Merge pull request #59 from vanhauser-thc/qemu_3.1.1

Qemu 3.1.1
author: Andrea Fioraldi <andreafioraldi@gmail.com> 2019-09-14 13:02:19 +0200
committer: GitHub <noreply@github.com> 2019-09-14 13:02:19 +0200
commit: 4df1ad35b336a3e835dc01817c9cc1d32f0fc10d (patch)
tree: 0549ccd17d2ba2bcec8a533d3f644dc0d0a676ff
parent: 4e87c6af02ce4cf71f7cd7fcdf34e8b65e29c05d (diff)
parent: fc277b736a65c37bde54c8ae2ca45bf99b1dd513 (diff)
download: afl++-4df1ad35b336a3e835dc01817c9cc1d32f0fc10d.tar.gz
9 files changed, 75 insertions, 18 deletions
diff --git a/.gitignore b/.gitignore
index b2975a7e..43b8ad4b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,8 +18,7 @@ afl-qemu-trace
 afl-showmap
 afl-tmin
 as
-qemu_mode/qemu-3.1.0
-qemu_mode/qemu-3.1.0.tar.xz
+qemu_mode/qemu-*
 unicorn_mode/unicorn
 unicorn_mode/unicorn-*
 unicorn_mode/*.tar.gz
diff --git a/Makefile b/Makefile
index 5b29906a..44258a4f 100644
--- a/Makefile
+++ b/Makefile
@@ -205,13 +205,31 @@ all_done: test_build
 .NOTPARALLEL: clean
 
 clean:
-	rm -f $(PROGS) afl-as as afl-g++ afl-clang afl-clang++ *.o *~ a.out core core.[1-9][0-9]* *.stackdump test .test .test1 .test2 test-instr .test-instr0 .test-instr1 qemu_mode/qemu-3.1.0.tar.xz afl-qemu-trace afl-gcc-fast afl-gcc-pass.so afl-gcc-rt.o afl-g++-fast *.so unicorn_mode/24f55a7973278f20f0de21b904851d99d4716263.tar.gz *.8
-	rm -rf out_dir qemu_mode/qemu-3.1.0 unicorn_mode/unicorn
+	rm -f $(PROGS) afl-as as afl-g++ afl-clang afl-clang++ *.o *~ a.out core core.[1-9][0-9]* *.stackdump test .test .test1 .test2 test-instr .test-instr0 .test-instr1 qemu_mode/qemu-3.1.1.tar.xz afl-qemu-trace afl-gcc-fast afl-gcc-pass.so afl-gcc-rt.o afl-g++-fast *.so unicorn_mode/24f55a7973278f20f0de21b904851d99d4716263.tar.gz *.8
+	rm -rf out_dir qemu_mode/qemu-3.1.1 unicorn_mode/unicorn
 	$(MAKE) -C llvm_mode clean
 	$(MAKE) -C libdislocator clean
 	$(MAKE) -C libtokencap clean
 	$(MAKE) -C qemu_mode/libcompcov clean
 
+distrib: all
+	$(MAKE) -C llvm_mode
+	$(MAKE) -C libdislocator
+	$(MAKE) -C libtokencap
+	cd qemu_mode && sh ./build_qemu_support.sh
+	cd unicorn_mode && sh ./build_unicorn_support.sh
+
+binary-only: all
+	$(MAKE) -C libdislocator
+	$(MAKE) -C libtokencap
+	cd qemu_mode && sh ./build_qemu_support.sh
+	cd unicorn_mode && sh ./build_unicorn_support.sh
+
+source-only: all
+	$(MAKE) -C llvm_mode
+	$(MAKE) -C libdislocator
+	$(MAKE) -C libtokencap
+
 %.8:	%
 	@echo .TH $* 8 `date -I` "afl++" > $@
 	@echo .SH NAME >> $@
diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh
index 88726be4..0ca3f494 100755
--- a/qemu_mode/build_qemu_support.sh
+++ b/qemu_mode/build_qemu_support.sh
@@ -9,7 +9,7 @@
 # TCG instrumentation and block chaining support by Andrea Biondo
 #                                    <andrea.biondo965@gmail.com>
 #
-# QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+# QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
 # counters by Andrea Fioraldi <andreafioraldi@gmail.com>
 #
 # Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
@@ -30,9 +30,9 @@
 #
 
 
-VERSION="3.1.0"
+VERSION="3.1.1"
 QEMU_URL="http://download.qemu-project.org/qemu-${VERSION}.tar.xz"
-QEMU_SHA384="0318f2b5a36eafbf17bca0f914567dfa5e8a3cd6ff83bb46fe49a0079cd71ddd3ec4267c6c62a03f9e26e05cc80e6d4b"
+QEMU_SHA384="28ff22ec4b8c957309460aa55d0b3188e971be1ea7dfebfb2ecc7903cd20cfebc2a7c97eedfcc7595f708357f1623f8b"
 
 echo "================================================="
 echo "AFL binary-only instrumentation QEMU build script"
diff --git a/qemu_mode/patches/afl-qemu-common.h b/qemu_mode/patches/afl-qemu-common.h
index 053585a7..147cec4c 100644
--- a/qemu_mode/patches/afl-qemu-common.h
+++ b/qemu_mode/patches/afl-qemu-common.h
@@ -8,7 +8,7 @@
    TCG instrumentation and block chaining support by Andrea Biondo
                                       <andrea.biondo965@gmail.com>
 
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
    counters by Andrea Fioraldi <andreafioraldi@gmail.com>
 
    Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h
index 2e685d8d..13ec4fc8 100644
--- a/qemu_mode/patches/afl-qemu-cpu-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-inl.h
@@ -8,7 +8,7 @@
    TCG instrumentation and block chaining support by Andrea Biondo
                                       <andrea.biondo965@gmail.com>
 
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
    counters by Andrea Fioraldi <andreafioraldi@gmail.com>
 
    Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
diff --git a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
index cd5c21aa..faf2dd75 100644
--- a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
@@ -8,7 +8,7 @@
    TCG instrumentation and block chaining support by Andrea Biondo
                                       <andrea.biondo965@gmail.com>
 
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
    counters by Andrea Fioraldi <andreafioraldi@gmail.com>
 
    Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
diff --git a/qemu_mode/patches/afl-qemu-tcg-inl.h b/qemu_mode/patches/afl-qemu-tcg-inl.h
index 2a0ddee1..d7a25695 100644
--- a/qemu_mode/patches/afl-qemu-tcg-inl.h
+++ b/qemu_mode/patches/afl-qemu-tcg-inl.h
@@ -8,7 +8,7 @@
    TCG instrumentation and block chaining support by Andrea Biondo
                                       <andrea.biondo965@gmail.com>
 
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
    counters by Andrea Fioraldi <andreafioraldi@gmail.com>
 
    Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
diff --git a/qemu_mode/patches/afl-qemu-translate-inl.h b/qemu_mode/patches/afl-qemu-translate-inl.h
index 530afeaa..5f61d7c9 100644
--- a/qemu_mode/patches/afl-qemu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-translate-inl.h
@@ -8,7 +8,7 @@
    TCG instrumentation and block chaining support by Andrea Biondo
                                       <andrea.biondo965@gmail.com>
 
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
    counters by Andrea Fioraldi <andreafioraldi@gmail.com>
 
    Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
diff --git a/qemu_mode/patches/syscall.diff b/qemu_mode/patches/syscall.diff
index 60b5905e..8158aa64 100644
--- a/qemu_mode/patches/syscall.diff
+++ b/qemu_mode/patches/syscall.diff
@@ -1,18 +1,58 @@
 diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 280137da..8c0e749f 100644
+index b13a170e..5678c006 100644
 --- a/linux-user/syscall.c
 +++ b/linux-user/syscall.c
-@@ -112,6 +112,9 @@
+@@ -111,6 +111,9 @@
+ 
  #include "qemu.h"
  #include "fd-trans.h"
 +#include <linux/sockios.h>
- 
-+extern unsigned int afl_forksrv_pid;
 +
++extern unsigned int afl_forksrv_pid;
+ 
  #ifndef CLONE_IO
  #define CLONE_IO                0x80000000      /* Clone io context */
+@@ -250,7 +253,8 @@ static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
+ #endif
+ 
+ #ifdef __NR_gettid
+-_syscall0(int, gettid)
++#define __NR_sys_gettid __NR_gettid
++_syscall0(int, sys_gettid)
+ #else
+ /* This is a replacement for the host gettid() and must return a host
+    errno. */
+@@ -5384,7 +5388,7 @@ static void *clone_func(void *arg)
+     cpu = ENV_GET_CPU(env);
+     thread_cpu = cpu;
+     ts = (TaskState *)cpu->opaque;
+-    info->tid = gettid();
++    info->tid = sys_gettid();
+     task_settid(ts);
+     if (info->child_tidptr)
+         put_user_u32(info->tid, info->child_tidptr);
+@@ -5529,9 +5533,9 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
+                mapping.  We can't repeat the spinlock hack used above because
+                the child process gets its own copy of the lock.  */
+             if (flags & CLONE_CHILD_SETTID)
+-                put_user_u32(gettid(), child_tidptr);
++                put_user_u32(sys_gettid(), child_tidptr);
+             if (flags & CLONE_PARENT_SETTID)
+-                put_user_u32(gettid(), parent_tidptr);
++                put_user_u32(sys_gettid(), parent_tidptr);
+             ts = (TaskState *)cpu->opaque;
+             if (flags & CLONE_SETTLS)
+                 cpu_set_tls (env, newtls);
+@@ -10529,7 +10533,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
+         return TARGET_PAGE_SIZE;
  #endif
-@@ -10799,8 +10801,19 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
+     case TARGET_NR_gettid:
+-        return get_errno(gettid());
++        return get_errno(sys_gettid());
+ #ifdef TARGET_NR_readahead
+     case TARGET_NR_readahead:
+ #if TARGET_ABI_BITS == 32
+@@ -10813,8 +10817,19 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
          return get_errno(safe_tkill((int)arg1, target_to_host_signal(arg2)));
  
      case TARGET_NR_tgkill:
@@ -33,4 +73,4 @@ index 280137da..8c0e749f 100644
 +        }
  
  #ifdef TARGET_NR_set_robust_list
-     case TARGET_NR_set_robust_list:
\ No newline at end of file
+     case TARGET_NR_set_robust_list:
author	Andrea Fioraldi <andreafioraldi@gmail.com>	2019-09-14 13:02:19 +0200
committer	GitHub <noreply@github.com>	2019-09-14 13:02:19 +0200
commit	4df1ad35b336a3e835dc01817c9cc1d32f0fc10d (patch)
tree	0549ccd17d2ba2bcec8a533d3f644dc0d0a676ff
parent	4e87c6af02ce4cf71f7cd7fcdf34e8b65e29c05d (diff)
parent	fc277b736a65c37bde54c8ae2ca45bf99b1dd513 (diff)
download	afl++-4df1ad35b336a3e835dc01817c9cc1d32f0fc10d.tar.gz