From a632c00b0d023b8a40d09839fbb2662da1cb5d37 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 12 Jun 2020 16:08:49 +0200 Subject: switch to faster and better hash + random --- include/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/config.h') diff --git a/include/config.h b/include/config.h index 57efd0f6..b93a9f9e 100644 --- a/include/config.h +++ b/include/config.h @@ -293,7 +293,7 @@ /* Call count interval between reseeding the libc PRNG from /dev/urandom: */ -#define RESEED_RNG 10000 +#define RESEED_RNG 100000 /* Maximum line length passed from GCC to 'as' and used for parsing configuration files: */ -- cgit 1.4.1 From bac2da866912d69eb89207757375f0753be2cae2 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 16 Jun 2020 01:29:07 +0200 Subject: fix for *BSD: remove all HAVE_ARC4RANDOM dependencies --- include/afl-fuzz.h | 9 --------- include/config.h | 6 ------ include/forkserver.h | 3 +-- src/afl-forkserver.c | 8 ++------ src/afl-fuzz-init.c | 2 -- src/afl-fuzz-state.c | 2 -- 6 files changed, 3 insertions(+), 27 deletions(-) (limited to 'include/config.h') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index e86bc0ff..e7b52d56 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -524,9 +524,7 @@ typedef struct afl_state { u64 stage_finds[32], /* Patterns found per fuzz stage */ stage_cycles[32]; /* Execs per fuzz stage */ - //#ifndef HAVE_ARC4RANDOM u32 rand_cnt; /* Random number counter */ - //#endif u64 rand_seed[4]; s64 init_seed; @@ -958,13 +956,8 @@ uint64_t rand_next(afl_state_t *afl); static inline u32 rand_below(afl_state_t *afl, u32 limit) { - //#ifdef HAVE_ARC4RANDOM - // if (unlikely(afl->fixed_seed)) { return random() % limit; } - /* The boundary not being necessarily a power of 2, we need to ensure the result uniformity. */ - // return arc4random_uniform(limit); - //#else if (unlikely(!afl->rand_cnt--) && likely(!afl->fixed_seed)) { ck_read(afl->fsrv.dev_urandom_fd, &afl->rand_seed, sizeof(afl->rand_seed), @@ -974,9 +967,7 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) { } - // return random() % limit; return rand_next(afl) % limit; - //#endif } diff --git a/include/config.h b/include/config.h index b93a9f9e..711d0b77 100644 --- a/include/config.h +++ b/include/config.h @@ -397,12 +397,6 @@ // #define IGNORE_FINDS -/* for *BSD: use ARC4RANDOM and save a file descriptor */ -#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) - #ifndef HAVE_ARC4RANDOM - #define HAVE_ARC4RANDOM 1 - #endif -#endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */ #endif /* ! _HAVE_CONFIG_H */ diff --git a/include/forkserver.h b/include/forkserver.h index 87a59eaa..717493db 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -47,9 +47,8 @@ typedef struct afl_forkserver { out_dir_fd; /* FD of the lock file */ s32 out_fd, /* Persistent fd for fsrv->out_file */ -#ifndef HAVE_ARC4RANDOM dev_urandom_fd, /* Persistent fd for /dev/urandom */ -#endif + dev_null_fd, /* Persistent fd for /dev/null */ fsrv_ctl_fd, /* Fork server control pipe (write) */ fsrv_st_fd; /* Fork server status pipe (read) */ diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 1f61871a..b2734335 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -71,9 +71,8 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { fsrv->out_fd = -1; fsrv->out_dir_fd = -1; fsrv->dev_null_fd = -1; -#ifndef HAVE_ARC4RANDOM fsrv->dev_urandom_fd = -1; -#endif + /* Settings */ fsrv->use_stdin = 1; fsrv->no_unlink = 0; @@ -104,9 +103,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { fsrv_to->map_size = from->map_size; fsrv_to->support_shmem_fuzz = from->support_shmem_fuzz; -#ifndef HAVE_ARC4RANDOM fsrv_to->dev_urandom_fd = from->dev_urandom_fd; -#endif // These are forkserver specific. fsrv_to->out_dir_fd = -1; @@ -421,9 +418,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, close(fsrv->out_dir_fd); close(fsrv->dev_null_fd); -#ifndef HAVE_ARC4RANDOM close(fsrv->dev_urandom_fd); -#endif + if (fsrv->plot_file != NULL) { fclose(fsrv->plot_file); } /* This should improve performance a bit, since it stops the linker from diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 1245d94b..ee96c73c 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1541,10 +1541,8 @@ void setup_dirs_fds(afl_state_t *afl) { afl->fsrv.dev_null_fd = open("/dev/null", O_RDWR); if (afl->fsrv.dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } -#ifndef HAVE_ARC4RANDOM afl->fsrv.dev_urandom_fd = open("/dev/urandom", O_RDONLY); if (afl->fsrv.dev_urandom_fd < 0) { PFATAL("Unable to open /dev/urandom"); } -#endif /* Gnuplot output file. */ diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 99863103..f1474f33 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -124,9 +124,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->stats_update_freq = 1; -#ifndef HAVE_ARC4RANDOM afl->fsrv.dev_urandom_fd = -1; -#endif afl->fsrv.dev_null_fd = -1; afl->fsrv.child_pid = -1; -- cgit 1.4.1 From 2a254fce8fc63485b738a6bc895d36a091b0a6c6 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 19 Jun 2020 14:21:34 +0200 Subject: fix afl-clang-fast for default pcguard mode --- include/config.h | 1 - llvm_mode/GNUmakefile | 34 ++++++++++++++++++++-------------- llvm_mode/afl-clang-fast.c | 10 ++++++---- 3 files changed, 26 insertions(+), 19 deletions(-) (limited to 'include/config.h') diff --git a/include/config.h b/include/config.h index 711d0b77..087e0a76 100644 --- a/include/config.h +++ b/include/config.h @@ -397,6 +397,5 @@ // #define IGNORE_FINDS - #endif /* ! _HAVE_CONFIG_H */ diff --git a/llvm_mode/GNUmakefile b/llvm_mode/GNUmakefile index de247a60..516d0bc1 100644 --- a/llvm_mode/GNUmakefile +++ b/llvm_mode/GNUmakefile @@ -213,7 +213,13 @@ CXXFLAGS ?= -O3 -funroll-loops -fpic -D_FORTIFY_SOURCE=2 override CXXFLAGS += -Wall -g -I ../include/ \ -DVERSION=\"$(VERSION)\" -Wno-variadic-macros -CLANG_CFL = `$(LLVM_CONFIG) --cxxflags` -fno-rtti -fpic $(CXXFLAGS) +ifneq "$(shell $(LLVM_CONFIG) --includedir) 2> /dev/null" "" + CLANG_CFL = -I$(shell $(LLVM_CONFIG) --includedir) +endif +ifneq "$(LLVM_CONFIG)" "" + CLANG_CFL += -I$(shell dirname $(LLVM_CONFIG))/../include +endif +CLANG_CPPFL = `$(LLVM_CONFIG) --cxxflags` -fno-rtti -fpic $(CXXFLAGS) CLANG_LFL = `$(LLVM_CONFIG) --ldflags` $(LDFLAGS) @@ -221,12 +227,12 @@ CLANG_LFL = `$(LLVM_CONFIG) --ldflags` $(LDFLAGS) ifeq "$(shell uname)" "Darwin" CLANG_LFL += -Wl,-flat_namespace -Wl,-undefined,suppress else - CLANG_CFL += -Wl,-znodelete + CLANG_CPPFL += -Wl,-znodelete endif ifeq "$(shell uname)" "OpenBSD" CLANG_LFL += `$(LLVM_CONFIG) --libdir`/libLLVM.so - CLANG_CFL += -mno-retpoline + CLANG_CPPFL += -mno-retpoline CFLAGS += -mno-retpoline # Needed for unwind symbols LDFLAGS += -lc++abi @@ -304,7 +310,7 @@ afl-common.o: ../src/afl-common.c $(CC) $(CFLAGS) -c $< -o $@ $(LDFLAGS) ../afl-clang-fast: afl-clang-fast.c afl-common.o | test_deps - $(CC) $(CFLAGS) $< afl-common.o -o $@ $(LDFLAGS) -DCFLAGS_OPT=\"$(CFLAGS_OPT)\" + $(CC) $(CLANG_CFL) $(CFLAGS) $< afl-common.o -o $@ $(LDFLAGS) -DCFLAGS_OPT=\"$(CFLAGS_OPT)\" ln -sf afl-clang-fast ../afl-clang-fast++ ifneq "$(AFL_CLANG_FLTO)" "" ifeq "$(LLVM_LTO)" "1" @@ -317,17 +323,17 @@ afl-llvm-common.o: afl-llvm-common.cc afl-llvm-common.h $(CXX) $(CFLAGS) `$(LLVM_CONFIG) --cxxflags` -fno-rtti -fPIC -std=$(LLVM_STDCXX) -c $< -o $@ ../libLLVMInsTrim.so: LLVMInsTrim.so.cc MarkNodes.cc afl-llvm-common.o | test_deps - -$(CXX) $(CLANG_CFL) -DLLVMInsTrim_EXPORTS -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< MarkNodes.cc -o $@ $(CLANG_LFL) afl-llvm-common.o + -$(CXX) $(CLANG_CPPFL) -DLLVMInsTrim_EXPORTS -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< MarkNodes.cc -o $@ $(CLANG_LFL) afl-llvm-common.o ../afl-llvm-pass.so: afl-llvm-pass.so.cc afl-llvm-common.o | test_deps ifeq "$(LLVM_MIN_4_0_1)" "0" $(info [!] N-gram branch coverage instrumentation is not available for llvm version $(LLVMVER)) endif - $(CXX) $(CLANG_CFL) -DLLVMInsTrim_EXPORTS -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -DLLVMInsTrim_EXPORTS -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o ../afl-llvm-lto-whitelist.so: afl-llvm-lto-whitelist.so.cc afl-llvm-common.o ifeq "$(LLVM_LTO)" "1" - $(CXX) $(CLANG_CFL) -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o endif ../afl-ld-lto: afl-ld-lto.c @@ -337,7 +343,7 @@ endif ../afl-llvm-lto-instrumentation.so: afl-llvm-lto-instrumentation.so.cc afl-llvm-common.o ifeq "$(LLVM_LTO)" "1" - $(CXX) $(CLANG_CFL) -Wno-writable-strings -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -Wno-writable-strings -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o $(CLANG_BIN) $(CFLAGS) -Wno-unused-result -O0 $(AFL_CLANG_FLTO) -fPIC -c afl-llvm-rt-lto.o.c -o ../afl-llvm-rt-lto.o @$(CLANG_BIN) $(CFLAGS) -Wno-unused-result -O0 $(AFL_CLANG_FLTO) -m64 -fPIC -c afl-llvm-rt-lto.o.c -o ../afl-llvm-rt-lto-64.o 2>/dev/null; if [ "$$?" = "0" ]; then : ; fi @$(CLANG_BIN) $(CFLAGS) -Wno-unused-result -O0 $(AFL_CLANG_FLTO) -m32 -fPIC -c afl-llvm-rt-lto.o.c -o ../afl-llvm-rt-lto-32.o 2>/dev/null; if [ "$$?" = "0" ]; then : ; fi @@ -345,23 +351,23 @@ endif ../afl-llvm-lto-instrim.so: afl-llvm-lto-instrim.so.cc afl-llvm-common.o ifeq "$(LLVM_LTO)" "1" - $(CXX) $(CLANG_CFL) -DLLVMInsTrim_EXPORTS -Wno-writable-strings -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< MarkNodes.cc -o $@ $(CLANG_LFL) afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -DLLVMInsTrim_EXPORTS -Wno-writable-strings -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< MarkNodes.cc -o $@ $(CLANG_LFL) afl-llvm-common.o endif # laf ../split-switches-pass.so: split-switches-pass.so.cc afl-llvm-common.o | test_deps - $(CXX) $(CLANG_CFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o ../compare-transform-pass.so: compare-transform-pass.so.cc afl-llvm-common.o | test_deps - $(CXX) $(CLANG_CFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o ../split-compares-pass.so: split-compares-pass.so.cc afl-llvm-common.o | test_deps - $(CXX) $(CLANG_CFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o # /laf ../cmplog-routines-pass.so: cmplog-routines-pass.cc afl-llvm-common.o | test_deps - $(CXX) $(CLANG_CFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o ../cmplog-instructions-pass.so: cmplog-instructions-pass.cc afl-llvm-common.o | test_deps - $(CXX) $(CLANG_CFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) afl-llvm-common.o document: $(CLANG_BIN) -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) -Wno-unused-result -fPIC -c afl-llvm-rt.o.c -o ../afl-llvm-rt.o diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 6604b57c..3b0225c2 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -39,6 +39,8 @@ #include #include +#include "llvm/Config/llvm-config.h" + static u8 * obj_path; /* Path to runtime libraries */ static u8 **cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ @@ -760,10 +762,10 @@ int main(int argc, char **argv, char **envp) { #if LLVM_VERSION_MAJOR <= 6 instrument_mode = INSTRUMENT_AFL; #else - if (getenv("AFL_LLVM_WHITELIST")) - instrument_mode = INSTRUMENT_AFL; - else - instrument_mode = INSTRUMENT_PCGUARD; + if (getenv("AFL_LLVM_WHITELIST")) + instrument_mode = INSTRUMENT_AFL; + else + instrument_mode = INSTRUMENT_PCGUARD; #endif } -- cgit 1.4.1