From ddbe5be01fa8a77889e0d21f668b5f0f5912eee3 Mon Sep 17 00:00:00 2001 From: cube0x8 Date: Fri, 26 Apr 2024 17:49:38 +0300 Subject: [PATCH] add a flag for edge TB so we can unlink it completely (#53) * add a flag for edge TB so we can unlink it completely * Call tb_phys_invalidate on edge's TBs. Added libafl code comments * Edge flag is now applied to cflags instead of flags --------- Co-authored-by: Romain Malmain --- accel/tcg/tb-maint.c | 5 +++++ accel/tcg/translate-all.c | 2 +- include/exec/translation-block.h | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/accel/tcg/tb-maint.c b/accel/tcg/tb-maint.c index da39a43bd8..05a672960a 100644 --- a/accel/tcg/tb-maint.c +++ b/accel/tcg/tb-maint.c @@ -866,6 +866,11 @@ static inline void tb_jmp_unlink(TranslationBlock *dest) TB_FOR_EACH_JMP(dest, tb, n) { tb_reset_jump(tb, n); +//// --- Begin LibAFL code --- + if (tb->cflags & CF_IS_EDGE) { + tb_phys_invalidate(tb, -1); + } +//// --- End LibAFL code --- qatomic_and(&tb->jmp_dest[n], (uintptr_t)NULL | 1); /* No need to clear the list entry; setting the dest ptr is enough */ } diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index 8db7ad4d22..462f84c278 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -403,7 +403,7 @@ TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block, } tb->cs_base = cs_base; tb->flags = flags; - tb->cflags = cflags; + tb->cflags = cflags | CF_IS_EDGE; //tb_set_page_addr0(tb, phys_pc); //tb_set_page_addr1(tb, -1); tcg_ctx->gen_tb = tb; diff --git a/include/exec/translation-block.h b/include/exec/translation-block.h index 48211c890a..6d899c161a 100644 --- a/include/exec/translation-block.h +++ b/include/exec/translation-block.h @@ -77,6 +77,9 @@ struct TranslationBlock { #define CF_PARALLEL 0x00008000 /* Generate code for a parallel context */ #define CF_NOIRQ 0x00010000 /* Generate an uninterruptible TB */ #define CF_PCREL 0x00020000 /* Opcodes in TB are PC-relative */ +//// --- Begin LibAFL code --- +#define CF_IS_EDGE 0x00800000 /* The current TB is an edge */ +//// --- End LibAFL code --- #define CF_CLUSTER_MASK 0xff000000 /* Top 8 bits are cluster ID */ #define CF_CLUSTER_SHIFT 24