Skip to content

Commit a8da66f

Browse files
bitwavebitwave
committed
clear map via hypercall
1 parent 93f238b commit a8da66f

File tree

1 file changed

+28
-1
lines changed

1 file changed

+28
-1
lines changed

accel/tcg/tcg-runtime.c

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,11 +47,16 @@ void libafl_getwork(void *input_map_qemu, uint64_t input_map_qemu_sz);
4747
void libafl_finishwork(void);
4848
void libafl_crash(void);
4949
void libafl_restore(void);
50+
void libafl_clear_map(void);
51+
void libafl_user_crash(void);
52+
void libafl_enable_hooks(void);
53+
void libafl_disable_hooks(void);
5054

5155
static uint64_t input_map_qemu_addr;
5256
static uint64_t input_map_qemu_size;
5357

5458
static bool RESTORING_SNAPSHOT = false;
59+
static bool RESTORING_FROM_USERMODE_PANIC = false;
5560

5661
//#define AFL_DEBUG 1
5762

@@ -64,6 +69,7 @@ void HELPER(libafl_qemu_handle_breakpoint)(CPUArchState *env)
6469
cpu_loop_exit(cpu);
6570
}
6671

72+
void libafl_load_snapshot_restart(void);
6773
void save_snapshot_bh(void *opaque);
6874
void load_snapshot_bh(void *opaque);
6975

@@ -78,6 +84,12 @@ void save_snapshot_bh(void *opaque)
7884
printf("Saving finished\n");
7985
}
8086

87+
void libafl_load_snapshot_restart(void)
88+
{
89+
libafl_crash();
90+
aio_bh_schedule_oneshot_full(qemu_get_aio_context(), load_snapshot_bh, NULL, "load_snapshot");
91+
}
92+
8193
void load_snapshot_bh(void *opaque)
8294
{
8395
Error *err = NULL;
@@ -93,6 +105,7 @@ void load_snapshot_bh(void *opaque)
93105
error_report("Could not load snapshot");
94106
}
95107
RESTORING_SNAPSHOT = true;
108+
RESTORING_FROM_USERMODE_PANIC = false;
96109
if (loaded && saved_vm_running) {
97110
vm_start();
98111
}
@@ -128,19 +141,33 @@ target_ulong HELPER(libafl_qemu_hypercall)(CPUArchState *env, target_ulong r0, t
128141

129142
aio_bh_schedule_oneshot_full(qemu_get_aio_context(), load_snapshot_bh, NULL, "load_snapshot");
130143
break;
144+
case 4:
145+
#ifdef AFL_DEBUG
146+
printf("!!!! User crash !!!!!\n");
147+
#endif
148+
libafl_user_crash();
149+
break;
131150
case 0: // fallthrough
132151
default:
152+
if(RESTORING_FROM_USERMODE_PANIC) {
153+
//libafl_clear_map();
154+
//libafl_crash();
155+
break;
156+
}
133157
if(RESTORING_SNAPSHOT) {
134158
// reset exit kind
135159
libafl_finishwork();
136160
// restarting after crash, no need to init again
161+
//RESTORING_SNAPSHOT = false;
137162
break;
138163
}
139164
input_map_qemu_addr = r1;
140165
input_map_qemu_size = r2;
141166
libafl_init_fuzzer();
142-
167+
vm_stop(RUN_STATE_SAVE_VM); // "sync barrier"
143168
aio_bh_schedule_oneshot_full(qemu_get_aio_context(), save_snapshot_bh, NULL, "save_snapshot");
169+
170+
RESTORING_FROM_USERMODE_PANIC = true; // we initialized once, ignore next initialize
144171
break;
145172
}
146173
#ifdef AFL_DEBUG

0 commit comments

Comments
 (0)