Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Run thread hooks for KVM mode #84

Merged
merged 2 commits into from
Aug 21, 2024
Merged

Run thread hooks for KVM mode #84

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ec91486
Run thread hooks for KVM mode
rmalmain Aug 14, 2024
e5f59bf
_libafl_qemu_user_init only defined if compiled as lib.
rmalmain Aug 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions accel/kvm/kvm-accel-ops.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@
#include <linux/kvm.h>
#include "kvm-cpus.h"

//// --- Begin LibAFL code ---

#include "libafl/hooks/thread.h"

//// --- End LibAFL code ---

static void *kvm_vcpu_thread_fn(void *arg)
{
CPUState *cpu = arg;
Expand All @@ -41,6 +47,12 @@ static void *kvm_vcpu_thread_fn(void *arg)
r = kvm_init_vcpu(cpu, &error_fatal);
kvm_init_cpu_signals(cpu);

//// --- Begin LibAFL code ---

libafl_hook_new_thread_run(cpu_env(cpu), cpu->thread_id);

//// --- End LibAFL code ---

/* signal CPU creation */
cpu_thread_signal_created(cpu);
qemu_guest_random_seed_thread_part2(cpu->random_seed);
Expand Down
2 changes: 1 addition & 1 deletion include/libafl/hooks/thread.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ size_t libafl_add_new_thread_hook(bool (*callback)(uint64_t data,
uint64_t data);
int libafl_qemu_remove_new_thread_hook(size_t num);

bool libafl_hook_new_thread_run(CPUArchState* env);
bool libafl_hook_new_thread_run(CPUArchState* env, uint32_t tid);
3 changes: 3 additions & 0 deletions include/libafl/system.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#pragma once

void libafl_qemu_init(int argc, char** argv);
6 changes: 6 additions & 0 deletions include/libafl/user.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,9 @@ struct image_info* libafl_get_image_info(void);

uint64_t libafl_get_brk(void);
uint64_t libafl_set_brk(uint64_t new_brk);

int _libafl_qemu_user_init(int argc, char** argv, char** envp);

#ifdef AS_LIB
void libafl_qemu_init(int argc, char** argv);
#endif
5 changes: 3 additions & 2 deletions libafl/hooks/thread.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,14 @@ size_t libafl_add_new_thread_hook(bool (*callback)(uint64_t data,
return hook->num;
}

bool libafl_hook_new_thread_run(CPUArchState* env)
bool libafl_hook_new_thread_run(CPUArchState* env, uint32_t tid)
{
#ifdef CONFIG_USER_ONLY
libafl_set_qemu_env(env);
#endif

if (libafl_new_thread_hooks) {
bool continue_execution = true;
int tid = gettid();

struct libafl_new_thread_hook* h = libafl_new_thread_hooks;
while (h) {
Expand Down
3 changes: 2 additions & 1 deletion libafl/meson.build
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,11 @@ specific_ss.add(files(

# General hooks
'hooks/cpu_run.c',
'hooks/thread.c',
))

specific_ss.add(when : 'CONFIG_SOFTMMU', if_true : [files(
'system.c',
'qemu_snapshot.c',
'syx-snapshot/device-save.c',
'syx-snapshot/syx-snapshot.c',
Expand All @@ -29,6 +31,5 @@ specific_ss.add(when : 'CONFIG_SOFTMMU', if_true : [files(
specific_ss.add(when : 'CONFIG_USER_ONLY', if_true : [files(
'user.c',
'hooks/syscall.c',
'hooks/thread.c',
)])

6 changes: 6 additions & 0 deletions libafl/system.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#include "qemu/osdep.h"
#include "sysemu/sysemu.h"

#include "libafl/system.h"

void libafl_qemu_init(int argc, char** argv) { qemu_init(argc, argv); }
8 changes: 8 additions & 0 deletions libafl/user.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,11 @@ uint64_t libafl_set_brk(uint64_t new_brk)
target_brk = (abi_ulong)new_brk;
return old_brk;
}

#ifdef AS_LIB
void libafl_qemu_init(int argc, char** argv)
{
// main function in usermode has an env parameter but is unused in practice.
_libafl_qemu_user_init(argc, argv, NULL);
}
#endif
3 changes: 1 addition & 2 deletions linux-user/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -693,8 +693,7 @@ static int parse_args(int argc, char **argv)
struct linux_binprm bprm;

#ifdef AS_LIB
int qemu_user_init(int argc, char **argv, char **envp);
int qemu_user_init(int argc, char **argv, char **envp)
int _libafl_qemu_user_init(int argc, char **argv, char **envp)
#else
//// --- End LibAFL code ---
int main(int argc, char **argv, char **envp)
Expand Down
2 changes: 1 addition & 1 deletion linux-user/syscall.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6556,7 +6556,7 @@ static void *clone_func(void *arg)

//// --- Begin LibAFL code ---

if (libafl_hook_new_thread_run(env)) {
if (libafl_hook_new_thread_run(env, info->tid)) {
cpu_loop(env);
}

Expand Down
Loading