From 49e26343dbdc805002b1d79dd48644c6db4884ac Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Tue, 1 Oct 2024 12:57:44 +0000 Subject: [PATCH] LibAFL_QEMU: Don't require extra_tokens. --- .../binary_only/qemu_launcher/src/client.rs | 31 ++++++++++--------- .../binary_only/qemu_launcher/src/instance.rs | 11 +++---- libafl_qemu/src/modules/edges.rs | 2 ++ 3 files changed, 24 insertions(+), 20 deletions(-) diff --git a/fuzzers/binary_only/qemu_launcher/src/client.rs b/fuzzers/binary_only/qemu_launcher/src/client.rs index d21ef96a0e..1e77941084 100644 --- a/fuzzers/binary_only/qemu_launcher/src/client.rs +++ b/fuzzers/binary_only/qemu_launcher/src/client.rs @@ -153,8 +153,6 @@ impl<'a> Client<'a> { } }); - let extra_tokens = injection_module.as_ref().map(|h| h.tokens.clone()); - qemu.entry_break(start_pc); let ret_addr: GuestAddr = qemu @@ -169,7 +167,12 @@ impl<'a> Client<'a> { .address_filter(self.coverage_filter(&qemu)?) .build(); - let instance = Instance::builder() + let extra_tokens = injection_module + .as_ref() + .map(|h| h.tokens.clone()) + .unwrap_or_default(); + + let instance_builder = Instance::builder() .options(self.options) .qemu(&qemu) .mgr(mgr) @@ -178,7 +181,7 @@ impl<'a> Client<'a> { if is_asan && is_cmplog { if let Some(injection_module) = injection_module { - instance.build().run( + instance_builder.build().run( tuple_list!( edge_coverage_module, CmpLogModule::default(), @@ -188,7 +191,7 @@ impl<'a> Client<'a> { state, ) } else { - instance.build().run( + instance_builder.build().run( tuple_list!( edge_coverage_module, CmpLogModule::default(), @@ -199,7 +202,7 @@ impl<'a> Client<'a> { } } else if is_asan_guest && is_cmplog { if let Some(injection_module) = injection_module { - instance.build().run( + instance_builder.build().run( tuple_list!( edge_coverage_module, CmpLogModule::default(), @@ -209,7 +212,7 @@ impl<'a> Client<'a> { state, ) } else { - instance.build().run( + instance_builder.build().run( tuple_list!( edge_coverage_module, CmpLogModule::default(), @@ -220,7 +223,7 @@ impl<'a> Client<'a> { } } else if is_asan { if let Some(injection_module) = injection_module { - instance.build().run( + instance_builder.build().run( tuple_list!( edge_coverage_module, AsanModule::default(asan.take().unwrap()), @@ -229,7 +232,7 @@ impl<'a> Client<'a> { state, ) } else { - instance.build().run( + instance_builder.build().run( tuple_list!( edge_coverage_module, AsanModule::default(asan.take().unwrap()), @@ -242,10 +245,10 @@ impl<'a> Client<'a> { edge_coverage_module, AsanGuestModule::default(&qemu, asan_lib.take().unwrap()) ); - instance.build().run(modules, state) + instance_builder.build().run(modules, state) } else if is_cmplog { if let Some(injection_module) = injection_module { - instance.build().run( + instance_builder.build().run( tuple_list!( edge_coverage_module, CmpLogModule::default(), @@ -254,17 +257,17 @@ impl<'a> Client<'a> { state, ) } else { - instance.build().run( + instance_builder.build().run( tuple_list!(edge_coverage_module, CmpLogModule::default()), state, ) } } else if let Some(injection_module) = injection_module { - instance + instance_builder .build() .run(tuple_list!(edge_coverage_module, injection_module), state) } else { - instance + instance_builder .build() .run(tuple_list!(edge_coverage_module), state) } diff --git a/fuzzers/binary_only/qemu_launcher/src/instance.rs b/fuzzers/binary_only/qemu_launcher/src/instance.rs index 96feac2248..2de9d64026 100644 --- a/fuzzers/binary_only/qemu_launcher/src/instance.rs +++ b/fuzzers/binary_only/qemu_launcher/src/instance.rs @@ -64,7 +64,8 @@ pub struct Instance<'a, M: Monitor> { qemu: &'a Qemu, mgr: ClientMgr, core_id: CoreId, - extra_tokens: Option>, + #[builder(default)] + extra_tokens: Vec, #[builder(default=PhantomData)] phantom: PhantomData, } @@ -134,11 +135,9 @@ impl<'a, M: Monitor> Instance<'a, M> { let mut tokens = Tokens::new(); - if let Some(extra_tokens) = &self.extra_tokens { - for token in extra_tokens { - let bytes = token.as_bytes().to_vec(); - let _ = tokens.add_token(&bytes); - } + for token in &self.extra_tokens { + let bytes = token.as_bytes().to_vec(); + let _ = tokens.add_token(&bytes); } if let Some(tokenfile) = &self.options.tokens { diff --git a/libafl_qemu/src/modules/edges.rs b/libafl_qemu/src/modules/edges.rs index 42cd7ad90a..2560653f01 100644 --- a/libafl_qemu/src/modules/edges.rs +++ b/libafl_qemu/src/modules/edges.rs @@ -357,6 +357,8 @@ pub struct EdgeCoverageModuleBuilder { pub struct EdgeCoverageModule { variant: V, address_filter: AF, + // we only use it in system mode at the moment. + #[cfg_attr(not(emulation_mode = "systemmode"), allow(dead_code))] page_filter: PF, use_hitcounts: bool, use_jit: bool,