diff options
| author | richinseattle@gmail.com <richinseattle@gmail.com> | 2021-03-18 01:37:40 -0700 |
|---|---|---|
| committer | richinseattle@gmail.com <richinseattle@gmail.com> | 2021-03-18 01:37:40 -0700 |
| commit | c397becd81229d71b55acf89a31710bead3707aa (patch) | |
| tree | 8306b59e88e22d7090fd786690227dacc99e24e3 /qemu_mode/build_qemu_support.sh | |
| parent | 62508c3b446a893f0afead9a6d0546d53d588a13 (diff) | |
| parent | 94312796f936ba1830b61432a0f958e192dd212f (diff) | |
| download | afl++-c397becd81229d71b55acf89a31710bead3707aa.tar.gz | |
Merge branch 'dev' of https://github.com/AFLplusplus/AFLplusplus into dev
Diffstat (limited to 'qemu_mode/build_qemu_support.sh')
| -rwxr-xr-x | qemu_mode/build_qemu_support.sh | 333 |
1 files changed, 208 insertions, 125 deletions
diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index a7bfe20d..38085389 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -29,13 +29,10 @@ # will be written to ../afl-qemu-trace. # - -VERSION="3.1.1" -QEMU_URL="http://download.qemu-project.org/qemu-${VERSION}.tar.xz" -QEMU_SHA384="28ff22ec4b8c957309460aa55d0b3188e971be1ea7dfebfb2ecc7903cd20cfebc2a7c97eedfcc7595f708357f1623f8b" +QEMUAFL_VERSION="$(cat ./QEMUAFL_VERSION)" echo "=================================================" -echo "AFL binary-only instrumentation QEMU build script" +echo " QemuAFL build script" echo "=================================================" echo @@ -48,7 +45,7 @@ if [ ! "`uname -s`" = "Linux" ]; then fi -if [ ! -f "patches/afl-qemu-cpu-inl.h" -o ! -f "../config.h" ]; then +if [ ! -f "../config.h" ]; then echo "[-] Error: key files not found - wrong working directory?" exit 1 @@ -62,90 +59,51 @@ if [ ! -f "../afl-showmap" ]; then fi -PREREQ_NOTFOUND= -for i in libtool wget automake autoconf sha384sum bison flex iconv patch pkg-config; do - - T=`command -v "$i" 2>/dev/null` - - if [ "$T" = "" ]; then - - echo "[-] Error: '$i' not found, please install first." - PREREQ_NOTFOUND=1 - - fi - -done - -PYTHONBIN=`command -v python3 || command -v python || command -v python2` - -if [ "$PYTHONBIN" = "" ]; then - echo "[-] Error: 'python' not found, please install using 'sudo apt install python3'." - PREREQ_NOTFOUND=1 -fi - - -if [ ! -d "/usr/include/glib-2.0/" -a ! -d "/usr/local/include/glib-2.0/" ]; then - - echo "[-] Error: devel version of 'glib2' not found, please install first." - PREREQ_NOTFOUND=1 - -fi - -if [ ! -d "/usr/include/pixman-1/" -a ! -d "/usr/local/include/pixman-1/" ]; then - - echo "[-] Error: devel version of 'pixman-1' not found, please install first." - PREREQ_NOTFOUND=1 - -fi - if echo "$CC" | grep -qF /afl-; then echo "[-] Error: do not use afl-gcc or afl-clang to compile this tool." - PREREQ_NOTFOUND=1 - -fi - -if [ "$PREREQ_NOTFOUND" = "1" ]; then exit 1 + fi echo "[+] All checks passed!" -ARCHIVE="`basename -- "$QEMU_URL"`" - -CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1` - -if [ ! "$CKSUM" = "$QEMU_SHA384" ]; then - - echo "[*] Downloading QEMU ${VERSION} from the web..." - rm -f "$ARCHIVE" - OK= - while [ -z "$OK" ]; do - wget -c -O "$ARCHIVE" -- "$QEMU_URL" && OK=1 - done - - CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1` +echo "[*] Making sure qemuafl is checked out" +git status 1>/dev/null 2>/dev/null +if [ $? -eq 0 ]; then + echo "[*] initializing qemuafl submodule" + git submodule init || exit 1 + git submodule update ./qemuafl 2>/dev/null # ignore errors +else + echo "[*] cloning qemuafl" + test -d qemuafl || { + CNT=1 + while [ '!' -d qemuafl -a "$CNT" -lt 4 ]; do + echo "Trying to clone qemuafl (attempt $CNT/3)" + git clone --depth 1 https://github.com/AFLplusplus/qemuafl + CNT=`expr "$CNT" + 1` + done + } fi -if [ "$CKSUM" = "$QEMU_SHA384" ]; then - - echo "[+] Cryptographic signature on $ARCHIVE checks out." +test -d qemuafl || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; } +echo "[+] Got qemuafl." +cd "qemuafl" || exit 1 +if [ -n "$NO_CHECKOUT" ]; then + echo "[*] Skipping checkout to $QEMUAFL_VERSION" else - - echo "[-] Error: signature mismatch on $ARCHIVE (perhaps download error?), removing archive ..." - rm -f "$ARCHIVE" - exit 1 - + echo "[*] Checking out $QEMUAFL_VERSION" + sh -c 'git stash' 1>/dev/null 2>/dev/null + git checkout "$QEMUAFL_VERSION" || echo Warning: could not check out to commit $QEMUAFL_VERSION fi -echo "[*] Uncompressing archive (this will take a while)..." - -rm -rf "qemu-${VERSION}" || exit 1 -tar xf "$ARCHIVE" || exit 1 - -echo "[+] Unpacking successful." +echo "[*] Making sure imported headers matches" +cp "../../include/config.h" "./qemuafl/imported/" || exit 1 +cp "../../include/cmplog.h" "./qemuafl/imported/" || exit 1 +cp "../../include/snapshot-inl.h" "./qemuafl/imported/" || exit 1 +cp "../../include/types.h" "./qemuafl/imported/" || exit 1 if [ -n "$HOST" ]; then echo "[+] Configuring host architecture to $HOST..." @@ -169,62 +127,146 @@ if [ "$ORIG_CPU_TARGET" = "" ]; then esac fi -cd qemu-$VERSION || exit 1 - -echo Building for CPU target $CPU_TARGET - -echo "[*] Applying patches..." - -patch -p1 <../patches/elfload.diff || exit 1 -patch -p1 <../patches/bsd-elfload.diff || exit 1 -patch -p1 <../patches/cpu-exec.diff || exit 1 -patch -p1 <../patches/syscall.diff || exit 1 -patch -p1 <../patches/translate-all.diff || exit 1 -patch -p1 <../patches/tcg.diff || exit 1 -patch -p1 <../patches/i386-translate.diff || exit 1 -patch -p1 <../patches/arm-translate.diff || exit 1 -patch -p1 <../patches/arm-translate-a64.diff || exit 1 -patch -p1 <../patches/i386-ops_sse.diff || exit 1 -patch -p1 <../patches/i386-fpu_helper.diff || exit 1 -patch -p1 <../patches/softfloat.diff || exit 1 -patch -p1 <../patches/configure.diff || exit 1 -patch -p1 <../patches/tcg-runtime.diff || exit 1 -patch -p1 <../patches/tcg-runtime-head.diff || exit 1 -patch -p1 <../patches/translator.diff || exit 1 -patch -p1 <../patches/__init__.py.diff || exit 1 -patch -p1 <../patches/make_strncpy_safe.diff || exit 1 -patch -p1 <../patches/mmap_fixes.diff || exit 1 - -echo "[+] Patching done." +echo "Building for CPU target $CPU_TARGET" + +# --enable-pie seems to give a couple of exec's a second performance +# improvement, much to my surprise. Not sure how universal this is.. +QEMU_CONF_FLAGS=" \ + --audio-drv-list= \ + --disable-blobs \ + --disable-bochs \ + --disable-brlapi \ + --disable-bsd-user \ + --disable-bzip2 \ + --disable-cap-ng \ + --disable-cloop \ + --disable-curl \ + --disable-curses \ + --disable-dmg \ + --disable-fdt \ + --disable-gcrypt \ + --disable-glusterfs \ + --disable-gnutls \ + --disable-gtk \ + --disable-guest-agent \ + --disable-iconv \ + --disable-libiscsi \ + --disable-libnfs \ + --disable-libssh \ + --disable-libusb \ + --disable-linux-aio \ + --disable-live-block-migration \ + --disable-lzo \ + --disable-nettle \ + --disable-numa \ + --disable-opengl \ + --disable-parallels \ + --disable-plugins \ + --disable-qcow1 \ + --disable-qed \ + --disable-rbd \ + --disable-rdma \ + --disable-replication \ + --disable-sdl \ + --disable-seccomp \ + --disable-sheepdog \ + --disable-smartcard \ + --disable-snappy \ + --disable-spice \ + --disable-system \ + --disable-tools \ + --disable-tpm \ + --disable-usb-redir \ + --disable-vde \ + --disable-vdi \ + --disable-vhost-crypto \ + --disable-vhost-kernel \ + --disable-vhost-net \ + --disable-vhost-scsi \ + --disable-vhost-user \ + --disable-vhost-vdpa \ + --disable-vhost-vsock \ + --disable-virglrenderer \ + --disable-virtfs \ + --disable-vnc \ + --disable-vnc-jpeg \ + --disable-vnc-png \ + --disable-vnc-sasl \ + --disable-vte \ + --disable-vvfat \ + --disable-xen \ + --disable-xen-pci-passthrough \ + --disable-xfsctl \ + --target-list="${CPU_TARGET}-linux-user" \ + --without-default-devices \ + " + +if [ -n "${CROSS_PREFIX}" ]; then + + QEMU_CONF_FLAGS="$QEMU_CONF_FLAGS --cross-prefix=$CROSS_PREFIX" + +fi if [ "$STATIC" = "1" ]; then echo Building STATIC binary - ./configure --extra-cflags="-O3 -ggdb -DAFL_QEMU_STATIC_BUILD=1" \ - --disable-bsd-user --disable-guest-agent --disable-strip --disable-werror \ - --disable-gcrypt --disable-debug-info --disable-debug-tcg --disable-tcg-interpreter \ - --enable-attr --disable-brlapi --disable-linux-aio --disable-bzip2 --disable-bluez --disable-cap-ng \ - --disable-curl --disable-fdt --disable-glusterfs --disable-gnutls --disable-nettle --disable-gtk \ - --disable-rdma --disable-libiscsi --disable-vnc-jpeg --disable-lzo --disable-curses \ - --disable-libnfs --disable-numa --disable-opengl --disable-vnc-png --disable-rbd --disable-vnc-sasl \ - --disable-sdl --disable-seccomp --disable-smartcard --disable-snappy --disable-spice --disable-libssh2 \ - --disable-libusb --disable-usb-redir --disable-vde --disable-vhost-net --disable-virglrenderer \ - --disable-virtfs --disable-vnc --disable-vte --disable-xen --disable-xen-pci-passthrough --disable-xfsctl \ - --enable-linux-user --disable-system --disable-blobs --disable-tools --enable-capstone=internal \ - --target-list="${CPU_TARGET}-linux-user" --static --disable-pie --cross-prefix=$CROSS_PREFIX --python="$PYTHONBIN" \ - || exit 1 + + QEMU_CONF_FLAGS="$QEMU_CONF_FLAGS \ + --static \ + --extra-cflags=-DAFL_QEMU_STATIC_BUILD=1 \ + " else - # --enable-pie seems to give a couple of exec's a second performance - # improvement, much to my surprise. Not sure how universal this is.. + QEMU_CONF_FLAGS="${QEMU_CONF_FLAGS} --enable-pie " + +fi + +if [ "$DEBUG" = "1" ]; then + + echo Building DEBUG binary + + # --enable-gcov might go here but incurs a mesonbuild error on meson + # versions prior to 0.56: + # https://github.com/qemu/meson/commit/903d5dd8a7dc1d6f8bef79e66d6ebc07c + QEMU_CONF_FLAGS="$QEMU_CONF_FLAGS \ + --disable-strip \ + --enable-debug \ + --enable-debug-info \ + --enable-debug-mutex \ + --enable-debug-stack-usage \ + --enable-debug-tcg \ + --enable-qom-cast-debug \ + --enable-werror \ + " + +else - ./configure --disable-system \ - --enable-linux-user --disable-gtk --disable-sdl --disable-vnc --enable-capstone=internal \ - --target-list="${CPU_TARGET}-linux-user" --enable-pie $CROSS_PREFIX --python="$PYTHONBIN" || exit 1 + QEMU_CONF_FLAGS="$QEMU_CONF_FLAGS \ + --disable-debug-info \ + --disable-debug-mutex \ + --disable-debug-tcg \ + --disable-qom-cast-debug \ + --disable-stack-protector \ + --disable-werror \ + " fi +if [ "$PROFILING" = "1" ]; then + + echo Building PROFILED binary + + QEMU_CONF_FLAGS="$QEMU_CONF_FLAGS \ + --enable-gprof \ + --enable-profiler \ + " + +fi + +# shellcheck disable=SC2086 +./configure $QEMU_CONF_FLAGS || exit 1 + echo "[+] Configuration complete." echo "[*] Attempting to build QEMU (fingers crossed!)..." @@ -235,7 +277,7 @@ echo "[+] Build process successful!" echo "[*] Copying binary..." -cp -f "${CPU_TARGET}-linux-user/qemu-${CPU_TARGET}" "../../afl-qemu-trace" || exit 1 +cp -f "build/${CPU_TARGET}-linux-user/qemu-${CPU_TARGET}" "../../afl-qemu-trace" || exit 1 cd .. ls -l ../afl-qemu-trace || exit 1 @@ -285,10 +327,51 @@ else fi -echo "[+] Building libcompcov ..." -make -C libcompcov && echo "[+] libcompcov ready" -echo "[+] Building unsigaction ..." -make -C unsigaction && echo "[+] unsigaction ready" +ORIG_CROSS="$CROSS" + +if [ "$ORIG_CROSS" = "" ]; then + CROSS=$CPU_TARGET-linux-gnu-gcc + if ! command -v "$CROSS" > /dev/null + then # works on Arch Linux + CROSS=$CPU_TARGET-pc-linux-gnu-gcc + fi + if ! command -v "$CROSS" > /dev/null && [ "$CPU_TARGET" = "i386" ] + then + CROSS=i686-linux-gnu-gcc + if ! command -v "$CROSS" > /dev/null + then # works on Arch Linux + CROSS=i686-pc-linux-gnu-gcc + fi + if ! command -v "$CROSS" > /dev/null && [ "`uname -m`" = "x86_64" ] + then # set -m32 + test "$CC" = "" && CC="gcc" + CROSS="$CC" + CROSS_FLAGS=-m32 + fi + fi +fi + +if ! command -v "$CROSS" > /dev/null ; then + if [ "$CPU_TARGET" = "$(uname -m)" ] ; then + echo "[+] Building afl++ qemu support libraries with CC=$CC" + echo "[+] Building libcompcov ..." + make -C libcompcov && echo "[+] libcompcov ready" + echo "[+] Building unsigaction ..." + make -C unsigaction && echo "[+] unsigaction ready" + echo "[+] Building libqasan ..." + make -C libqasan && echo "[+] unsigaction ready" + else + echo "[!] Cross compiler $CROSS could not be found, cannot compile libcompcov libqasan and unsigaction" + fi +else + echo "[+] Building afl++ qemu support libraries with CC=\"$CROSS $CROSS_FLAGS\"" + echo "[+] Building libcompcov ..." + make -C libcompcov CC="$CROSS $CROSS_FLAGS" && echo "[+] libcompcov ready" + echo "[+] Building unsigaction ..." + make -C unsigaction CC="$CROSS $CROSS_FLAGS" && echo "[+] unsigaction ready" + echo "[+] Building libqasan ..." + make -C libqasan CC="$CROSS $CROSS_FLAGS" && echo "[+] unsigaction ready" +fi echo "[+] All done for qemu_mode, enjoy!" |