From 6022d956e91f16a55721119b9e1264d4c01ab5d1 Mon Sep 17 00:00:00 2001 From: "Marco C." <46560192+Marcondiro@users.noreply.github.com> Date: Fri, 6 Dec 2024 19:14:08 +0100 Subject: [PATCH] Intel PT minor fixes and improvements (#2749) * Fix build target Create target directory if doesn't exist * Remove filter on speculatively exec blocks since also committed blocks can have this flag * Add current ip_filters getter * Fix possibile infinite loop in trace decode * Add comment about target_path --- .../intel_pt_command_executor/Makefile.toml | 18 ++++++++++++------ .../intel_pt_command_executor/src/main.rs | 3 +++ libafl_intelpt/src/lib.rs | 16 ++++++++++++---- 3 files changed, 27 insertions(+), 10 deletions(-) diff --git a/fuzzers/binary_only/intel_pt_command_executor/Makefile.toml b/fuzzers/binary_only/intel_pt_command_executor/Makefile.toml index 9c2d97e4eb1..aca771cbca3 100644 --- a/fuzzers/binary_only/intel_pt_command_executor/Makefile.toml +++ b/fuzzers/binary_only/intel_pt_command_executor/Makefile.toml @@ -1,17 +1,23 @@ +[env] +TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}" + [env.development] PROFILE_DIR = "debug" [env.release] PROFILE_DIR = "release" +[tasks.target_dir] +condition = { files_not_exist = ["${TARGET_DIR}"] } +script_runner = "@shell" +script = ''' +mkdir -p ${TARGET_DIR} +''' + [tasks.build_target] +dependencies = ["target_dir"] command = "rustc" -args = [ - "src/target_program.rs", - "--out-dir", - "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${PROFILE_DIR}", - "-O", -] +args = ["src/target_program.rs", "--out-dir", "${TARGET_DIR}", "-O"] [tasks.build_fuzzer] command = "cargo" diff --git a/fuzzers/binary_only/intel_pt_command_executor/src/main.rs b/fuzzers/binary_only/intel_pt_command_executor/src/main.rs index f91ed0644df..8ef4c606eff 100644 --- a/fuzzers/binary_only/intel_pt_command_executor/src/main.rs +++ b/fuzzers/binary_only/intel_pt_command_executor/src/main.rs @@ -36,7 +36,10 @@ pub fn main() { // Enable logging env_logger::init(); + // path of the program we want to fuzz let target_path = PathBuf::from(env::args().next().unwrap()) + .parent() + .unwrap() .parent() .unwrap() .join("target_program"); diff --git a/libafl_intelpt/src/lib.rs b/libafl_intelpt/src/lib.rs index 920e7aeb5c7..0530aa33fce 100644 --- a/libafl_intelpt/src/lib.rs +++ b/libafl_intelpt/src/lib.rs @@ -179,6 +179,12 @@ impl IntelPT { } } + /// Get the current IP filters configuration + #[must_use] + pub fn ip_filters(&self) -> Vec> { + self.ip_filters.clone() + } + fn ip_filters_to_addr_filter(&self) -> AddrFilter { let mut builder = AddrFilterBuilder::new(); let mut iter = self @@ -400,7 +406,7 @@ impl IntelPT { *status = s; let offset = decoder.offset().map_err(error_from_pt_error)?; - if b.ninsn() > 0 && !b.speculative() && skip < offset { + if b.ninsn() > 0 && skip < offset { let id = hash_me(*previous_block_end_ip) ^ hash_me(b.ip()); // SAFETY: the index is < map.len() since the modulo operation is applied let map_loc = unsafe { map.get_unchecked_mut(id as usize % map.len()) }; @@ -408,16 +414,18 @@ impl IntelPT { *previous_block_end_ip = b.end_ip(); } + + if status.eos() { + break 'block; + } } Err(e) => { if e.code() != PtErrorCode::Eos { log::trace!("PT error in block next {e:?}"); } + break 'block; } } - if status.eos() { - break 'block; - } } Ok(()) }