From ad7a7fcf075c617e09cb516da000b244be161093 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Mon, 1 Mar 2021 15:30:55 +0100 Subject: ASan-compatible area_is_mapped() --- qemu_mode/qemuafl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'qemu_mode') diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index e36a30eb..213f3b27 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit e36a30ebca57ca433a5d6e20b1a32975aabb761b +Subproject commit 213f3b27dd099ef352181c48cd75c0f20a73e3f0 -- cgit 1.4.1 From 8bdb40b7631ea0a6f7dec8e51a6c69c6b3c7513d Mon Sep 17 00:00:00 2001 From: realmadsci <71108352+realmadsci@users.noreply.github.com> Date: Tue, 2 Mar 2021 15:28:26 -0500 Subject: cpu-exec: Add AFL_QEMU_EXCLUDE_RANGES This environment variable allows rejection of specific regions from instrumentation. It takes priority over AFL_INST_LIBS and AFL_QEMU_INST_RANGES, so it can be used to poke a "hole" in previously included sections. --- include/envs.h | 1 + qemu_mode/README.md | 7 +++++++ 2 files changed, 8 insertions(+) (limited to 'qemu_mode') diff --git a/include/envs.h b/include/envs.h index 143979c6..26f4de90 100644 --- a/include/envs.h +++ b/include/envs.h @@ -141,6 +141,7 @@ static char *afl_environment_variables[] = { "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", "AFL_QEMU_PERSISTENT_EXITS", "AFL_QEMU_INST_RANGES", + "AFL_QEMU_EXCLUDE_RANGES", "AFL_QEMU_SNAPSHOT", "AFL_QUIET", "AFL_RANDOM_ALLOC_CANARY", diff --git a/qemu_mode/README.md b/qemu_mode/README.md index bc4c1d2c..a14cbe64 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -99,6 +99,13 @@ Just set AFL_QEMU_INST_RANGES=A,B,C... The format of the items in the list is either a range of addresses like 0x123-0x321 or a module name like module.so (that is matched in the mapped object filename). +Alternatively you can tell QEMU to ignore part of an address space for instrumentation. + +Just set AFL_QEMU_EXCLUDE_RANGES=A,B,C... + +The format of the items on the list is the same as for AFL_QEMU_INST_RANGES, and excluding ranges +takes priority over any included ranges or AFL_INST_LIBS. + ## 7) CompareCoverage CompareCoverage is a sub-instrumentation with effects similar to laf-intel. -- cgit 1.4.1 From 3977d50b5538e8097eb5d9329c6df5eaa147374b Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 4 Mar 2021 10:52:22 +0100 Subject: update qemuafl and remove git stas --- qemu_mode/QEMUAFL_VERSION | 2 +- qemu_mode/build_qemu_support.sh | 2 +- qemu_mode/qemuafl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 1152380c..a7f25da3 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -e36a30ebca +d1ca56b84e diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 815e77d6..97a05800 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -132,7 +132,7 @@ echo "[+] Got qemuafl." cd "qemuafl" || exit 1 echo "[*] Checking out $QEMUAFL_VERSION" -sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null +# sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null git checkout "$QEMUAFL_VERSION" || echo Warning: could not check out to commit $QEMUAFL_VERSION echo "[*] Making sure imported headers matches" diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index 213f3b27..d1ca56b8 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit 213f3b27dd099ef352181c48cd75c0f20a73e3f0 +Subproject commit d1ca56b84e78f821406eef28d836918edfc8d610 -- cgit 1.4.1 From 08ef8d6b787f1a04b5ec3644d7ecae41d2668193 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 4 Mar 2021 10:57:00 +0100 Subject: NO_CHECKOUT=1 ./build_qemu_support.sh --- qemu_mode/build_qemu_support.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 97a05800..4d3d9bf6 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -131,9 +131,13 @@ test -d qemuafl || { echo "[-] Not checked out, please install git or check your echo "[+] Got qemuafl." cd "qemuafl" || exit 1 -echo "[*] Checking out $QEMUAFL_VERSION" -# sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null -git checkout "$QEMUAFL_VERSION" || echo Warning: could not check out to commit $QEMUAFL_VERSION +if [ -n "$NO_CHECKOUT" ]; then + echo "[*] Skipping checkout to $QEMUAFL_VERSION" +else + echo "[*] Checking out $QEMUAFL_VERSION" + sh -c 'git stash' 1>/dev/null 2>/dev/null + git checkout "$QEMUAFL_VERSION" || echo Warning: could not check out to commit $QEMUAFL_VERSION +fi echo "[*] Making sure imported headers matches" cp "../../include/config.h" "./qemuafl/imported/" || exit 1 -- cgit 1.4.1 From a0a917ad87b066fc96ba7e69e5aa837b3837d67c Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 9 Mar 2021 21:03:18 +0100 Subject: better CROSS detection --- qemu_mode/build_qemu_support.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'qemu_mode') diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 4d3d9bf6..0101b733 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -376,6 +376,18 @@ if [ "$ORIG_CROSS" = "" ]; then then # works on Arch Linux CROSS=$CPU_TARGET-pc-linux-gnu-gcc fi + if ! command -v "$CROSS" > /dev/null && [ "$CPU_TARGET" = "i386" ] + then + CROSS=i686-linux-gnu-gcc + if ! command -v "$CROSS" > /dev/null + then # works on Arch Linux + CROSS=i686-pc-linux-gnu-gcc + fi + if ! command -v "$CROSS" > /dev/null && [ "`uname -m`" = "x86_64" ] + then # set -m32 + CROSS="$CC -m32" + fi + fi fi if ! command -v "$CROSS" > /dev/null ; then -- cgit 1.4.1 From 40ba8814b381d7e090717df8197f5957a5013ca9 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 9 Mar 2021 21:05:58 +0100 Subject: better CROSS detection --- qemu_mode/build_qemu_support.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'qemu_mode') diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 0101b733..a88cb54f 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -385,6 +385,7 @@ if [ "$ORIG_CROSS" = "" ]; then fi if ! command -v "$CROSS" > /dev/null && [ "`uname -m`" = "x86_64" ] then # set -m32 + test "$CC" = "" && CC="gcc" CROSS="$CC -m32" fi fi -- cgit 1.4.1 From 0d6e5712372477a61a4ebee6995fb48d30e93304 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 9 Mar 2021 21:11:44 +0100 Subject: better CROSS detection --- qemu_mode/build_qemu_support.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index a88cb54f..c9674c53 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -386,7 +386,8 @@ if [ "$ORIG_CROSS" = "" ]; then if ! command -v "$CROSS" > /dev/null && [ "`uname -m`" = "x86_64" ] then # set -m32 test "$CC" = "" && CC="gcc" - CROSS="$CC -m32" + CROSS="$CC" + CROSS_FLAGS=-m32 fi fi fi @@ -404,13 +405,13 @@ if ! command -v "$CROSS" > /dev/null ; then echo "[!] Cross compiler $CROSS could not be found, cannot compile libcompcov libqasan and unsigaction" fi else - echo "[+] Building afl++ qemu support libraries with CC=$CROSS" + echo "[+] Building afl++ qemu support libraries with CC=\"$CROSS $CROSS_FLAGS\"" echo "[+] Building libcompcov ..." - make -C libcompcov CC=$CROSS && echo "[+] libcompcov ready" + make -C libcompcov CC="$CROSS $CROSS_FLAGS" && echo "[+] libcompcov ready" echo "[+] Building unsigaction ..." - make -C unsigaction CC=$CROSS && echo "[+] unsigaction ready" + make -C unsigaction CC="$CROSS $CROSS_FLAGS" && echo "[+] unsigaction ready" echo "[+] Building libqasan ..." - make -C libqasan CC=$CROSS && echo "[+] unsigaction ready" + make -C libqasan CC="$CROSS $CROSS_FLAGS" && echo "[+] unsigaction ready" fi echo "[+] All done for qemu_mode, enjoy!" -- cgit 1.4.1 From 87eb44abe4c30c777b6d5dad890bea7cdeeffdf3 Mon Sep 17 00:00:00 2001 From: "R. Elliott Childre" Date: Tue, 9 Mar 2021 16:24:59 -0500 Subject: Remove QEMU dependency checks Most of these packages (bison, flex, pixman (in non-system mode)) are no longer dependencies of QEMU and regardless, QEMU's build system is quite capable of finding dependencies by itself and will error out accordingly. This prevents having to further change this code as QEMU's dependencies inevitably change. --- qemu_mode/build_qemu_support.sh | 43 +---------------------------------------- 1 file changed, 1 insertion(+), 42 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index c9674c53..38085389 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -59,51 +59,11 @@ if [ ! -f "../afl-showmap" ]; then fi -PREREQ_NOTFOUND= -for i in git wget sha384sum bison flex iconv patch pkg-config; do - - T=`command -v "$i" 2>/dev/null` - - if [ "$T" = "" ]; then - - echo "[-] Error: '$i' not found, please install first." - PREREQ_NOTFOUND=1 - - fi - -done - -PYTHONBIN=`command -v python3 || command -v python || command -v python2` - -if [ "$PYTHONBIN" = "" ]; then - echo "[-] Error: 'python' not found, please install using 'sudo apt install python3'." - PREREQ_NOTFOUND=1 -fi - - -if [ ! -d "/usr/include/glib-2.0/" -a ! -d "/usr/local/include/glib-2.0/" ]; then - - echo "[-] Error: devel version of 'glib2' not found, please install first." - PREREQ_NOTFOUND=1 - -fi - -if [ ! -d "/usr/include/pixman-1/" -a ! -d "/usr/local/include/pixman-1/" ]; then - - echo "[-] Error: devel version of 'pixman-1' not found, please install first." - PREREQ_NOTFOUND=1 - -fi - if echo "$CC" | grep -qF /afl-; then echo "[-] Error: do not use afl-gcc or afl-clang to compile this tool." - PREREQ_NOTFOUND=1 - -fi - -if [ "$PREREQ_NOTFOUND" = "1" ]; then exit 1 + fi echo "[+] All checks passed!" @@ -237,7 +197,6 @@ QEMU_CONF_FLAGS=" \ --disable-xen \ --disable-xen-pci-passthrough \ --disable-xfsctl \ - --python=${PYTHONBIN} \ --target-list="${CPU_TARGET}-linux-user" \ --without-default-devices \ " -- cgit 1.4.1