() { --disable-tcg) printf "%s" -Dtcg=disabled ;; --enable-tcg-interpreter) printf "%s" -Dtcg_interpreter=true ;; --disable-tcg-interpreter) printf "%s" -Dtcg_interpreter=false ;; + --enable-tests) printf "%s" -Dtests=true ;; + --disable-tests) printf "%s" -Dtests=false ;; --tls-priority=*) quote_sh "-Dtls_priority=$2" ;; --enable-tools) printf "%s" -Dtools=enabled ;; --disable-tools) printf "%s" -Dtools=disabled ;; From 61a70ab94a4d26a735e9874ff9eaef554bf516eb Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Wed, 24 Apr 2024 15:25:55 +0200 Subject: [PATCH 2/4] Cleanup merge. --- accel/tcg/cpu-exec.c | 4 ++-- accel/tcg/cputlb.c | 1 - accel/tcg/tb-maint.c | 6 +++--- accel/tcg/translator.c | 2 ++ block/block-backend.c | 4 ++-- chardev/char-socket.c | 6 +++--- configure | 8 ++++++-- contrib/plugins/lockstep.c | 2 ++ gdbstub/gdbstub.c | 3 ++- hw/hppa/Kconfig | 1 - io/channel-buffer.c | 2 +- linux-user/main.c | 6 ++++++ linux-user/user-internals.h | 2 +- meson.build | 19 ++++++++++++++++++- meson_options.txt | 2 ++ migration/migration.c | 4 ---- subprojects/libvhost-user/meson.build | 6 ++++++ system/main.c | 4 ++++ target/arm/helper.c | 2 ++ target/arm/tcg/translate-a64.c | 4 ++++ target/i386/cpu.h | 6 ------ tcg/tcg-op-ldst.c | 20 ++++++++++---------- 22 files changed, 76 insertions(+), 38 deletions(-) diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c index f00f41394c3..73431c14f66 100644 --- a/accel/tcg/cpu-exec.c +++ b/accel/tcg/cpu-exec.c @@ -180,7 +180,7 @@ static bool tb_lookup_cmp(const void *p, const void *d) const TranslationBlock *tb = p; const struct tb_desc *desc = d; - if (tb->pc == desc->pc && + if ((tb_cflags(tb) & CF_PCREL || tb->pc == desc->pc) && tb_page_addr0(tb) == desc->page_addr0 && tb->cs_base == desc->cs_base && tb->flags == desc->flags && @@ -230,7 +230,7 @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, vaddr pc, return NULL; } desc.page_addr0 = phys_pc; - h = tb_hash_func(phys_pc, pc, + h = tb_hash_func(phys_pc, (cflags & CF_PCREL ? 0 : pc), flags, cs_base, cflags); return qht_lookup_custom(&tb_ctx.htable, &desc, h, tb_lookup_cmp); } diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 66f1637985c..7ca79f3e70b 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -2556,7 +2556,6 @@ static Int128 do_ld16_mmu(CPUState *cpu, vaddr addr, MMU_DATA_LOAD, l.memop, ra); ret = int128_make128(b, a); } - if ((l.memop & MO_BSWAP) == MO_LE) { ret = bswap128(ret); } diff --git a/accel/tcg/tb-maint.c b/accel/tcg/tb-maint.c index de20e7da156..da39a43bd8c 100644 --- a/accel/tcg/tb-maint.c +++ b/accel/tcg/tb-maint.c @@ -47,7 +47,7 @@ static bool tb_cmp(const void *ap, const void *bp) const TranslationBlock *a = ap; const TranslationBlock *b = bp; - return (a->pc == b->pc && + return ((tb_cflags(a) & CF_PCREL || a->pc == b->pc) && a->cs_base == b->cs_base && a->flags == b->flags && (tb_cflags(a) & ~CF_INVALID) == (tb_cflags(b) & ~CF_INVALID) && @@ -916,7 +916,7 @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list) /* remove the TB from the hash list */ phys_pc = tb_page_addr0(tb); - h = tb_hash_func(phys_pc, tb->pc, + h = tb_hash_func(phys_pc, (orig_cflags & CF_PCREL ? 0 : tb->pc), tb->flags, tb->cs_base, orig_cflags); if (!qht_remove(&tb_ctx.htable, tb, h)) { return; @@ -983,7 +983,7 @@ TranslationBlock *tb_link_page(TranslationBlock *tb) tb_record(tb); /* add in the hash table */ - h = tb_hash_func(tb_page_addr0(tb), tb->pc, + h = tb_hash_func(tb_page_addr0(tb), (tb->cflags & CF_PCREL ? 0 : tb->pc), tb->flags, tb->cs_base, tb->cflags); qht_insert(&tb_ctx.htable, tb, h, &existing_tb); diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c index 61ccb8c5cce..d4969d3b912 100644 --- a/accel/tcg/translator.c +++ b/accel/tcg/translator.c @@ -244,7 +244,9 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns, */ ops->translate_insn(db, cpu); +//// --- Begin LibAFL code --- post_translate_insn: +//// --- End LibAFL code --- /* * We can't instrument after instructions that change control * flow although this only really affects post-load operations. diff --git a/block/block-backend.c b/block/block-backend.c index 038a0714001..df3f3254330 100644 --- a/block/block-backend.c +++ b/block/block-backend.c @@ -701,16 +701,16 @@ bool monitor_add_blk(BlockBackend *blk, const char *name, Error **errp) error_setg(errp, "Invalid device name"); return false; } -//// --- Begin LibAFL code --- if (blk_by_name(name)) { error_setg(errp, "Device with id '%s' already exists", name); return false; } -//// --- End LibAFL code --- +//// --- Begin LibAFL code --- if (blk_by_name_hash(g_str_hash(name))) { error_setg(errp, "Device with name hash '%x' already exists", g_str_hash(name)); return false; } +//// --- End LibAFL code --- if (bdrv_find_node(name)) { error_setg(errp, "Device name '%s' conflicts with an existing node name", diff --git a/chardev/char-socket.c b/chardev/char-socket.c index 2c4dffc0e6f..812d7aa38ac 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -496,9 +496,9 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque) s->max_size <= 0) { return TRUE; } - len = tcp_chr_read_poll(opaque); - if (len > sizeof(buf)) { - len = sizeof(buf); + len = sizeof(buf); + if (len > s->max_size) { + len = s->max_size; } size = tcp_chr_recv(chr, (void *)buf, len); if (size == 0 || (size == -1 && errno != EAGAIN)) { diff --git a/configure b/configure index 8d1b6e3e4c7..6a7e513b124 100755 --- a/configure +++ b/configure @@ -578,8 +578,10 @@ if test "$host_os" = "windows" ; then EXESUF=".exe" fi +#### --- Begin LibAFL code --- as_shared_lib="no" as_static_lib="no" +#### --- end LibAFL code --- meson_option_build_array() { printf '[' @@ -761,6 +763,7 @@ for opt do ;; --gdb=*) gdb_bin="$optarg" ;; +#### --- Begin LibAFL code --- --as-shared-lib) as_shared_lib="yes" CFLAGS="$CFLAGS -fPIC -DAS_LIB=1" @@ -771,6 +774,7 @@ for opt do CFLAGS="$CFLAGS -fPIC -DAS_LIB=1" CXXFLAGS="$CXXFLAGS -fPIC -DAS_LIB=1" ;; +#### --- End LibAFL code --- # everything else has the same name in configure and meson --*) meson_option_parse "$opt" "$optarg" ;; @@ -1616,7 +1620,6 @@ echo "GDB=$gdb_bin" >> $config_host_mak if test "$container" != no; then echo "RUNC=$runc" >> $config_host_mak fi - echo "SUBDIRS=$subdirs" >> $config_host_mak echo "PYTHON=$python" >> $config_host_mak echo "MKVENV_ENSUREGROUP=$mkvenv ensuregroup $mkvenv_online_flag" >> $config_host_mak @@ -1628,13 +1631,14 @@ if test "$default_targets" = "yes"; then echo "CONFIG_DEFAULT_TARGETS=y" >> $config_host_mak fi +#### --- Begin LibAFL code --- if test "$as_shared_lib" = "yes" ; then echo "AS_SHARED_LIB=y" >> $config_host_mak fi if test "$as_static_lib" = "yes" ; then echo "AS_STATIC_LIB=y" >> $config_host_mak fi - +#### --- End LibAFL code --- # contrib/plugins configuration echo "# Automatically generated by configure - do not modify" > contrib/plugins/$config_host_mak diff --git a/contrib/plugins/lockstep.c b/contrib/plugins/lockstep.c index 76ef89638aa..57e1ac88e88 100644 --- a/contrib/plugins/lockstep.c +++ b/contrib/plugins/lockstep.c @@ -33,6 +33,7 @@ #include +//// --- Begin LibAFL code --- static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize byte_size) { #if GLIB_CHECK_VERSION(2, 68, 0) @@ -51,6 +52,7 @@ static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize byte_size) #endif } #define g_memdup2(m, s) g_memdup2_qemu(m, s) +//// --- End LibAFL code --- QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION; diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c index f0172099887..1c39ebad82f 100644 --- a/gdbstub/gdbstub.c +++ b/gdbstub/gdbstub.c @@ -1811,13 +1811,14 @@ static const GdbCmdParseEntry gdb_gen_query_table[] = { .handler = gdb_handle_query_offsets, .cmd = "Offsets", }, -#endif +#else { .handler = gdb_handle_query_rcmd, .cmd = "Rcmd,", .cmd_startswith = 1, .schema = "s0" }, +#endif { .handler = handle_query_supported, .cmd = "Supported:", diff --git a/hw/hppa/Kconfig b/hw/hppa/Kconfig index c9c3e951759..ee7ffd2bfb5 100644 --- a/hw/hppa/Kconfig +++ b/hw/hppa/Kconfig @@ -18,4 +18,3 @@ config HPPA_B160L select LASIPS2 select PARALLEL select ARTIST - select USB_OHCI_PCI diff --git a/io/channel-buffer.c b/io/channel-buffer.c index dd2b09f50d2..60cd33587b0 100644 --- a/io/channel-buffer.c +++ b/io/channel-buffer.c @@ -181,8 +181,8 @@ static int qio_channel_buffer_close(QIOChannel *ioc, g_free(bioc->data); } - //// --- End LibAFL code --- //g_free(bioc->data); + //// --- End LibAFL code --- bioc->data = NULL; bioc->capacity = bioc->usage = bioc->offset = 0; diff --git a/linux-user/main.c b/linux-user/main.c index 96e9bb625a2..31d14192c52 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -636,6 +636,7 @@ static int parse_args(int argc, char **argv) r++; } +//// --- Begin LibAFL code --- if (!strncmp(r, "libafl", 6)) { if (optind >= argc) { (void) fprintf(stderr, @@ -645,6 +646,7 @@ static int parse_args(int argc, char **argv) optind++; continue; } +//// --- End LibAFL code --- for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) { if (!strcmp(r, arginfo->argv)) { @@ -675,7 +677,9 @@ static int parse_args(int argc, char **argv) exit(EXIT_FAILURE); } +//// --- Begin LibAFL code --- exec_path = strdup(argv[optind]); +//// --- End LibAFL code --- return optind; } @@ -717,9 +721,11 @@ int main(int argc, char **argv, char **envp) #endif { struct target_pt_regs regs1, *regs = ®s1; +//// --- Begin LibAFL code --- //struct image_info info1, *info = &info1; struct image_info *info = &libafl_image_info; // struct linux_binprm bprm; +//// --- End LibAFL code --- TaskState *ts; CPUArchState *env; CPUState *cpu; diff --git a/linux-user/user-internals.h b/linux-user/user-internals.h index 3a9fcbfdd2b..ce11d9e21c1 100644 --- a/linux-user/user-internals.h +++ b/linux-user/user-internals.h @@ -65,7 +65,7 @@ abi_long do_syscall(CPUArchState *cpu_env, int num, abi_long arg1, abi_long arg5, abi_long arg6, abi_long arg7, abi_long arg8); extern __thread CPUState *thread_cpu; -void cpu_loop(CPUArchState *env); +G_NORETURN void cpu_loop(CPUArchState *env); abi_long get_errno(abi_long ret); const char *target_strerror(int err); int get_osversion(void); diff --git a/meson.build b/meson.build index d41fb73ccc7..7e7790ea27b 100644 --- a/meson.build +++ b/meson.build @@ -3454,9 +3454,12 @@ subdir('ui') subdir('hw') subdir('gdbstub') +#### --- Begin LibAFL code --- + ### LibAFL extras subdir('libafl') +#### --- End LibAFL code --- if enable_modules libmodulecommon = static_library('module-common', files('module-common.c') + genh, pic: true, c_args: '-DBUILD_DSO') @@ -3585,10 +3588,14 @@ subdir('bsd-user') subdir('linux-user') # needed for fuzzing binaries +#### --- Begin LibAFL code --- if get_option('tests') +#### --- End LibAFL code --- subdir('tests/qtest/libqos') subdir('tests/qtest/fuzz') +#### --- Begin LibAFL code --- endif +#### --- End LibAFL code --- # accel modules tcg_real_module_ss = ss.source_set() @@ -3971,7 +3978,9 @@ foreach target : target_dirs exe_name += '-unsigned' endif +#### --- Begin LibAFL code --- if 'AS_SHARED_LIB' not in config_host and 'AS_STATIC_LIB' not in config_host +#### --- End LibAFL code --- emulator = executable(exe_name, exe['sources'], install: true, c_args: c_args, @@ -3980,6 +3989,7 @@ foreach target : target_dirs link_depends: [block_syms, qemu_syms], link_args: link_args, win_subsystem: exe['win_subsystem']) +#### --- Begin LibAFL code --- else if 'AS_SHARED_LIB' in config_host emulator = shared_library(exe_name, exe['sources'], @@ -3997,6 +4007,7 @@ foreach target : target_dirs objects: lib.extract_all_objects(recursive: true)) endif endif +#### --- End LibAFL code --- if host_os == 'darwin' icon = 'pc-bios/qemu.rsrc' build_input = [emulator, files(icon)] @@ -4132,9 +4143,13 @@ subdir('scripts') subdir('tools') subdir('pc-bios') subdir('docs') +#### --- Begin LibAFL code --- if get_option('tests') +#### --- End LibAFL code --- subdir('tests') +#### --- Begin LibAFL code --- endif +#### --- End LibAFL code --- if gtk.found() subdir('po') endif @@ -4230,7 +4245,9 @@ if enable_modules summary_info += {'alternative module path': get_option('module_upgrades')} endif summary_info += {'fuzzing support': get_option('fuzzing')} -summary_info += {'tests support': get_option('tests')} +#### --- Begin LibAFL code --- +summary_info += {'Build tests': get_option('tests')} +#### --- End LibAFL code --- if have_system summary_info += {'Audio drivers': ' '.join(audio_drivers_selected)} endif diff --git a/meson_options.txt b/meson_options.txt index 2cf2da006b3..075fdadb743 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -43,8 +43,10 @@ option('docs', type : 'feature', value : 'auto', description: 'Documentations build support') option('fuzzing', type : 'boolean', value: false, description: 'build fuzzing targets') +#### --- Begin LibAFL code --- option('tests', type : 'boolean', value: true, description: 'build tests') +#### --- End LibAFL code --- option('gettext', type : 'feature', value : 'auto', description: 'Localization of the GTK+ user interface') option('modules', type : 'feature', value : 'disabled', diff --git a/migration/migration.c b/migration/migration.c index 6c377edcb6d..86bf76e9258 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -164,9 +164,6 @@ static bool transport_supports_seeking(MigrationAddress *addr) return false; } - return false; -} - static bool migration_channels_and_transport_compatible(MigrationAddress *addr, Error **errp) @@ -733,7 +730,6 @@ static void process_incoming_migration_bh(void *opaque) migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE, MIGRATION_STATUS_COMPLETED); migration_incoming_state_destroy(); - object_unref(OBJECT(migrate_get_current())); } static void coroutine_fn diff --git a/subprojects/libvhost-user/meson.build b/subprojects/libvhost-user/meson.build index 9d033fa20c2..bab7ce4f968 100644 --- a/subprojects/libvhost-user/meson.build +++ b/subprojects/libvhost-user/meson.build @@ -8,8 +8,10 @@ add_project_arguments(cc.get_supported_arguments('-Wsign-compare', '-Wstrict-aliasing'), native: false, language: 'c') +#### --- Begin LibAFL code --- keyval = import('keyval') config_host = keyval.load(meson.global_build_root() / 'config-host.mak') +#### --- End LibAFL code --- threads = dependency('threads') glib = dependency('glib-2.0') @@ -18,7 +20,9 @@ vhost_user = static_library('vhost-user', files('libvhost-user.c'), dependencies: threads, c_args: '-D_GNU_SOURCE', +#### --- Begin LibAFL code --- pic: 'AS_SHARED_LIB' in config_host) +#### --- End LibAFL code --- executable('link-test', files('link-test.c'), link_whole: vhost_user) @@ -27,7 +31,9 @@ vhost_user_glib = static_library('vhost-user-glib', files('libvhost-user-glib.c'), link_with: vhost_user, dependencies: glib, +#### --- Begin LibAFL code --- pic: 'AS_SHARED_LIB' in config_host) +#### --- End LibAFL code --- vhost_user_dep = declare_dependency(link_with: vhost_user_glib, dependencies: glib, diff --git a/system/main.c b/system/main.c index 2b22d919527..d1a8dca244e 100644 --- a/system/main.c +++ b/system/main.c @@ -42,10 +42,14 @@ int qemu_default_main(void) int (*qemu_main)(void) = qemu_default_main; +//// --- Begin LibAFL code --- #ifndef AS_LIB +//// --- End LibAFL code --- int main(int argc, char **argv) { qemu_init(argc, argv); return qemu_main(); } +//// --- Begin LibAFL code --- #endif +//// --- End LibAFL code --- diff --git a/target/arm/helper.c b/target/arm/helper.c index 3e698b8abbb..d34f315d48c 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -12774,7 +12774,9 @@ ARMSecuritySpace arm_security_space(CPUARMState *env) ARMSecuritySpace arm_security_space_below_el3(CPUARMState *env) { +//// --- Begin LibAFL code --- // assert(!arm_feature(env, ARM_FEATURE_M)); // Remove this for LibAFL +//// --- End LibAFL code --- /* * If EL3 is not supported then the secure state is implementation diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 7ee26d2a1e4..3997535ed1a 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -4203,6 +4203,10 @@ static bool gen_rri(DisasContext *s, arg_rri_sf *a, return true; } +/* + * PC-rel. addressing + */ + static bool trans_ADR(DisasContext *s, arg_ri *a) { gen_pc_plus_diff(s, cpu_reg(s, a->rd), a->imm); diff --git a/target/i386/cpu.h b/target/i386/cpu.h index bc1921287aa..6ae8cdd57e8 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -2338,12 +2338,6 @@ static inline bool is_mmu_index_32(int mmu_index) return mmu_index & 1; } -static inline bool is_mmu_index_32(int mmu_index) -{ - assert(mmu_index < MMU_PHYS_IDX); - return mmu_index & 1; -} - static inline int cpu_mmu_index_kernel(CPUX86State *env) { int mmu_index_32 = (env->hflags & HF_LMA_MASK) ? 0 : 1; diff --git a/tcg/tcg-op-ldst.c b/tcg/tcg-op-ldst.c index 1417890f630..923e6322232 100644 --- a/tcg/tcg-op-ldst.c +++ b/tcg/tcg-op-ldst.c @@ -636,7 +636,7 @@ static void tcg_gen_qemu_ld_i128_int(TCGv_i128 val, TCGTemp *addr, tcg_constant_i32(orig_oi)); } -//// --- Start LibAFL code --- +//// --- Begin LibAFL code --- libafl_gen_read(addr, orig_oi); @@ -758,7 +758,7 @@ static void tcg_gen_qemu_st_i128_int(TCGv_i128 val, TCGTemp *addr, tcg_constant_i32(orig_oi)); } -//// --- Start LibAFL code --- +//// --- Begin LibAFL code --- libafl_gen_write(addr, orig_oi); @@ -1257,13 +1257,13 @@ void tcg_gen_atomic_##NAME##_i32_chk(TCGv_i32 ret, TCGTemp *addr, \ tcg_debug_assert(addr_type == tcg_ctx->addr_type); \ tcg_debug_assert((memop & MO_SIZE) <= MO_32); \ if (tcg_ctx->gen_tb->cflags & CF_PARALLEL) { \ -/* --- Start LibAFL code --- */ \ +/*** --- Begin LibAFL code --- ***/ \ libafl_gen_read(addr, make_memop_idx(memop, 0)); \ -/* --- End LibAFL code --- */ \ +/*** --- End LibAFL code --- ***/ \ do_atomic_op_i32(ret, addr, val, idx, memop, table_##NAME); \ -/* --- Start LibAFL code --- */ \ +/*** --- Begin LibAFL code --- ***/ \ libafl_gen_write(addr, make_memop_idx(memop, 0)); \ -/* --- End LibAFL code --- */ \ +/*** --- End LibAFL code --- ***/ \ } else { \ do_nonatomic_op_i32(ret, addr, val, idx, memop, NEW, \ tcg_gen_##OP##_i32); \ @@ -1276,13 +1276,13 @@ void tcg_gen_atomic_##NAME##_i64_chk(TCGv_i64 ret, TCGTemp *addr, \ tcg_debug_assert(addr_type == tcg_ctx->addr_type); \ tcg_debug_assert((memop & MO_SIZE) <= MO_64); \ if (tcg_ctx->gen_tb->cflags & CF_PARALLEL) { \ -/* --- Start LibAFL code --- */ \ +/*** --- Begin LibAFL code --- ***/ \ libafl_gen_read(addr, make_memop_idx(memop, 0)); \ -/* --- End LibAFL code --- */ \ +/*** --- End LibAFL code --- ***/ \ do_atomic_op_i64(ret, addr, val, idx, memop, table_##NAME); \ -/* --- Start LibAFL code --- */ \ +/*** --- Begin LibAFL code --- ***/ \ libafl_gen_write(addr, make_memop_idx(memop, 0)); \ -/* --- End LibAFL code --- */ \ +/*** --- End LibAFL code --- ***/ \ } else { \ do_nonatomic_op_i64(ret, addr, val, idx, memop, NEW, \ tcg_gen_##OP##_i64); \ From 428a0f021af405496eb7ea5af12d9cb2eda9f660 Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Wed, 24 Apr 2024 15:40:15 +0200 Subject: [PATCH 3/4] Re-remove G_NORETURN from cpu_loop --- linux-user/aarch64/cpu_loop.c | 7 ------- linux-user/user-internals.h | 2 +- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c index 58a5a05eab9..63bcc7cea4b 100644 --- a/linux-user/aarch64/cpu_loop.c +++ b/linux-user/aarch64/cpu_loop.c @@ -83,17 +83,12 @@ void cpu_loop(CPUARMState *env) abi_long ret; //// --- Begin LibAFL code --- - libafl_exit_signal_vm_start(); - //// --- End LibAFL code --- for (;;) { - //// --- Begin LibAFL code --- - if (libafl_exit_asap()) return; - //// --- End LibAFL code --- cpu_exec_start(cs); @@ -104,10 +99,8 @@ void cpu_loop(CPUARMState *env) switch (trapnr) { //// --- Begin LibAFL code --- - case EXCP_LIBAFL_EXIT: return; - //// --- End LibAFL code --- case EXCP_SWI: diff --git a/linux-user/user-internals.h b/linux-user/user-internals.h index ce11d9e21c1..0718a334383 100644 --- a/linux-user/user-internals.h +++ b/linux-user/user-internals.h @@ -65,7 +65,7 @@ abi_long do_syscall(CPUArchState *cpu_env, int num, abi_long arg1, abi_long arg5, abi_long arg6, abi_long arg7, abi_long arg8); extern __thread CPUState *thread_cpu; -G_NORETURN void cpu_loop(CPUArchState *env); +/* G_NORETURN */ void cpu_loop(CPUArchState *env); abi_long get_errno(abi_long ret); const char *target_strerror(int err); int get_osversion(void); From c10bf65d22e03831b00ceddd8186d0da7fabf7ed Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Wed, 24 Apr 2024 16:15:39 +0200 Subject: [PATCH 4/4] renamed iothread to bql --- libafl/syx-snapshot/syx-snapshot.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libafl/syx-snapshot/syx-snapshot.c b/libafl/syx-snapshot/syx-snapshot.c index cc4dd10479e..e9392c6b70b 100644 --- a/libafl/syx-snapshot/syx-snapshot.c +++ b/libafl/syx-snapshot/syx-snapshot.c @@ -625,11 +625,11 @@ void syx_snapshot_root_restore(SyxSnapshot *snapshot) { assert(cpu->stopped); } - bool must_unlock_iothread = false; + bool must_unlock_bql = false; - if (!qemu_mutex_iothread_locked()) { - qemu_mutex_lock_iothread(); - must_unlock_iothread = true; + if (!bql_locked()) { + bql_lock(); + must_unlock_bql = true; } // In case, we first restore devices if there is a modification of memory layout @@ -646,8 +646,8 @@ void syx_snapshot_root_restore(SyxSnapshot *snapshot) { syx_snapshot_dirty_list_flush(snapshot); - if (must_unlock_iothread) { - qemu_mutex_unlock_iothread(); + if (must_unlock_bql) { + bql_unlock(); } } bool syx_snapshot_cow_cache_read_entry(BlockBackend *blk, int64_t offset, int64_t bytes, QEMUIOVector *qiov, size_t qiov_offset,