-
-
Notifications
You must be signed in to change notification settings - Fork 384
ensure Nyx command handler support is more CPU agnostic (#3153) #3167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LibAFL/libafl_qemu/src/arch/x86_64.rs
Line 45 in f16ddf2
Cmdis notRbx(should it be?)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good call out!
Short answer for Nyx; yes. There are other changes needed though; e.g. depend upon Nyx support actually being built (disabled by default in CI/Docker builds, etc already). I no longer think this is the best abstraction to rely upon.
I confirmed that this should be more agnostic; hypercall macros defined in the Nyx packer differentiate between x86 and x86_64 (and of course, emitted code for guests). If I understand correctly, EAX/RAX will vary based on usage of kAFL vs others with and without Intel-PT but changes when trying to avoid collisions with VMware, etc. The Nyx packer code handles more and the code I patched would really be the most common config. The "subcommand" relevant to Nyx appears to be in EBX/RBX and is just a byte, based on the GCC asm modifiers.
I've produced a full Nyx test environment by dual-booting an Intel Core i7 10th Gen. This gets me everything I need; Intel-PT, etc. Everything builds. IIRC I encountered some test failures in other places but had to context switch.
This week, I will prioritize revisiting this PR and can expand further.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I consider this PR to be fix to #3153
for that purpose this PR is ready to merge?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this was written with only the x64 intel pt usecase indeed, so i'd expect to see issues in another scenario.
the nyx packer always uses [er]ax to detect a nyx hypercall and [er]bx / [er]cx for the arguments.
i don't mind supporting more things that the x64 intel pt mode, but i think it's important we keep the same behavior as the original nyx API, otherwise it makes the main use of this command handler useless.
the original intention was to be able to support nyx targets without having to touch them.
if you have time to revisit the pr it would be appreciated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
then this file should be disabled for i386 right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe use the fix for i386 for people that want/need it, and use the current register assignments for 64 bit?
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but romain said it's gonna work only with amd64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
btw now without the restriction of CI runner. i386, arm can be added to CI