libafl_qemu: update qemu to v9.1.1 (#2636)

rmalmain · web-flow · commit 6d55626a48d2 · 2024-10-31T17:54:37.000+01:00
* update qemu to v9.1.1

* adapting stuff to qemu 9.1

* fix for new qemu gen_callN and x86 decoder

* remove outdated qemu configuration option
diff --git a/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml b/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml
@@ -31,6 +31,7 @@ libafl_qemu = { path = "../../../libafl_qemu", features = [
 ] }
 libafl_targets = { path = "../../../libafl_targets", version = "0.13.2" }
 
+env_logger = "0.11.5"
 log = { version = "0.4.22", features = ["release_max_level_info"] }
 clap = { version = "4.5.18", features = ["default"] }
 nix = { version = "0.29.0", features = ["fs"] }
diff --git a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs
@@ -171,10 +171,11 @@ fn fuzz(
     logfile: PathBuf,
     timeout: Duration,
 ) -> Result<(), Error> {
+    env_logger::init();
     env::remove_var("LD_LIBRARY_PATH");
 
     let args: Vec<String> = env::args().collect();
-    let qemu = Qemu::init(&args).unwrap();
+    let qemu = Qemu::init(&args).expect("QEMU init failed");
     // let (emu, asan) = init_with_asan(&mut args, &mut env).unwrap();
 
     let mut elf_buffer = Vec::new();
@@ -197,7 +198,8 @@ fn fuzz(
 
     let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap();
     let mut ret_addr = [0; 8];
-    unsafe { qemu.read_mem(stack_ptr, &mut ret_addr) };
+    qemu.read_mem(stack_ptr, &mut ret_addr)
+        .expect("Error while reading QEMU memory.");
     let ret_addr = u64::from_le_bytes(ret_addr);
 
     println!("Stack pointer = {stack_ptr:#x}");
@@ -337,7 +339,7 @@ fn fuzz(
             }
 
             unsafe {
-                qemu.write_mem(input_addr, buf);
+                qemu.write_mem_unchecked(input_addr, buf);
 
                 qemu.write_reg(Regs::Rdi, input_addr).unwrap();
                 qemu.write_reg(Regs::Rsi, len as GuestReg).unwrap();
@@ -397,7 +399,7 @@ fn fuzz(
                 println!("Failed to load initial corpus at {:?}", &seed_dir);
                 process::exit(0);
             });
-        println!("We imported {} inputs from disk.", state.corpus().count());
+        println!("We imported {} input(s) from disk.", state.corpus().count());
     }
 
     let tracing = ShadowTracingStage::new(&mut executor);
diff --git a/libafl_qemu/libafl_qemu_build/src/bindings.rs b/libafl_qemu/libafl_qemu_build/src/bindings.rs
@@ -80,7 +80,6 @@ const WRAPPER_HEADER: &str = r#"
 #include "tcg/tcg.h"
 #include "tcg/tcg-op.h"
 #include "tcg/tcg-internal.h"
-#include "exec/helper-head.h"
 
 #include "qemu/plugin-memory.h"
 
diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs
@@ -11,7 +11,7 @@ use crate::cargo_add_rpath;
 
 pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
 pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
-pub const QEMU_REVISION: &str = "c3c9c2128566ff325aa1a2bdcedde717f7d86e2c";
+pub const QEMU_REVISION: &str = "b01a0bc334cf11bfc5e8f121d9520ef7f47dbcd1";
 
 #[allow(clippy::module_name_repetitions)]
 pub struct BuildResult {
@@ -158,7 +158,7 @@ fn configure_qemu(
         .arg("--disable-linux-aio")
         .arg("--disable-linux-io-uring")
         .arg("--disable-linux-user")
-        .arg("--disable-live-block-migration")
+        // .arg("--disable-live-block-migration")
         .arg("--disable-lzfse")
         .arg("--disable-lzo")
         .arg("--disable-l2tpv3")
@@ -174,7 +174,7 @@ fn configure_qemu(
         .arg("--disable-pa")
         .arg("--disable-parallels")
         .arg("--disable-png")
-        .arg("--disable-pvrdma")
+        // .arg("--disable-pvrdma")
         .arg("--disable-qcow1")
         .arg("--disable-qed")
         .arg("--disable-qga-vss")
