Merge pull request #59 from vanhauser-thc/qemu_3.1.1

Qemu 3.1.1
2025-06-13 02:28:09 +00:00 · 2019-09-14 13:02:19 +02:00
parent 4e87c6af02 fc277b736a
commit 4df1ad35b3
9 changed files with 75 additions and 18 deletions
--- a/.gitignore
+++ b/.gitignore
@ -18,8 +18,7 @@ afl-qemu-trace
 afl-showmap
 afl-tmin
 as
-qemu_mode/qemu-3.1.0
+qemu_mode/qemu-*
 qemu_mode/qemu-3.1.0.tar.xz
 unicorn_mode/unicorn
 unicorn_mode/unicorn-*
 unicorn_mode/*.tar.gz
--- a/22
+++ b/22
@ -205,13 +205,31 @@ all_done: test_build
 .NOTPARALLEL: clean
 clean:
-	rm -f $(PROGS) afl-as as afl-g++ afl-clang afl-clang++ *.o *~ a.out core core.[1-9][0-9]* *.stackdump test .test .test1 .test2 test-instr .test-instr0 .test-instr1 qemu_mode/qemu-3.1.0.tar.xz afl-qemu-trace afl-gcc-fast afl-gcc-pass.so afl-gcc-rt.o afl-g++-fast *.so unicorn_mode/24f55a7973278f20f0de21b904851d99d4716263.tar.gz *.8
+	rm -f $(PROGS) afl-as as afl-g++ afl-clang afl-clang++ *.o *~ a.out core core.[1-9][0-9]* *.stackdump test .test .test1 .test2 test-instr .test-instr0 .test-instr1 qemu_mode/qemu-3.1.1.tar.xz afl-qemu-trace afl-gcc-fast afl-gcc-pass.so afl-gcc-rt.o afl-g++-fast *.so unicorn_mode/24f55a7973278f20f0de21b904851d99d4716263.tar.gz *.8
-	rm -rf out_dir qemu_mode/qemu-3.1.0 unicorn_mode/unicorn
+	rm -rf out_dir qemu_mode/qemu-3.1.1 unicorn_mode/unicorn
 	$(MAKE) -C llvm_mode clean
 	$(MAKE) -C libdislocator clean
 	$(MAKE) -C libtokencap clean
 	$(MAKE) -C qemu_mode/libcompcov clean
 distrib: all
 	$(MAKE) -C llvm_mode
 	$(MAKE) -C libdislocator
 	$(MAKE) -C libtokencap
 	cd qemu_mode && sh ./build_qemu_support.sh
 	cd unicorn_mode && sh ./build_unicorn_support.sh
 binary-only: all
 	$(MAKE) -C libdislocator
 	$(MAKE) -C libtokencap
 	cd qemu_mode && sh ./build_qemu_support.sh
 	cd unicorn_mode && sh ./build_unicorn_support.sh
 source-only: all
 	$(MAKE) -C llvm_mode
 	$(MAKE) -C libdislocator
 	$(MAKE) -C libtokencap
 %.8:	%
 	@echo .TH $* 8 `date -I` "afl++" > $@
 	@echo .SH NAME >> $@
--- a/qemu_mode/build_qemu_support.sh
+++ b/qemu_mode/build_qemu_support.sh
@ -9,7 +9,7 @@
 # TCG instrumentation and block chaining support by Andrea Biondo
 #                                    <andrea.biondo965@gmail.com>
 #
-# QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+# QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
 # counters by Andrea Fioraldi <andreafioraldi@gmail.com>
 #
 # Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
@ -30,9 +30,9 @@
 #
-VERSION="3.1.0"
+VERSION="3.1.1"
 QEMU_URL="http://download.qemu-project.org/qemu-${VERSION}.tar.xz"
-QEMU_SHA384="0318f2b5a36eafbf17bca0f914567dfa5e8a3cd6ff83bb46fe49a0079cd71ddd3ec4267c6c62a03f9e26e05cc80e6d4b"
+QEMU_SHA384="28ff22ec4b8c957309460aa55d0b3188e971be1ea7dfebfb2ecc7903cd20cfebc2a7c97eedfcc7595f708357f1623f8b"
 echo "================================================="
 echo "AFL binary-only instrumentation QEMU build script"
--- a/qemu_mode/patches/afl-qemu-common.h
+++ b/qemu_mode/patches/afl-qemu-common.h
@ -8,7 +8,7 @@
   TCG instrumentation and block chaining support by Andrea Biondo
                                      <andrea.biondo965@gmail.com>
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
   counters by Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
--- a/qemu_mode/patches/afl-qemu-cpu-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-inl.h
@ -8,7 +8,7 @@
   TCG instrumentation and block chaining support by Andrea Biondo
                                      <andrea.biondo965@gmail.com>
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
   counters by Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
--- a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
@ -8,7 +8,7 @@
   TCG instrumentation and block chaining support by Andrea Biondo
                                      <andrea.biondo965@gmail.com>
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
   counters by Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
--- a/qemu_mode/patches/afl-qemu-tcg-inl.h
+++ b/qemu_mode/patches/afl-qemu-tcg-inl.h
@ -8,7 +8,7 @@
   TCG instrumentation and block chaining support by Andrea Biondo
                                      <andrea.biondo965@gmail.com>
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
   counters by Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
--- a/qemu_mode/patches/afl-qemu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-translate-inl.h
@ -8,7 +8,7 @@
   TCG instrumentation and block chaining support by Andrea Biondo
                                      <andrea.biondo965@gmail.com>
-   QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero
+   QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero
   counters by Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
--- a/qemu_mode/patches/syscall.diff
+++ b/qemu_mode/patches/syscall.diff
@ -1,18 +1,58 @@
 diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 280137da..8c0e749f 100644
+index b13a170e..5678c006 100644
 --- a/linux-user/syscall.c
 +++ b/linux-user/syscall.c
-@@ -112,6 +112,9 @@
+@@ -111,6 +111,9 @@
 #include "qemu.h"
 #include "fd-trans.h"
 +#include <linux/sockios.h>
 +extern unsigned int afl_forksrv_pid;
 +
 +extern unsigned int afl_forksrv_pid;
 #ifndef CLONE_IO
 #define CLONE_IO                0x80000000      /* Clone io context */
@@ -250,7 +253,8 @@ static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
 #endif
-@@ -10799,8 +10801,19 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
+ 
 #ifdef __NR_gettid
 -_syscall0(int, gettid)
 +#define __NR_sys_gettid __NR_gettid
 +_syscall0(int, sys_gettid)
 #else
 /* This is a replacement for the host gettid() and must return a host
    errno. */
@@ -5384,7 +5388,7 @@ static void *clone_func(void *arg)
     cpu = ENV_GET_CPU(env);
     thread_cpu = cpu;
     ts = (TaskState *)cpu->opaque;
 -    info->tid = gettid();
 +    info->tid = sys_gettid();
     task_settid(ts);
     if (info->child_tidptr)
         put_user_u32(info->tid, info->child_tidptr);
@@ -5529,9 +5533,9 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
                mapping.  We can't repeat the spinlock hack used above because
                the child process gets its own copy of the lock.  */
             if (flags & CLONE_CHILD_SETTID)
 -                put_user_u32(gettid(), child_tidptr);
 +                put_user_u32(sys_gettid(), child_tidptr);
             if (flags & CLONE_PARENT_SETTID)
 -                put_user_u32(gettid(), parent_tidptr);
 +                put_user_u32(sys_gettid(), parent_tidptr);
             ts = (TaskState *)cpu->opaque;
             if (flags & CLONE_SETTLS)
                 cpu_set_tls (env, newtls);
@@ -10529,7 +10533,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
         return TARGET_PAGE_SIZE;
 #endif
     case TARGET_NR_gettid:
 -        return get_errno(gettid());
 +        return get_errno(sys_gettid());
 #ifdef TARGET_NR_readahead
     case TARGET_NR_readahead:
 #if TARGET_ABI_BITS == 32
@@ -10813,8 +10817,19 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
         return get_errno(safe_tkill((int)arg1, target_to_host_signal(arg2)));
     case TARGET_NR_tgkill:
@ -33,4 +73,4 @@ index 280137da..8c0e749f 100644
 +        }
 #ifdef TARGET_NR_set_robust_list
-     case TARGET_NR_set_robust_list:
+     case TARGET_NR_set_robust_list: