diff --git a/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs b/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs index f57b33a887..e3fed6483a 100644 --- a/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs +++ b/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs @@ -30,8 +30,8 @@ use libafl_bolts::{ }; use libafl_qemu::{ elf::EasyElf, - modules::{drcov::DrCovModule, StdAddressFilter}, - ArchExtras, CallingConvention, Emulator, GuestAddr, GuestReg, MmapPerms, QemuExecutor, + modules::{drcov::DrCovModule, utils::filters::StdAddressFilter}, + ArchExtras, CallingConvention, Emulator, GuestAddr, GuestReg, MmapPerms, Qemu, QemuExecutor, QemuExitReason, QemuRWError, QemuShutdownCause, Regs, }; diff --git a/fuzzers/binary_only/qemu_launcher/src/instance.rs b/fuzzers/binary_only/qemu_launcher/src/instance.rs index a08d73d7fa..6475562429 100644 --- a/fuzzers/binary_only/qemu_launcher/src/instance.rs +++ b/fuzzers/binary_only/qemu_launcher/src/instance.rs @@ -39,8 +39,10 @@ use libafl_bolts::{ use libafl_qemu::{ elf::EasyElf, modules::{ - cmplog::CmpLogObserver, edges::EdgeCoverageFullVariant, EdgeCoverageModule, EmulatorModule, - EmulatorModuleTuple, NopPageFilter, StdAddressFilter, StdEdgeCoverageModule, + cmplog::CmpLogObserver, + edges::EdgeCoverageFullVariant, + utils::filters::{NopPageFilter, StdAddressFilter}, + EdgeCoverageModule, EmulatorModule, EmulatorModuleTuple, StdEdgeCoverageModule, }, Emulator, GuestAddr, Qemu, QemuExecutor, }; diff --git a/fuzzers/full_system/qemu_linux_kernel/Cargo.toml b/fuzzers/full_system/qemu_linux_kernel/Cargo.toml index 9035d9b1e1..3b36005bdc 100644 --- a/fuzzers/full_system/qemu_linux_kernel/Cargo.toml +++ b/fuzzers/full_system/qemu_linux_kernel/Cargo.toml @@ -17,19 +17,15 @@ lto = "fat" codegen-units = 1 [dependencies] -libafl = { path = "../../../../../libafl" } -libafl_bolts = { path = "../../../../../libafl_bolts" } -libafl_qemu = { path = "../../../../../libafl_qemu", features = [ - "x86_64", - "systemmode", - #"paranoid_debug" -] } -libafl_qemu_sys = { path = "../../../../../libafl_qemu/libafl_qemu_sys", features = [ +libafl = { path = "../../../libafl" } +libafl_bolts = { path = "../../../libafl_bolts" } +libafl_qemu = { path = "../../../libafl_qemu", default-features = false, features = [ "x86_64", "systemmode", #"paranoid_debug" ] } +libafl_targets = { path = "../../../libafl_targets" } env_logger = "0.11.5" [build-dependencies] -libafl_qemu_build = { path = "../../../../../libafl_qemu/libafl_qemu_build" } +libafl_qemu_build = { path = "../../../libafl_qemu/libafl_qemu_build" } diff --git a/fuzzers/full_system/qemu_linux_kernel/Makefile.toml b/fuzzers/full_system/qemu_linux_kernel/Makefile.toml index 9fec43ecbe..8aa6673084 100644 --- a/fuzzers/full_system/qemu_linux_kernel/Makefile.toml +++ b/fuzzers/full_system/qemu_linux_kernel/Makefile.toml @@ -100,20 +100,23 @@ else LIBAFL_QEMU_BIOS_DIR=${LIBAFL_QEMU_CLONE_DIR}/build/qemu-bundle/usr/local/share/qemu fi -${TARGET_DIR}/${PROFILE_DIR}/qemu_systemmode_linux_kernel \ +cp ${LINUX_BUILDER_OUT}/OVMF_CODE.4m.fd ${LINUX_BUILDER_OUT}/OVMF_CODE.fd.clone +cp ${LINUX_BUILDER_OUT}/OVMF_VARS.4m.fd ${LINUX_BUILDER_OUT}/OVMF_VARS.fd.clone +cp ${LINUX_BUILDER_OUT}/linux.qcow2 ${LINUX_BUILDER_OUT}/linux.qcow2.clone + +${TARGET_DIR}/${PROFILE_DIR}/qemu_linux_kernel \ -accel tcg \ -m 4G \ - -drive if=pflash,format=raw,readonly=on,file="${LINUX_BUILDER_OUT}/OVMF_CODE.fd" \ - -drive if=pflash,format=raw,snapshot=off,file="${LINUX_BUILDER_OUT}/OVMF_VARS.fd" \ - -blockdev filename="${LINUX_BUILDER_OUT}/linux.qcow2",node-name=storage,driver=file \ - -blockdev driver=qcow2,file=storage,node-name=disk \ - -device virtio-scsi-pci,id=scsi0 \ + -drive if=pflash,format=raw,file="${LINUX_BUILDER_OUT}/OVMF_CODE.4m.fd" `# OVMF code pflash` \ + -drive if=pflash,format=raw,file="${LINUX_BUILDER_OUT}/OVMF_VARS.4m.fd" `# OVMF vars pflash` \ + -device virtio-scsi-pci,id=scsi0 `# SCSI bus` \ -device scsi-hd,bus=scsi0.0,drive=disk,id=virtio-disk0,bootindex=1 \ + -blockdev driver=file,filename="${LINUX_BUILDER_OUT}/linux.qcow2",node-name=storage `# Backend file of "disk"` \ + -blockdev driver=qcow2,file=storage,node-name=disk `# QCOW2 "disk"` \ -L "${LIBAFL_QEMU_BIOS_DIR}" \ -nographic \ -monitor null \ - -serial null \ - -snapshot + -serial null ''' [tasks.debug] diff --git a/fuzzers/full_system/qemu_linux_kernel/setup/Makefile b/fuzzers/full_system/qemu_linux_kernel/setup/Makefile index a46095abea..d934995017 100644 --- a/fuzzers/full_system/qemu_linux_kernel/setup/Makefile +++ b/fuzzers/full_system/qemu_linux_kernel/setup/Makefile @@ -1,9 +1,9 @@ obj-m += harness.o all: - make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules + make -C /lib/modules/$(LINUX_MODULES)/build M=$(PWD) modules gcc -Wall -Werror -o user user.c clean: - make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean - rm user \ No newline at end of file + make -C /lib/modules/$(LINUX_MODULES)/build M=$(PWD) clean + rm -f user \ No newline at end of file diff --git a/fuzzers/full_system/qemu_linux_kernel/setup/harness.c b/fuzzers/full_system/qemu_linux_kernel/setup/harness.c index c7d58c78f2..b17f031564 100644 --- a/fuzzers/full_system/qemu_linux_kernel/setup/harness.c +++ b/fuzzers/full_system/qemu_linux_kernel/setup/harness.c @@ -91,6 +91,8 @@ static int harness_find_kallsyms_lookup(void) { lqprintf("kallsyms_lookup_name address = 0x%lx\n", kln_addr); + if (kln_addr == 0) { return -1; } + kln_pointer = (unsigned long (*)(const char *name))kln_addr; return ret; @@ -108,6 +110,8 @@ static int __init harness_init(void) { err = alloc_chrdev_region(&dev, 0, 1, "harness"); + if (err < 0) { return err; } + dev_major = MAJOR(dev); harness_class = class_create("harness"); @@ -120,7 +124,9 @@ static int __init harness_init(void) { device_create(harness_class, NULL, MKDEV(dev_major, 0), NULL, "harness"); - harness_find_kallsyms_lookup(); + err = harness_find_kallsyms_lookup(); + + if (err < 0) { return err; } return 0; } @@ -135,7 +141,6 @@ static void __exit harness_exit(void) { } static int harness_open(struct inode *inode, struct file *file) { - int ret; lqprintf("harness: Device open\n"); char *data = kzalloc(BUF_SIZE, GFP_KERNEL); @@ -144,6 +149,11 @@ static int harness_open(struct inode *inode, struct file *file) { unsigned long x509_fn_addr = kln_pointer("x509_cert_parse"); lqprintf("harness: x509 fn addr: 0x%lx\n", x509_fn_addr); + if (x509_fn_addr == 0) { + lqprintf("harness: Error: x509 function not found.\n"); + return -1; + } + // TODO: better filtering... libafl_qemu_trace_vaddr_size(x509_fn_addr, 0x1000); diff --git a/fuzzers/full_system/qemu_linux_kernel/setup/setup.sh b/fuzzers/full_system/qemu_linux_kernel/setup/setup.sh index 56fafcc8b6..5090430ef2 100644 --- a/fuzzers/full_system/qemu_linux_kernel/setup/setup.sh +++ b/fuzzers/full_system/qemu_linux_kernel/setup/setup.sh @@ -1,6 +1,8 @@ #!/bin/bash +LINUX_MODULES=$(pacman -Ql linux-headers | grep -m 1 -E '/usr/lib/modules/[^/]*/' | sed 's|.*/usr/lib/modules/\([^/]*\)/.*|\1|') +export LINUX_MODULES + cd /setup make clean -make -j -ls /setup \ No newline at end of file +make -j \ No newline at end of file diff --git a/fuzzers/full_system/qemu_linux_kernel/src/fuzzer.rs b/fuzzers/full_system/qemu_linux_kernel/src/fuzzer.rs index 0587202bae..3e3f61119a 100644 --- a/fuzzers/full_system/qemu_linux_kernel/src/fuzzer.rs +++ b/fuzzers/full_system/qemu_linux_kernel/src/fuzzer.rs @@ -12,10 +12,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, inputs::BytesInput, monitors::MultiMonitor, - mutators::{ - scheduled::{havoc_mutations, StdScheduledMutator}, - I2SRandReplaceBinonly, - }, + mutators::{havoc_mutations, scheduled::StdScheduledMutator, I2SRandReplaceBinonly}, observers::{CanTrack, HitcountsMapObserver, TimeObserver, VariableMapObserver}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::{ShadowTracingStage, StdMutationalStage}, @@ -33,16 +30,10 @@ use libafl_bolts::{ use libafl_qemu::{ emu::Emulator, executor::QemuExecutor, - modules::{ - cmplog::CmpLogObserver, - edges::{ - edges_map_mut_ptr, StdEdgeCoverageClassicModule, EDGES_MAP_ALLOCATED_SIZE, - MAX_EDGES_FOUND, - }, - CmpLogModule, - }, + modules::{cmplog::CmpLogObserver, edges::StdEdgeCoverageClassicModule, CmpLogModule}, // StdEmulatorDriver }; +use libafl_targets::{edges_map_mut_ptr, EDGES_MAP_DEFAULT_SIZE, MAX_EDGES_FOUND}; pub fn fuzz() { env_logger::init(); @@ -61,9 +52,21 @@ pub fn fuzz() { // Initialize QEMU let args: Vec = env::args().collect(); + // Create an observation channel using the coverage map + let mut edges_observer = unsafe { + HitcountsMapObserver::new(VariableMapObserver::from_mut_slice( + "edges", + OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_DEFAULT_SIZE), + &raw mut MAX_EDGES_FOUND, + )) + .track_indices() + }; + // Choose modules to use let modules = tuple_list!( - StdEdgeCoverageClassicModule::builder().build(), + StdEdgeCoverageClassicModule::builder() + .map_observer(edges_observer.as_mut()) + .build()?, CmpLogModule::default(), ); @@ -81,16 +84,6 @@ pub fn fuzz() { emulator.run(state, input).unwrap().try_into().unwrap() }; - // Create an observation channel using the coverage map - let edges_observer = unsafe { - HitcountsMapObserver::new(VariableMapObserver::from_mut_slice( - "edges", - OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_ALLOCATED_SIZE), - &raw mut MAX_EDGES_FOUND, - )) - .track_indices() - }; - // Create an observation channel to keep track of the execution time let time_observer = TimeObserver::new("time"); diff --git a/fuzzers/full_system/qemu_linux_process/Cargo.toml b/fuzzers/full_system/qemu_linux_process/Cargo.toml index 0f2f626f92..065fdeea25 100644 --- a/fuzzers/full_system/qemu_linux_process/Cargo.toml +++ b/fuzzers/full_system/qemu_linux_process/Cargo.toml @@ -5,6 +5,10 @@ authors = ["Romain Malmain "] edition = "2021" [features] + +## Build and run the target with the Nyx API instead of the built-in LibAFL QEMU API. +nyx = [] + shared = ["libafl_qemu/shared"] [profile.release] @@ -16,15 +20,10 @@ codegen-units = 1 [dependencies] libafl = { path = "../../../libafl" } libafl_bolts = { path = "../../../libafl_bolts" } -libafl_qemu = { path = "../../../libafl_qemu", features = [ - "x86_64", - "systemmode", - # "paranoid_debug" -] } -libafl_qemu_sys = { path = "../../../libafl_qemu/libafl_qemu_sys", features = [ +libafl_qemu = { path = "../../../libafl_qemu", default-features = false, features = [ "x86_64", "systemmode", - # "paranoid_debug" + # "paranoid_debug", ] } env_logger = "0.11.5" libafl_targets = { path = "../../../libafl_targets" } diff --git a/fuzzers/full_system/qemu_linux_process/Makefile.toml b/fuzzers/full_system/qemu_linux_process/Makefile.toml index 8317a1ff1a..fe298369da 100644 --- a/fuzzers/full_system/qemu_linux_process/Makefile.toml +++ b/fuzzers/full_system/qemu_linux_process/Makefile.toml @@ -1,12 +1,20 @@ env_scripts = [''' #!@duckscript profile = get_env PROFILE +harness_api = get_env HARNESS_API if eq ${profile} "dev" set_env PROFILE_DIR debug else set_env PROFILE_DIR ${profile} end + +if eq ${harness_api} "nyx" + set_env FEATURE nyx +else + set_env FEATURE "" +end + ''', ''' #!@duckscript runs_on_ci = get_env RUN_ON_CI @@ -25,12 +33,12 @@ TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}" LIBAFL_QEMU_CLONE_DIR = { value = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge", condition = { env_not_set = [ "LIBAFL_QEMU_DIR", ] } } - LINUX_BUILDER_URL = "git@github.com:AFLplusplus/linux-qemu-image-builder.git" LINUX_BUILDER_DIR = { value = "${TARGET_DIR}/linux_builder", condition = { env_not_set = [ "LINUX_BUILDER_DIR", ] } } LINUX_BUILDER_OUT = "${LINUX_BUILDER_DIR}/output" +HARNESS_API = { value = "lqemu", condition = { env_not_set = ["HARNESS_API"] } } [tasks.target_dir] condition = { files_not_exist = [ @@ -51,7 +59,22 @@ script = ''' git clone ${LINUX_BUILDER_URL} ${LINUX_BUILDER_DIR} ''' -[tasks.compile_target] +[tasks.compile_target_nyx] +condition = { env = { "HARNESS_API" = "nyx" } } +dependencies = ["target_dir", "linux_builder_dir"] +command = "clang" +args = [ + "-O0", + "-static", + "${WORKING_DIR}/example/harness_nyx.c", + "-o", + "${TARGET_DIR}/runtime/harness", + "-I", + "${TARGET_DIR}/${PROFILE_DIR}/include", +] + +[tasks.compile_target_native] +condition = { env = { "HARNESS_API" = "lqemu" } } dependencies = ["target_dir", "linux_builder_dir"] command = "clang" args = [ @@ -64,6 +87,9 @@ args = [ "${TARGET_DIR}/${PROFILE_DIR}/include", ] +[tasks.compile_target] +dependencies = ["compile_target_native", "compile_target_nyx"] + [tasks.target] dependencies = ["build", "compile_target"] script_runner = "@shell" @@ -96,7 +122,15 @@ ${LINUX_BUILDER_DIR}/update.sh [tasks.build] dependencies = ["target_dir"] command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--target-dir", "${TARGET_DIR}"] +args = [ + "build", + "--profile", + "${PROFILE}", + "--target-dir", + "${TARGET_DIR}", + "--features", + "${FEATURE}", +] [tasks.run] dependencies = ["build"] @@ -111,15 +145,15 @@ else LIBAFL_QEMU_BIOS_DIR=${LIBAFL_QEMU_CLONE_DIR}/build/qemu-bundle/usr/local/share/qemu fi -cp ${LINUX_BUILDER_OUT}/OVMF_CODE.fd ${LINUX_BUILDER_OUT}/OVMF_CODE.fd.clone -cp ${LINUX_BUILDER_OUT}/OVMF_VARS.fd ${LINUX_BUILDER_OUT}/OVMF_VARS.fd.clone +cp ${LINUX_BUILDER_OUT}/OVMF_CODE.4m.fd ${LINUX_BUILDER_OUT}/OVMF_CODE.fd.clone +cp ${LINUX_BUILDER_OUT}/OVMF_VARS.4m.fd ${LINUX_BUILDER_OUT}/OVMF_VARS.fd.clone cp ${LINUX_BUILDER_OUT}/linux.qcow2 ${LINUX_BUILDER_OUT}/linux.qcow2.clone ${TARGET_DIR}/${PROFILE_DIR}/qemu_linux_process \ -accel tcg \ -m 4G \ - -drive if=pflash,format=raw,file="${LINUX_BUILDER_OUT}/OVMF_CODE.fd" `# OVMF code pflash` \ - -drive if=pflash,format=raw,file="${LINUX_BUILDER_OUT}/OVMF_VARS.fd" `# OVMF vars pflash` \ + -drive if=pflash,format=raw,file="${LINUX_BUILDER_OUT}/OVMF_CODE.4m.fd" `# OVMF code pflash` \ + -drive if=pflash,format=raw,file="${LINUX_BUILDER_OUT}/OVMF_VARS.4m.fd" `# OVMF vars pflash` \ -device virtio-scsi-pci,id=scsi0 `# SCSI bus` \ -device scsi-hd,bus=scsi0.0,drive=disk,id=virtio-disk0,bootindex=1 \ -blockdev driver=file,filename="${LINUX_BUILDER_OUT}/linux.qcow2",node-name=storage `# Backend file of "disk"` \ diff --git a/fuzzers/full_system/qemu_linux_process/example/harness_nyx.c b/fuzzers/full_system/qemu_linux_process/example/harness_nyx.c new file mode 100644 index 0000000000..15c4eca2ae --- /dev/null +++ b/fuzzers/full_system/qemu_linux_process/example/harness_nyx.c @@ -0,0 +1,137 @@ +// Adapted from +// https://github.com/google/fuzzing/blob/master/tutorial/libFuzzer/fuzz_me.cc +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#define PAGE_SIZE 4096 +#define PAYLOAD_MAX_SIZE (1 * 1024 * 1024) + +bool FuzzMe(const uint8_t *Data, size_t DataSize) { + if (DataSize > 3) { + if (Data[0] == 'F') { + if (Data[1] == 'U') { + if (Data[2] == 'Z') { + if (Data[3] == 'Z') { return true; } + } + } + } + } + + return false; +} + +/** + * Allocate page-aligned memory + */ +void *malloc_resident_pages(size_t num_pages) { + size_t data_size = PAGE_SIZE * num_pages; + void *ptr = NULL; + + if ((ptr = aligned_alloc(PAGE_SIZE, data_size)) == NULL) { + fprintf(stderr, "Allocation failure: %s\n", strerror(errno)); + goto err_out; + } + + // ensure pages are aligned and resident + memset(ptr, 0x42, data_size); + if (mlock(ptr, data_size) == -1) { + fprintf(stderr, "Error locking scratch buffer: %s\n", strerror(errno)); + goto err_out; + } + + assert(((uintptr_t)ptr % PAGE_SIZE) == 0); + return ptr; +err_out: + free(ptr); + return NULL; +} + +int agent_init(int verbose) { + host_config_t host_config; + + // set ready state + kAFL_hypercall(HYPERCALL_KAFL_ACQUIRE, 0); + kAFL_hypercall(HYPERCALL_KAFL_RELEASE, 0); + + kAFL_hypercall(HYPERCALL_KAFL_GET_HOST_CONFIG, (uintptr_t)&host_config); + + if (verbose) { + fprintf(stderr, "GET_HOST_CONFIG\n"); + fprintf(stderr, "\thost magic: 0x%x, version: 0x%x\n", + host_config.host_magic, host_config.host_version); + fprintf(stderr, "\tbitmap size: 0x%x, ijon: 0x%x\n", + host_config.bitmap_size, host_config.ijon_bitmap_size); + fprintf(stderr, "\tpayload size: %u KB\n", + host_config.payload_buffer_size / 1024); + fprintf(stderr, "\tworker id: %d\n", host_config.worker_id); + } + + if (host_config.host_magic != NYX_HOST_MAGIC) { + hprintf("HOST_MAGIC mismatch: %08x != %08x\n", host_config.host_magic, + NYX_HOST_MAGIC); + habort("HOST_MAGIC mismatch!"); + return -1; + } + + if (host_config.host_version != NYX_HOST_VERSION) { + hprintf("HOST_VERSION mismatch: %08x != %08x\n", host_config.host_version, + NYX_HOST_VERSION); + habort("HOST_VERSION mismatch!"); + return -1; + } + + if (host_config.payload_buffer_size > PAYLOAD_MAX_SIZE) { + hprintf("Fuzzer payload size too large: %lu > %lu\n", + host_config.payload_buffer_size, PAYLOAD_MAX_SIZE); + habort("Host payload size too large!"); + return -1; + } + + agent_config_t agent_config = {0}; + agent_config.agent_magic = NYX_AGENT_MAGIC; + agent_config.agent_version = NYX_AGENT_VERSION; + // agent_config.agent_timeout_detection = 0; // timeout by host + // agent_config.agent_tracing = 0; // trace by host + // agent_config.agent_ijon_tracing = 0; // no IJON + agent_config.agent_non_reload_mode = 0; // no persistent mode + // agent_config.trace_buffer_vaddr = 0xdeadbeef; + // agent_config.ijon_trace_buffer_vaddr = 0xdeadbeef; + agent_config.coverage_bitmap_size = host_config.bitmap_size; + // agent_config.input_buffer_size; + // agent_config.dump_payloads; // set by hypervisor (??) + + kAFL_hypercall(HYPERCALL_KAFL_SET_AGENT_CONFIG, (uintptr_t)&agent_config); + + return 0; +} + +int main() { + kAFL_payload *pbuf = malloc_resident_pages(PAYLOAD_MAX_SIZE / PAGE_SIZE); + assert(pbuf); + + agent_init(1); + + kAFL_hypercall(HYPERCALL_KAFL_GET_PAYLOAD, (uint64_t)pbuf); + + hprintf("payload size addr: %p", &pbuf->size); + hprintf("payload addr: %p", &pbuf->data); + + kAFL_hypercall(HYPERCALL_KAFL_NEXT_PAYLOAD, 0); + kAFL_hypercall(HYPERCALL_KAFL_ACQUIRE, 0); + + // Call the target + bool ret = FuzzMe(pbuf->data, pbuf->size); + + kAFL_hypercall(HYPERCALL_KAFL_RELEASE, 0); + + habort("Error: post-release code has been triggered."); +} \ No newline at end of file diff --git a/fuzzers/full_system/qemu_linux_process/src/fuzzer.rs b/fuzzers/full_system/qemu_linux_process/src/fuzzer.rs index cd0b7defc1..c6b4bc6b3c 100644 --- a/fuzzers/full_system/qemu_linux_process/src/fuzzer.rs +++ b/fuzzers/full_system/qemu_linux_process/src/fuzzer.rs @@ -3,6 +3,8 @@ use core::time::Duration; use std::{env, path::PathBuf, process}; +#[cfg(not(feature = "nyx"))] +use libafl::state::{HasExecutions, State}; use libafl::{ corpus::{Corpus, InMemoryOnDiskCorpus, OnDiskCorpus}, events::{launcher::Launcher, EventConfig}, @@ -10,7 +12,7 @@ use libafl::{ feedback_or, feedback_or_fast, feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback, TimeoutFeedback}, fuzzer::{Fuzzer, StdFuzzer}, - inputs::BytesInput, + inputs::{BytesInput, HasTargetBytes, UsesInput}, monitors::MultiMonitor, mutators::{havoc_mutations, I2SRandReplaceBinonly, StdScheduledMutator}, observers::{CanTrack, HitcountsMapObserver, TimeObserver, VariableMapObserver}, @@ -27,13 +29,64 @@ use libafl_bolts::{ shmem::{ShMemProvider, StdShMemProvider}, tuples::tuple_list, }; +#[cfg(feature = "nyx")] +use libafl_qemu::{command::nyx::NyxCommandManager, NyxEmulatorDriver}; +#[cfg(not(feature = "nyx"))] +use libafl_qemu::{command::StdCommandManager, StdEmulatorDriver}; use libafl_qemu::{ emu::Emulator, executor::QemuExecutor, - modules::{cmplog::CmpLogObserver, edges::StdEdgeCoverageClassicModule, CmpLogModule}, + modules::{ + cmplog::CmpLogObserver, edges::StdEdgeCoverageClassicModule, CmpLogModule, + EmulatorModuleTuple, + }, + FastSnapshotManager, QemuInitError, }; use libafl_targets::{edges_map_mut_ptr, EDGES_MAP_DEFAULT_SIZE, MAX_EDGES_FOUND}; +#[cfg(feature = "nyx")] +fn get_emulator( + args: Vec, + modules: ET, +) -> Result< + Emulator, NyxEmulatorDriver, ET, S, FastSnapshotManager>, + QemuInitError, +> +where + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + ::Input: HasTargetBytes, +{ + Emulator::empty() + .qemu_parameters(args) + .modules(modules) + .driver( + NyxEmulatorDriver::builder() + .allow_page_on_start(true) + .process_only(true) + .build(), + ) + .command_manager(NyxCommandManager::default()) + .snapshot_manager(FastSnapshotManager::default()) + .build() +} + +#[cfg(not(feature = "nyx"))] +fn get_emulator( + args: Vec, + modules: ET, +) -> Result< + Emulator, StdEmulatorDriver, ET, S, FastSnapshotManager>, + QemuInitError, +> +where + ET: EmulatorModuleTuple, + S: State + HasExecutions + Unpin, + ::Input: HasTargetBytes, +{ + Emulator::builder().qemu_cli(args).modules(modules).build() +} + pub fn fuzz() { env_logger::init(); @@ -69,10 +122,7 @@ pub fn fuzz() { CmpLogModule::default(), ); - let emu = Emulator::builder() - .qemu_parameters(args) - .modules(modules) - .build()?; + let emu = get_emulator(args, modules)?; // The wrapped harness function, calling out to the LLVM-style harness let mut harness = diff --git a/fuzzers/inprocess/libfuzzer_libmozjpeg/hook_allocs.c b/fuzzers/inprocess/libfuzzer_libmozjpeg/hook_allocs.c index e1d7e2203e..1399261c65 100644 --- a/fuzzers/inprocess/libfuzzer_libmozjpeg/hook_allocs.c +++ b/fuzzers/inprocess/libfuzzer_libmozjpeg/hook_allocs.c @@ -7,9 +7,9 @@ #ifdef _WIN32 #define posix_memalign(p, a, s) \ (((*(p)) = _aligned_malloc((s), (a))), *(p) ? 0 : errno) - #define RETADDR (uintptr_t)_ReturnAddress() + #define RETADDR (uintptr_t) _ReturnAddress() #else - #define RETADDR (uintptr_t)__builtin_return_address(0) + #define RETADDR (uintptr_t) __builtin_return_address(0) #endif #ifdef __GNUC__ diff --git a/libafl_bolts/src/lib.rs b/libafl_bolts/src/lib.rs index 2a3a68bff5..96b13dac89 100644 --- a/libafl_bolts/src/lib.rs +++ b/libafl_bolts/src/lib.rs @@ -265,6 +265,19 @@ pub fn hash_std(input: &[u8]) -> u64 { } } +/// Fast hash function for 64 bits integers minimizing collisions. +/// Adapted from +#[must_use] +pub fn hash_64_fast(mut x: u64) -> u64 { + x = (x ^ (x.overflowing_shr(30).0)) + .overflowing_mul(0xbf58476d1ce4e5b9) + .0; + x = (x ^ (x.overflowing_shr(27).0)) + .overflowing_mul(0x94d049bb133111eb) + .0; + x ^ (x.overflowing_shr(31).0) +} + /// Hashes the input with a given hash /// /// Hashes the input with a given hash, depending on features: diff --git a/libafl_intelpt/src/lib.rs b/libafl_intelpt/src/lib.rs index 0530aa33fc..43402c2e77 100644 --- a/libafl_intelpt/src/lib.rs +++ b/libafl_intelpt/src/lib.rs @@ -41,7 +41,7 @@ use bitbybit::bitfield; use caps::{CapSet, Capability}; #[cfg(target_os = "linux")] use libafl_bolts::ownedref::OwnedRefMut; -use libafl_bolts::Error; +use libafl_bolts::{hash_64_fast, Error}; use libipt::PtError; #[cfg(target_os = "linux")] use libipt::{ @@ -407,7 +407,7 @@ impl IntelPT { let offset = decoder.offset().map_err(error_from_pt_error)?; if b.ninsn() > 0 && skip < offset { - let id = hash_me(*previous_block_end_ip) ^ hash_me(b.ip()); + let id = hash_64_fast(*previous_block_end_ip) ^ hash_64_fast(b.ip()); // SAFETY: the index is < map.len() since the modulo operation is applied let map_loc = unsafe { map.get_unchecked_mut(id as usize % map.len()) }; *map_loc = (*map_loc).saturating_add(&1u8.into()); @@ -961,21 +961,6 @@ const fn next_page_aligned_addr(address: u64) -> u64 { (address + PAGE_SIZE as u64 - 1) & !(PAGE_SIZE as u64 - 1) } -// copy pasted from libafl_qemu/src/modules/edges.rs -// adapted from https://xorshift.di.unimi.it/splitmix64.c -#[cfg(target_os = "linux")] -#[inline] -#[must_use] -const fn hash_me(mut x: u64) -> u64 { - x = (x ^ (x.overflowing_shr(30).0)) - .overflowing_mul(0xbf58476d1ce4e5b9) - .0; - x = (x ^ (x.overflowing_shr(27).0)) - .overflowing_mul(0x94d049bb133111eb) - .0; - x ^ (x.overflowing_shr(31).0) -} - #[cfg(target_os = "linux")] #[inline] fn smp_rmb() { diff --git a/libafl_qemu/Cargo.toml b/libafl_qemu/Cargo.toml index 28287ea12c..064dc5e27a 100644 --- a/libafl_qemu/Cargo.toml +++ b/libafl_qemu/Cargo.toml @@ -34,6 +34,9 @@ default = [ "injections", ] document-features = ["dep:document-features"] + +qemu_sanitizers = ["libafl_qemu_sys/qemu_sanitizers"] + paranoid_debug = [ "libafl_qemu_sys/paranoid_debug", ] # Will perform as many checks as possible. The target will be greatly slowed down. diff --git a/libafl_qemu/build_linux.rs b/libafl_qemu/build_linux.rs index bbe796047e..a250554525 100644 --- a/libafl_qemu/build_linux.rs +++ b/libafl_qemu/build_linux.rs @@ -51,6 +51,8 @@ pub fn build() { let libafl_qemu_defs_hdr_name = "libafl_qemu_defs.h"; let libafl_qemu_impl_hdr_name = "libafl_qemu_impl.h"; + let nyx_hdr_name = "nyx_api.h"; + let libafl_runtime_dir = src_dir.join("runtime"); let libafl_qemu_hdr = libafl_runtime_dir.join(libafl_qemu_hdr_name); @@ -58,6 +60,8 @@ pub fn build() { let libafl_qemu_defs_hdr = libafl_runtime_dir.join(libafl_qemu_defs_hdr_name); let libafl_qemu_impl_hdr = libafl_runtime_dir.join(libafl_qemu_impl_hdr_name); + let nyx_hdr = libafl_runtime_dir.join(nyx_hdr_name); + let libafl_runtime_testfile = out_dir.join("runtime_test.c"); fs::write(&libafl_runtime_testfile, LIBAFL_QEMU_RUNTIME_TEST) .expect("Could not write runtime test file"); @@ -76,6 +80,9 @@ pub fn build() { let runtime_bindings_file = out_dir.join("libafl_qemu_bindings.rs"); let stub_runtime_bindings_file = src_dir.join("runtime/libafl_qemu_stub_bindings.rs"); + let nyx_bindings_file = out_dir.join("nyx_bindings.rs"); + let stub_nyx_bindings_file = src_dir.join("runtime/nyx_stub_bindings.rs"); + println!("cargo:rerun-if-changed=build.rs"); println!("cargo:rerun-if-changed=build_linux.rs"); println!("cargo:rerun-if-changed={}", libafl_runtime_dir.display()); @@ -121,6 +128,8 @@ pub fn build() { if env::var("DOCS_RS").is_ok() || cfg!(feature = "clippy") { fs::copy(&stub_runtime_bindings_file, &runtime_bindings_file) .expect("Could not copy stub bindings file"); + fs::copy(&stub_nyx_bindings_file, &nyx_bindings_file) + .expect("Could not copy stub bindings file"); return; // only build when we're not generating docs } @@ -150,6 +159,12 @@ pub fn build() { ) .expect("Could not copy libafl_qemu_impl.h to out directory."); + fs::copy( + nyx_hdr.clone(), + include_dir.join(nyx_hdr_name), + ) + .expect("Could not copy libafl_qemu_impl.h to out directory."); + bindgen::Builder::default() .derive_debug(true) .derive_default(true) @@ -165,6 +180,21 @@ pub fn build() { .write_to_file(&runtime_bindings_file) .expect("Could not write bindings."); + bindgen::Builder::default() + .derive_debug(true) + .derive_default(true) + .impl_debug(true) + .generate_comments(true) + .default_enum_style(bindgen::EnumVariation::NewType { + is_global: true, + is_bitfield: true, + }) + .header(nyx_hdr.display().to_string()) + .generate() + .expect("Exit bindings generation failed.") + .write_to_file(&nyx_bindings_file) + .expect("Could not write bindings."); + maybe_generate_stub_bindings( &cpu_target, emulation_mode, @@ -172,6 +202,13 @@ pub fn build() { runtime_bindings_file.as_path(), ); + maybe_generate_stub_bindings( + &cpu_target, + emulation_mode, + stub_nyx_bindings_file.as_path(), + nyx_bindings_file.as_path(), + ); + if cfg!(feature = "usermode") && (qemu_asan || qemu_asan_guest) { let qasan_dir = Path::new("libqasan"); let qasan_dir = fs::canonicalize(qasan_dir).unwrap(); diff --git a/libafl_qemu/libafl_qemu_build/Cargo.toml b/libafl_qemu/libafl_qemu_build/Cargo.toml index 8b6c31b074..6282e9f6ef 100644 --- a/libafl_qemu/libafl_qemu_build/Cargo.toml +++ b/libafl_qemu/libafl_qemu_build/Cargo.toml @@ -29,6 +29,8 @@ slirp = [] # build qemu with host libslirp (for user networking) clippy = [] # special feature for clippy, don't use in normal projects§ +qemu_sanitizers = [] # Enable QEMU sanitizers + paranoid_debug = [ ] # Will perform as many checks as possible. The target will be greatly slowed down. diff --git a/libafl_qemu/libafl_qemu_build/src/bindings.rs b/libafl_qemu/libafl_qemu_build/src/bindings.rs index 1733cff770..0fdc10d391 100644 --- a/libafl_qemu/libafl_qemu_build/src/bindings.rs +++ b/libafl_qemu/libafl_qemu_build/src/bindings.rs @@ -149,10 +149,8 @@ pub fn generate( .allowlist_type("MemOp") .allowlist_type("DeviceSnapshotKind") .allowlist_type("ShutdownCause") - .allowlist_type("libafl_exit_reason") - .allowlist_type("libafl_exit_reason_kind") - .allowlist_type("libafl_exit_reason_sync_backdoor") - .allowlist_type("libafl_exit_reason_breakpoint") + .allowlist_type("libafl.*") + .allowlist_type("LIBAFL.*") .allowlist_type("Syx.*") .allowlist_type("libafl_mapinfo") .allowlist_type("IntervalTreeRoot") diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index 70c17de121..00432e424e 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -11,7 +11,7 @@ use crate::cargo_add_rpath; pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; -pub const QEMU_REVISION: &str = "06bf8facec33548840413fba1b20858f58e38e2d"; +pub const QEMU_REVISION: &str = "ace364678aef879514e150e626695c4793db41e9"; pub struct BuildResult { pub qemu_path: PathBuf, @@ -96,9 +96,11 @@ fn configure_qemu( .arg("--disable-tools"); if cfg!(feature = "paranoid_debug") { - cmd.arg("--enable-debug") - .arg("--enable-debug-tcg") - .arg("--enable-sanitizers"); + cmd.arg("--enable-debug").arg("--enable-debug-tcg"); + } + + if cfg!(feature = "qemu_sanitizers") { + cmd.arg("--enable-sanitizers"); } if is_usermode { @@ -433,29 +435,6 @@ pub fn build( assert!(output_lib.is_file()); // Make sure this isn't very very wrong - /* - let mut objects = vec![]; - for dir in [ - build_dir.join("libcommon.fa.p"), - build_dir.join(format!("libqemu-{cpu_target}-{target_suffix}.fa.p")), - ] { - for path in fs::read_dir(dir).unwrap() { - let path = path.unwrap().path(); - if path.is_file() { - if let Some(name) = path.file_name() { - if name.to_string_lossy().starts_with("stubs") { - continue; - } else if let Some(ext) = path.extension() { - if ext == "o" { - objects.push(path); - } - } - } - } - } - } - */ - let compile_commands_string = &fs::read_to_string(libafl_qemu_build_dir.join("linkinfo.json")) .expect("Failed to read linkinfo.json"); @@ -515,90 +494,6 @@ pub fn build( panic!("Linking failed."); } - /* // Old manual linking, kept here for reference and debugging - if is_usermode { - Command::new("ld") - .current_dir(out_dir_path) - .arg("-o") - .arg("libqemu-partially-linked.o") - .arg("-r") - .args(objects) - .arg("--start-group") - .arg("--whole-archive") - .arg(format!("{}/libhwcore.fa", build_dir.display())) - .arg(format!("{}/libqom.fa", build_dir.display())) - .arg(format!("{}/libevent-loop-base.a", build_dir.display())) - .arg(format!("{}/gdbstub/libgdb_user.fa", build_dir.display())) - .arg("--no-whole-archive") - .arg(format!("{}/libqemuutil.a", build_dir.display())) - .arg(format!("{}/libhwcore.fa", build_dir.display())) - .arg(format!("{}/libqom.fa", build_dir.display())) - .arg(format!("{}/gdbstub/libgdb_user.fa", build_dir.display())) - .arg(format!( - "--dynamic-list={}/plugins/qemu-plugins.symbols", - qemu_path.display() - )) - .arg("--end-group") - .status() - .expect("Partial linked failure"); - } else { - Command::new("ld") - .current_dir(out_dir_path) - .arg("-o") - .arg("libqemu-partially-linked.o") - .arg("-r") - .args(objects) - .arg("--start-group") - .arg("--whole-archive") - .arg(format!("{}/libhwcore.fa", build_dir.display())) - .arg(format!("{}/libqom.fa", build_dir.display())) - .arg(format!("{}/libevent-loop-base.a", build_dir.display())) - .arg(format!("{}/gdbstub/libgdb_softmmu.fa", build_dir.display())) - .arg(format!("{}/libio.fa", build_dir.display())) - .arg(format!("{}/libcrypto.fa", build_dir.display())) - .arg(format!("{}/libauthz.fa", build_dir.display())) - .arg(format!("{}/libblockdev.fa", build_dir.display())) - .arg(format!("{}/libblock.fa", build_dir.display())) - .arg(format!("{}/libchardev.fa", build_dir.display())) - .arg(format!("{}/libqmp.fa", build_dir.display())) - .arg("--no-whole-archive") - .arg(format!("{}/libqemuutil.a", build_dir.display())) - .arg(format!( - "{}/subprojects/dtc/libfdt/libfdt.a", - build_dir.display() - )) - .arg(format!( - "{}/subprojects/libvhost-user/libvhost-user-glib.a", - build_dir.display() - )) - .arg(format!( - "{}/subprojects/libvhost-user/libvhost-user.a", - build_dir.display() - )) - .arg(format!( - "{}/subprojects/libvduse/libvduse.a", - build_dir.display() - )) - .arg(format!("{}/libmigration.fa", build_dir.display())) - .arg(format!("{}/libhwcore.fa", build_dir.display())) - .arg(format!("{}/libqom.fa", build_dir.display())) - .arg(format!("{}/gdbstub/libgdb_softmmu.fa", build_dir.display())) - .arg(format!("{}/libio.fa", build_dir.display())) - .arg(format!("{}/libcrypto.fa", build_dir.display())) - .arg(format!("{}/libauthz.fa", build_dir.display())) - .arg(format!("{}/libblockdev.fa", build_dir.display())) - .arg(format!("{}/libblock.fa", build_dir.display())) - .arg(format!("{}/libchardev.fa", build_dir.display())) - .arg(format!("{}/libqmp.fa", build_dir.display())) - .arg(format!( - "--dynamic-list={}/plugins/qemu-plugins.symbols", - qemu_path.display() - )) - .arg("--end-group") - .status() - .expect("Partial linked failure"); - }*/ - Command::new("ar") .current_dir(out_dir_path) .arg("crs") @@ -640,29 +535,12 @@ pub fn build( } } - if cfg!(feature = "paranoid_debug") { + if cfg!(feature = "qemu_sanitizers") { println!("cargo:rustc-link-lib=ubsan"); println!("cargo:rustc-link-lib=asan"); } - /* - println!("cargo:rustc-link-lib=rt"); - println!("cargo:rustc-link-lib=gmodule-2.0"); - println!("cargo:rustc-link-lib=glib-2.0"); - println!("cargo:rustc-link-lib=stdc++"); - println!("cargo:rustc-link-lib=z"); - // if keyutils is available, qemu meson script will compile code with keyutils. - // therefore, we need to link with keyutils if our system have libkeyutils. - let _: Result = - pkg_config::Config::new().probe("libkeyutils"); - */ - if !is_usermode { - //println!("cargo:rustc-link-lib=pixman-1"); - //if env::var("LINK_SLIRP").is_ok() || cfg!(feature = "slirp") { - // println!("cargo:rustc-link-lib=slirp"); - //} - fs::create_dir_all(target_dir.join("pc-bios")).unwrap(); for path in fs::read_dir(libafl_qemu_build_dir.join("pc-bios")).unwrap() { let path = path.unwrap().path(); diff --git a/libafl_qemu/libafl_qemu_sys/Cargo.toml b/libafl_qemu/libafl_qemu_sys/Cargo.toml index b5730812d8..aad3048ff3 100644 --- a/libafl_qemu/libafl_qemu_sys/Cargo.toml +++ b/libafl_qemu/libafl_qemu_sys/Cargo.toml @@ -56,6 +56,10 @@ clippy = [ "libafl_qemu_build/clippy", ] # special feature for clippy, don't use in normal projects +qemu_sanitizers = [ + "libafl_qemu_build/qemu_sanitizers", +] # Compile QEMU with sanitizers enabled + paranoid_debug = [ "libafl_qemu_build/paranoid_debug", ] # Will perform as many checks as possible. The target will be greatly slowed down. diff --git a/libafl_qemu/libafl_qemu_sys/src/bindings/x86_64_stub_bindings.rs b/libafl_qemu/libafl_qemu_sys/src/bindings/x86_64_stub_bindings.rs index edae125224..b9664a601c 100644 --- a/libafl_qemu/libafl_qemu_sys/src/bindings/x86_64_stub_bindings.rs +++ b/libafl_qemu/libafl_qemu_sys/src/bindings/x86_64_stub_bindings.rs @@ -1,6 +1,6 @@ -/* 1.84.0-nightly */ -/* qemu git hash: 805b14ffc44999952562e8f219d81c21a4fa50b9 */ -/* automatically generated by rust-bindgen 0.70.1 */ +/* 1.85.0-nightly */ +/* qemu git hash: 81e52dc60f83c3ae191c1a07b39bb255e633c234 */ +/* automatically generated by rust-bindgen 0.71.1 */ use libc::siginfo_t; @@ -20,10 +20,7 @@ where Storage: AsRef<[u8]> + AsMut<[u8]>, { #[inline] - pub fn get_bit(&self, index: usize) -> bool { - debug_assert!(index / 8 < self.storage.as_ref().len()); - let byte_index = index / 8; - let byte = self.storage.as_ref()[byte_index]; + fn extract_bit(byte: u8, index: usize) -> bool { let bit_index = if cfg!(target_endian = "big") { 7 - (index % 8) } else { @@ -33,10 +30,21 @@ where byte & mask == mask } #[inline] - pub fn set_bit(&mut self, index: usize, val: bool) { + pub fn get_bit(&self, index: usize) -> bool { debug_assert!(index / 8 < self.storage.as_ref().len()); let byte_index = index / 8; - let byte = &mut self.storage.as_mut()[byte_index]; + let byte = self.storage.as_ref()[byte_index]; + Self::extract_bit(byte, index) + } + #[inline] + pub unsafe fn raw_get_bit(this: *const Self, index: usize) -> bool { + debug_assert!(index / 8 < core::mem::size_of::()); + let byte_index = index / 8; + let byte = *(core::ptr::addr_of!((*this).storage) as *const u8).offset(byte_index as isize); + Self::extract_bit(byte, index) + } + #[inline] + fn change_bit(byte: u8, index: usize, val: bool) -> u8 { let bit_index = if cfg!(target_endian = "big") { 7 - (index % 8) } else { @@ -44,12 +52,27 @@ where }; let mask = 1 << bit_index; if val { - *byte |= mask; + byte | mask } else { - *byte &= !mask; + byte & !mask } } #[inline] + pub fn set_bit(&mut self, index: usize, val: bool) { + debug_assert!(index / 8 < self.storage.as_ref().len()); + let byte_index = index / 8; + let byte = &mut self.storage.as_mut()[byte_index]; + *byte = Self::change_bit(*byte, index, val); + } + #[inline] + pub unsafe fn raw_set_bit(this: *mut Self, index: usize, val: bool) { + debug_assert!(index / 8 < core::mem::size_of::()); + let byte_index = index / 8; + let byte = + (core::ptr::addr_of_mut!((*this).storage) as *mut u8).offset(byte_index as isize); + *byte = Self::change_bit(*byte, index, val); + } + #[inline] pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 { debug_assert!(bit_width <= 64); debug_assert!(bit_offset / 8 < self.storage.as_ref().len()); @@ -68,6 +91,24 @@ where val } #[inline] + pub unsafe fn raw_get(this: *const Self, bit_offset: usize, bit_width: u8) -> u64 { + debug_assert!(bit_width <= 64); + debug_assert!(bit_offset / 8 < core::mem::size_of::()); + debug_assert!((bit_offset + (bit_width as usize)) / 8 <= core::mem::size_of::()); + let mut val = 0; + for i in 0..(bit_width as usize) { + if Self::raw_get_bit(this, i + bit_offset) { + let index = if cfg!(target_endian = "big") { + bit_width as usize - 1 - i + } else { + i + }; + val |= 1 << index; + } + } + val + } + #[inline] pub fn set(&mut self, bit_offset: usize, bit_width: u8, val: u64) { debug_assert!(bit_width <= 64); debug_assert!(bit_offset / 8 < self.storage.as_ref().len()); @@ -83,6 +124,22 @@ where self.set_bit(index + bit_offset, val_bit_is_set); } } + #[inline] + pub unsafe fn raw_set(this: *mut Self, bit_offset: usize, bit_width: u8, val: u64) { + debug_assert!(bit_width <= 64); + debug_assert!(bit_offset / 8 < core::mem::size_of::()); + debug_assert!((bit_offset + (bit_width as usize)) / 8 <= core::mem::size_of::()); + for i in 0..(bit_width as usize) { + let mask = 1 << i; + let val_bit_is_set = val & mask == mask; + let index = if cfg!(target_endian = "big") { + bit_width as usize - 1 - i + } else { + i + }; + Self::raw_set_bit(this, index + bit_offset, val_bit_is_set); + } + } } #[repr(C)] #[derive(Default)] @@ -916,21 +973,6 @@ pub struct Clock { } #[repr(C)] #[derive(Debug, Copy, Clone)] -pub struct CPUAddressSpace { - _unused: [u8; 0], -} -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct CpuInfoFast { - _unused: [u8; 0], -} -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct CPUJumpCache { - _unused: [u8; 0], -} -#[repr(C)] -#[derive(Debug, Copy, Clone)] pub struct Error { _unused: [u8; 0], } @@ -1005,7 +1047,7 @@ impl Default for QEnumLookup { } } } -extern "C" { +unsafe extern "C" { pub fn qemu_target_page_size() -> usize; } #[repr(C)] @@ -1130,6 +1172,28 @@ impl MemTxAttrs { } } #[inline] + pub unsafe fn unspecified_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 3usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 0usize, + 1u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_unspecified_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 3usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 0usize, + 1u8, + val as u64, + ) + } + } + #[inline] pub fn secure(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } } @@ -1141,6 +1205,28 @@ impl MemTxAttrs { } } #[inline] + pub unsafe fn secure_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 3usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 1usize, + 1u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_secure_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 3usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 1usize, + 1u8, + val as u64, + ) + } + } + #[inline] pub fn space(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(2usize, 2u8) as u32) } } @@ -1152,6 +1238,28 @@ impl MemTxAttrs { } } #[inline] + pub unsafe fn space_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 3usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 2usize, + 2u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_space_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 3usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 2usize, + 2u8, + val as u64, + ) + } + } + #[inline] pub fn user(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } } @@ -1163,6 +1271,28 @@ impl MemTxAttrs { } } #[inline] + pub unsafe fn user_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 3usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 4usize, + 1u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_user_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 3usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 4usize, + 1u8, + val as u64, + ) + } + } + #[inline] pub fn memory(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } } @@ -1174,6 +1304,28 @@ impl MemTxAttrs { } } #[inline] + pub unsafe fn memory_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 3usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 5usize, + 1u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_memory_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 3usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 5usize, + 1u8, + val as u64, + ) + } + } + #[inline] pub fn requester_id(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(6usize, 16u8) as u32) } } @@ -1185,6 +1337,28 @@ impl MemTxAttrs { } } #[inline] + pub unsafe fn requester_id_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 3usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 6usize, + 16u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_requester_id_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 3usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 6usize, + 16u8, + val as u64, + ) + } + } + #[inline] pub fn new_bitfield_1( unspecified: ::std::os::raw::c_uint, secure: ::std::os::raw::c_uint, @@ -2124,10 +2298,9 @@ pub const bfd_architecture_bfd_arch_cris: bfd_architecture = bfd_architecture(36 pub const bfd_architecture_bfd_arch_microblaze: bfd_architecture = bfd_architecture(37); pub const bfd_architecture_bfd_arch_moxie: bfd_architecture = bfd_architecture(38); pub const bfd_architecture_bfd_arch_ia64: bfd_architecture = bfd_architecture(39); -pub const bfd_architecture_bfd_arch_nios2: bfd_architecture = bfd_architecture(40); -pub const bfd_architecture_bfd_arch_rx: bfd_architecture = bfd_architecture(41); -pub const bfd_architecture_bfd_arch_loongarch: bfd_architecture = bfd_architecture(42); -pub const bfd_architecture_bfd_arch_last: bfd_architecture = bfd_architecture(43); +pub const bfd_architecture_bfd_arch_rx: bfd_architecture = bfd_architecture(40); +pub const bfd_architecture_bfd_arch_loongarch: bfd_architecture = bfd_architecture(41); +pub const bfd_architecture_bfd_arch_last: bfd_architecture = bfd_architecture(42); impl ::std::ops::BitOr for bfd_architecture { type Output = Self; #[inline] @@ -2407,46 +2580,57 @@ impl Default for disassemble_info { } } } -pub type hwaddr = u64; #[doc = " vaddr:\n Type wide enough to contain any #target_ulong virtual address."] pub type vaddr = u64; #[repr(C)] #[derive(Copy, Clone)] -pub union CPUTLBEntry { - pub __bindgen_anon_1: CPUTLBEntry__bindgen_ty_1, - pub addr_idx: [u64; 4usize], +pub struct CPUBreakpoint { + pub pc: vaddr, + pub flags: ::std::os::raw::c_int, + pub entry: CPUBreakpoint__bindgen_ty_1, } #[repr(C)] -#[derive(Debug, Default, Copy, Clone)] -pub struct CPUTLBEntry__bindgen_ty_1 { - pub addr_read: u64, - pub addr_write: u64, - pub addr_code: u64, - pub addend: usize, +#[derive(Copy, Clone)] +pub union CPUBreakpoint__bindgen_ty_1 { + pub tqe_next: *mut CPUBreakpoint, + pub tqe_circ: QTailQLink, } #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { - ["Size of CPUTLBEntry__bindgen_ty_1"] - [::std::mem::size_of::() - 32usize]; - ["Alignment of CPUTLBEntry__bindgen_ty_1"] - [::std::mem::align_of::() - 8usize]; - ["Offset of field: CPUTLBEntry__bindgen_ty_1::addr_read"] - [::std::mem::offset_of!(CPUTLBEntry__bindgen_ty_1, addr_read) - 0usize]; - ["Offset of field: CPUTLBEntry__bindgen_ty_1::addr_write"] - [::std::mem::offset_of!(CPUTLBEntry__bindgen_ty_1, addr_write) - 8usize]; - ["Offset of field: CPUTLBEntry__bindgen_ty_1::addr_code"] - [::std::mem::offset_of!(CPUTLBEntry__bindgen_ty_1, addr_code) - 16usize]; - ["Offset of field: CPUTLBEntry__bindgen_ty_1::addend"] - [::std::mem::offset_of!(CPUTLBEntry__bindgen_ty_1, addend) - 24usize]; + ["Size of CPUBreakpoint__bindgen_ty_1"] + [::std::mem::size_of::() - 16usize]; + ["Alignment of CPUBreakpoint__bindgen_ty_1"] + [::std::mem::align_of::() - 8usize]; + ["Offset of field: CPUBreakpoint__bindgen_ty_1::tqe_next"] + [::std::mem::offset_of!(CPUBreakpoint__bindgen_ty_1, tqe_next) - 0usize]; + ["Offset of field: CPUBreakpoint__bindgen_ty_1::tqe_circ"] + [::std::mem::offset_of!(CPUBreakpoint__bindgen_ty_1, tqe_circ) - 0usize]; }; +impl Default for CPUBreakpoint__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl ::std::fmt::Debug for CPUBreakpoint__bindgen_ty_1 { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!(f, "CPUBreakpoint__bindgen_ty_1 {{ union }}") + } +} #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { - ["Size of CPUTLBEntry"][::std::mem::size_of::() - 32usize]; - ["Alignment of CPUTLBEntry"][::std::mem::align_of::() - 8usize]; - ["Offset of field: CPUTLBEntry::addr_idx"] - [::std::mem::offset_of!(CPUTLBEntry, addr_idx) - 0usize]; + ["Size of CPUBreakpoint"][::std::mem::size_of::() - 32usize]; + ["Alignment of CPUBreakpoint"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CPUBreakpoint::pc"][::std::mem::offset_of!(CPUBreakpoint, pc) - 0usize]; + ["Offset of field: CPUBreakpoint::flags"] + [::std::mem::offset_of!(CPUBreakpoint, flags) - 8usize]; + ["Offset of field: CPUBreakpoint::entry"] + [::std::mem::offset_of!(CPUBreakpoint, entry) - 16usize]; }; -impl Default for CPUTLBEntry { +impl Default for CPUBreakpoint { fn default() -> Self { let mut s = ::std::mem::MaybeUninit::::uninit(); unsafe { @@ -2455,27 +2639,43 @@ impl Default for CPUTLBEntry { } } } -impl ::std::fmt::Debug for CPUTLBEntry { +impl ::std::fmt::Debug for CPUBreakpoint { fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!(f, "CPUTLBEntry {{ union }}") + write!( + f, + "CPUBreakpoint {{ flags: {:?}, entry: {:?} }}", + self.flags, self.entry + ) } } #[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct CPUTLBDescFast { - pub mask: usize, - pub table: *mut CPUTLBEntry, +#[derive(Copy, Clone)] +pub struct CPUWatchpoint { + pub vaddr: vaddr, + pub len: vaddr, + pub hitaddr: vaddr, + pub hitattrs: MemTxAttrs, + pub flags: ::std::os::raw::c_int, + pub entry: CPUWatchpoint__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union CPUWatchpoint__bindgen_ty_1 { + pub tqe_next: *mut CPUWatchpoint, + pub tqe_circ: QTailQLink, } #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { - ["Size of CPUTLBDescFast"][::std::mem::size_of::() - 16usize]; - ["Alignment of CPUTLBDescFast"][::std::mem::align_of::() - 8usize]; - ["Offset of field: CPUTLBDescFast::mask"] - [::std::mem::offset_of!(CPUTLBDescFast, mask) - 0usize]; - ["Offset of field: CPUTLBDescFast::table"] - [::std::mem::offset_of!(CPUTLBDescFast, table) - 8usize]; + ["Size of CPUWatchpoint__bindgen_ty_1"] + [::std::mem::size_of::() - 16usize]; + ["Alignment of CPUWatchpoint__bindgen_ty_1"] + [::std::mem::align_of::() - 8usize]; + ["Offset of field: CPUWatchpoint__bindgen_ty_1::tqe_next"] + [::std::mem::offset_of!(CPUWatchpoint__bindgen_ty_1, tqe_next) - 0usize]; + ["Offset of field: CPUWatchpoint__bindgen_ty_1::tqe_circ"] + [::std::mem::offset_of!(CPUWatchpoint__bindgen_ty_1, tqe_circ) - 0usize]; }; -impl Default for CPUTLBDescFast { +impl Default for CPUWatchpoint__bindgen_ty_1 { fn default() -> Self { let mut s = ::std::mem::MaybeUninit::::uninit(); unsafe { @@ -2484,37 +2684,481 @@ impl Default for CPUTLBDescFast { } } } -pub const ShutdownCause_SHUTDOWN_CAUSE_NONE: ShutdownCause = ShutdownCause(0); -pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_ERROR: ShutdownCause = ShutdownCause(1); -pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_QMP_QUIT: ShutdownCause = ShutdownCause(2); -pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET: ShutdownCause = ShutdownCause(3); -pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_SIGNAL: ShutdownCause = ShutdownCause(4); -pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_UI: ShutdownCause = ShutdownCause(5); -pub const ShutdownCause_SHUTDOWN_CAUSE_GUEST_SHUTDOWN: ShutdownCause = ShutdownCause(6); -pub const ShutdownCause_SHUTDOWN_CAUSE_GUEST_RESET: ShutdownCause = ShutdownCause(7); -pub const ShutdownCause_SHUTDOWN_CAUSE_GUEST_PANIC: ShutdownCause = ShutdownCause(8); -pub const ShutdownCause_SHUTDOWN_CAUSE_SUBSYSTEM_RESET: ShutdownCause = ShutdownCause(9); -pub const ShutdownCause_SHUTDOWN_CAUSE_SNAPSHOT_LOAD: ShutdownCause = ShutdownCause(10); -pub const ShutdownCause_SHUTDOWN_CAUSE__MAX: ShutdownCause = ShutdownCause(11); -impl ::std::ops::BitOr for ShutdownCause { - type Output = Self; - #[inline] - fn bitor(self, other: Self) -> Self { - ShutdownCause(self.0 | other.0) - } -} -impl ::std::ops::BitOrAssign for ShutdownCause { - #[inline] - fn bitor_assign(&mut self, rhs: ShutdownCause) { - self.0 |= rhs.0; +impl ::std::fmt::Debug for CPUWatchpoint__bindgen_ty_1 { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!(f, "CPUWatchpoint__bindgen_ty_1 {{ union }}") } } -impl ::std::ops::BitAnd for ShutdownCause { - type Output = Self; - #[inline] - fn bitand(self, other: Self) -> Self { - ShutdownCause(self.0 & other.0) - } +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CPUWatchpoint"][::std::mem::size_of::() - 48usize]; + ["Alignment of CPUWatchpoint"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CPUWatchpoint::vaddr"] + [::std::mem::offset_of!(CPUWatchpoint, vaddr) - 0usize]; + ["Offset of field: CPUWatchpoint::len"][::std::mem::offset_of!(CPUWatchpoint, len) - 8usize]; + ["Offset of field: CPUWatchpoint::hitaddr"] + [::std::mem::offset_of!(CPUWatchpoint, hitaddr) - 16usize]; + ["Offset of field: CPUWatchpoint::hitattrs"] + [::std::mem::offset_of!(CPUWatchpoint, hitattrs) - 24usize]; + ["Offset of field: CPUWatchpoint::flags"] + [::std::mem::offset_of!(CPUWatchpoint, flags) - 28usize]; + ["Offset of field: CPUWatchpoint::entry"] + [::std::mem::offset_of!(CPUWatchpoint, entry) - 32usize]; +}; +impl Default for CPUWatchpoint { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl ::std::fmt::Debug for CPUWatchpoint { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!( + f, + "CPUWatchpoint {{ hitattrs: {:?}, flags: {:?}, entry: {:?} }}", + self.hitattrs, self.flags, self.entry + ) + } +} +pub type hwaddr = u64; +#[repr(C)] +#[derive(Copy, Clone)] +pub union CPUTLBEntry { + pub __bindgen_anon_1: CPUTLBEntry__bindgen_ty_1, + pub addr_idx: [u64; 4usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CPUTLBEntry__bindgen_ty_1 { + pub addr_read: u64, + pub addr_write: u64, + pub addr_code: u64, + pub addend: usize, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CPUTLBEntry__bindgen_ty_1"] + [::std::mem::size_of::() - 32usize]; + ["Alignment of CPUTLBEntry__bindgen_ty_1"] + [::std::mem::align_of::() - 8usize]; + ["Offset of field: CPUTLBEntry__bindgen_ty_1::addr_read"] + [::std::mem::offset_of!(CPUTLBEntry__bindgen_ty_1, addr_read) - 0usize]; + ["Offset of field: CPUTLBEntry__bindgen_ty_1::addr_write"] + [::std::mem::offset_of!(CPUTLBEntry__bindgen_ty_1, addr_write) - 8usize]; + ["Offset of field: CPUTLBEntry__bindgen_ty_1::addr_code"] + [::std::mem::offset_of!(CPUTLBEntry__bindgen_ty_1, addr_code) - 16usize]; + ["Offset of field: CPUTLBEntry__bindgen_ty_1::addend"] + [::std::mem::offset_of!(CPUTLBEntry__bindgen_ty_1, addend) - 24usize]; +}; +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CPUTLBEntry"][::std::mem::size_of::() - 32usize]; + ["Alignment of CPUTLBEntry"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CPUTLBEntry::addr_idx"] + [::std::mem::offset_of!(CPUTLBEntry, addr_idx) - 0usize]; +}; +impl Default for CPUTLBEntry { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl ::std::fmt::Debug for CPUTLBEntry { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!(f, "CPUTLBEntry {{ union }}") + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CPUTLBDescFast { + pub mask: usize, + pub table: *mut CPUTLBEntry, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CPUTLBDescFast"][::std::mem::size_of::() - 16usize]; + ["Alignment of CPUTLBDescFast"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CPUTLBDescFast::mask"] + [::std::mem::offset_of!(CPUTLBDescFast, mask) - 0usize]; + ["Offset of field: CPUTLBDescFast::table"] + [::std::mem::offset_of!(CPUTLBDescFast, table) - 8usize]; +}; +impl Default for CPUTLBDescFast { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub const OnOffAuto_ON_OFF_AUTO_AUTO: OnOffAuto = OnOffAuto(0); +pub const OnOffAuto_ON_OFF_AUTO_ON: OnOffAuto = OnOffAuto(1); +pub const OnOffAuto_ON_OFF_AUTO_OFF: OnOffAuto = OnOffAuto(2); +pub const OnOffAuto_ON_OFF_AUTO__MAX: OnOffAuto = OnOffAuto(3); +impl ::std::ops::BitOr for OnOffAuto { + type Output = Self; + #[inline] + fn bitor(self, other: Self) -> Self { + OnOffAuto(self.0 | other.0) + } +} +impl ::std::ops::BitOrAssign for OnOffAuto { + #[inline] + fn bitor_assign(&mut self, rhs: OnOffAuto) { + self.0 |= rhs.0; + } +} +impl ::std::ops::BitAnd for OnOffAuto { + type Output = Self; + #[inline] + fn bitand(self, other: Self) -> Self { + OnOffAuto(self.0 & other.0) + } +} +impl ::std::ops::BitAndAssign for OnOffAuto { + #[inline] + fn bitand_assign(&mut self, rhs: OnOffAuto) { + self.0 &= rhs.0; + } +} +#[repr(transparent)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub struct OnOffAuto(pub ::std::os::raw::c_uint); +pub const CpuS390Entitlement_S390_CPU_ENTITLEMENT_AUTO: CpuS390Entitlement = CpuS390Entitlement(0); +pub const CpuS390Entitlement_S390_CPU_ENTITLEMENT_LOW: CpuS390Entitlement = CpuS390Entitlement(1); +pub const CpuS390Entitlement_S390_CPU_ENTITLEMENT_MEDIUM: CpuS390Entitlement = + CpuS390Entitlement(2); +pub const CpuS390Entitlement_S390_CPU_ENTITLEMENT_HIGH: CpuS390Entitlement = CpuS390Entitlement(3); +pub const CpuS390Entitlement_S390_CPU_ENTITLEMENT__MAX: CpuS390Entitlement = CpuS390Entitlement(4); +impl ::std::ops::BitOr for CpuS390Entitlement { + type Output = Self; + #[inline] + fn bitor(self, other: Self) -> Self { + CpuS390Entitlement(self.0 | other.0) + } +} +impl ::std::ops::BitOrAssign for CpuS390Entitlement { + #[inline] + fn bitor_assign(&mut self, rhs: CpuS390Entitlement) { + self.0 |= rhs.0; + } +} +impl ::std::ops::BitAnd for CpuS390Entitlement { + type Output = Self; + #[inline] + fn bitand(self, other: Self) -> Self { + CpuS390Entitlement(self.0 & other.0) + } +} +impl ::std::ops::BitAndAssign for CpuS390Entitlement { + #[inline] + fn bitand_assign(&mut self, rhs: CpuS390Entitlement) { + self.0 &= rhs.0; + } +} +#[repr(transparent)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub struct CpuS390Entitlement(pub ::std::os::raw::c_uint); +pub const SysEmuTarget_SYS_EMU_TARGET_AARCH64: SysEmuTarget = SysEmuTarget(0); +pub const SysEmuTarget_SYS_EMU_TARGET_ALPHA: SysEmuTarget = SysEmuTarget(1); +pub const SysEmuTarget_SYS_EMU_TARGET_ARM: SysEmuTarget = SysEmuTarget(2); +pub const SysEmuTarget_SYS_EMU_TARGET_AVR: SysEmuTarget = SysEmuTarget(3); +pub const SysEmuTarget_SYS_EMU_TARGET_CRIS: SysEmuTarget = SysEmuTarget(4); +pub const SysEmuTarget_SYS_EMU_TARGET_HPPA: SysEmuTarget = SysEmuTarget(5); +pub const SysEmuTarget_SYS_EMU_TARGET_I386: SysEmuTarget = SysEmuTarget(6); +pub const SysEmuTarget_SYS_EMU_TARGET_LOONGARCH64: SysEmuTarget = SysEmuTarget(7); +pub const SysEmuTarget_SYS_EMU_TARGET_M68K: SysEmuTarget = SysEmuTarget(8); +pub const SysEmuTarget_SYS_EMU_TARGET_MICROBLAZE: SysEmuTarget = SysEmuTarget(9); +pub const SysEmuTarget_SYS_EMU_TARGET_MICROBLAZEEL: SysEmuTarget = SysEmuTarget(10); +pub const SysEmuTarget_SYS_EMU_TARGET_MIPS: SysEmuTarget = SysEmuTarget(11); +pub const SysEmuTarget_SYS_EMU_TARGET_MIPS64: SysEmuTarget = SysEmuTarget(12); +pub const SysEmuTarget_SYS_EMU_TARGET_MIPS64EL: SysEmuTarget = SysEmuTarget(13); +pub const SysEmuTarget_SYS_EMU_TARGET_MIPSEL: SysEmuTarget = SysEmuTarget(14); +pub const SysEmuTarget_SYS_EMU_TARGET_OR1K: SysEmuTarget = SysEmuTarget(15); +pub const SysEmuTarget_SYS_EMU_TARGET_PPC: SysEmuTarget = SysEmuTarget(16); +pub const SysEmuTarget_SYS_EMU_TARGET_PPC64: SysEmuTarget = SysEmuTarget(17); +pub const SysEmuTarget_SYS_EMU_TARGET_RISCV32: SysEmuTarget = SysEmuTarget(18); +pub const SysEmuTarget_SYS_EMU_TARGET_RISCV64: SysEmuTarget = SysEmuTarget(19); +pub const SysEmuTarget_SYS_EMU_TARGET_RX: SysEmuTarget = SysEmuTarget(20); +pub const SysEmuTarget_SYS_EMU_TARGET_S390X: SysEmuTarget = SysEmuTarget(21); +pub const SysEmuTarget_SYS_EMU_TARGET_SH4: SysEmuTarget = SysEmuTarget(22); +pub const SysEmuTarget_SYS_EMU_TARGET_SH4EB: SysEmuTarget = SysEmuTarget(23); +pub const SysEmuTarget_SYS_EMU_TARGET_SPARC: SysEmuTarget = SysEmuTarget(24); +pub const SysEmuTarget_SYS_EMU_TARGET_SPARC64: SysEmuTarget = SysEmuTarget(25); +pub const SysEmuTarget_SYS_EMU_TARGET_TRICORE: SysEmuTarget = SysEmuTarget(26); +pub const SysEmuTarget_SYS_EMU_TARGET_X86_64: SysEmuTarget = SysEmuTarget(27); +pub const SysEmuTarget_SYS_EMU_TARGET_XTENSA: SysEmuTarget = SysEmuTarget(28); +pub const SysEmuTarget_SYS_EMU_TARGET_XTENSAEB: SysEmuTarget = SysEmuTarget(29); +pub const SysEmuTarget_SYS_EMU_TARGET__MAX: SysEmuTarget = SysEmuTarget(30); +impl ::std::ops::BitOr for SysEmuTarget { + type Output = Self; + #[inline] + fn bitor(self, other: Self) -> Self { + SysEmuTarget(self.0 | other.0) + } +} +impl ::std::ops::BitOrAssign for SysEmuTarget { + #[inline] + fn bitor_assign(&mut self, rhs: SysEmuTarget) { + self.0 |= rhs.0; + } +} +impl ::std::ops::BitAnd for SysEmuTarget { + type Output = Self; + #[inline] + fn bitand(self, other: Self) -> Self { + SysEmuTarget(self.0 & other.0) + } +} +impl ::std::ops::BitAndAssign for SysEmuTarget { + #[inline] + fn bitand_assign(&mut self, rhs: SysEmuTarget) { + self.0 &= rhs.0; + } +} +#[repr(transparent)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub struct SysEmuTarget(pub ::std::os::raw::c_uint); +pub const CpuS390State_S390_CPU_STATE_UNINITIALIZED: CpuS390State = CpuS390State(0); +pub const CpuS390State_S390_CPU_STATE_STOPPED: CpuS390State = CpuS390State(1); +pub const CpuS390State_S390_CPU_STATE_CHECK_STOP: CpuS390State = CpuS390State(2); +pub const CpuS390State_S390_CPU_STATE_OPERATING: CpuS390State = CpuS390State(3); +pub const CpuS390State_S390_CPU_STATE_LOAD: CpuS390State = CpuS390State(4); +pub const CpuS390State_S390_CPU_STATE__MAX: CpuS390State = CpuS390State(5); +impl ::std::ops::BitOr for CpuS390State { + type Output = Self; + #[inline] + fn bitor(self, other: Self) -> Self { + CpuS390State(self.0 | other.0) + } +} +impl ::std::ops::BitOrAssign for CpuS390State { + #[inline] + fn bitor_assign(&mut self, rhs: CpuS390State) { + self.0 |= rhs.0; + } +} +impl ::std::ops::BitAnd for CpuS390State { + type Output = Self; + #[inline] + fn bitand(self, other: Self) -> Self { + CpuS390State(self.0 & other.0) + } +} +impl ::std::ops::BitAndAssign for CpuS390State { + #[inline] + fn bitand_assign(&mut self, rhs: CpuS390State) { + self.0 &= rhs.0; + } +} +#[repr(transparent)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub struct CpuS390State(pub ::std::os::raw::c_uint); +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CpuInfoS390 { + pub cpu_state: CpuS390State, + pub has_dedicated: bool, + pub dedicated: bool, + pub has_entitlement: bool, + pub entitlement: CpuS390Entitlement, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CpuInfoS390"][::std::mem::size_of::() - 12usize]; + ["Alignment of CpuInfoS390"][::std::mem::align_of::() - 4usize]; + ["Offset of field: CpuInfoS390::cpu_state"] + [::std::mem::offset_of!(CpuInfoS390, cpu_state) - 0usize]; + ["Offset of field: CpuInfoS390::has_dedicated"] + [::std::mem::offset_of!(CpuInfoS390, has_dedicated) - 4usize]; + ["Offset of field: CpuInfoS390::dedicated"] + [::std::mem::offset_of!(CpuInfoS390, dedicated) - 5usize]; + ["Offset of field: CpuInfoS390::has_entitlement"] + [::std::mem::offset_of!(CpuInfoS390, has_entitlement) - 6usize]; + ["Offset of field: CpuInfoS390::entitlement"] + [::std::mem::offset_of!(CpuInfoS390, entitlement) - 8usize]; +}; +impl Default for CpuInfoS390 { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct CpuInfoFast { + pub cpu_index: i64, + pub qom_path: *mut ::std::os::raw::c_char, + pub thread_id: i64, + pub props: *mut CpuInstanceProperties, + pub target: SysEmuTarget, + pub u: CpuInfoFast__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union CpuInfoFast__bindgen_ty_1 { + pub s390x: CpuInfoS390, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CpuInfoFast__bindgen_ty_1"] + [::std::mem::size_of::() - 12usize]; + ["Alignment of CpuInfoFast__bindgen_ty_1"] + [::std::mem::align_of::() - 4usize]; + ["Offset of field: CpuInfoFast__bindgen_ty_1::s390x"] + [::std::mem::offset_of!(CpuInfoFast__bindgen_ty_1, s390x) - 0usize]; +}; +impl Default for CpuInfoFast__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl ::std::fmt::Debug for CpuInfoFast__bindgen_ty_1 { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!(f, "CpuInfoFast__bindgen_ty_1 {{ union }}") + } +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CpuInfoFast"][::std::mem::size_of::() - 48usize]; + ["Alignment of CpuInfoFast"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CpuInfoFast::cpu_index"] + [::std::mem::offset_of!(CpuInfoFast, cpu_index) - 0usize]; + ["Offset of field: CpuInfoFast::qom_path"] + [::std::mem::offset_of!(CpuInfoFast, qom_path) - 8usize]; + ["Offset of field: CpuInfoFast::thread_id"] + [::std::mem::offset_of!(CpuInfoFast, thread_id) - 16usize]; + ["Offset of field: CpuInfoFast::props"][::std::mem::offset_of!(CpuInfoFast, props) - 24usize]; + ["Offset of field: CpuInfoFast::target"][::std::mem::offset_of!(CpuInfoFast, target) - 32usize]; + ["Offset of field: CpuInfoFast::u"][::std::mem::offset_of!(CpuInfoFast, u) - 36usize]; +}; +impl Default for CpuInfoFast { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl ::std::fmt::Debug for CpuInfoFast { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!( + f, + "CpuInfoFast {{ qom_path: {:?}, props: {:?}, target: {:?}, u: {:?} }}", + self.qom_path, self.props, self.target, self.u + ) + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct CpuInstanceProperties { + pub has_node_id: bool, + pub node_id: i64, + pub has_drawer_id: bool, + pub drawer_id: i64, + pub has_book_id: bool, + pub book_id: i64, + pub has_socket_id: bool, + pub socket_id: i64, + pub has_die_id: bool, + pub die_id: i64, + pub has_cluster_id: bool, + pub cluster_id: i64, + pub has_module_id: bool, + pub module_id: i64, + pub has_core_id: bool, + pub core_id: i64, + pub has_thread_id: bool, + pub thread_id: i64, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CpuInstanceProperties"][::std::mem::size_of::() - 144usize]; + ["Alignment of CpuInstanceProperties"] + [::std::mem::align_of::() - 8usize]; + ["Offset of field: CpuInstanceProperties::has_node_id"] + [::std::mem::offset_of!(CpuInstanceProperties, has_node_id) - 0usize]; + ["Offset of field: CpuInstanceProperties::node_id"] + [::std::mem::offset_of!(CpuInstanceProperties, node_id) - 8usize]; + ["Offset of field: CpuInstanceProperties::has_drawer_id"] + [::std::mem::offset_of!(CpuInstanceProperties, has_drawer_id) - 16usize]; + ["Offset of field: CpuInstanceProperties::drawer_id"] + [::std::mem::offset_of!(CpuInstanceProperties, drawer_id) - 24usize]; + ["Offset of field: CpuInstanceProperties::has_book_id"] + [::std::mem::offset_of!(CpuInstanceProperties, has_book_id) - 32usize]; + ["Offset of field: CpuInstanceProperties::book_id"] + [::std::mem::offset_of!(CpuInstanceProperties, book_id) - 40usize]; + ["Offset of field: CpuInstanceProperties::has_socket_id"] + [::std::mem::offset_of!(CpuInstanceProperties, has_socket_id) - 48usize]; + ["Offset of field: CpuInstanceProperties::socket_id"] + [::std::mem::offset_of!(CpuInstanceProperties, socket_id) - 56usize]; + ["Offset of field: CpuInstanceProperties::has_die_id"] + [::std::mem::offset_of!(CpuInstanceProperties, has_die_id) - 64usize]; + ["Offset of field: CpuInstanceProperties::die_id"] + [::std::mem::offset_of!(CpuInstanceProperties, die_id) - 72usize]; + ["Offset of field: CpuInstanceProperties::has_cluster_id"] + [::std::mem::offset_of!(CpuInstanceProperties, has_cluster_id) - 80usize]; + ["Offset of field: CpuInstanceProperties::cluster_id"] + [::std::mem::offset_of!(CpuInstanceProperties, cluster_id) - 88usize]; + ["Offset of field: CpuInstanceProperties::has_module_id"] + [::std::mem::offset_of!(CpuInstanceProperties, has_module_id) - 96usize]; + ["Offset of field: CpuInstanceProperties::module_id"] + [::std::mem::offset_of!(CpuInstanceProperties, module_id) - 104usize]; + ["Offset of field: CpuInstanceProperties::has_core_id"] + [::std::mem::offset_of!(CpuInstanceProperties, has_core_id) - 112usize]; + ["Offset of field: CpuInstanceProperties::core_id"] + [::std::mem::offset_of!(CpuInstanceProperties, core_id) - 120usize]; + ["Offset of field: CpuInstanceProperties::has_thread_id"] + [::std::mem::offset_of!(CpuInstanceProperties, has_thread_id) - 128usize]; + ["Offset of field: CpuInstanceProperties::thread_id"] + [::std::mem::offset_of!(CpuInstanceProperties, thread_id) - 136usize]; +}; +pub const ShutdownCause_SHUTDOWN_CAUSE_NONE: ShutdownCause = ShutdownCause(0); +pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_ERROR: ShutdownCause = ShutdownCause(1); +pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_QMP_QUIT: ShutdownCause = ShutdownCause(2); +pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET: ShutdownCause = ShutdownCause(3); +pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_SIGNAL: ShutdownCause = ShutdownCause(4); +pub const ShutdownCause_SHUTDOWN_CAUSE_HOST_UI: ShutdownCause = ShutdownCause(5); +pub const ShutdownCause_SHUTDOWN_CAUSE_GUEST_SHUTDOWN: ShutdownCause = ShutdownCause(6); +pub const ShutdownCause_SHUTDOWN_CAUSE_GUEST_RESET: ShutdownCause = ShutdownCause(7); +pub const ShutdownCause_SHUTDOWN_CAUSE_GUEST_PANIC: ShutdownCause = ShutdownCause(8); +pub const ShutdownCause_SHUTDOWN_CAUSE_SUBSYSTEM_RESET: ShutdownCause = ShutdownCause(9); +pub const ShutdownCause_SHUTDOWN_CAUSE_SNAPSHOT_LOAD: ShutdownCause = ShutdownCause(10); +pub const ShutdownCause_SHUTDOWN_CAUSE__MAX: ShutdownCause = ShutdownCause(11); +impl ::std::ops::BitOr for ShutdownCause { + type Output = Self; + #[inline] + fn bitor(self, other: Self) -> Self { + ShutdownCause(self.0 | other.0) + } +} +impl ::std::ops::BitOrAssign for ShutdownCause { + #[inline] + fn bitor_assign(&mut self, rhs: ShutdownCause) { + self.0 |= rhs.0; + } +} +impl ::std::ops::BitAnd for ShutdownCause { + type Output = Self; + #[inline] + fn bitand(self, other: Self) -> Self { + ShutdownCause(self.0 & other.0) + } } impl ::std::ops::BitAndAssign for ShutdownCause { #[inline] @@ -2527,6 +3171,16 @@ impl ::std::ops::BitAndAssign for ShutdownCause { pub struct ShutdownCause(pub ::std::os::raw::c_uint); #[repr(C)] #[derive(Debug, Copy, Clone)] +pub struct CPUAddressSpace { + _unused: [u8; 0], +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CPUJumpCache { + _unused: [u8; 0], +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] pub struct SysemuCPUOps { _unused: [u8; 0], } @@ -2887,163 +3541,18 @@ const _: () = { ["Alignment of IcountDecr__bindgen_ty_1"] [::std::mem::align_of::() - 2usize]; ["Offset of field: IcountDecr__bindgen_ty_1::low"] - [::std::mem::offset_of!(IcountDecr__bindgen_ty_1, low) - 0usize]; - ["Offset of field: IcountDecr__bindgen_ty_1::high"] - [::std::mem::offset_of!(IcountDecr__bindgen_ty_1, high) - 2usize]; -}; -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of IcountDecr"][::std::mem::size_of::() - 4usize]; - ["Alignment of IcountDecr"][::std::mem::align_of::() - 4usize]; - ["Offset of field: IcountDecr::u32_"][::std::mem::offset_of!(IcountDecr, u32_) - 0usize]; - ["Offset of field: IcountDecr::u16_"][::std::mem::offset_of!(IcountDecr, u16_) - 0usize]; -}; -impl Default for IcountDecr { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -impl ::std::fmt::Debug for IcountDecr { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!(f, "IcountDecr {{ union }}") - } -} -#[repr(C)] -#[repr(align(16))] -#[derive(Copy, Clone)] -pub struct CPUNegativeOffsetState { - pub tlb: CPUTLB, - pub icount_decr: IcountDecr, - pub can_do_io: bool, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of CPUNegativeOffsetState"][::std::mem::size_of::() - 9392usize]; - ["Alignment of CPUNegativeOffsetState"] - [::std::mem::align_of::() - 16usize]; - ["Offset of field: CPUNegativeOffsetState::tlb"] - [::std::mem::offset_of!(CPUNegativeOffsetState, tlb) - 0usize]; - ["Offset of field: CPUNegativeOffsetState::icount_decr"] - [::std::mem::offset_of!(CPUNegativeOffsetState, icount_decr) - 9376usize]; - ["Offset of field: CPUNegativeOffsetState::can_do_io"] - [::std::mem::offset_of!(CPUNegativeOffsetState, can_do_io) - 9380usize]; -}; -impl Default for CPUNegativeOffsetState { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -impl ::std::fmt::Debug for CPUNegativeOffsetState { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!( - f, - "CPUNegativeOffsetState {{ tlb: {:?}, icount_decr: {:?}, can_do_io: {:?} }}", - self.tlb, self.icount_decr, self.can_do_io - ) - } -} -#[repr(C)] -#[derive(Copy, Clone)] -pub struct CPUBreakpoint { - pub pc: vaddr, - pub flags: ::std::os::raw::c_int, - pub entry: CPUBreakpoint__bindgen_ty_1, -} -#[repr(C)] -#[derive(Copy, Clone)] -pub union CPUBreakpoint__bindgen_ty_1 { - pub tqe_next: *mut CPUBreakpoint, - pub tqe_circ: QTailQLink, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of CPUBreakpoint__bindgen_ty_1"] - [::std::mem::size_of::() - 16usize]; - ["Alignment of CPUBreakpoint__bindgen_ty_1"] - [::std::mem::align_of::() - 8usize]; - ["Offset of field: CPUBreakpoint__bindgen_ty_1::tqe_next"] - [::std::mem::offset_of!(CPUBreakpoint__bindgen_ty_1, tqe_next) - 0usize]; - ["Offset of field: CPUBreakpoint__bindgen_ty_1::tqe_circ"] - [::std::mem::offset_of!(CPUBreakpoint__bindgen_ty_1, tqe_circ) - 0usize]; -}; -impl Default for CPUBreakpoint__bindgen_ty_1 { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -impl ::std::fmt::Debug for CPUBreakpoint__bindgen_ty_1 { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!(f, "CPUBreakpoint__bindgen_ty_1 {{ union }}") - } -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of CPUBreakpoint"][::std::mem::size_of::() - 32usize]; - ["Alignment of CPUBreakpoint"][::std::mem::align_of::() - 8usize]; - ["Offset of field: CPUBreakpoint::pc"][::std::mem::offset_of!(CPUBreakpoint, pc) - 0usize]; - ["Offset of field: CPUBreakpoint::flags"] - [::std::mem::offset_of!(CPUBreakpoint, flags) - 8usize]; - ["Offset of field: CPUBreakpoint::entry"] - [::std::mem::offset_of!(CPUBreakpoint, entry) - 16usize]; -}; -impl Default for CPUBreakpoint { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -impl ::std::fmt::Debug for CPUBreakpoint { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!( - f, - "CPUBreakpoint {{ flags: {:?}, entry: {:?} }}", - self.flags, self.entry - ) - } -} -#[repr(C)] -#[derive(Copy, Clone)] -pub struct CPUWatchpoint { - pub vaddr: vaddr, - pub len: vaddr, - pub hitaddr: vaddr, - pub hitattrs: MemTxAttrs, - pub flags: ::std::os::raw::c_int, - pub entry: CPUWatchpoint__bindgen_ty_1, -} -#[repr(C)] -#[derive(Copy, Clone)] -pub union CPUWatchpoint__bindgen_ty_1 { - pub tqe_next: *mut CPUWatchpoint, - pub tqe_circ: QTailQLink, -} + [::std::mem::offset_of!(IcountDecr__bindgen_ty_1, low) - 0usize]; + ["Offset of field: IcountDecr__bindgen_ty_1::high"] + [::std::mem::offset_of!(IcountDecr__bindgen_ty_1, high) - 2usize]; +}; #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { - ["Size of CPUWatchpoint__bindgen_ty_1"] - [::std::mem::size_of::() - 16usize]; - ["Alignment of CPUWatchpoint__bindgen_ty_1"] - [::std::mem::align_of::() - 8usize]; - ["Offset of field: CPUWatchpoint__bindgen_ty_1::tqe_next"] - [::std::mem::offset_of!(CPUWatchpoint__bindgen_ty_1, tqe_next) - 0usize]; - ["Offset of field: CPUWatchpoint__bindgen_ty_1::tqe_circ"] - [::std::mem::offset_of!(CPUWatchpoint__bindgen_ty_1, tqe_circ) - 0usize]; + ["Size of IcountDecr"][::std::mem::size_of::() - 4usize]; + ["Alignment of IcountDecr"][::std::mem::align_of::() - 4usize]; + ["Offset of field: IcountDecr::u32_"][::std::mem::offset_of!(IcountDecr, u32_) - 0usize]; + ["Offset of field: IcountDecr::u16_"][::std::mem::offset_of!(IcountDecr, u16_) - 0usize]; }; -impl Default for CPUWatchpoint__bindgen_ty_1 { +impl Default for IcountDecr { fn default() -> Self { let mut s = ::std::mem::MaybeUninit::::uninit(); unsafe { @@ -3052,28 +3561,36 @@ impl Default for CPUWatchpoint__bindgen_ty_1 { } } } -impl ::std::fmt::Debug for CPUWatchpoint__bindgen_ty_1 { +impl ::std::fmt::Debug for IcountDecr { fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!(f, "CPUWatchpoint__bindgen_ty_1 {{ union }}") + write!(f, "IcountDecr {{ union }}") } } +#[doc = " CPUNegativeOffsetState: Elements of CPUState most efficiently accessed\n from CPUArchState, via small negative offsets.\n @can_do_io: True if memory-mapped IO is allowed.\n @plugin_mem_cbs: active plugin memory callbacks"] +#[repr(C)] +#[repr(align(16))] +#[derive(Copy, Clone)] +pub struct CPUNegativeOffsetState { + pub tlb: CPUTLB, + pub plugin_mem_cbs: *mut GArray, + pub icount_decr: IcountDecr, + pub can_do_io: bool, +} #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { - ["Size of CPUWatchpoint"][::std::mem::size_of::() - 48usize]; - ["Alignment of CPUWatchpoint"][::std::mem::align_of::() - 8usize]; - ["Offset of field: CPUWatchpoint::vaddr"] - [::std::mem::offset_of!(CPUWatchpoint, vaddr) - 0usize]; - ["Offset of field: CPUWatchpoint::len"][::std::mem::offset_of!(CPUWatchpoint, len) - 8usize]; - ["Offset of field: CPUWatchpoint::hitaddr"] - [::std::mem::offset_of!(CPUWatchpoint, hitaddr) - 16usize]; - ["Offset of field: CPUWatchpoint::hitattrs"] - [::std::mem::offset_of!(CPUWatchpoint, hitattrs) - 24usize]; - ["Offset of field: CPUWatchpoint::flags"] - [::std::mem::offset_of!(CPUWatchpoint, flags) - 28usize]; - ["Offset of field: CPUWatchpoint::entry"] - [::std::mem::offset_of!(CPUWatchpoint, entry) - 32usize]; + ["Size of CPUNegativeOffsetState"][::std::mem::size_of::() - 9392usize]; + ["Alignment of CPUNegativeOffsetState"] + [::std::mem::align_of::() - 16usize]; + ["Offset of field: CPUNegativeOffsetState::tlb"] + [::std::mem::offset_of!(CPUNegativeOffsetState, tlb) - 0usize]; + ["Offset of field: CPUNegativeOffsetState::plugin_mem_cbs"] + [::std::mem::offset_of!(CPUNegativeOffsetState, plugin_mem_cbs) - 9376usize]; + ["Offset of field: CPUNegativeOffsetState::icount_decr"] + [::std::mem::offset_of!(CPUNegativeOffsetState, icount_decr) - 9384usize]; + ["Offset of field: CPUNegativeOffsetState::can_do_io"] + [::std::mem::offset_of!(CPUNegativeOffsetState, can_do_io) - 9388usize]; }; -impl Default for CPUWatchpoint { +impl Default for CPUNegativeOffsetState { fn default() -> Self { let mut s = ::std::mem::MaybeUninit::::uninit(); unsafe { @@ -3082,13 +3599,9 @@ impl Default for CPUWatchpoint { } } } -impl ::std::fmt::Debug for CPUWatchpoint { +impl ::std::fmt::Debug for CPUNegativeOffsetState { fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!( - f, - "CPUWatchpoint {{ hitattrs: {:?}, flags: {:?}, entry: {:?} }}", - self.hitattrs, self.flags, self.entry - ) + write ! (f , "CPUNegativeOffsetState {{ tlb: {:?}, plugin_mem_cbs: {:?}, icount_decr: {:?}, can_do_io: {:?} }}" , self . tlb , self . plugin_mem_cbs , self . icount_decr , self . can_do_io) } } #[repr(C)] @@ -3106,7 +3619,7 @@ pub struct kvm_run { pub struct qemu_work_item { _unused: [u8; 0], } -#[doc = " CPUState:\n @cpu_index: CPU index (informative).\n @cluster_index: Identifies which cluster this CPU is in.\n For boards which don't define clusters or for \"loose\" CPUs not assigned\n to a cluster this will be UNASSIGNED_CLUSTER_INDEX; otherwise it will\n be the same as the cluster-id property of the CPU object's TYPE_CPU_CLUSTER\n QOM parent.\n Under TCG this value is propagated to @tcg_cflags.\n See TranslationBlock::TCG CF_CLUSTER_MASK.\n @tcg_cflags: Pre-computed cflags for this cpu.\n @nr_cores: Number of cores within this CPU package.\n @nr_threads: Number of threads within this CPU core.\n @running: #true if CPU is currently running (lockless).\n @has_waiter: #true if a CPU is currently waiting for the cpu_exec_end;\n valid under cpu_list_lock.\n @created: Indicates whether the CPU thread has been successfully created.\n @interrupt_request: Indicates a pending interrupt request.\n @halted: Nonzero if the CPU is in suspended state.\n @stop: Indicates a pending stop request.\n @stopped: Indicates the CPU has been artificially stopped.\n @unplug: Indicates a pending CPU unplug request.\n @crash_occurred: Indicates the OS reported a crash (panic) for this CPU\n @singlestep_enabled: Flags for single-stepping.\n @icount_extra: Instructions until next timer event.\n @neg.can_do_io: True if memory-mapped IO is allowed.\n @cpu_ases: Pointer to array of CPUAddressSpaces (which define the\n AddressSpaces this CPU has)\n @num_ases: number of CPUAddressSpaces in @cpu_ases\n @as: Pointer to the first AddressSpace, for the convenience of targets which\n only have a single AddressSpace\n @gdb_regs: Additional GDB registers.\n @gdb_num_regs: Number of total registers accessible to GDB.\n @gdb_num_g_regs: Number of registers in GDB 'g' packets.\n @node: QTAILQ of CPUs sharing TB cache.\n @opaque: User data.\n @mem_io_pc: Host Program Counter at which the memory was accessed.\n @accel: Pointer to accelerator specific state.\n @kvm_fd: vCPU file descriptor for KVM.\n @work_mutex: Lock to prevent multiple access to @work_list.\n @work_list: List of pending asynchronous work.\n @plugin_mem_cbs: active plugin memory callbacks\n @plugin_state: per-CPU plugin state\n @ignore_memory_transaction_failures: Cached copy of the MachineState\n flag of the same name: allows the board to suppress calling of the\n CPU do_transaction_failed hook function.\n @kvm_dirty_gfns: Points to the KVM dirty ring for this CPU when KVM dirty\n ring is enabled.\n @kvm_fetch_index: Keeps the index that we last fetched from the per-vCPU\n dirty ring structure.\n\n State of one CPU core or thread.\n\n Align, in order to match possible alignment required by CPUArchState,\n and eliminate a hole between CPUState and CPUArchState within ArchCPU."] +#[doc = " struct CPUState - common state of one CPU core or thread.\n\n @cpu_index: CPU index (informative).\n @cluster_index: Identifies which cluster this CPU is in.\n For boards which don't define clusters or for \"loose\" CPUs not assigned\n to a cluster this will be UNASSIGNED_CLUSTER_INDEX; otherwise it will\n be the same as the cluster-id property of the CPU object's TYPE_CPU_CLUSTER\n QOM parent.\n Under TCG this value is propagated to @tcg_cflags.\n See TranslationBlock::TCG CF_CLUSTER_MASK.\n @tcg_cflags: Pre-computed cflags for this cpu.\n @nr_cores: Number of cores within this CPU package.\n @nr_threads: Number of threads within this CPU core.\n @thread: Host thread details, only live once @created is #true\n @sem: WIN32 only semaphore used only for qtest\n @thread_id: native thread id of vCPU, only live once @created is #true\n @running: #true if CPU is currently running (lockless).\n @has_waiter: #true if a CPU is currently waiting for the cpu_exec_end;\n valid under cpu_list_lock.\n @created: Indicates whether the CPU thread has been successfully created.\n @halt_cond: condition variable sleeping threads can wait on.\n @interrupt_request: Indicates a pending interrupt request.\n @halted: Nonzero if the CPU is in suspended state.\n @stop: Indicates a pending stop request.\n @stopped: Indicates the CPU has been artificially stopped.\n @unplug: Indicates a pending CPU unplug request.\n @crash_occurred: Indicates the OS reported a crash (panic) for this CPU\n @singlestep_enabled: Flags for single-stepping.\n @icount_extra: Instructions until next timer event.\n @cpu_ases: Pointer to array of CPUAddressSpaces (which define the\n AddressSpaces this CPU has)\n @num_ases: number of CPUAddressSpaces in @cpu_ases\n @as: Pointer to the first AddressSpace, for the convenience of targets which\n only have a single AddressSpace\n @gdb_regs: Additional GDB registers.\n @gdb_num_regs: Number of total registers accessible to GDB.\n @gdb_num_g_regs: Number of registers in GDB 'g' packets.\n @node: QTAILQ of CPUs sharing TB cache.\n @opaque: User data.\n @mem_io_pc: Host Program Counter at which the memory was accessed.\n @accel: Pointer to accelerator specific state.\n @kvm_fd: vCPU file descriptor for KVM.\n @work_mutex: Lock to prevent multiple access to @work_list.\n @work_list: List of pending asynchronous work.\n @plugin_state: per-CPU plugin state\n @ignore_memory_transaction_failures: Cached copy of the MachineState\n flag of the same name: allows the board to suppress calling of the\n CPU do_transaction_failed hook function.\n @kvm_dirty_gfns: Points to the KVM dirty ring for this CPU when KVM dirty\n ring is enabled.\n @kvm_fetch_index: Keeps the index that we last fetched from the per-vCPU\n dirty ring structure.\n\n @neg_align: The CPUState is the common part of a concrete ArchCPU\n which is allocated when an individual CPU instance is created. As\n such care is taken is ensure there is no gap between between\n CPUState and CPUArchState within ArchCPU.\n\n @neg: The architectural register state (\"cpu_env\") immediately follows\n CPUState in ArchCPU and is passed to TCG code. The @neg structure holds\n some common TCG CPU variables which are accessed with a negative offset\n from cpu_env."] #[repr(C)] #[repr(align(16))] pub struct CPUState { @@ -3138,6 +3651,7 @@ pub struct CPUState { pub work_mutex: QemuMutex, pub work_list: CPUState__bindgen_ty_1, pub cpu_ases: *mut CPUAddressSpace, + pub cpu_ases_count: ::std::os::raw::c_int, pub num_ases: ::std::os::raw::c_int, pub as_: *mut AddressSpace, pub memory: *mut MemoryRegion, @@ -3158,8 +3672,8 @@ pub struct CPUState { pub kvm_fetch_index: u32, pub dirty_pages: u64, pub kvm_vcpu_stats_fd: ::std::os::raw::c_int, + pub vcpu_dirty: bool, pub in_ioctl_lock: QemuLockCnt, - pub plugin_mem_cbs: *mut GArray, pub plugin_state: *mut CPUPluginState, pub cpu_index: ::std::os::raw::c_int, pub cluster_index: ::std::os::raw::c_int, @@ -3167,7 +3681,6 @@ pub struct CPUState { pub halted: u32, pub exception_index: i32, pub accel: *mut AccelCPUState, - pub vcpu_dirty: bool, pub throttle_thread_scheduled: bool, pub throttle_us_per_full: i64, pub ignore_memory_transaction_failures: bool, @@ -3342,7 +3855,9 @@ const _: () = { ["Offset of field: CPUState::work_list"] [::std::mem::offset_of!(CPUState, work_list) - 496usize]; ["Offset of field: CPUState::cpu_ases"][::std::mem::offset_of!(CPUState, cpu_ases) - 512usize]; - ["Offset of field: CPUState::num_ases"][::std::mem::offset_of!(CPUState, num_ases) - 520usize]; + ["Offset of field: CPUState::cpu_ases_count"] + [::std::mem::offset_of!(CPUState, cpu_ases_count) - 520usize]; + ["Offset of field: CPUState::num_ases"][::std::mem::offset_of!(CPUState, num_ases) - 524usize]; ["Offset of field: CPUState::as_"][::std::mem::offset_of!(CPUState, as_) - 528usize]; ["Offset of field: CPUState::memory"][::std::mem::offset_of!(CPUState, memory) - 536usize]; ["Offset of field: CPUState::tb_jmp_cache"] @@ -3374,10 +3889,10 @@ const _: () = { [::std::mem::offset_of!(CPUState, dirty_pages) - 680usize]; ["Offset of field: CPUState::kvm_vcpu_stats_fd"] [::std::mem::offset_of!(CPUState, kvm_vcpu_stats_fd) - 688usize]; + ["Offset of field: CPUState::vcpu_dirty"] + [::std::mem::offset_of!(CPUState, vcpu_dirty) - 692usize]; ["Offset of field: CPUState::in_ioctl_lock"] - [::std::mem::offset_of!(CPUState, in_ioctl_lock) - 692usize]; - ["Offset of field: CPUState::plugin_mem_cbs"] - [::std::mem::offset_of!(CPUState, plugin_mem_cbs) - 696usize]; + [::std::mem::offset_of!(CPUState, in_ioctl_lock) - 696usize]; ["Offset of field: CPUState::plugin_state"] [::std::mem::offset_of!(CPUState, plugin_state) - 704usize]; ["Offset of field: CPUState::cpu_index"] @@ -3390,10 +3905,8 @@ const _: () = { ["Offset of field: CPUState::exception_index"] [::std::mem::offset_of!(CPUState, exception_index) - 728usize]; ["Offset of field: CPUState::accel"][::std::mem::offset_of!(CPUState, accel) - 736usize]; - ["Offset of field: CPUState::vcpu_dirty"] - [::std::mem::offset_of!(CPUState, vcpu_dirty) - 744usize]; ["Offset of field: CPUState::throttle_thread_scheduled"] - [::std::mem::offset_of!(CPUState, throttle_thread_scheduled) - 745usize]; + [::std::mem::offset_of!(CPUState, throttle_thread_scheduled) - 744usize]; ["Offset of field: CPUState::throttle_us_per_full"] [::std::mem::offset_of!(CPUState, throttle_us_per_full) - 752usize]; ["Offset of field: CPUState::ignore_memory_transaction_failures"] @@ -3417,10 +3930,10 @@ impl Default for CPUState { } impl ::std::fmt::Debug for CPUState { fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write ! (f , "CPUState {{ parent_obj: {:?}, cc: {:?}, nr_cores: {:?}, nr_threads: {:?}, thread: {:?}, thread_id: {:?}, running: {:?}, has_waiter: {:?}, halt_cond: {:?}, thread_kicked: {:?}, created: {:?}, stop: {:?}, stopped: {:?}, start_powered_off: {:?}, unplug: {:?}, crash_occurred: {:?}, exit_request: {:?}, exclusive_context_count: {:?}, singlestep_enabled: {:?}, jmp_env: {:?}, work_mutex: {:?}, work_list: {:?}, cpu_ases: {:?}, num_ases: {:?}, as: {:?}, memory: {:?}, tb_jmp_cache: {:?}, gdb_regs: {:?}, gdb_num_regs: {:?}, gdb_num_g_regs: {:?}, node: {:?}, breakpoints: {:?}, watchpoints: {:?}, watchpoint_hit: {:?}, opaque: {:?}, kvm_fd: {:?}, kvm_state: {:?}, kvm_run: {:?}, kvm_dirty_gfns: {:?}, kvm_vcpu_stats_fd: {:?}, in_ioctl_lock: {:?}, plugin_mem_cbs: {:?}, plugin_state: {:?}, cpu_index: {:?}, cluster_index: {:?}, accel: {:?}, vcpu_dirty: {:?}, throttle_thread_scheduled: {:?}, ignore_memory_transaction_failures: {:?}, prctl_unalign_sigbus: {:?}, iommu_notifiers: {:?}, neg_align: {:?}, neg: {:?} }}" , self . parent_obj , self . cc , self . nr_cores , self . nr_threads , self . thread , self . thread_id , self . running , self . has_waiter , self . halt_cond , self . thread_kicked , self . created , self . stop , self . stopped , self . start_powered_off , self . unplug , self . crash_occurred , self . exit_request , self . exclusive_context_count , self . singlestep_enabled , self . jmp_env , self . work_mutex , self . work_list , self . cpu_ases , self . num_ases , self . as_ , self . memory , self . tb_jmp_cache , self . gdb_regs , self . gdb_num_regs , self . gdb_num_g_regs , self . node , self . breakpoints , self . watchpoints , self . watchpoint_hit , self . opaque , self . kvm_fd , self . kvm_state , self . kvm_run , self . kvm_dirty_gfns , self . kvm_vcpu_stats_fd , self . in_ioctl_lock , self . plugin_mem_cbs , self . plugin_state , self . cpu_index , self . cluster_index , self . accel , self . vcpu_dirty , self . throttle_thread_scheduled , self . ignore_memory_transaction_failures , self . prctl_unalign_sigbus , self . iommu_notifiers , self . neg_align , self . neg) + write ! (f , "CPUState {{ parent_obj: {:?}, cc: {:?}, nr_cores: {:?}, nr_threads: {:?}, thread: {:?}, thread_id: {:?}, running: {:?}, has_waiter: {:?}, halt_cond: {:?}, thread_kicked: {:?}, created: {:?}, stop: {:?}, stopped: {:?}, start_powered_off: {:?}, unplug: {:?}, crash_occurred: {:?}, exit_request: {:?}, exclusive_context_count: {:?}, singlestep_enabled: {:?}, jmp_env: {:?}, work_mutex: {:?}, work_list: {:?}, cpu_ases: {:?}, cpu_ases_count: {:?}, num_ases: {:?}, as: {:?}, memory: {:?}, tb_jmp_cache: {:?}, gdb_regs: {:?}, gdb_num_regs: {:?}, gdb_num_g_regs: {:?}, node: {:?}, breakpoints: {:?}, watchpoints: {:?}, watchpoint_hit: {:?}, opaque: {:?}, kvm_fd: {:?}, kvm_state: {:?}, kvm_run: {:?}, kvm_dirty_gfns: {:?}, kvm_vcpu_stats_fd: {:?}, vcpu_dirty: {:?}, in_ioctl_lock: {:?}, plugin_state: {:?}, cpu_index: {:?}, cluster_index: {:?}, accel: {:?}, throttle_thread_scheduled: {:?}, ignore_memory_transaction_failures: {:?}, prctl_unalign_sigbus: {:?}, iommu_notifiers: {:?}, neg_align: {:?}, neg: {:?} }}" , self . parent_obj , self . cc , self . nr_cores , self . nr_threads , self . thread , self . thread_id , self . running , self . has_waiter , self . halt_cond , self . thread_kicked , self . created , self . stop , self . stopped , self . start_powered_off , self . unplug , self . crash_occurred , self . exit_request , self . exclusive_context_count , self . singlestep_enabled , self . jmp_env , self . work_mutex , self . work_list , self . cpu_ases , self . cpu_ases_count , self . num_ases , self . as_ , self . memory , self . tb_jmp_cache , self . gdb_regs , self . gdb_num_regs , self . gdb_num_g_regs , self . node , self . breakpoints , self . watchpoints , self . watchpoint_hit , self . opaque , self . kvm_fd , self . kvm_state , self . kvm_run , self . kvm_dirty_gfns , self . kvm_vcpu_stats_fd , self . vcpu_dirty , self . in_ioctl_lock , self . plugin_state , self . cpu_index , self . cluster_index , self . accel , self . throttle_thread_scheduled , self . ignore_memory_transaction_failures , self . prctl_unalign_sigbus , self . iommu_notifiers , self . neg_align , self . neg) } } -extern "C" { +unsafe extern "C" { #[doc = " cpu_reset:\n @cpu: The CPU whose state is to be reset."] pub fn cpu_reset(cpu: *mut CPUState); } @@ -3565,39 +4078,42 @@ impl Default for PropertyInfo { } #[doc = " X86CPU:\n @env: #CPUX86State\n @migratable: If set, only migratable flags will be accepted when \"enforce\"\n mode is used, and only migratable flags will be included in the \"host\"\n CPU model.\n\n An x86 CPU."] pub type X86CPU = ArchCPU; -pub const OnOffAuto_ON_OFF_AUTO_AUTO: OnOffAuto = OnOffAuto(0); -pub const OnOffAuto_ON_OFF_AUTO_ON: OnOffAuto = OnOffAuto(1); -pub const OnOffAuto_ON_OFF_AUTO_OFF: OnOffAuto = OnOffAuto(2); -pub const OnOffAuto_ON_OFF_AUTO__MAX: OnOffAuto = OnOffAuto(3); -impl ::std::ops::BitOr for OnOffAuto { +pub const CPUTopoLevel_CPU_TOPO_LEVEL_INVALID: CPUTopoLevel = CPUTopoLevel(0); +pub const CPUTopoLevel_CPU_TOPO_LEVEL_SMT: CPUTopoLevel = CPUTopoLevel(1); +pub const CPUTopoLevel_CPU_TOPO_LEVEL_CORE: CPUTopoLevel = CPUTopoLevel(2); +pub const CPUTopoLevel_CPU_TOPO_LEVEL_MODULE: CPUTopoLevel = CPUTopoLevel(3); +pub const CPUTopoLevel_CPU_TOPO_LEVEL_DIE: CPUTopoLevel = CPUTopoLevel(4); +pub const CPUTopoLevel_CPU_TOPO_LEVEL_PACKAGE: CPUTopoLevel = CPUTopoLevel(5); +pub const CPUTopoLevel_CPU_TOPO_LEVEL_MAX: CPUTopoLevel = CPUTopoLevel(6); +impl ::std::ops::BitOr for CPUTopoLevel { type Output = Self; #[inline] fn bitor(self, other: Self) -> Self { - OnOffAuto(self.0 | other.0) + CPUTopoLevel(self.0 | other.0) } } -impl ::std::ops::BitOrAssign for OnOffAuto { +impl ::std::ops::BitOrAssign for CPUTopoLevel { #[inline] - fn bitor_assign(&mut self, rhs: OnOffAuto) { + fn bitor_assign(&mut self, rhs: CPUTopoLevel) { self.0 |= rhs.0; } } -impl ::std::ops::BitAnd for OnOffAuto { +impl ::std::ops::BitAnd for CPUTopoLevel { type Output = Self; #[inline] fn bitand(self, other: Self) -> Self { - OnOffAuto(self.0 & other.0) + CPUTopoLevel(self.0 & other.0) } } -impl ::std::ops::BitAndAssign for OnOffAuto { +impl ::std::ops::BitAndAssign for CPUTopoLevel { #[inline] - fn bitand_assign(&mut self, rhs: OnOffAuto) { + fn bitand_assign(&mut self, rhs: CPUTopoLevel) { self.0 &= rhs.0; } } #[repr(transparent)] #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] -pub struct OnOffAuto(pub ::std::os::raw::c_uint); +pub struct CPUTopoLevel(pub ::std::os::raw::c_uint); pub type float16 = u16; pub type float32 = u32; pub type float64 = u64; @@ -3736,7 +4252,7 @@ impl Default for float_status { } } } -pub type FeatureWordArray = [u64; 39usize]; +pub type FeatureWordArray = [u64; 40usize]; #[repr(C)] #[derive(Debug, Default, Copy, Clone)] pub struct SegmentCache { @@ -4043,10 +4559,11 @@ pub struct CPUCacheInfo { pub no_invd_sharing: bool, pub inclusive: bool, pub complex_indexing: bool, + pub share_level: CPUTopoLevel, } #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { - ["Size of CPUCacheInfo"][::std::mem::size_of::() - 28usize]; + ["Size of CPUCacheInfo"][::std::mem::size_of::() - 32usize]; ["Alignment of CPUCacheInfo"][::std::mem::align_of::() - 4usize]; ["Offset of field: CPUCacheInfo::type_"][::std::mem::offset_of!(CPUCacheInfo, type_) - 0usize]; ["Offset of field: CPUCacheInfo::level"][::std::mem::offset_of!(CPUCacheInfo, level) - 4usize]; @@ -4068,6 +4585,8 @@ const _: () = { [::std::mem::offset_of!(CPUCacheInfo, inclusive) - 23usize]; ["Offset of field: CPUCacheInfo::complex_indexing"] [::std::mem::offset_of!(CPUCacheInfo, complex_indexing) - 24usize]; + ["Offset of field: CPUCacheInfo::share_level"] + [::std::mem::offset_of!(CPUCacheInfo, share_level) - 28usize]; }; impl Default for CPUCacheInfo { fn default() -> Self { @@ -4165,6 +4684,15 @@ pub struct CPUArchState { pub cstar: target_ulong, pub fmask: target_ulong, pub kernelgsbase: target_ulong, + pub fred_rsp0: u64, + pub fred_rsp1: u64, + pub fred_rsp2: u64, + pub fred_rsp3: u64, + pub fred_stklvls: u64, + pub fred_ssp1: u64, + pub fred_ssp2: u64, + pub fred_ssp3: u64, + pub fred_config: u64, pub tsc_adjust: u64, pub tsc_deadline: u64, pub tsc_aux: u64, @@ -4250,6 +4778,8 @@ pub struct CPUArchState { pub nmi_injected: u8, pub nmi_pending: u8, pub retaddr: usize, + pub msr_rapl_power_unit: u64, + pub msr_pkg_energy_status: u64, pub end_reset_fields: CPUArchState__bindgen_ty_4, pub cpuid_level_func7: u32, pub cpuid_min_level_func7: u32, @@ -4304,6 +4834,8 @@ pub struct CPUArchState { pub umwait: u32, pub tpr_access_type: TPRAccess, pub nr_dies: ::std::os::raw::c_uint, + pub nr_modules: ::std::os::raw::c_uint, + pub avail_cpu_topo: [::std::os::raw::c_ulong; 1usize], } #[repr(C)] #[derive(Debug, Default, Copy, Clone)] @@ -4368,7 +4900,7 @@ const _: () = { }; #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { - ["Size of CPUArchState"][::std::mem::size_of::() - 14896usize]; + ["Size of CPUArchState"][::std::mem::size_of::() - 15008usize]; ["Alignment of CPUArchState"][::std::mem::align_of::() - 16usize]; ["Offset of field: CPUArchState::regs"][::std::mem::offset_of!(CPUArchState, regs) - 0usize]; ["Offset of field: CPUArchState::eip"][::std::mem::offset_of!(CPUArchState, eip) - 128usize]; @@ -4460,278 +4992,304 @@ const _: () = { [::std::mem::offset_of!(CPUArchState, fmask) - 11344usize]; ["Offset of field: CPUArchState::kernelgsbase"] [::std::mem::offset_of!(CPUArchState, kernelgsbase) - 11352usize]; + ["Offset of field: CPUArchState::fred_rsp0"] + [::std::mem::offset_of!(CPUArchState, fred_rsp0) - 11360usize]; + ["Offset of field: CPUArchState::fred_rsp1"] + [::std::mem::offset_of!(CPUArchState, fred_rsp1) - 11368usize]; + ["Offset of field: CPUArchState::fred_rsp2"] + [::std::mem::offset_of!(CPUArchState, fred_rsp2) - 11376usize]; + ["Offset of field: CPUArchState::fred_rsp3"] + [::std::mem::offset_of!(CPUArchState, fred_rsp3) - 11384usize]; + ["Offset of field: CPUArchState::fred_stklvls"] + [::std::mem::offset_of!(CPUArchState, fred_stklvls) - 11392usize]; + ["Offset of field: CPUArchState::fred_ssp1"] + [::std::mem::offset_of!(CPUArchState, fred_ssp1) - 11400usize]; + ["Offset of field: CPUArchState::fred_ssp2"] + [::std::mem::offset_of!(CPUArchState, fred_ssp2) - 11408usize]; + ["Offset of field: CPUArchState::fred_ssp3"] + [::std::mem::offset_of!(CPUArchState, fred_ssp3) - 11416usize]; + ["Offset of field: CPUArchState::fred_config"] + [::std::mem::offset_of!(CPUArchState, fred_config) - 11424usize]; ["Offset of field: CPUArchState::tsc_adjust"] - [::std::mem::offset_of!(CPUArchState, tsc_adjust) - 11360usize]; + [::std::mem::offset_of!(CPUArchState, tsc_adjust) - 11432usize]; ["Offset of field: CPUArchState::tsc_deadline"] - [::std::mem::offset_of!(CPUArchState, tsc_deadline) - 11368usize]; + [::std::mem::offset_of!(CPUArchState, tsc_deadline) - 11440usize]; ["Offset of field: CPUArchState::tsc_aux"] - [::std::mem::offset_of!(CPUArchState, tsc_aux) - 11376usize]; + [::std::mem::offset_of!(CPUArchState, tsc_aux) - 11448usize]; ["Offset of field: CPUArchState::xcr0"] - [::std::mem::offset_of!(CPUArchState, xcr0) - 11384usize]; + [::std::mem::offset_of!(CPUArchState, xcr0) - 11456usize]; ["Offset of field: CPUArchState::mcg_status"] - [::std::mem::offset_of!(CPUArchState, mcg_status) - 11392usize]; + [::std::mem::offset_of!(CPUArchState, mcg_status) - 11464usize]; ["Offset of field: CPUArchState::msr_ia32_misc_enable"] - [::std::mem::offset_of!(CPUArchState, msr_ia32_misc_enable) - 11400usize]; + [::std::mem::offset_of!(CPUArchState, msr_ia32_misc_enable) - 11472usize]; ["Offset of field: CPUArchState::msr_ia32_feature_control"] - [::std::mem::offset_of!(CPUArchState, msr_ia32_feature_control) - 11408usize]; + [::std::mem::offset_of!(CPUArchState, msr_ia32_feature_control) - 11480usize]; ["Offset of field: CPUArchState::msr_ia32_sgxlepubkeyhash"] - [::std::mem::offset_of!(CPUArchState, msr_ia32_sgxlepubkeyhash) - 11416usize]; + [::std::mem::offset_of!(CPUArchState, msr_ia32_sgxlepubkeyhash) - 11488usize]; ["Offset of field: CPUArchState::msr_fixed_ctr_ctrl"] - [::std::mem::offset_of!(CPUArchState, msr_fixed_ctr_ctrl) - 11448usize]; + [::std::mem::offset_of!(CPUArchState, msr_fixed_ctr_ctrl) - 11520usize]; ["Offset of field: CPUArchState::msr_global_ctrl"] - [::std::mem::offset_of!(CPUArchState, msr_global_ctrl) - 11456usize]; + [::std::mem::offset_of!(CPUArchState, msr_global_ctrl) - 11528usize]; ["Offset of field: CPUArchState::msr_global_status"] - [::std::mem::offset_of!(CPUArchState, msr_global_status) - 11464usize]; + [::std::mem::offset_of!(CPUArchState, msr_global_status) - 11536usize]; ["Offset of field: CPUArchState::msr_global_ovf_ctrl"] - [::std::mem::offset_of!(CPUArchState, msr_global_ovf_ctrl) - 11472usize]; + [::std::mem::offset_of!(CPUArchState, msr_global_ovf_ctrl) - 11544usize]; ["Offset of field: CPUArchState::msr_fixed_counters"] - [::std::mem::offset_of!(CPUArchState, msr_fixed_counters) - 11480usize]; + [::std::mem::offset_of!(CPUArchState, msr_fixed_counters) - 11552usize]; ["Offset of field: CPUArchState::msr_gp_counters"] - [::std::mem::offset_of!(CPUArchState, msr_gp_counters) - 11504usize]; + [::std::mem::offset_of!(CPUArchState, msr_gp_counters) - 11576usize]; ["Offset of field: CPUArchState::msr_gp_evtsel"] - [::std::mem::offset_of!(CPUArchState, msr_gp_evtsel) - 11648usize]; - ["Offset of field: CPUArchState::pat"][::std::mem::offset_of!(CPUArchState, pat) - 11792usize]; + [::std::mem::offset_of!(CPUArchState, msr_gp_evtsel) - 11720usize]; + ["Offset of field: CPUArchState::pat"][::std::mem::offset_of!(CPUArchState, pat) - 11864usize]; ["Offset of field: CPUArchState::smbase"] - [::std::mem::offset_of!(CPUArchState, smbase) - 11800usize]; + [::std::mem::offset_of!(CPUArchState, smbase) - 11872usize]; ["Offset of field: CPUArchState::msr_smi_count"] - [::std::mem::offset_of!(CPUArchState, msr_smi_count) - 11808usize]; + [::std::mem::offset_of!(CPUArchState, msr_smi_count) - 11880usize]; ["Offset of field: CPUArchState::pkru"] - [::std::mem::offset_of!(CPUArchState, pkru) - 11816usize]; + [::std::mem::offset_of!(CPUArchState, pkru) - 11888usize]; ["Offset of field: CPUArchState::pkrs"] - [::std::mem::offset_of!(CPUArchState, pkrs) - 11820usize]; + [::std::mem::offset_of!(CPUArchState, pkrs) - 11892usize]; ["Offset of field: CPUArchState::tsx_ctrl"] - [::std::mem::offset_of!(CPUArchState, tsx_ctrl) - 11824usize]; + [::std::mem::offset_of!(CPUArchState, tsx_ctrl) - 11896usize]; ["Offset of field: CPUArchState::spec_ctrl"] - [::std::mem::offset_of!(CPUArchState, spec_ctrl) - 11832usize]; + [::std::mem::offset_of!(CPUArchState, spec_ctrl) - 11904usize]; ["Offset of field: CPUArchState::amd_tsc_scale_msr"] - [::std::mem::offset_of!(CPUArchState, amd_tsc_scale_msr) - 11840usize]; + [::std::mem::offset_of!(CPUArchState, amd_tsc_scale_msr) - 11912usize]; ["Offset of field: CPUArchState::virt_ssbd"] - [::std::mem::offset_of!(CPUArchState, virt_ssbd) - 11848usize]; + [::std::mem::offset_of!(CPUArchState, virt_ssbd) - 11920usize]; ["Offset of field: CPUArchState::end_init_save"] - [::std::mem::offset_of!(CPUArchState, end_init_save) - 11856usize]; + [::std::mem::offset_of!(CPUArchState, end_init_save) - 11928usize]; ["Offset of field: CPUArchState::system_time_msr"] - [::std::mem::offset_of!(CPUArchState, system_time_msr) - 11856usize]; + [::std::mem::offset_of!(CPUArchState, system_time_msr) - 11928usize]; ["Offset of field: CPUArchState::wall_clock_msr"] - [::std::mem::offset_of!(CPUArchState, wall_clock_msr) - 11864usize]; + [::std::mem::offset_of!(CPUArchState, wall_clock_msr) - 11936usize]; ["Offset of field: CPUArchState::steal_time_msr"] - [::std::mem::offset_of!(CPUArchState, steal_time_msr) - 11872usize]; + [::std::mem::offset_of!(CPUArchState, steal_time_msr) - 11944usize]; ["Offset of field: CPUArchState::async_pf_en_msr"] - [::std::mem::offset_of!(CPUArchState, async_pf_en_msr) - 11880usize]; + [::std::mem::offset_of!(CPUArchState, async_pf_en_msr) - 11952usize]; ["Offset of field: CPUArchState::async_pf_int_msr"] - [::std::mem::offset_of!(CPUArchState, async_pf_int_msr) - 11888usize]; + [::std::mem::offset_of!(CPUArchState, async_pf_int_msr) - 11960usize]; ["Offset of field: CPUArchState::pv_eoi_en_msr"] - [::std::mem::offset_of!(CPUArchState, pv_eoi_en_msr) - 11896usize]; + [::std::mem::offset_of!(CPUArchState, pv_eoi_en_msr) - 11968usize]; ["Offset of field: CPUArchState::poll_control_msr"] - [::std::mem::offset_of!(CPUArchState, poll_control_msr) - 11904usize]; + [::std::mem::offset_of!(CPUArchState, poll_control_msr) - 11976usize]; ["Offset of field: CPUArchState::msr_hv_hypercall"] - [::std::mem::offset_of!(CPUArchState, msr_hv_hypercall) - 11912usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_hypercall) - 11984usize]; ["Offset of field: CPUArchState::msr_hv_guest_os_id"] - [::std::mem::offset_of!(CPUArchState, msr_hv_guest_os_id) - 11920usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_guest_os_id) - 11992usize]; ["Offset of field: CPUArchState::msr_hv_tsc"] - [::std::mem::offset_of!(CPUArchState, msr_hv_tsc) - 11928usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_tsc) - 12000usize]; ["Offset of field: CPUArchState::msr_hv_syndbg_control"] - [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_control) - 11936usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_control) - 12008usize]; ["Offset of field: CPUArchState::msr_hv_syndbg_status"] - [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_status) - 11944usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_status) - 12016usize]; ["Offset of field: CPUArchState::msr_hv_syndbg_send_page"] - [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_send_page) - 11952usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_send_page) - 12024usize]; ["Offset of field: CPUArchState::msr_hv_syndbg_recv_page"] - [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_recv_page) - 11960usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_recv_page) - 12032usize]; ["Offset of field: CPUArchState::msr_hv_syndbg_pending_page"] - [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_pending_page) - 11968usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_pending_page) - 12040usize]; ["Offset of field: CPUArchState::msr_hv_syndbg_options"] - [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_options) - 11976usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_syndbg_options) - 12048usize]; ["Offset of field: CPUArchState::msr_hv_vapic"] - [::std::mem::offset_of!(CPUArchState, msr_hv_vapic) - 11984usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_vapic) - 12056usize]; ["Offset of field: CPUArchState::msr_hv_crash_params"] - [::std::mem::offset_of!(CPUArchState, msr_hv_crash_params) - 11992usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_crash_params) - 12064usize]; ["Offset of field: CPUArchState::msr_hv_runtime"] - [::std::mem::offset_of!(CPUArchState, msr_hv_runtime) - 12032usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_runtime) - 12104usize]; ["Offset of field: CPUArchState::msr_hv_synic_control"] - [::std::mem::offset_of!(CPUArchState, msr_hv_synic_control) - 12040usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_synic_control) - 12112usize]; ["Offset of field: CPUArchState::msr_hv_synic_evt_page"] - [::std::mem::offset_of!(CPUArchState, msr_hv_synic_evt_page) - 12048usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_synic_evt_page) - 12120usize]; ["Offset of field: CPUArchState::msr_hv_synic_msg_page"] - [::std::mem::offset_of!(CPUArchState, msr_hv_synic_msg_page) - 12056usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_synic_msg_page) - 12128usize]; ["Offset of field: CPUArchState::msr_hv_synic_sint"] - [::std::mem::offset_of!(CPUArchState, msr_hv_synic_sint) - 12064usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_synic_sint) - 12136usize]; ["Offset of field: CPUArchState::msr_hv_stimer_config"] - [::std::mem::offset_of!(CPUArchState, msr_hv_stimer_config) - 12192usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_stimer_config) - 12264usize]; ["Offset of field: CPUArchState::msr_hv_stimer_count"] - [::std::mem::offset_of!(CPUArchState, msr_hv_stimer_count) - 12224usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_stimer_count) - 12296usize]; ["Offset of field: CPUArchState::msr_hv_reenlightenment_control"] - [::std::mem::offset_of!(CPUArchState, msr_hv_reenlightenment_control) - 12256usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_reenlightenment_control) - 12328usize]; ["Offset of field: CPUArchState::msr_hv_tsc_emulation_control"] - [::std::mem::offset_of!(CPUArchState, msr_hv_tsc_emulation_control) - 12264usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_tsc_emulation_control) - 12336usize]; ["Offset of field: CPUArchState::msr_hv_tsc_emulation_status"] - [::std::mem::offset_of!(CPUArchState, msr_hv_tsc_emulation_status) - 12272usize]; + [::std::mem::offset_of!(CPUArchState, msr_hv_tsc_emulation_status) - 12344usize]; ["Offset of field: CPUArchState::msr_rtit_ctrl"] - [::std::mem::offset_of!(CPUArchState, msr_rtit_ctrl) - 12280usize]; + [::std::mem::offset_of!(CPUArchState, msr_rtit_ctrl) - 12352usize]; ["Offset of field: CPUArchState::msr_rtit_status"] - [::std::mem::offset_of!(CPUArchState, msr_rtit_status) - 12288usize]; + [::std::mem::offset_of!(CPUArchState, msr_rtit_status) - 12360usize]; ["Offset of field: CPUArchState::msr_rtit_output_base"] - [::std::mem::offset_of!(CPUArchState, msr_rtit_output_base) - 12296usize]; + [::std::mem::offset_of!(CPUArchState, msr_rtit_output_base) - 12368usize]; ["Offset of field: CPUArchState::msr_rtit_output_mask"] - [::std::mem::offset_of!(CPUArchState, msr_rtit_output_mask) - 12304usize]; + [::std::mem::offset_of!(CPUArchState, msr_rtit_output_mask) - 12376usize]; ["Offset of field: CPUArchState::msr_rtit_cr3_match"] - [::std::mem::offset_of!(CPUArchState, msr_rtit_cr3_match) - 12312usize]; + [::std::mem::offset_of!(CPUArchState, msr_rtit_cr3_match) - 12384usize]; ["Offset of field: CPUArchState::msr_rtit_addrs"] - [::std::mem::offset_of!(CPUArchState, msr_rtit_addrs) - 12320usize]; + [::std::mem::offset_of!(CPUArchState, msr_rtit_addrs) - 12392usize]; ["Offset of field: CPUArchState::msr_xfd"] - [::std::mem::offset_of!(CPUArchState, msr_xfd) - 12384usize]; + [::std::mem::offset_of!(CPUArchState, msr_xfd) - 12456usize]; ["Offset of field: CPUArchState::msr_xfd_err"] - [::std::mem::offset_of!(CPUArchState, msr_xfd_err) - 12392usize]; + [::std::mem::offset_of!(CPUArchState, msr_xfd_err) - 12464usize]; ["Offset of field: CPUArchState::msr_lbr_ctl"] - [::std::mem::offset_of!(CPUArchState, msr_lbr_ctl) - 12400usize]; + [::std::mem::offset_of!(CPUArchState, msr_lbr_ctl) - 12472usize]; ["Offset of field: CPUArchState::msr_lbr_depth"] - [::std::mem::offset_of!(CPUArchState, msr_lbr_depth) - 12408usize]; + [::std::mem::offset_of!(CPUArchState, msr_lbr_depth) - 12480usize]; ["Offset of field: CPUArchState::lbr_records"] - [::std::mem::offset_of!(CPUArchState, lbr_records) - 12416usize]; + [::std::mem::offset_of!(CPUArchState, lbr_records) - 12488usize]; ["Offset of field: CPUArchState::error_code"] - [::std::mem::offset_of!(CPUArchState, error_code) - 13184usize]; + [::std::mem::offset_of!(CPUArchState, error_code) - 13256usize]; ["Offset of field: CPUArchState::exception_is_int"] - [::std::mem::offset_of!(CPUArchState, exception_is_int) - 13188usize]; + [::std::mem::offset_of!(CPUArchState, exception_is_int) - 13260usize]; ["Offset of field: CPUArchState::exception_next_eip"] - [::std::mem::offset_of!(CPUArchState, exception_next_eip) - 13192usize]; - ["Offset of field: CPUArchState::dr"][::std::mem::offset_of!(CPUArchState, dr) - 13200usize]; + [::std::mem::offset_of!(CPUArchState, exception_next_eip) - 13264usize]; + ["Offset of field: CPUArchState::dr"][::std::mem::offset_of!(CPUArchState, dr) - 13272usize]; ["Offset of field: CPUArchState::old_exception"] - [::std::mem::offset_of!(CPUArchState, old_exception) - 13296usize]; + [::std::mem::offset_of!(CPUArchState, old_exception) - 13368usize]; ["Offset of field: CPUArchState::vm_vmcb"] - [::std::mem::offset_of!(CPUArchState, vm_vmcb) - 13304usize]; + [::std::mem::offset_of!(CPUArchState, vm_vmcb) - 13376usize]; ["Offset of field: CPUArchState::tsc_offset"] - [::std::mem::offset_of!(CPUArchState, tsc_offset) - 13312usize]; + [::std::mem::offset_of!(CPUArchState, tsc_offset) - 13384usize]; ["Offset of field: CPUArchState::intercept"] - [::std::mem::offset_of!(CPUArchState, intercept) - 13320usize]; + [::std::mem::offset_of!(CPUArchState, intercept) - 13392usize]; ["Offset of field: CPUArchState::intercept_cr_read"] - [::std::mem::offset_of!(CPUArchState, intercept_cr_read) - 13328usize]; + [::std::mem::offset_of!(CPUArchState, intercept_cr_read) - 13400usize]; ["Offset of field: CPUArchState::intercept_cr_write"] - [::std::mem::offset_of!(CPUArchState, intercept_cr_write) - 13330usize]; + [::std::mem::offset_of!(CPUArchState, intercept_cr_write) - 13402usize]; ["Offset of field: CPUArchState::intercept_dr_read"] - [::std::mem::offset_of!(CPUArchState, intercept_dr_read) - 13332usize]; + [::std::mem::offset_of!(CPUArchState, intercept_dr_read) - 13404usize]; ["Offset of field: CPUArchState::intercept_dr_write"] - [::std::mem::offset_of!(CPUArchState, intercept_dr_write) - 13334usize]; + [::std::mem::offset_of!(CPUArchState, intercept_dr_write) - 13406usize]; ["Offset of field: CPUArchState::intercept_exceptions"] - [::std::mem::offset_of!(CPUArchState, intercept_exceptions) - 13336usize]; + [::std::mem::offset_of!(CPUArchState, intercept_exceptions) - 13408usize]; ["Offset of field: CPUArchState::nested_cr3"] - [::std::mem::offset_of!(CPUArchState, nested_cr3) - 13344usize]; + [::std::mem::offset_of!(CPUArchState, nested_cr3) - 13416usize]; ["Offset of field: CPUArchState::nested_pg_mode"] - [::std::mem::offset_of!(CPUArchState, nested_pg_mode) - 13352usize]; + [::std::mem::offset_of!(CPUArchState, nested_pg_mode) - 13424usize]; ["Offset of field: CPUArchState::v_tpr"] - [::std::mem::offset_of!(CPUArchState, v_tpr) - 13356usize]; + [::std::mem::offset_of!(CPUArchState, v_tpr) - 13428usize]; ["Offset of field: CPUArchState::int_ctl"] - [::std::mem::offset_of!(CPUArchState, int_ctl) - 13360usize]; + [::std::mem::offset_of!(CPUArchState, int_ctl) - 13432usize]; ["Offset of field: CPUArchState::nmi_injected"] - [::std::mem::offset_of!(CPUArchState, nmi_injected) - 13364usize]; + [::std::mem::offset_of!(CPUArchState, nmi_injected) - 13436usize]; ["Offset of field: CPUArchState::nmi_pending"] - [::std::mem::offset_of!(CPUArchState, nmi_pending) - 13365usize]; + [::std::mem::offset_of!(CPUArchState, nmi_pending) - 13437usize]; ["Offset of field: CPUArchState::retaddr"] - [::std::mem::offset_of!(CPUArchState, retaddr) - 13368usize]; + [::std::mem::offset_of!(CPUArchState, retaddr) - 13440usize]; + ["Offset of field: CPUArchState::msr_rapl_power_unit"] + [::std::mem::offset_of!(CPUArchState, msr_rapl_power_unit) - 13448usize]; + ["Offset of field: CPUArchState::msr_pkg_energy_status"] + [::std::mem::offset_of!(CPUArchState, msr_pkg_energy_status) - 13456usize]; ["Offset of field: CPUArchState::end_reset_fields"] - [::std::mem::offset_of!(CPUArchState, end_reset_fields) - 13376usize]; + [::std::mem::offset_of!(CPUArchState, end_reset_fields) - 13464usize]; ["Offset of field: CPUArchState::cpuid_level_func7"] - [::std::mem::offset_of!(CPUArchState, cpuid_level_func7) - 13376usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_level_func7) - 13464usize]; ["Offset of field: CPUArchState::cpuid_min_level_func7"] - [::std::mem::offset_of!(CPUArchState, cpuid_min_level_func7) - 13380usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_min_level_func7) - 13468usize]; ["Offset of field: CPUArchState::cpuid_min_level"] - [::std::mem::offset_of!(CPUArchState, cpuid_min_level) - 13384usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_min_level) - 13472usize]; ["Offset of field: CPUArchState::cpuid_min_xlevel"] - [::std::mem::offset_of!(CPUArchState, cpuid_min_xlevel) - 13388usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_min_xlevel) - 13476usize]; ["Offset of field: CPUArchState::cpuid_min_xlevel2"] - [::std::mem::offset_of!(CPUArchState, cpuid_min_xlevel2) - 13392usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_min_xlevel2) - 13480usize]; ["Offset of field: CPUArchState::cpuid_max_level"] - [::std::mem::offset_of!(CPUArchState, cpuid_max_level) - 13396usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_max_level) - 13484usize]; ["Offset of field: CPUArchState::cpuid_max_xlevel"] - [::std::mem::offset_of!(CPUArchState, cpuid_max_xlevel) - 13400usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_max_xlevel) - 13488usize]; ["Offset of field: CPUArchState::cpuid_max_xlevel2"] - [::std::mem::offset_of!(CPUArchState, cpuid_max_xlevel2) - 13404usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_max_xlevel2) - 13492usize]; ["Offset of field: CPUArchState::cpuid_level"] - [::std::mem::offset_of!(CPUArchState, cpuid_level) - 13408usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_level) - 13496usize]; ["Offset of field: CPUArchState::cpuid_xlevel"] - [::std::mem::offset_of!(CPUArchState, cpuid_xlevel) - 13412usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_xlevel) - 13500usize]; ["Offset of field: CPUArchState::cpuid_xlevel2"] - [::std::mem::offset_of!(CPUArchState, cpuid_xlevel2) - 13416usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_xlevel2) - 13504usize]; ["Offset of field: CPUArchState::cpuid_vendor1"] - [::std::mem::offset_of!(CPUArchState, cpuid_vendor1) - 13420usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_vendor1) - 13508usize]; ["Offset of field: CPUArchState::cpuid_vendor2"] - [::std::mem::offset_of!(CPUArchState, cpuid_vendor2) - 13424usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_vendor2) - 13512usize]; ["Offset of field: CPUArchState::cpuid_vendor3"] - [::std::mem::offset_of!(CPUArchState, cpuid_vendor3) - 13428usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_vendor3) - 13516usize]; ["Offset of field: CPUArchState::cpuid_version"] - [::std::mem::offset_of!(CPUArchState, cpuid_version) - 13432usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_version) - 13520usize]; ["Offset of field: CPUArchState::features"] - [::std::mem::offset_of!(CPUArchState, features) - 13440usize]; + [::std::mem::offset_of!(CPUArchState, features) - 13528usize]; ["Offset of field: CPUArchState::user_features"] - [::std::mem::offset_of!(CPUArchState, user_features) - 13752usize]; + [::std::mem::offset_of!(CPUArchState, user_features) - 13848usize]; ["Offset of field: CPUArchState::cpuid_model"] - [::std::mem::offset_of!(CPUArchState, cpuid_model) - 14064usize]; + [::std::mem::offset_of!(CPUArchState, cpuid_model) - 14168usize]; ["Offset of field: CPUArchState::cache_info_cpuid2"] - [::std::mem::offset_of!(CPUArchState, cache_info_cpuid2) - 14112usize]; + [::std::mem::offset_of!(CPUArchState, cache_info_cpuid2) - 14216usize]; ["Offset of field: CPUArchState::cache_info_cpuid4"] - [::std::mem::offset_of!(CPUArchState, cache_info_cpuid4) - 14144usize]; + [::std::mem::offset_of!(CPUArchState, cache_info_cpuid4) - 14248usize]; ["Offset of field: CPUArchState::cache_info_amd"] - [::std::mem::offset_of!(CPUArchState, cache_info_amd) - 14176usize]; + [::std::mem::offset_of!(CPUArchState, cache_info_amd) - 14280usize]; ["Offset of field: CPUArchState::mtrr_fixed"] - [::std::mem::offset_of!(CPUArchState, mtrr_fixed) - 14208usize]; + [::std::mem::offset_of!(CPUArchState, mtrr_fixed) - 14312usize]; ["Offset of field: CPUArchState::mtrr_deftype"] - [::std::mem::offset_of!(CPUArchState, mtrr_deftype) - 14296usize]; + [::std::mem::offset_of!(CPUArchState, mtrr_deftype) - 14400usize]; ["Offset of field: CPUArchState::mtrr_var"] - [::std::mem::offset_of!(CPUArchState, mtrr_var) - 14304usize]; + [::std::mem::offset_of!(CPUArchState, mtrr_var) - 14408usize]; ["Offset of field: CPUArchState::mp_state"] - [::std::mem::offset_of!(CPUArchState, mp_state) - 14432usize]; + [::std::mem::offset_of!(CPUArchState, mp_state) - 14536usize]; ["Offset of field: CPUArchState::exception_nr"] - [::std::mem::offset_of!(CPUArchState, exception_nr) - 14436usize]; + [::std::mem::offset_of!(CPUArchState, exception_nr) - 14540usize]; ["Offset of field: CPUArchState::interrupt_injected"] - [::std::mem::offset_of!(CPUArchState, interrupt_injected) - 14440usize]; + [::std::mem::offset_of!(CPUArchState, interrupt_injected) - 14544usize]; ["Offset of field: CPUArchState::soft_interrupt"] - [::std::mem::offset_of!(CPUArchState, soft_interrupt) - 14444usize]; + [::std::mem::offset_of!(CPUArchState, soft_interrupt) - 14548usize]; ["Offset of field: CPUArchState::exception_pending"] - [::std::mem::offset_of!(CPUArchState, exception_pending) - 14445usize]; + [::std::mem::offset_of!(CPUArchState, exception_pending) - 14549usize]; ["Offset of field: CPUArchState::exception_injected"] - [::std::mem::offset_of!(CPUArchState, exception_injected) - 14446usize]; + [::std::mem::offset_of!(CPUArchState, exception_injected) - 14550usize]; ["Offset of field: CPUArchState::has_error_code"] - [::std::mem::offset_of!(CPUArchState, has_error_code) - 14447usize]; + [::std::mem::offset_of!(CPUArchState, has_error_code) - 14551usize]; ["Offset of field: CPUArchState::exception_has_payload"] - [::std::mem::offset_of!(CPUArchState, exception_has_payload) - 14448usize]; + [::std::mem::offset_of!(CPUArchState, exception_has_payload) - 14552usize]; ["Offset of field: CPUArchState::exception_payload"] - [::std::mem::offset_of!(CPUArchState, exception_payload) - 14456usize]; + [::std::mem::offset_of!(CPUArchState, exception_payload) - 14560usize]; ["Offset of field: CPUArchState::triple_fault_pending"] - [::std::mem::offset_of!(CPUArchState, triple_fault_pending) - 14464usize]; + [::std::mem::offset_of!(CPUArchState, triple_fault_pending) - 14568usize]; ["Offset of field: CPUArchState::ins_len"] - [::std::mem::offset_of!(CPUArchState, ins_len) - 14468usize]; + [::std::mem::offset_of!(CPUArchState, ins_len) - 14572usize]; ["Offset of field: CPUArchState::sipi_vector"] - [::std::mem::offset_of!(CPUArchState, sipi_vector) - 14472usize]; + [::std::mem::offset_of!(CPUArchState, sipi_vector) - 14576usize]; ["Offset of field: CPUArchState::tsc_valid"] - [::std::mem::offset_of!(CPUArchState, tsc_valid) - 14476usize]; + [::std::mem::offset_of!(CPUArchState, tsc_valid) - 14580usize]; ["Offset of field: CPUArchState::tsc_khz"] - [::std::mem::offset_of!(CPUArchState, tsc_khz) - 14480usize]; + [::std::mem::offset_of!(CPUArchState, tsc_khz) - 14584usize]; ["Offset of field: CPUArchState::user_tsc_khz"] - [::std::mem::offset_of!(CPUArchState, user_tsc_khz) - 14488usize]; + [::std::mem::offset_of!(CPUArchState, user_tsc_khz) - 14592usize]; ["Offset of field: CPUArchState::apic_bus_freq"] - [::std::mem::offset_of!(CPUArchState, apic_bus_freq) - 14496usize]; - ["Offset of field: CPUArchState::tsc"][::std::mem::offset_of!(CPUArchState, tsc) - 14504usize]; + [::std::mem::offset_of!(CPUArchState, apic_bus_freq) - 14600usize]; + ["Offset of field: CPUArchState::tsc"][::std::mem::offset_of!(CPUArchState, tsc) - 14608usize]; ["Offset of field: CPUArchState::mcg_cap"] - [::std::mem::offset_of!(CPUArchState, mcg_cap) - 14512usize]; + [::std::mem::offset_of!(CPUArchState, mcg_cap) - 14616usize]; ["Offset of field: CPUArchState::mcg_ctl"] - [::std::mem::offset_of!(CPUArchState, mcg_ctl) - 14520usize]; + [::std::mem::offset_of!(CPUArchState, mcg_ctl) - 14624usize]; ["Offset of field: CPUArchState::mcg_ext_ctl"] - [::std::mem::offset_of!(CPUArchState, mcg_ext_ctl) - 14528usize]; + [::std::mem::offset_of!(CPUArchState, mcg_ext_ctl) - 14632usize]; ["Offset of field: CPUArchState::mce_banks"] - [::std::mem::offset_of!(CPUArchState, mce_banks) - 14536usize]; + [::std::mem::offset_of!(CPUArchState, mce_banks) - 14640usize]; ["Offset of field: CPUArchState::xstate_bv"] - [::std::mem::offset_of!(CPUArchState, xstate_bv) - 14856usize]; + [::std::mem::offset_of!(CPUArchState, xstate_bv) - 14960usize]; ["Offset of field: CPUArchState::fpus_vmstate"] - [::std::mem::offset_of!(CPUArchState, fpus_vmstate) - 14864usize]; + [::std::mem::offset_of!(CPUArchState, fpus_vmstate) - 14968usize]; ["Offset of field: CPUArchState::fptag_vmstate"] - [::std::mem::offset_of!(CPUArchState, fptag_vmstate) - 14866usize]; + [::std::mem::offset_of!(CPUArchState, fptag_vmstate) - 14970usize]; ["Offset of field: CPUArchState::fpregs_format_vmstate"] - [::std::mem::offset_of!(CPUArchState, fpregs_format_vmstate) - 14868usize]; - ["Offset of field: CPUArchState::xss"][::std::mem::offset_of!(CPUArchState, xss) - 14872usize]; + [::std::mem::offset_of!(CPUArchState, fpregs_format_vmstate) - 14972usize]; + ["Offset of field: CPUArchState::xss"][::std::mem::offset_of!(CPUArchState, xss) - 14976usize]; ["Offset of field: CPUArchState::umwait"] - [::std::mem::offset_of!(CPUArchState, umwait) - 14880usize]; + [::std::mem::offset_of!(CPUArchState, umwait) - 14984usize]; ["Offset of field: CPUArchState::tpr_access_type"] - [::std::mem::offset_of!(CPUArchState, tpr_access_type) - 14884usize]; + [::std::mem::offset_of!(CPUArchState, tpr_access_type) - 14988usize]; ["Offset of field: CPUArchState::nr_dies"] - [::std::mem::offset_of!(CPUArchState, nr_dies) - 14888usize]; + [::std::mem::offset_of!(CPUArchState, nr_dies) - 14992usize]; + ["Offset of field: CPUArchState::nr_modules"] + [::std::mem::offset_of!(CPUArchState, nr_modules) - 14996usize]; + ["Offset of field: CPUArchState::avail_cpu_topo"] + [::std::mem::offset_of!(CPUArchState, avail_cpu_topo) - 15000usize]; }; impl Default for CPUArchState { fn default() -> Self { @@ -4744,7 +5302,7 @@ impl Default for CPUArchState { } impl ::std::fmt::Debug for CPUArchState { fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write ! (f , "CPUArchState {{ regs: {:?}, segs: {:?}, ldt: {:?}, tr: {:?}, gdt: {:?}, idt: {:?}, cr: {:?}, pdptrs_valid: {:?}, pdptrs: {:?}, bnd_regs: {:?}, bndcs_regs: {:?}, start_init_save: {:?}, fpstt: {:?}, fptags: {:?}, fpregs: {:?}, fp_status: {:?}, ft0: {:?}, mmx_status: {:?}, sse_status: {:?}, xmm_regs: {:?}, xmm_t0: {:?}, mmx_t0: {:?}, opmask_regs: {:?}, xtilecfg: {:?}, xtiledata: {:?}, msr_ia32_sgxlepubkeyhash: {:?}, msr_fixed_counters: {:?}, msr_gp_counters: {:?}, msr_gp_evtsel: {:?}, end_init_save: {:?}, msr_hv_crash_params: {:?}, msr_hv_synic_sint: {:?}, msr_hv_stimer_config: {:?}, msr_hv_stimer_count: {:?}, msr_rtit_addrs: {:?}, lbr_records: {:?}, error_code: {:?}, exception_is_int: {:?}, dr: {:?}, __bindgen_anon_1: {:?}, old_exception: {:?}, end_reset_fields: {:?}, features: {:?}, user_features: {:?}, cpuid_model: {:?}, cache_info_cpuid2: {:?}, cache_info_cpuid4: {:?}, cache_info_amd: {:?}, mtrr_fixed: {:?}, mtrr_var: {:?}, tsc_valid: {:?}, mce_banks: {:?}, tpr_access_type: {:?}, nr_dies: {:?} }}" , self . regs , self . segs , self . ldt , self . tr , self . gdt , self . idt , self . cr , self . pdptrs_valid , self . pdptrs , self . bnd_regs , self . bndcs_regs , self . start_init_save , self . fpstt , self . fptags , self . fpregs , self . fp_status , self . ft0 , self . mmx_status , self . sse_status , self . xmm_regs , self . xmm_t0 , self . mmx_t0 , self . opmask_regs , self . xtilecfg , self . xtiledata , self . msr_ia32_sgxlepubkeyhash , self . msr_fixed_counters , self . msr_gp_counters , self . msr_gp_evtsel , self . end_init_save , self . msr_hv_crash_params , self . msr_hv_synic_sint , self . msr_hv_stimer_config , self . msr_hv_stimer_count , self . msr_rtit_addrs , self . lbr_records , self . error_code , self . exception_is_int , self . dr , self . __bindgen_anon_1 , self . old_exception , self . end_reset_fields , self . features , self . user_features , self . cpuid_model , self . cache_info_cpuid2 , self . cache_info_cpuid4 , self . cache_info_amd , self . mtrr_fixed , self . mtrr_var , self . tsc_valid , self . mce_banks , self . tpr_access_type , self . nr_dies) + write ! (f , "CPUArchState {{ regs: {:?}, segs: {:?}, ldt: {:?}, tr: {:?}, gdt: {:?}, idt: {:?}, cr: {:?}, pdptrs_valid: {:?}, pdptrs: {:?}, bnd_regs: {:?}, bndcs_regs: {:?}, start_init_save: {:?}, fpstt: {:?}, fptags: {:?}, fpregs: {:?}, fp_status: {:?}, ft0: {:?}, mmx_status: {:?}, sse_status: {:?}, xmm_regs: {:?}, xmm_t0: {:?}, mmx_t0: {:?}, opmask_regs: {:?}, xtilecfg: {:?}, xtiledata: {:?}, msr_ia32_sgxlepubkeyhash: {:?}, msr_fixed_counters: {:?}, msr_gp_counters: {:?}, msr_gp_evtsel: {:?}, end_init_save: {:?}, msr_hv_crash_params: {:?}, msr_hv_synic_sint: {:?}, msr_hv_stimer_config: {:?}, msr_hv_stimer_count: {:?}, msr_rtit_addrs: {:?}, lbr_records: {:?}, error_code: {:?}, exception_is_int: {:?}, dr: {:?}, __bindgen_anon_1: {:?}, old_exception: {:?}, end_reset_fields: {:?}, features: {:?}, user_features: {:?}, cpuid_model: {:?}, cache_info_cpuid2: {:?}, cache_info_cpuid4: {:?}, cache_info_amd: {:?}, mtrr_fixed: {:?}, mtrr_var: {:?}, tsc_valid: {:?}, mce_banks: {:?}, tpr_access_type: {:?}, nr_dies: {:?}, nr_modules: {:?}, avail_cpu_topo: {:?} }}" , self . regs , self . segs , self . ldt , self . tr , self . gdt , self . idt , self . cr , self . pdptrs_valid , self . pdptrs , self . bnd_regs , self . bndcs_regs , self . start_init_save , self . fpstt , self . fptags , self . fpregs , self . fp_status , self . ft0 , self . mmx_status , self . sse_status , self . xmm_regs , self . xmm_t0 , self . mmx_t0 , self . opmask_regs , self . xtilecfg , self . xtiledata , self . msr_ia32_sgxlepubkeyhash , self . msr_fixed_counters , self . msr_gp_counters , self . msr_gp_evtsel , self . end_init_save , self . msr_hv_crash_params , self . msr_hv_synic_sint , self . msr_hv_stimer_config , self . msr_hv_stimer_count , self . msr_rtit_addrs , self . lbr_records , self . error_code , self . exception_is_int , self . dr , self . __bindgen_anon_1 , self . old_exception , self . end_reset_fields , self . features , self . user_features , self . cpuid_model , self . cache_info_cpuid2 , self . cache_info_cpuid4 , self . cache_info_amd , self . mtrr_fixed , self . mtrr_var , self . tsc_valid , self . mce_banks , self . tpr_access_type , self . nr_dies , self . nr_modules , self . avail_cpu_topo) } } pub type CPUX86State = CPUArchState; @@ -4794,17 +5352,20 @@ pub struct ArchCPU { pub lbr_fmt: u64, pub enable_lmce: bool, pub enable_l3_cache: bool, + pub l1_cache_per_core: bool, pub legacy_cache: bool, + pub legacy_multi_node: bool, pub enable_cpuid_0xb: bool, pub full_cpuid_auto_level: bool, pub vendor_cpuid_only: bool, + pub amd_topoext_features_only: bool, pub intel_pt_auto_level: bool, pub fill_mtrr_mask: bool, pub host_phys_bits: bool, pub host_phys_bits_limit: u8, - pub kvm_no_smi_migration: bool, pub kvm_pv_enforce_cpuid: bool, pub phys_bits: u32, + pub guest_phys_bits: u32, pub apic_state: *mut DeviceState, pub cpu_as_root: *mut MemoryRegion, pub cpu_as_mem: *mut MemoryRegion, @@ -4814,6 +5375,7 @@ pub struct ArchCPU { pub node_id: i32, pub socket_id: i32, pub die_id: i32, + pub module_id: i32, pub core_id: i32, pub thread_id: i32, pub hv_max_vps: i32, @@ -4843,120 +5405,128 @@ const _: () = { }; #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { - ["Size of ArchCPU"][::std::mem::size_of::() - 25664usize]; + ["Size of ArchCPU"][::std::mem::size_of::() - 25792usize]; ["Alignment of ArchCPU"][::std::mem::align_of::() - 16usize]; ["Offset of field: ArchCPU::parent_obj"][::std::mem::offset_of!(ArchCPU, parent_obj) - 0usize]; ["Offset of field: ArchCPU::env"][::std::mem::offset_of!(ArchCPU, env) - 10176usize]; - ["Offset of field: ArchCPU::vmsentry"][::std::mem::offset_of!(ArchCPU, vmsentry) - 25072usize]; + ["Offset of field: ArchCPU::vmsentry"][::std::mem::offset_of!(ArchCPU, vmsentry) - 25184usize]; ["Offset of field: ArchCPU::ucode_rev"] - [::std::mem::offset_of!(ArchCPU, ucode_rev) - 25080usize]; + [::std::mem::offset_of!(ArchCPU, ucode_rev) - 25192usize]; ["Offset of field: ArchCPU::hyperv_spinlock_attempts"] - [::std::mem::offset_of!(ArchCPU, hyperv_spinlock_attempts) - 25088usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_spinlock_attempts) - 25200usize]; ["Offset of field: ArchCPU::hyperv_vendor"] - [::std::mem::offset_of!(ArchCPU, hyperv_vendor) - 25096usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_vendor) - 25208usize]; ["Offset of field: ArchCPU::hyperv_synic_kvm_only"] - [::std::mem::offset_of!(ArchCPU, hyperv_synic_kvm_only) - 25104usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_synic_kvm_only) - 25216usize]; ["Offset of field: ArchCPU::hyperv_features"] - [::std::mem::offset_of!(ArchCPU, hyperv_features) - 25112usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_features) - 25224usize]; ["Offset of field: ArchCPU::hyperv_passthrough"] - [::std::mem::offset_of!(ArchCPU, hyperv_passthrough) - 25120usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_passthrough) - 25232usize]; ["Offset of field: ArchCPU::hyperv_no_nonarch_cs"] - [::std::mem::offset_of!(ArchCPU, hyperv_no_nonarch_cs) - 25124usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_no_nonarch_cs) - 25236usize]; ["Offset of field: ArchCPU::hyperv_vendor_id"] - [::std::mem::offset_of!(ArchCPU, hyperv_vendor_id) - 25128usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_vendor_id) - 25240usize]; ["Offset of field: ArchCPU::hyperv_interface_id"] - [::std::mem::offset_of!(ArchCPU, hyperv_interface_id) - 25140usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_interface_id) - 25252usize]; ["Offset of field: ArchCPU::hyperv_limits"] - [::std::mem::offset_of!(ArchCPU, hyperv_limits) - 25156usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_limits) - 25268usize]; ["Offset of field: ArchCPU::hyperv_enforce_cpuid"] - [::std::mem::offset_of!(ArchCPU, hyperv_enforce_cpuid) - 25168usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_enforce_cpuid) - 25280usize]; ["Offset of field: ArchCPU::hyperv_ver_id_build"] - [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_build) - 25172usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_build) - 25284usize]; ["Offset of field: ArchCPU::hyperv_ver_id_major"] - [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_major) - 25176usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_major) - 25288usize]; ["Offset of field: ArchCPU::hyperv_ver_id_minor"] - [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_minor) - 25178usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_minor) - 25290usize]; ["Offset of field: ArchCPU::hyperv_ver_id_sp"] - [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_sp) - 25180usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_sp) - 25292usize]; ["Offset of field: ArchCPU::hyperv_ver_id_sb"] - [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_sb) - 25184usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_sb) - 25296usize]; ["Offset of field: ArchCPU::hyperv_ver_id_sn"] - [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_sn) - 25188usize]; + [::std::mem::offset_of!(ArchCPU, hyperv_ver_id_sn) - 25300usize]; ["Offset of field: ArchCPU::check_cpuid"] - [::std::mem::offset_of!(ArchCPU, check_cpuid) - 25192usize]; + [::std::mem::offset_of!(ArchCPU, check_cpuid) - 25304usize]; ["Offset of field: ArchCPU::enforce_cpuid"] - [::std::mem::offset_of!(ArchCPU, enforce_cpuid) - 25193usize]; + [::std::mem::offset_of!(ArchCPU, enforce_cpuid) - 25305usize]; ["Offset of field: ArchCPU::force_features"] - [::std::mem::offset_of!(ArchCPU, force_features) - 25194usize]; + [::std::mem::offset_of!(ArchCPU, force_features) - 25306usize]; ["Offset of field: ArchCPU::expose_kvm"] - [::std::mem::offset_of!(ArchCPU, expose_kvm) - 25195usize]; + [::std::mem::offset_of!(ArchCPU, expose_kvm) - 25307usize]; ["Offset of field: ArchCPU::expose_tcg"] - [::std::mem::offset_of!(ArchCPU, expose_tcg) - 25196usize]; + [::std::mem::offset_of!(ArchCPU, expose_tcg) - 25308usize]; ["Offset of field: ArchCPU::migratable"] - [::std::mem::offset_of!(ArchCPU, migratable) - 25197usize]; + [::std::mem::offset_of!(ArchCPU, migratable) - 25309usize]; ["Offset of field: ArchCPU::migrate_smi_count"] - [::std::mem::offset_of!(ArchCPU, migrate_smi_count) - 25198usize]; + [::std::mem::offset_of!(ArchCPU, migrate_smi_count) - 25310usize]; ["Offset of field: ArchCPU::max_features"] - [::std::mem::offset_of!(ArchCPU, max_features) - 25199usize]; - ["Offset of field: ArchCPU::apic_id"][::std::mem::offset_of!(ArchCPU, apic_id) - 25200usize]; + [::std::mem::offset_of!(ArchCPU, max_features) - 25311usize]; + ["Offset of field: ArchCPU::apic_id"][::std::mem::offset_of!(ArchCPU, apic_id) - 25312usize]; ["Offset of field: ArchCPU::vmware_cpuid_freq"] - [::std::mem::offset_of!(ArchCPU, vmware_cpuid_freq) - 25204usize]; + [::std::mem::offset_of!(ArchCPU, vmware_cpuid_freq) - 25316usize]; ["Offset of field: ArchCPU::cache_info_passthrough"] - [::std::mem::offset_of!(ArchCPU, cache_info_passthrough) - 25205usize]; - ["Offset of field: ArchCPU::mwait"][::std::mem::offset_of!(ArchCPU, mwait) - 25208usize]; + [::std::mem::offset_of!(ArchCPU, cache_info_passthrough) - 25317usize]; + ["Offset of field: ArchCPU::mwait"][::std::mem::offset_of!(ArchCPU, mwait) - 25320usize]; ["Offset of field: ArchCPU::filtered_features"] - [::std::mem::offset_of!(ArchCPU, filtered_features) - 25224usize]; + [::std::mem::offset_of!(ArchCPU, filtered_features) - 25336usize]; ["Offset of field: ArchCPU::enable_pmu"] - [::std::mem::offset_of!(ArchCPU, enable_pmu) - 25536usize]; - ["Offset of field: ArchCPU::lbr_fmt"][::std::mem::offset_of!(ArchCPU, lbr_fmt) - 25544usize]; + [::std::mem::offset_of!(ArchCPU, enable_pmu) - 25656usize]; + ["Offset of field: ArchCPU::lbr_fmt"][::std::mem::offset_of!(ArchCPU, lbr_fmt) - 25664usize]; ["Offset of field: ArchCPU::enable_lmce"] - [::std::mem::offset_of!(ArchCPU, enable_lmce) - 25552usize]; + [::std::mem::offset_of!(ArchCPU, enable_lmce) - 25672usize]; ["Offset of field: ArchCPU::enable_l3_cache"] - [::std::mem::offset_of!(ArchCPU, enable_l3_cache) - 25553usize]; + [::std::mem::offset_of!(ArchCPU, enable_l3_cache) - 25673usize]; + ["Offset of field: ArchCPU::l1_cache_per_core"] + [::std::mem::offset_of!(ArchCPU, l1_cache_per_core) - 25674usize]; ["Offset of field: ArchCPU::legacy_cache"] - [::std::mem::offset_of!(ArchCPU, legacy_cache) - 25554usize]; + [::std::mem::offset_of!(ArchCPU, legacy_cache) - 25675usize]; + ["Offset of field: ArchCPU::legacy_multi_node"] + [::std::mem::offset_of!(ArchCPU, legacy_multi_node) - 25676usize]; ["Offset of field: ArchCPU::enable_cpuid_0xb"] - [::std::mem::offset_of!(ArchCPU, enable_cpuid_0xb) - 25555usize]; + [::std::mem::offset_of!(ArchCPU, enable_cpuid_0xb) - 25677usize]; ["Offset of field: ArchCPU::full_cpuid_auto_level"] - [::std::mem::offset_of!(ArchCPU, full_cpuid_auto_level) - 25556usize]; + [::std::mem::offset_of!(ArchCPU, full_cpuid_auto_level) - 25678usize]; ["Offset of field: ArchCPU::vendor_cpuid_only"] - [::std::mem::offset_of!(ArchCPU, vendor_cpuid_only) - 25557usize]; + [::std::mem::offset_of!(ArchCPU, vendor_cpuid_only) - 25679usize]; + ["Offset of field: ArchCPU::amd_topoext_features_only"] + [::std::mem::offset_of!(ArchCPU, amd_topoext_features_only) - 25680usize]; ["Offset of field: ArchCPU::intel_pt_auto_level"] - [::std::mem::offset_of!(ArchCPU, intel_pt_auto_level) - 25558usize]; + [::std::mem::offset_of!(ArchCPU, intel_pt_auto_level) - 25681usize]; ["Offset of field: ArchCPU::fill_mtrr_mask"] - [::std::mem::offset_of!(ArchCPU, fill_mtrr_mask) - 25559usize]; + [::std::mem::offset_of!(ArchCPU, fill_mtrr_mask) - 25682usize]; ["Offset of field: ArchCPU::host_phys_bits"] - [::std::mem::offset_of!(ArchCPU, host_phys_bits) - 25560usize]; + [::std::mem::offset_of!(ArchCPU, host_phys_bits) - 25683usize]; ["Offset of field: ArchCPU::host_phys_bits_limit"] - [::std::mem::offset_of!(ArchCPU, host_phys_bits_limit) - 25561usize]; - ["Offset of field: ArchCPU::kvm_no_smi_migration"] - [::std::mem::offset_of!(ArchCPU, kvm_no_smi_migration) - 25562usize]; + [::std::mem::offset_of!(ArchCPU, host_phys_bits_limit) - 25684usize]; ["Offset of field: ArchCPU::kvm_pv_enforce_cpuid"] - [::std::mem::offset_of!(ArchCPU, kvm_pv_enforce_cpuid) - 25563usize]; + [::std::mem::offset_of!(ArchCPU, kvm_pv_enforce_cpuid) - 25685usize]; ["Offset of field: ArchCPU::phys_bits"] - [::std::mem::offset_of!(ArchCPU, phys_bits) - 25564usize]; + [::std::mem::offset_of!(ArchCPU, phys_bits) - 25688usize]; + ["Offset of field: ArchCPU::guest_phys_bits"] + [::std::mem::offset_of!(ArchCPU, guest_phys_bits) - 25692usize]; ["Offset of field: ArchCPU::apic_state"] - [::std::mem::offset_of!(ArchCPU, apic_state) - 25568usize]; + [::std::mem::offset_of!(ArchCPU, apic_state) - 25696usize]; ["Offset of field: ArchCPU::cpu_as_root"] - [::std::mem::offset_of!(ArchCPU, cpu_as_root) - 25576usize]; + [::std::mem::offset_of!(ArchCPU, cpu_as_root) - 25704usize]; ["Offset of field: ArchCPU::cpu_as_mem"] - [::std::mem::offset_of!(ArchCPU, cpu_as_mem) - 25584usize]; - ["Offset of field: ArchCPU::smram"][::std::mem::offset_of!(ArchCPU, smram) - 25592usize]; + [::std::mem::offset_of!(ArchCPU, cpu_as_mem) - 25712usize]; + ["Offset of field: ArchCPU::smram"][::std::mem::offset_of!(ArchCPU, smram) - 25720usize]; ["Offset of field: ArchCPU::machine_done"] - [::std::mem::offset_of!(ArchCPU, machine_done) - 25600usize]; + [::std::mem::offset_of!(ArchCPU, machine_done) - 25728usize]; ["Offset of field: ArchCPU::kvm_msr_buf"] - [::std::mem::offset_of!(ArchCPU, kvm_msr_buf) - 25624usize]; - ["Offset of field: ArchCPU::node_id"][::std::mem::offset_of!(ArchCPU, node_id) - 25632usize]; + [::std::mem::offset_of!(ArchCPU, kvm_msr_buf) - 25752usize]; + ["Offset of field: ArchCPU::node_id"][::std::mem::offset_of!(ArchCPU, node_id) - 25760usize]; ["Offset of field: ArchCPU::socket_id"] - [::std::mem::offset_of!(ArchCPU, socket_id) - 25636usize]; - ["Offset of field: ArchCPU::die_id"][::std::mem::offset_of!(ArchCPU, die_id) - 25640usize]; - ["Offset of field: ArchCPU::core_id"][::std::mem::offset_of!(ArchCPU, core_id) - 25644usize]; + [::std::mem::offset_of!(ArchCPU, socket_id) - 25764usize]; + ["Offset of field: ArchCPU::die_id"][::std::mem::offset_of!(ArchCPU, die_id) - 25768usize]; + ["Offset of field: ArchCPU::module_id"] + [::std::mem::offset_of!(ArchCPU, module_id) - 25772usize]; + ["Offset of field: ArchCPU::core_id"][::std::mem::offset_of!(ArchCPU, core_id) - 25776usize]; ["Offset of field: ArchCPU::thread_id"] - [::std::mem::offset_of!(ArchCPU, thread_id) - 25648usize]; + [::std::mem::offset_of!(ArchCPU, thread_id) - 25780usize]; ["Offset of field: ArchCPU::hv_max_vps"] - [::std::mem::offset_of!(ArchCPU, hv_max_vps) - 25652usize]; + [::std::mem::offset_of!(ArchCPU, hv_max_vps) - 25784usize]; ["Offset of field: ArchCPU::xen_vapic"] - [::std::mem::offset_of!(ArchCPU, xen_vapic) - 25656usize]; + [::std::mem::offset_of!(ArchCPU, xen_vapic) - 25788usize]; }; impl Default for ArchCPU { fn default() -> Self { @@ -4969,10 +5539,10 @@ impl Default for ArchCPU { } impl ::std::fmt::Debug for ArchCPU { fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write ! (f , "ArchCPU {{ parent_obj: {:?}, env: {:?}, vmsentry: {:?}, hyperv_vendor: {:?}, hyperv_synic_kvm_only: {:?}, hyperv_passthrough: {:?}, hyperv_no_nonarch_cs: {:?}, hyperv_vendor_id: {:?}, hyperv_interface_id: {:?}, hyperv_limits: {:?}, hyperv_enforce_cpuid: {:?}, check_cpuid: {:?}, enforce_cpuid: {:?}, force_features: {:?}, expose_kvm: {:?}, expose_tcg: {:?}, migratable: {:?}, migrate_smi_count: {:?}, max_features: {:?}, vmware_cpuid_freq: {:?}, cache_info_passthrough: {:?}, mwait: {:?}, filtered_features: {:?}, enable_pmu: {:?}, enable_lmce: {:?}, enable_l3_cache: {:?}, legacy_cache: {:?}, enable_cpuid_0xb: {:?}, full_cpuid_auto_level: {:?}, vendor_cpuid_only: {:?}, intel_pt_auto_level: {:?}, fill_mtrr_mask: {:?}, host_phys_bits: {:?}, kvm_no_smi_migration: {:?}, kvm_pv_enforce_cpuid: {:?}, apic_state: {:?}, cpu_as_root: {:?}, cpu_as_mem: {:?}, smram: {:?}, machine_done: {:?}, kvm_msr_buf: {:?}, xen_vapic: {:?} }}" , self . parent_obj , self . env , self . vmsentry , self . hyperv_vendor , self . hyperv_synic_kvm_only , self . hyperv_passthrough , self . hyperv_no_nonarch_cs , self . hyperv_vendor_id , self . hyperv_interface_id , self . hyperv_limits , self . hyperv_enforce_cpuid , self . check_cpuid , self . enforce_cpuid , self . force_features , self . expose_kvm , self . expose_tcg , self . migratable , self . migrate_smi_count , self . max_features , self . vmware_cpuid_freq , self . cache_info_passthrough , self . mwait , self . filtered_features , self . enable_pmu , self . enable_lmce , self . enable_l3_cache , self . legacy_cache , self . enable_cpuid_0xb , self . full_cpuid_auto_level , self . vendor_cpuid_only , self . intel_pt_auto_level , self . fill_mtrr_mask , self . host_phys_bits , self . kvm_no_smi_migration , self . kvm_pv_enforce_cpuid , self . apic_state , self . cpu_as_root , self . cpu_as_mem , self . smram , self . machine_done , self . kvm_msr_buf , self . xen_vapic) + write ! (f , "ArchCPU {{ parent_obj: {:?}, env: {:?}, vmsentry: {:?}, hyperv_vendor: {:?}, hyperv_synic_kvm_only: {:?}, hyperv_passthrough: {:?}, hyperv_no_nonarch_cs: {:?}, hyperv_vendor_id: {:?}, hyperv_interface_id: {:?}, hyperv_limits: {:?}, hyperv_enforce_cpuid: {:?}, check_cpuid: {:?}, enforce_cpuid: {:?}, force_features: {:?}, expose_kvm: {:?}, expose_tcg: {:?}, migratable: {:?}, migrate_smi_count: {:?}, max_features: {:?}, vmware_cpuid_freq: {:?}, cache_info_passthrough: {:?}, mwait: {:?}, filtered_features: {:?}, enable_pmu: {:?}, enable_lmce: {:?}, enable_l3_cache: {:?}, l1_cache_per_core: {:?}, legacy_cache: {:?}, legacy_multi_node: {:?}, enable_cpuid_0xb: {:?}, full_cpuid_auto_level: {:?}, vendor_cpuid_only: {:?}, amd_topoext_features_only: {:?}, intel_pt_auto_level: {:?}, fill_mtrr_mask: {:?}, host_phys_bits: {:?}, kvm_pv_enforce_cpuid: {:?}, apic_state: {:?}, cpu_as_root: {:?}, cpu_as_mem: {:?}, smram: {:?}, machine_done: {:?}, kvm_msr_buf: {:?}, xen_vapic: {:?} }}" , self . parent_obj , self . env , self . vmsentry , self . hyperv_vendor , self . hyperv_synic_kvm_only , self . hyperv_passthrough , self . hyperv_no_nonarch_cs , self . hyperv_vendor_id , self . hyperv_interface_id , self . hyperv_limits , self . hyperv_enforce_cpuid , self . check_cpuid , self . enforce_cpuid , self . force_features , self . expose_kvm , self . expose_tcg , self . migratable , self . migrate_smi_count , self . max_features , self . vmware_cpuid_freq , self . cache_info_passthrough , self . mwait , self . filtered_features , self . enable_pmu , self . enable_lmce , self . enable_l3_cache , self . l1_cache_per_core , self . legacy_cache , self . legacy_multi_node , self . enable_cpuid_0xb , self . full_cpuid_auto_level , self . vendor_cpuid_only , self . amd_topoext_features_only , self . intel_pt_auto_level , self . fill_mtrr_mask , self . host_phys_bits , self . kvm_pv_enforce_cpuid , self . apic_state , self . cpu_as_root , self . cpu_as_mem , self . smram , self . machine_done , self . kvm_msr_buf , self . xen_vapic) } } -extern "C" { +unsafe extern "C" { pub fn cpu_memory_rw_debug( cpu: *mut CPUState, addr: vaddr, @@ -5083,14 +5653,11 @@ impl Default for IntervalTreeNode { pub type IntervalTreeRoot = RBRootLeftCached; pub type abi_ulong = target_ulong; pub type abi_long = target_long; -extern "C" { - pub static mut guest_base: usize; -} -extern "C" { +unsafe extern "C" { #[doc = " --- Begin LibAFL code ---"] pub fn pageflags_get_root() -> *mut IntervalTreeRoot; } -extern "C" { +unsafe extern "C" { #[doc = " page_check_range\n @start: first byte of range\n @len: length of range\n @flags: flags required for each page\n\n Return true if every page in [@start, @start+@len) has @flags set.\n Return false if any page is unmapped. Thus testing flags == 0 is\n equivalent to testing for flags == PAGE_VALID."] pub fn page_check_range( start: target_ulong, @@ -5190,6 +5757,9 @@ impl ::std::ops::BitAndAssign for MemOp { #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] pub struct MemOp(pub ::std::os::raw::c_uint); pub type MemOpIdx = u32; +unsafe extern "C" { + pub static mut guest_base: usize; +} #[repr(C)] #[derive(Debug, Copy, Clone)] pub struct image_info { @@ -5387,20 +5957,20 @@ impl Default for TranslationBlock { } } } -extern "C" { +unsafe extern "C" { pub static mut exec_path: *mut ::std::os::raw::c_char; } -extern "C" { +unsafe extern "C" { pub static mut mmap_next_start: abi_ulong; } -extern "C" { +unsafe extern "C" { pub fn target_mprotect( start: abi_ulong, len: abi_ulong, prot: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn target_mmap( start: abi_ulong, len: abi_ulong, @@ -5410,32 +5980,44 @@ extern "C" { offset: off_t, ) -> abi_long; } -extern "C" { +unsafe extern "C" { pub fn target_munmap(start: abi_ulong, len: abi_ulong) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { #[doc = " read_self_maps:\n\n Read /proc/self/maps and return a tree of MapInfo structures."] pub fn read_self_maps() -> *mut IntervalTreeRoot; } -extern "C" { +unsafe extern "C" { #[doc = " free_self_maps:\n @info: an interval tree\n\n Free a tree of MapInfo structures."] pub fn free_self_maps(root: *mut IntervalTreeRoot); } -extern "C" { - pub fn libafl_qemu_set_breakpoint(pc: target_ulong) -> ::std::os::raw::c_int; -} -extern "C" { - pub fn libafl_qemu_remove_breakpoint(pc: target_ulong) -> ::std::os::raw::c_int; -} -extern "C" { - pub fn libafl_qemu_trigger_breakpoint(cpu: *mut CPUState); +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_breakpoint { + pub addr: target_ulong, + pub next: *mut libafl_breakpoint, } -extern "C" { - pub fn libafl_qemu_breakpoint_run(pc_next: vaddr); +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_breakpoint"][::std::mem::size_of::() - 16usize]; + ["Alignment of libafl_breakpoint"][::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_breakpoint::addr"] + [::std::mem::offset_of!(libafl_breakpoint, addr) - 0usize]; + ["Offset of field: libafl_breakpoint::next"] + [::std::mem::offset_of!(libafl_breakpoint, next) - 8usize]; +}; +impl Default for libafl_breakpoint { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } } pub const libafl_exit_reason_kind_INTERNAL: libafl_exit_reason_kind = libafl_exit_reason_kind(0); pub const libafl_exit_reason_kind_BREAKPOINT: libafl_exit_reason_kind = libafl_exit_reason_kind(1); -pub const libafl_exit_reason_kind_SYNC_EXIT: libafl_exit_reason_kind = libafl_exit_reason_kind(2); +pub const libafl_exit_reason_kind_CUSTOM_INSN: libafl_exit_reason_kind = libafl_exit_reason_kind(2); pub const libafl_exit_reason_kind_TIMEOUT: libafl_exit_reason_kind = libafl_exit_reason_kind(3); impl ::std::ops::BitOr for libafl_exit_reason_kind { type Output = Self; @@ -5466,6 +6048,41 @@ impl ::std::ops::BitAndAssign for libafl_exit_reason_kind { #[repr(transparent)] #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] pub struct libafl_exit_reason_kind(pub ::std::os::raw::c_uint); +pub const libafl_custom_insn_kind_LIBAFL_CUSTOM_INSN_UNDEFINED: libafl_custom_insn_kind = + libafl_custom_insn_kind(0); +pub const libafl_custom_insn_kind_LIBAFL_CUSTOM_INSN_LIBAFL: libafl_custom_insn_kind = + libafl_custom_insn_kind(1); +pub const libafl_custom_insn_kind_LIBAFL_CUSTOM_INSN_NYX: libafl_custom_insn_kind = + libafl_custom_insn_kind(2); +impl ::std::ops::BitOr for libafl_custom_insn_kind { + type Output = Self; + #[inline] + fn bitor(self, other: Self) -> Self { + libafl_custom_insn_kind(self.0 | other.0) + } +} +impl ::std::ops::BitOrAssign for libafl_custom_insn_kind { + #[inline] + fn bitor_assign(&mut self, rhs: libafl_custom_insn_kind) { + self.0 |= rhs.0; + } +} +impl ::std::ops::BitAnd for libafl_custom_insn_kind { + type Output = Self; + #[inline] + fn bitand(self, other: Self) -> Self { + libafl_custom_insn_kind(self.0 & other.0) + } +} +impl ::std::ops::BitAndAssign for libafl_custom_insn_kind { + #[inline] + fn bitand_assign(&mut self, rhs: libafl_custom_insn_kind) { + self.0 &= rhs.0; + } +} +#[repr(transparent)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub struct libafl_custom_insn_kind(pub ::std::os::raw::c_uint); #[repr(C)] #[derive(Debug, Copy, Clone)] pub struct libafl_exit_reason_internal { @@ -5507,15 +6124,28 @@ const _: () = { [::std::mem::offset_of!(libafl_exit_reason_breakpoint, addr) - 0usize]; }; #[repr(C)] -#[derive(Debug, Default, Copy, Clone)] -pub struct libafl_exit_reason_sync_exit {} +#[derive(Debug, Copy, Clone)] +pub struct libafl_exit_reason_custom_insn { + pub kind: libafl_custom_insn_kind, +} #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { - ["Size of libafl_exit_reason_sync_exit"] - [::std::mem::size_of::() - 0usize]; - ["Alignment of libafl_exit_reason_sync_exit"] - [::std::mem::align_of::() - 1usize]; + ["Size of libafl_exit_reason_custom_insn"] + [::std::mem::size_of::() - 4usize]; + ["Alignment of libafl_exit_reason_custom_insn"] + [::std::mem::align_of::() - 4usize]; + ["Offset of field: libafl_exit_reason_custom_insn::kind"] + [::std::mem::offset_of!(libafl_exit_reason_custom_insn, kind) - 0usize]; }; +impl Default for libafl_exit_reason_custom_insn { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} #[repr(C)] #[derive(Debug, Default, Copy, Clone)] pub struct libafl_exit_reason_timeout {} @@ -5539,7 +6169,7 @@ pub struct libafl_exit_reason { pub union libafl_exit_reason__bindgen_ty_1 { pub internal: libafl_exit_reason_internal, pub breakpoint: libafl_exit_reason_breakpoint, - pub sync_exit: libafl_exit_reason_sync_exit, + pub custom_insn: libafl_exit_reason_custom_insn, pub timeout: libafl_exit_reason_timeout, } #[allow(clippy::unnecessary_operation, clippy::identity_op)] @@ -5552,8 +6182,8 @@ const _: () = { [::std::mem::offset_of!(libafl_exit_reason__bindgen_ty_1, internal) - 0usize]; ["Offset of field: libafl_exit_reason__bindgen_ty_1::breakpoint"] [::std::mem::offset_of!(libafl_exit_reason__bindgen_ty_1, breakpoint) - 0usize]; - ["Offset of field: libafl_exit_reason__bindgen_ty_1::sync_exit"] - [::std::mem::offset_of!(libafl_exit_reason__bindgen_ty_1, sync_exit) - 0usize]; + ["Offset of field: libafl_exit_reason__bindgen_ty_1::custom_insn"] + [::std::mem::offset_of!(libafl_exit_reason__bindgen_ty_1, custom_insn) - 0usize]; ["Offset of field: libafl_exit_reason__bindgen_ty_1::timeout"] [::std::mem::offset_of!(libafl_exit_reason__bindgen_ty_1, timeout) - 0usize]; }; @@ -5602,19 +6232,31 @@ impl ::std::fmt::Debug for libafl_exit_reason { ) } } -extern "C" { +unsafe extern "C" { + pub fn libafl_qemu_set_breakpoint(pc: target_ulong) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn libafl_qemu_remove_breakpoint(pc: target_ulong) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn libafl_qemu_trigger_breakpoint(cpu: *mut CPUState); +} +unsafe extern "C" { + pub fn libafl_qemu_breakpoint_run(pc_next: vaddr); +} +unsafe extern "C" { pub fn libafl_last_exit_cpu() -> *mut CPUState; } -extern "C" { +unsafe extern "C" { pub fn libafl_exit_signal_vm_start(); } -extern "C" { +unsafe extern "C" { pub fn libafl_exit_asap() -> bool; } -extern "C" { +unsafe extern "C" { pub fn libafl_sync_exit_cpu(); } -extern "C" { +unsafe extern "C" { pub fn libafl_exit_request_internal( cpu: *mut CPUState, pc: u64, @@ -5622,13 +6264,17 @@ extern "C" { signal: ::std::os::raw::c_int, ); } -extern "C" { +unsafe extern "C" { pub fn libafl_exit_request_breakpoint(cpu: *mut CPUState, pc: target_ulong); } -extern "C" { - pub fn libafl_exit_request_sync_backdoor(cpu: *mut CPUState, pc: target_ulong); +unsafe extern "C" { + pub fn libafl_exit_request_custom_insn( + cpu: *mut CPUState, + pc: target_ulong, + kind: libafl_custom_insn_kind, + ); } -extern "C" { +unsafe extern "C" { pub fn libafl_get_exit_reason() -> *mut libafl_exit_reason; } #[repr(C)] @@ -5669,49 +6315,49 @@ impl Default for libafl_mapinfo { } } } -extern "C" { +unsafe extern "C" { pub static mut libafl_dump_core_hook: ::std::option::Option; } -extern "C" { +unsafe extern "C" { pub static mut libafl_force_dfl: ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_dump_core_exec(signal: ::std::os::raw::c_int); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_handle_crash( host_sig: ::std::os::raw::c_int, info: *mut siginfo_t, puc: *mut ::std::os::raw::c_void, ); } -extern "C" { +unsafe extern "C" { pub fn libafl_maps_first(map_info: *mut IntervalTreeRoot) -> *mut IntervalTreeNode; } -extern "C" { +unsafe extern "C" { pub fn libafl_maps_next( pageflags_maps_node: *mut IntervalTreeNode, proc_maps_node: *mut IntervalTreeRoot, ret: *mut libafl_mapinfo, ) -> *mut IntervalTreeNode; } -extern "C" { +unsafe extern "C" { pub fn libafl_load_addr() -> u64; } -extern "C" { +unsafe extern "C" { pub fn libafl_get_image_info() -> *mut image_info; } -extern "C" { - pub fn libafl_get_brk() -> u64; -} -extern "C" { +unsafe extern "C" { pub fn libafl_get_initial_brk() -> u64; } -extern "C" { +unsafe extern "C" { + pub fn libafl_get_brk() -> u64; +} +unsafe extern "C" { pub fn libafl_set_brk(new_brk: u64) -> u64; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_init(argc: ::std::os::raw::c_int, argv: *mut *mut ::std::os::raw::c_char); } #[repr(C)] @@ -5780,14 +6426,14 @@ impl ::std::ops::BitAndAssign for qemu_plugin_mem_rw { pub struct qemu_plugin_mem_rw(pub ::std::os::raw::c_uint); #[doc = " typedef qemu_plugin_meminfo_t - opaque memory transaction handle\n\n This can be further queried using the qemu_plugin_mem_* query\n functions."] pub type qemu_plugin_meminfo_t = u32; -extern "C" { +unsafe extern "C" { #[doc = " qemu_plugin_get_hwaddr() - return handle for memory operation\n @info: opaque memory info structure\n @vaddr: the virtual address of the memory operation\n\n For system emulation returns a qemu_plugin_hwaddr handle to query\n details about the actual physical address backing the virtual\n address. For linux-user guests it just returns NULL.\n\n This handle is *only* valid for the duration of the callback. Any\n information about the handle should be recovered before the\n callback returns."] pub fn qemu_plugin_get_hwaddr( info: qemu_plugin_meminfo_t, vaddr: u64, ) -> *mut qemu_plugin_hwaddr; } -extern "C" { +unsafe extern "C" { #[doc = " qemu_plugin_hwaddr_phys_addr() - query physical address for memory operation\n @haddr: address handle from qemu_plugin_get_hwaddr()\n\n Returns the physical address associated with the memory operation\n\n Note that the returned physical address may not be unique if you are dealing\n with multiple address spaces."] pub fn qemu_plugin_hwaddr_phys_addr(haddr: *const qemu_plugin_hwaddr) -> u64; } @@ -6030,6 +6676,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn reg_raw(this: *const Self) -> TCGReg { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 0usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_reg_raw(this: *mut Self, val: TCGReg) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 0usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn val_type(&self) -> TCGTempVal { unsafe { ::std::mem::transmute(self._bitfield_1.get(8usize, 8u8) as u32) } } @@ -6041,6 +6709,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn val_type_raw(this: *const Self) -> TCGTempVal { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 8usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_val_type_raw(this: *mut Self, val: TCGTempVal) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 8usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn base_type(&self) -> TCGType { unsafe { ::std::mem::transmute(self._bitfield_1.get(16usize, 8u8) as u32) } } @@ -6052,6 +6742,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn base_type_raw(this: *const Self) -> TCGType { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 16usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_base_type_raw(this: *mut Self, val: TCGType) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 16usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn type_(&self) -> TCGType { unsafe { ::std::mem::transmute(self._bitfield_1.get(24usize, 8u8) as u32) } } @@ -6063,6 +6775,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn type__raw(this: *const Self) -> TCGType { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 24usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_type_raw(this: *mut Self, val: TCGType) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 24usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn kind(&self) -> TCGTempKind { unsafe { ::std::mem::transmute(self._bitfield_1.get(32usize, 3u8) as u32) } } @@ -6074,6 +6808,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn kind_raw(this: *const Self) -> TCGTempKind { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 32usize, + 3u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_kind_raw(this: *mut Self, val: TCGTempKind) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 32usize, + 3u8, + val as u64, + ) + } + } + #[inline] pub fn indirect_reg(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(35usize, 1u8) as u32) } } @@ -6085,6 +6841,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn indirect_reg_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 35usize, + 1u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_indirect_reg_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 35usize, + 1u8, + val as u64, + ) + } + } + #[inline] pub fn indirect_base(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(36usize, 1u8) as u32) } } @@ -6096,6 +6874,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn indirect_base_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 36usize, + 1u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_indirect_base_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 36usize, + 1u8, + val as u64, + ) + } + } + #[inline] pub fn mem_coherent(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(37usize, 1u8) as u32) } } @@ -6107,6 +6907,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn mem_coherent_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 37usize, + 1u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_mem_coherent_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 37usize, + 1u8, + val as u64, + ) + } + } + #[inline] pub fn mem_allocated(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(38usize, 1u8) as u32) } } @@ -6118,6 +6940,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn mem_allocated_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 38usize, + 1u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_mem_allocated_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 38usize, + 1u8, + val as u64, + ) + } + } + #[inline] pub fn temp_allocated(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(39usize, 1u8) as u32) } } @@ -6129,6 +6973,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn temp_allocated_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 39usize, + 1u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_temp_allocated_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 39usize, + 1u8, + val as u64, + ) + } + } + #[inline] pub fn temp_subindex(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(40usize, 2u8) as u32) } } @@ -6140,6 +7006,28 @@ impl TCGTemp { } } #[inline] + pub unsafe fn temp_subindex_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 6usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 40usize, + 2u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_temp_subindex_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 6usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 40usize, + 2u8, + val as u64, + ) + } + } + #[inline] pub fn new_bitfield_1( reg: TCGReg, val_type: TCGTempVal, @@ -6296,10 +7184,32 @@ impl TCGCallArgumentLoc { unsafe { ::std::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } } #[inline] - pub fn set_kind(&mut self, val: TCGCallArgumentKind) { + pub fn set_kind(&mut self, val: TCGCallArgumentKind) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub unsafe fn kind_raw(this: *const Self) -> TCGCallArgumentKind { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 4usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 0usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_kind_raw(this: *mut Self, val: TCGCallArgumentKind) { unsafe { let val: u32 = ::std::mem::transmute(val); - self._bitfield_1.set(0usize, 8u8, val as u64) + <__BindgenBitfieldUnit<[u8; 4usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 0usize, + 8u8, + val as u64, + ) } } #[inline] @@ -6314,6 +7224,28 @@ impl TCGCallArgumentLoc { } } #[inline] + pub unsafe fn arg_slot_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 4usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 8usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_arg_slot_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 4usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 8usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn ref_slot(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(16usize, 8u8) as u32) } } @@ -6325,6 +7257,28 @@ impl TCGCallArgumentLoc { } } #[inline] + pub unsafe fn ref_slot_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 4usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 16usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_ref_slot_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 4usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 16usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn arg_idx(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(24usize, 4u8) as u32) } } @@ -6336,6 +7290,28 @@ impl TCGCallArgumentLoc { } } #[inline] + pub unsafe fn arg_idx_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 4usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 24usize, + 4u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_arg_idx_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 4usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 24usize, + 4u8, + val as u64, + ) + } + } + #[inline] pub fn tmp_subindex(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(28usize, 2u8) as u32) } } @@ -6347,6 +7323,28 @@ impl TCGCallArgumentLoc { } } #[inline] + pub unsafe fn tmp_subindex_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 4usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 28usize, + 2u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_tmp_subindex_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 4usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 28usize, + 2u8, + val as u64, + ) + } + } + #[inline] pub fn new_bitfield_1( kind: TCGCallArgumentKind, arg_slot: ::std::os::raw::c_uint, @@ -6419,6 +7417,28 @@ impl TCGHelperInfo { } } #[inline] + pub unsafe fn typemask_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 8usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 0usize, + 32u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_typemask_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 8usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 0usize, + 32u8, + val as u64, + ) + } + } + #[inline] pub fn flags(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(32usize, 8u8) as u32) } } @@ -6430,6 +7450,28 @@ impl TCGHelperInfo { } } #[inline] + pub unsafe fn flags_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 8usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 32usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_flags_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 8usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 32usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn nr_in(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(40usize, 8u8) as u32) } } @@ -6441,6 +7483,28 @@ impl TCGHelperInfo { } } #[inline] + pub unsafe fn nr_in_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 8usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 40usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_nr_in_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 8usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 40usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn nr_out(&self) -> ::std::os::raw::c_uint { unsafe { ::std::mem::transmute(self._bitfield_1.get(48usize, 8u8) as u32) } } @@ -6452,6 +7516,28 @@ impl TCGHelperInfo { } } #[inline] + pub unsafe fn nr_out_raw(this: *const Self) -> ::std::os::raw::c_uint { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 8usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 48usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_nr_out_raw(this: *mut Self, val: ::std::os::raw::c_uint) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 8usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 48usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn out_kind(&self) -> TCGCallReturnKind { unsafe { ::std::mem::transmute(self._bitfield_1.get(56usize, 8u8) as u32) } } @@ -6463,6 +7549,28 @@ impl TCGHelperInfo { } } #[inline] + pub unsafe fn out_kind_raw(this: *const Self) -> TCGCallReturnKind { + unsafe { + ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 8usize]>>::raw_get( + ::std::ptr::addr_of!((*this)._bitfield_1), + 56usize, + 8u8, + ) as u32) + } + } + #[inline] + pub unsafe fn set_out_kind_raw(this: *mut Self, val: TCGCallReturnKind) { + unsafe { + let val: u32 = ::std::mem::transmute(val); + <__BindgenBitfieldUnit<[u8; 8usize]>>::raw_set( + ::std::ptr::addr_of_mut!((*this)._bitfield_1), + 56usize, + 8u8, + val as u64, + ) + } + } + #[inline] pub fn new_bitfield_1( typemask: ::std::os::raw::c_uint, flags: ::std::os::raw::c_uint, @@ -6526,7 +7634,7 @@ impl Default for qemu_plugin_hwaddr { } } } -extern "C" { +unsafe extern "C" { #[doc = " tlb_plugin_lookup: query last TLB lookup\n @cpu: cpu environment\n\n This function can be used directly after a memory operation to\n query information about the access. It is used by the plugin\n infrastructure to expose more information about the address.\n\n It would only fail if not called from an instrumented memory access\n which would be an abuse of the API."] pub fn tlb_plugin_lookup( cpu: *mut CPUState, @@ -6536,54 +7644,84 @@ extern "C" { data: *mut qemu_plugin_hwaddr, ) -> bool; } -extern "C" { +unsafe extern "C" { pub fn libafl_page_from_addr(addr: target_ulong) -> target_ulong; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_get_cpu(cpu_index: ::std::os::raw::c_int) -> *mut CPUState; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_num_cpus() -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_current_cpu() -> *mut CPUState; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_cpu_index(arg1: *mut CPUState) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_write_reg( cpu: *mut CPUState, reg: ::std::os::raw::c_int, val: *mut u8, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_read_reg( cpu: *mut CPUState, reg: ::std::os::raw::c_int, val: *mut u8, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_num_regs(cpu: *mut CPUState) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_flush_jit(); } -extern "C" { +unsafe extern "C" { pub fn libafl_breakpoint_invalidate(cpu: *mut CPUState, pc: target_ulong); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_main() -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_run() -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_set_qemu_env(env: *mut CPUArchState); } -extern "C" { +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_custom_gdb_cmd { + pub callback: ::std::option::Option< + unsafe extern "C" fn(arg1: *mut ::std::os::raw::c_void, arg2: *mut u8, arg3: usize) -> bool, + >, + pub data: *mut ::std::os::raw::c_void, + pub next: *mut libafl_custom_gdb_cmd, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_custom_gdb_cmd"][::std::mem::size_of::() - 24usize]; + ["Alignment of libafl_custom_gdb_cmd"] + [::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_custom_gdb_cmd::callback"] + [::std::mem::offset_of!(libafl_custom_gdb_cmd, callback) - 0usize]; + ["Offset of field: libafl_custom_gdb_cmd::data"] + [::std::mem::offset_of!(libafl_custom_gdb_cmd, data) - 8usize]; + ["Offset of field: libafl_custom_gdb_cmd::next"] + [::std::mem::offset_of!(libafl_custom_gdb_cmd, next) - 16usize]; +}; +impl Default for libafl_custom_gdb_cmd { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +unsafe extern "C" { pub fn libafl_qemu_add_gdb_cmd( callback: ::std::option::Option< unsafe extern "C" fn( @@ -6595,34 +7733,69 @@ extern "C" { data: *mut ::std::os::raw::c_void, ); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_gdb_reply(buf: *const u8, len: usize); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_gdb_exec() -> bool; } -extern "C" { +unsafe extern "C" { pub fn libafl_jit_trace_edge_hitcount(data: u64, id: u64) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_jit_trace_edge_single(data: u64, id: u64) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_jit_trace_block_hitcount(data: u64, id: u64) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_jit_trace_block_single(data: u64, id: u64) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_host_page_size() -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_tcg_gen_asan(addr: *mut TCGTemp, size: usize); } -extern "C" { +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_backdoor_hook { + pub gen: ::std::option::Option< + unsafe extern "C" fn(data: u64, cpu: *mut CPUArchState, pc: target_ulong), + >, + pub data: u64, + pub num: usize, + pub helper_info: TCGHelperInfo, + pub next: *mut libafl_backdoor_hook, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_backdoor_hook"][::std::mem::size_of::() - 120usize]; + ["Alignment of libafl_backdoor_hook"][::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_backdoor_hook::gen"] + [::std::mem::offset_of!(libafl_backdoor_hook, gen) - 0usize]; + ["Offset of field: libafl_backdoor_hook::data"] + [::std::mem::offset_of!(libafl_backdoor_hook, data) - 8usize]; + ["Offset of field: libafl_backdoor_hook::num"] + [::std::mem::offset_of!(libafl_backdoor_hook, num) - 16usize]; + ["Offset of field: libafl_backdoor_hook::helper_info"] + [::std::mem::offset_of!(libafl_backdoor_hook, helper_info) - 24usize]; + ["Offset of field: libafl_backdoor_hook::next"] + [::std::mem::offset_of!(libafl_backdoor_hook, next) - 112usize]; +}; +impl Default for libafl_backdoor_hook { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +unsafe extern "C" { pub fn libafl_gen_backdoor(pc: target_ulong); } -extern "C" { +unsafe extern "C" { pub fn libafl_add_backdoor_hook( exec: ::std::option::Option< unsafe extern "C" fn(data: u64, cpu: *mut CPUArchState, pc: target_ulong), @@ -6630,34 +7803,75 @@ extern "C" { data: u64, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_backdoor_hook( num: usize, invalidate: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_hook_backdoor_run(pc_next: vaddr); } -extern "C" { +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_block_hook { + pub gen: ::std::option::Option u64>, + pub post_gen: ::std::option::Option< + unsafe extern "C" fn(data: u64, pc: target_ulong, block_length: target_ulong), + >, + pub jit: ::std::option::Option usize>, + pub data: u64, + pub num: usize, + pub helper_info: TCGHelperInfo, + pub next: *mut libafl_block_hook, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_block_hook"][::std::mem::size_of::() - 136usize]; + ["Alignment of libafl_block_hook"][::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_block_hook::gen"] + [::std::mem::offset_of!(libafl_block_hook, gen) - 0usize]; + ["Offset of field: libafl_block_hook::post_gen"] + [::std::mem::offset_of!(libafl_block_hook, post_gen) - 8usize]; + ["Offset of field: libafl_block_hook::jit"] + [::std::mem::offset_of!(libafl_block_hook, jit) - 16usize]; + ["Offset of field: libafl_block_hook::data"] + [::std::mem::offset_of!(libafl_block_hook, data) - 24usize]; + ["Offset of field: libafl_block_hook::num"] + [::std::mem::offset_of!(libafl_block_hook, num) - 32usize]; + ["Offset of field: libafl_block_hook::helper_info"] + [::std::mem::offset_of!(libafl_block_hook, helper_info) - 40usize]; + ["Offset of field: libafl_block_hook::next"] + [::std::mem::offset_of!(libafl_block_hook, next) - 128usize]; +}; +impl Default for libafl_block_hook { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +unsafe extern "C" { pub fn libafl_qemu_hook_block_post_gen(tb: *mut TranslationBlock, pc: vaddr); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_hook_block_run(pc: target_ulong); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_block_hook_set_jit( num: usize, jit: ::std::option::Option usize>, ) -> bool; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_block_hook( num: usize, invalidate: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_add_block_hook( gen: ::std::option::Option u64>, post_gen: ::std::option::Option< @@ -6667,10 +7881,54 @@ extern "C" { data: u64, ) -> usize; } -extern "C" { +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_cmp_hook { + pub gen: ::std::option::Option< + unsafe extern "C" fn(data: u64, pc: target_ulong, size: usize) -> u64, + >, + pub data: u64, + pub num: usize, + pub helper_info1: TCGHelperInfo, + pub helper_info2: TCGHelperInfo, + pub helper_info4: TCGHelperInfo, + pub helper_info8: TCGHelperInfo, + pub next: *mut libafl_cmp_hook, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_cmp_hook"][::std::mem::size_of::() - 384usize]; + ["Alignment of libafl_cmp_hook"][::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_cmp_hook::gen"] + [::std::mem::offset_of!(libafl_cmp_hook, gen) - 0usize]; + ["Offset of field: libafl_cmp_hook::data"] + [::std::mem::offset_of!(libafl_cmp_hook, data) - 8usize]; + ["Offset of field: libafl_cmp_hook::num"] + [::std::mem::offset_of!(libafl_cmp_hook, num) - 16usize]; + ["Offset of field: libafl_cmp_hook::helper_info1"] + [::std::mem::offset_of!(libafl_cmp_hook, helper_info1) - 24usize]; + ["Offset of field: libafl_cmp_hook::helper_info2"] + [::std::mem::offset_of!(libafl_cmp_hook, helper_info2) - 112usize]; + ["Offset of field: libafl_cmp_hook::helper_info4"] + [::std::mem::offset_of!(libafl_cmp_hook, helper_info4) - 200usize]; + ["Offset of field: libafl_cmp_hook::helper_info8"] + [::std::mem::offset_of!(libafl_cmp_hook, helper_info8) - 288usize]; + ["Offset of field: libafl_cmp_hook::next"] + [::std::mem::offset_of!(libafl_cmp_hook, next) - 376usize]; +}; +impl Default for libafl_cmp_hook { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +unsafe extern "C" { pub fn libafl_gen_cmp(pc: target_ulong, op0: TCGv, op1: TCGv, ot: MemOp); } -extern "C" { +unsafe extern "C" { pub fn libafl_add_cmp_hook( gen: ::std::option::Option< unsafe extern "C" fn(data: u64, pc: target_ulong, size: usize) -> u64, @@ -6682,13 +7940,54 @@ extern "C" { data: u64, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_cmp_hook( num: usize, invalidate: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } -extern "C" { +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_edge_hook { + pub gen: ::std::option::Option< + unsafe extern "C" fn(data: u64, src: target_ulong, dst: target_ulong) -> u64, + >, + pub jit: ::std::option::Option usize>, + pub data: u64, + pub num: usize, + pub cur_id: u64, + pub helper_info: TCGHelperInfo, + pub next: *mut libafl_edge_hook, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_edge_hook"][::std::mem::size_of::() - 136usize]; + ["Alignment of libafl_edge_hook"][::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_edge_hook::gen"] + [::std::mem::offset_of!(libafl_edge_hook, gen) - 0usize]; + ["Offset of field: libafl_edge_hook::jit"] + [::std::mem::offset_of!(libafl_edge_hook, jit) - 8usize]; + ["Offset of field: libafl_edge_hook::data"] + [::std::mem::offset_of!(libafl_edge_hook, data) - 16usize]; + ["Offset of field: libafl_edge_hook::num"] + [::std::mem::offset_of!(libafl_edge_hook, num) - 24usize]; + ["Offset of field: libafl_edge_hook::cur_id"] + [::std::mem::offset_of!(libafl_edge_hook, cur_id) - 32usize]; + ["Offset of field: libafl_edge_hook::helper_info"] + [::std::mem::offset_of!(libafl_edge_hook, helper_info) - 40usize]; + ["Offset of field: libafl_edge_hook::next"] + [::std::mem::offset_of!(libafl_edge_hook, next) - 128usize]; +}; +impl Default for libafl_edge_hook { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +unsafe extern "C" { pub fn libafl_gen_edge( cpu: *mut CPUState, src_block: target_ulong, @@ -6699,7 +7998,7 @@ extern "C" { cflags: ::std::os::raw::c_int, ) -> *mut TranslationBlock; } -extern "C" { +unsafe extern "C" { pub fn libafl_add_edge_hook( gen: ::std::option::Option< unsafe extern "C" fn(data: u64, src: target_ulong, dst: target_ulong) -> u64, @@ -6708,22 +8007,22 @@ extern "C" { data: u64, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_edge_hook_set_jit( num: usize, jit: ::std::option::Option usize>, ) -> bool; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_edge_hook( num: usize, invalidate: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_hook_edge_gen(src_block: target_ulong, dst_block: target_ulong) -> bool; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_hook_edge_run(); } #[repr(C)] @@ -6761,7 +8060,7 @@ impl Default for libafl_instruction_hook { } } } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_add_instruction_hooks( pc: target_ulong, callback: ::std::option::Option, @@ -6769,31 +8068,76 @@ extern "C" { invalidate: ::std::os::raw::c_int, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_instruction_hook( num: usize, invalidate: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_instruction_hooks_at( addr: target_ulong, invalidate: ::std::os::raw::c_int, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_search_instruction_hook(addr: target_ulong) -> *mut libafl_instruction_hook; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_hook_instruction_run(pc_next: vaddr); } -extern "C" { +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_rw_hook { + pub gen: ::std::option::Option< + unsafe extern "C" fn(data: u64, pc: target_ulong, addr: *mut TCGTemp, oi: MemOpIdx) -> u64, + >, + pub data: u64, + pub num: usize, + pub helper_info1: TCGHelperInfo, + pub helper_info2: TCGHelperInfo, + pub helper_info4: TCGHelperInfo, + pub helper_info8: TCGHelperInfo, + pub helper_infoN: TCGHelperInfo, + pub next: *mut libafl_rw_hook, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_rw_hook"][::std::mem::size_of::() - 472usize]; + ["Alignment of libafl_rw_hook"][::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_rw_hook::gen"][::std::mem::offset_of!(libafl_rw_hook, gen) - 0usize]; + ["Offset of field: libafl_rw_hook::data"] + [::std::mem::offset_of!(libafl_rw_hook, data) - 8usize]; + ["Offset of field: libafl_rw_hook::num"][::std::mem::offset_of!(libafl_rw_hook, num) - 16usize]; + ["Offset of field: libafl_rw_hook::helper_info1"] + [::std::mem::offset_of!(libafl_rw_hook, helper_info1) - 24usize]; + ["Offset of field: libafl_rw_hook::helper_info2"] + [::std::mem::offset_of!(libafl_rw_hook, helper_info2) - 112usize]; + ["Offset of field: libafl_rw_hook::helper_info4"] + [::std::mem::offset_of!(libafl_rw_hook, helper_info4) - 200usize]; + ["Offset of field: libafl_rw_hook::helper_info8"] + [::std::mem::offset_of!(libafl_rw_hook, helper_info8) - 288usize]; + ["Offset of field: libafl_rw_hook::helper_infoN"] + [::std::mem::offset_of!(libafl_rw_hook, helper_infoN) - 376usize]; + ["Offset of field: libafl_rw_hook::next"] + [::std::mem::offset_of!(libafl_rw_hook, next) - 464usize]; +}; +impl Default for libafl_rw_hook { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +unsafe extern "C" { pub fn libafl_gen_read(addr: *mut TCGTemp, oi: MemOpIdx); } -extern "C" { +unsafe extern "C" { pub fn libafl_gen_write(addr: *mut TCGTemp, oi: MemOpIdx); } -extern "C" { +unsafe extern "C" { pub fn libafl_add_read_hook( gen: ::std::option::Option< unsafe extern "C" fn( @@ -6813,7 +8157,7 @@ extern "C" { data: u64, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_add_write_hook( gen: ::std::option::Option< unsafe extern "C" fn( @@ -6833,13 +8177,13 @@ extern "C" { data: u64, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_read_hook( num: usize, invalidate: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_write_hook( num: usize, invalidate: ::std::os::raw::c_int, @@ -6847,26 +8191,92 @@ extern "C" { } pub type libafl_cpu_run_fn = ::std::option::Option; -extern "C" { +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_cpu_run_hook { + pub pre_cpu_run: libafl_cpu_run_fn, + pub post_cpu_run: libafl_cpu_run_fn, + pub data: u64, + pub num: usize, + pub next: *mut libafl_cpu_run_hook, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_cpu_run_hook"][::std::mem::size_of::() - 40usize]; + ["Alignment of libafl_cpu_run_hook"][::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_cpu_run_hook::pre_cpu_run"] + [::std::mem::offset_of!(libafl_cpu_run_hook, pre_cpu_run) - 0usize]; + ["Offset of field: libafl_cpu_run_hook::post_cpu_run"] + [::std::mem::offset_of!(libafl_cpu_run_hook, post_cpu_run) - 8usize]; + ["Offset of field: libafl_cpu_run_hook::data"] + [::std::mem::offset_of!(libafl_cpu_run_hook, data) - 16usize]; + ["Offset of field: libafl_cpu_run_hook::num"] + [::std::mem::offset_of!(libafl_cpu_run_hook, num) - 24usize]; + ["Offset of field: libafl_cpu_run_hook::next"] + [::std::mem::offset_of!(libafl_cpu_run_hook, next) - 32usize]; +}; +impl Default for libafl_cpu_run_hook { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +unsafe extern "C" { pub fn libafl_hook_cpu_run_add( pre_cpu_run: libafl_cpu_run_fn, post_cpu_run: libafl_cpu_run_fn, data: u64, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_hook_cpu_run_remove(num: usize) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_cpu_run_hook(num: usize) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_hook_cpu_run_pre_exec(cpu: *mut CPUState); } -extern "C" { +unsafe extern "C" { pub fn libafl_hook_cpu_run_post_exec(cpu: *mut CPUState); } -extern "C" { +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_new_thread_hook { + pub callback: ::std::option::Option< + unsafe extern "C" fn(data: u64, cpu: *mut CPUArchState, tid: u32) -> bool, + >, + pub data: u64, + pub num: usize, + pub next: *mut libafl_new_thread_hook, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_new_thread_hook"][::std::mem::size_of::() - 32usize]; + ["Alignment of libafl_new_thread_hook"] + [::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_new_thread_hook::callback"] + [::std::mem::offset_of!(libafl_new_thread_hook, callback) - 0usize]; + ["Offset of field: libafl_new_thread_hook::data"] + [::std::mem::offset_of!(libafl_new_thread_hook, data) - 8usize]; + ["Offset of field: libafl_new_thread_hook::num"] + [::std::mem::offset_of!(libafl_new_thread_hook, num) - 16usize]; + ["Offset of field: libafl_new_thread_hook::next"] + [::std::mem::offset_of!(libafl_new_thread_hook, next) - 24usize]; +}; +impl Default for libafl_new_thread_hook { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +unsafe extern "C" { pub fn libafl_add_new_thread_hook( callback: ::std::option::Option< unsafe extern "C" fn(data: u64, env: *mut CPUArchState, tid: u32) -> bool, @@ -6874,10 +8284,10 @@ extern "C" { data: u64, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_new_thread_hook(num: usize) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_hook_new_thread_run(env: *mut CPUArchState, tid: u32) -> bool; } #[repr(C)] @@ -6894,7 +8304,97 @@ const _: () = { ["Offset of field: syshook_ret::skip_syscall"] [::std::mem::offset_of!(syshook_ret, skip_syscall) - 8usize]; }; -extern "C" { +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_pre_syscall_hook { + pub callback: ::std::option::Option< + unsafe extern "C" fn( + data: u64, + sys_num: ::std::os::raw::c_int, + arg0: target_ulong, + arg1: target_ulong, + arg2: target_ulong, + arg3: target_ulong, + arg4: target_ulong, + arg5: target_ulong, + arg6: target_ulong, + arg7: target_ulong, + ) -> syshook_ret, + >, + pub data: u64, + pub num: usize, + pub next: *mut libafl_pre_syscall_hook, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_pre_syscall_hook"][::std::mem::size_of::() - 32usize]; + ["Alignment of libafl_pre_syscall_hook"] + [::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_pre_syscall_hook::callback"] + [::std::mem::offset_of!(libafl_pre_syscall_hook, callback) - 0usize]; + ["Offset of field: libafl_pre_syscall_hook::data"] + [::std::mem::offset_of!(libafl_pre_syscall_hook, data) - 8usize]; + ["Offset of field: libafl_pre_syscall_hook::num"] + [::std::mem::offset_of!(libafl_pre_syscall_hook, num) - 16usize]; + ["Offset of field: libafl_pre_syscall_hook::next"] + [::std::mem::offset_of!(libafl_pre_syscall_hook, next) - 24usize]; +}; +impl Default for libafl_pre_syscall_hook { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct libafl_post_syscall_hook { + pub callback: ::std::option::Option< + unsafe extern "C" fn( + data: u64, + ret: target_ulong, + sys_num: ::std::os::raw::c_int, + arg0: target_ulong, + arg1: target_ulong, + arg2: target_ulong, + arg3: target_ulong, + arg4: target_ulong, + arg5: target_ulong, + arg6: target_ulong, + arg7: target_ulong, + ) -> target_ulong, + >, + pub data: u64, + pub num: usize, + pub next: *mut libafl_post_syscall_hook, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of libafl_post_syscall_hook"] + [::std::mem::size_of::() - 32usize]; + ["Alignment of libafl_post_syscall_hook"] + [::std::mem::align_of::() - 8usize]; + ["Offset of field: libafl_post_syscall_hook::callback"] + [::std::mem::offset_of!(libafl_post_syscall_hook, callback) - 0usize]; + ["Offset of field: libafl_post_syscall_hook::data"] + [::std::mem::offset_of!(libafl_post_syscall_hook, data) - 8usize]; + ["Offset of field: libafl_post_syscall_hook::num"] + [::std::mem::offset_of!(libafl_post_syscall_hook, num) - 16usize]; + ["Offset of field: libafl_post_syscall_hook::next"] + [::std::mem::offset_of!(libafl_post_syscall_hook, next) - 24usize]; +}; +impl Default for libafl_post_syscall_hook { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +unsafe extern "C" { pub fn libafl_add_pre_syscall_hook( callback: ::std::option::Option< unsafe extern "C" fn( @@ -6913,7 +8413,7 @@ extern "C" { data: u64, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_add_post_syscall_hook( callback: ::std::option::Option< unsafe extern "C" fn( @@ -6933,13 +8433,13 @@ extern "C" { data: u64, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_pre_syscall_hook(num: usize) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_remove_post_syscall_hook(num: usize) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn libafl_hook_syscall_pre_run( env: *mut CPUArchState, num: ::std::os::raw::c_int, @@ -6954,7 +8454,7 @@ extern "C" { ret: *mut abi_long, ) -> bool; } -extern "C" { +unsafe extern "C" { pub fn libafl_hook_syscall_post_run( num: ::std::os::raw::c_int, arg1: abi_long, diff --git a/libafl_qemu/runtime/libafl_qemu_arch.h b/libafl_qemu/runtime/libafl_qemu_arch.h index 739d2c95da..74bebc20ba 100644 --- a/libafl_qemu/runtime/libafl_qemu_arch.h +++ b/libafl_qemu/runtime/libafl_qemu_arch.h @@ -78,23 +78,28 @@ #endif #endif +#define LIBAFL_DECLARE(name) \ + libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0(libafl_word action); \ + libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call1(libafl_word action, \ + libafl_word arg1); \ + libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call2(libafl_word action, \ + libafl_word arg1, \ + libafl_word arg2); + #ifdef _WIN32 #define LIBAFL_DEFINE_FUNCTIONS(name, _opcode) \ #ifdef __cplusplus \ extern "C" { \ #endif \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0(libafl_word action); \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call1(libafl_word action, \ - ##name## libafl_word arg1); \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call2(libafl_word action, \ - libafl_word arg1, \ - libafl_word arg2); \ + LIBAFL_DECLARE(name) \ #ifdef __cplusplus \ } \ #endif #else #if defined(__x86_64__) #define LIBAFL_DEFINE_FUNCTIONS(name, opcode) \ + LIBAFL_DECLARE(name) \ + \ libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0( \ libafl_word action) { \ libafl_word ret; \ @@ -142,6 +147,8 @@ #elif defined(__arm__) #define LIBAFL_DEFINE_FUNCTIONS(name, opcode) \ + LIBAFL_DECLARE(name) \ + \ libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0( \ libafl_word action) { \ libafl_word ret; \ @@ -189,6 +196,8 @@ #elif defined(__aarch64__) #define LIBAFL_DEFINE_FUNCTIONS(name, opcode) \ + LIBAFL_DECLARE(name) \ + \ libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0( \ libafl_word action) { \ libafl_word ret; \ @@ -235,6 +244,8 @@ } #elif defined(__riscv) #define LIBAFL_DEFINE_FUNCTIONS(name, opcode) \ + LIBAFL_DECLARE(name) \ + \ libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0( \ libafl_word action) { \ libafl_word ret; \ diff --git a/libafl_qemu/runtime/libafl_qemu_stub_bindings.rs b/libafl_qemu/runtime/libafl_qemu_stub_bindings.rs index 706cddb088..7752e9c2bc 100644 --- a/libafl_qemu/runtime/libafl_qemu_stub_bindings.rs +++ b/libafl_qemu/runtime/libafl_qemu_stub_bindings.rs @@ -1,6 +1,6 @@ -/* 1.84.0-nightly */ -/* qemu git hash: 805b14ffc44999952562e8f219d81c21a4fa50b9 */ -/* automatically generated by rust-bindgen 0.70.1 */ +/* 1.85.0-nightly */ +/* qemu git hash: 81e52dc60f83c3ae191c1a07b39bb255e633c234 */ +/* automatically generated by rust-bindgen 0.71.1 */ pub const LIBAFL_SYNC_EXIT_OPCODE: u32 = 1727150607; pub const LIBAFL_BACKDOOR_OPCODE: u32 = 1156725263; @@ -562,25 +562,25 @@ pub type cookie_io_functions_t = _IO_cookie_io_functions_t; pub type va_list = __gnuc_va_list; pub type off_t = __off_t; pub type fpos_t = __fpos_t; -extern "C" { +unsafe extern "C" { pub static mut stdin: *mut FILE; } -extern "C" { +unsafe extern "C" { pub static mut stdout: *mut FILE; } -extern "C" { +unsafe extern "C" { pub static mut stderr: *mut FILE; } -extern "C" { +unsafe extern "C" { pub fn remove(__filename: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn rename( __old: *const ::std::os::raw::c_char, __new: *const ::std::os::raw::c_char, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn renameat( __oldfd: ::std::os::raw::c_int, __old: *const ::std::os::raw::c_char, @@ -588,71 +588,71 @@ extern "C" { __new: *const ::std::os::raw::c_char, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fclose(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn tmpfile() -> *mut FILE; } -extern "C" { +unsafe extern "C" { pub fn tmpnam(arg1: *mut ::std::os::raw::c_char) -> *mut ::std::os::raw::c_char; } -extern "C" { +unsafe extern "C" { pub fn tmpnam_r(__s: *mut ::std::os::raw::c_char) -> *mut ::std::os::raw::c_char; } -extern "C" { +unsafe extern "C" { pub fn tempnam( __dir: *const ::std::os::raw::c_char, __pfx: *const ::std::os::raw::c_char, ) -> *mut ::std::os::raw::c_char; } -extern "C" { +unsafe extern "C" { pub fn fflush(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fflush_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fopen( __filename: *const ::std::os::raw::c_char, __modes: *const ::std::os::raw::c_char, ) -> *mut FILE; } -extern "C" { +unsafe extern "C" { pub fn freopen( __filename: *const ::std::os::raw::c_char, __modes: *const ::std::os::raw::c_char, __stream: *mut FILE, ) -> *mut FILE; } -extern "C" { +unsafe extern "C" { pub fn fdopen(__fd: ::std::os::raw::c_int, __modes: *const ::std::os::raw::c_char) -> *mut FILE; } -extern "C" { +unsafe extern "C" { pub fn fopencookie( __magic_cookie: *mut ::std::os::raw::c_void, __modes: *const ::std::os::raw::c_char, __io_funcs: cookie_io_functions_t, ) -> *mut FILE; } -extern "C" { +unsafe extern "C" { pub fn fmemopen( __s: *mut ::std::os::raw::c_void, __len: usize, __modes: *const ::std::os::raw::c_char, ) -> *mut FILE; } -extern "C" { +unsafe extern "C" { pub fn open_memstream( __bufloc: *mut *mut ::std::os::raw::c_char, __sizeloc: *mut usize, ) -> *mut FILE; } -extern "C" { +unsafe extern "C" { pub fn setbuf(__stream: *mut FILE, __buf: *mut ::std::os::raw::c_char); } -extern "C" { +unsafe extern "C" { pub fn setvbuf( __stream: *mut FILE, __buf: *mut ::std::os::raw::c_char, @@ -660,50 +660,50 @@ extern "C" { __n: usize, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn setbuffer(__stream: *mut FILE, __buf: *mut ::std::os::raw::c_char, __size: usize); } -extern "C" { +unsafe extern "C" { pub fn setlinebuf(__stream: *mut FILE); } -extern "C" { +unsafe extern "C" { pub fn fprintf( __stream: *mut FILE, __format: *const ::std::os::raw::c_char, ... ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn printf(__format: *const ::std::os::raw::c_char, ...) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn sprintf( __s: *mut ::std::os::raw::c_char, __format: *const ::std::os::raw::c_char, ... ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn vfprintf( __s: *mut FILE, __format: *const ::std::os::raw::c_char, __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn vprintf( __format: *const ::std::os::raw::c_char, __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn vsprintf( __s: *mut ::std::os::raw::c_char, __format: *const ::std::os::raw::c_char, __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn snprintf( __s: *mut ::std::os::raw::c_char, __maxlen: ::std::os::raw::c_ulong, @@ -711,7 +711,7 @@ extern "C" { ... ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn vsnprintf( __s: *mut ::std::os::raw::c_char, __maxlen: ::std::os::raw::c_ulong, @@ -719,52 +719,52 @@ extern "C" { __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn vasprintf( __ptr: *mut *mut ::std::os::raw::c_char, __f: *const ::std::os::raw::c_char, __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn __asprintf( __ptr: *mut *mut ::std::os::raw::c_char, __fmt: *const ::std::os::raw::c_char, ... ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn asprintf( __ptr: *mut *mut ::std::os::raw::c_char, __fmt: *const ::std::os::raw::c_char, ... ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn vdprintf( __fd: ::std::os::raw::c_int, __fmt: *const ::std::os::raw::c_char, __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn dprintf( __fd: ::std::os::raw::c_int, __fmt: *const ::std::os::raw::c_char, ... ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fscanf( __stream: *mut FILE, __format: *const ::std::os::raw::c_char, ... ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn scanf(__format: *const ::std::os::raw::c_char, ...) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn sscanf( __s: *const ::std::os::raw::c_char, __format: *const ::std::os::raw::c_char, @@ -775,7 +775,7 @@ pub type _Float32 = f32; pub type _Float64 = f64; pub type _Float32x = f64; pub type _Float64x = u128; -extern "C" { +unsafe extern "C" { #[link_name = "\u{1}__isoc99_fscanf"] pub fn fscanf1( __stream: *mut FILE, @@ -783,11 +783,11 @@ extern "C" { ... ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { #[link_name = "\u{1}__isoc99_scanf"] pub fn scanf1(__format: *const ::std::os::raw::c_char, ...) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { #[link_name = "\u{1}__isoc99_sscanf"] pub fn sscanf1( __s: *const ::std::os::raw::c_char, @@ -795,27 +795,27 @@ extern "C" { ... ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn vfscanf( __s: *mut FILE, __format: *const ::std::os::raw::c_char, __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn vscanf( __format: *const ::std::os::raw::c_char, __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn vsscanf( __s: *const ::std::os::raw::c_char, __format: *const ::std::os::raw::c_char, __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { #[link_name = "\u{1}__isoc99_vfscanf"] pub fn vfscanf1( __s: *mut FILE, @@ -823,14 +823,14 @@ extern "C" { __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { #[link_name = "\u{1}__isoc99_vscanf"] pub fn vscanf1( __format: *const ::std::os::raw::c_char, __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { #[link_name = "\u{1}__isoc99_vsscanf"] pub fn vsscanf1( __s: *const ::std::os::raw::c_char, @@ -838,57 +838,57 @@ extern "C" { __arg: *mut __va_list_tag, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fgetc(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn getc(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn getchar() -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn getc_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn getchar_unlocked() -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fgetc_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fputc(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn putc(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn putchar(__c: ::std::os::raw::c_int) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fputc_unlocked(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn putc_unlocked(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn putchar_unlocked(__c: ::std::os::raw::c_int) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn getw(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn putw(__w: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fgets( __s: *mut ::std::os::raw::c_char, __n: ::std::os::raw::c_int, __stream: *mut FILE, ) -> *mut ::std::os::raw::c_char; } -extern "C" { +unsafe extern "C" { pub fn __getdelim( __lineptr: *mut *mut ::std::os::raw::c_char, __n: *mut usize, @@ -896,7 +896,7 @@ extern "C" { __stream: *mut FILE, ) -> __ssize_t; } -extern "C" { +unsafe extern "C" { pub fn getdelim( __lineptr: *mut *mut ::std::os::raw::c_char, __n: *mut usize, @@ -904,23 +904,23 @@ extern "C" { __stream: *mut FILE, ) -> __ssize_t; } -extern "C" { +unsafe extern "C" { pub fn getline( __lineptr: *mut *mut ::std::os::raw::c_char, __n: *mut usize, __stream: *mut FILE, ) -> __ssize_t; } -extern "C" { +unsafe extern "C" { pub fn fputs(__s: *const ::std::os::raw::c_char, __stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn puts(__s: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn ungetc(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fread( __ptr: *mut ::std::os::raw::c_void, __size: ::std::os::raw::c_ulong, @@ -928,7 +928,7 @@ extern "C" { __stream: *mut FILE, ) -> ::std::os::raw::c_ulong; } -extern "C" { +unsafe extern "C" { pub fn fwrite( __ptr: *const ::std::os::raw::c_void, __size: ::std::os::raw::c_ulong, @@ -936,7 +936,7 @@ extern "C" { __s: *mut FILE, ) -> ::std::os::raw::c_ulong; } -extern "C" { +unsafe extern "C" { pub fn fread_unlocked( __ptr: *mut ::std::os::raw::c_void, __size: usize, @@ -944,7 +944,7 @@ extern "C" { __stream: *mut FILE, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn fwrite_unlocked( __ptr: *const ::std::os::raw::c_void, __size: usize, @@ -952,87 +952,87 @@ extern "C" { __stream: *mut FILE, ) -> usize; } -extern "C" { +unsafe extern "C" { pub fn fseek( __stream: *mut FILE, __off: ::std::os::raw::c_long, __whence: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn ftell(__stream: *mut FILE) -> ::std::os::raw::c_long; } -extern "C" { +unsafe extern "C" { pub fn rewind(__stream: *mut FILE); } -extern "C" { +unsafe extern "C" { pub fn fseeko( __stream: *mut FILE, __off: __off_t, __whence: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn ftello(__stream: *mut FILE) -> __off_t; } -extern "C" { +unsafe extern "C" { pub fn fgetpos(__stream: *mut FILE, __pos: *mut fpos_t) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fsetpos(__stream: *mut FILE, __pos: *const fpos_t) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn clearerr(__stream: *mut FILE); } -extern "C" { +unsafe extern "C" { pub fn feof(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn ferror(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn clearerr_unlocked(__stream: *mut FILE); } -extern "C" { +unsafe extern "C" { pub fn feof_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn ferror_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn perror(__s: *const ::std::os::raw::c_char); } -extern "C" { +unsafe extern "C" { pub fn fileno(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn fileno_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn pclose(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn popen( __command: *const ::std::os::raw::c_char, __modes: *const ::std::os::raw::c_char, ) -> *mut FILE; } -extern "C" { +unsafe extern "C" { pub fn ctermid(__s: *mut ::std::os::raw::c_char) -> *mut ::std::os::raw::c_char; } -extern "C" { +unsafe extern "C" { pub fn flockfile(__stream: *mut FILE); } -extern "C" { +unsafe extern "C" { pub fn ftrylockfile(__stream: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn funlockfile(__stream: *mut FILE); } -extern "C" { +unsafe extern "C" { pub fn __uflow(arg1: *mut FILE) -> ::std::os::raw::c_int; } -extern "C" { +unsafe extern "C" { pub fn __overflow(arg1: *mut FILE, arg2: ::std::os::raw::c_int) -> ::std::os::raw::c_int; } pub type int_least8_t = __int_least8_t; @@ -1054,26 +1054,26 @@ pub type uint_fast64_t = ::std::os::raw::c_ulong; pub type intmax_t = __intmax_t; pub type uintmax_t = __uintmax_t; pub type libafl_word = u64; -extern "C" { +unsafe extern "C" { pub fn _libafl_sync_exit_call0(action: libafl_word) -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn _libafl_sync_exit_call1(action: libafl_word, arg1: libafl_word) -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn _libafl_sync_exit_call2( action: libafl_word, arg1: libafl_word, arg2: libafl_word, ) -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn _libafl_backdoor_call0(action: libafl_word) -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn _libafl_backdoor_call1(action: libafl_word, arg1: libafl_word) -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn _libafl_backdoor_call2( action: libafl_word, arg1: libafl_word, @@ -1113,61 +1113,61 @@ impl ::std::ops::BitAndAssign for LibaflQemuEndStatus { #[doc = " LibAFL QEMU header file.\n\n This file is a portable header file used to build target harnesses more\n conveniently. Its main purpose is to generate ready-to-use calls to\n communicate with the fuzzer. The list of commands is available at the bottom\n of this file. The rest mostly consists of macros generating the code used by\n the commands."] #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] pub struct LibaflQemuEndStatus(pub ::std::os::raw::c_uint); -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_start_virt( buf_vaddr: *mut ::std::os::raw::c_void, max_len: libafl_word, ) -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_start_phys( buf_paddr: *mut ::std::os::raw::c_void, max_len: libafl_word, ) -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_input_virt( buf_vaddr: *mut ::std::os::raw::c_void, max_len: libafl_word, ) -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_input_phys( buf_paddr: *mut ::std::os::raw::c_void, max_len: libafl_word, ) -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_end(status: LibaflQemuEndStatus); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_save(); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_load(); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_version() -> libafl_word; } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_page_current_allow(); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_internal_error(); } -extern "C" { +unsafe extern "C" { pub fn lqprintf(fmt: *const ::std::os::raw::c_char, ...); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_test(); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_trace_vaddr_range(start: libafl_word, end: libafl_word); } -extern "C" { +unsafe extern "C" { pub fn libafl_qemu_trace_vaddr_size(start: libafl_word, size: libafl_word); } -extern "C" { +unsafe extern "C" { pub static mut _lqprintf_buffer: [::std::os::raw::c_char; 4096usize]; } pub type __builtin_va_list = [__va_list_tag; 1usize]; diff --git a/libafl_qemu/runtime/nyx_api.h b/libafl_qemu/runtime/nyx_api.h new file mode 100644 index 0000000000..708b8fc915 --- /dev/null +++ b/libafl_qemu/runtime/nyx_api.h @@ -0,0 +1,185 @@ +/* + * kAFl/Nyx low-level interface definitions + * + * Copyright 2022 Sergej Schumilo, Cornelius Aschermann + * Copyright 2022 Intel Corporation + * + * SPDX-License-Identifier: MIT + */ + +#ifndef NYX_API_H +#define NYX_API_H + +#ifndef __KERNEL__ + // userspace + #include + #include + + #ifdef __MINGW64__ + #ifndef uint64_t + #define uint64_t UINT64 + #endif + #ifndef int32_t + #define int32_t INT32 + #endif + #ifndef uint32_t + #define uint32_t UINT32 + #endif + #ifndef u_long + #define u_long UINT64 + #endif + #ifndef uint8_t + #define uint8_t UINT8 + #endif + #else + #include + #endif +#else + // Linux kernel + #include + #include +#endif + +#define HYPERCALL_KAFL_RAX_ID 0x01f +#define HYPERCALL_KAFL_ACQUIRE 0 +#define HYPERCALL_KAFL_GET_PAYLOAD 1 +#define HYPERCALL_KAFL_GET_PROGRAM 2 /* deprecated */ +#define HYPERCALL_KAFL_GET_ARGV 3 /* deprecated */ +#define HYPERCALL_KAFL_RELEASE 4 +#define HYPERCALL_KAFL_SUBMIT_CR3 5 +#define HYPERCALL_KAFL_SUBMIT_PANIC 6 +#define HYPERCALL_KAFL_SUBMIT_KASAN 7 +#define HYPERCALL_KAFL_PANIC 8 +#define HYPERCALL_KAFL_KASAN 9 +#define HYPERCALL_KAFL_LOCK 10 +#define HYPERCALL_KAFL_INFO 11 /* deprecated */ +#define HYPERCALL_KAFL_NEXT_PAYLOAD 12 +#define HYPERCALL_KAFL_PRINTF 13 +#define HYPERCALL_KAFL_PRINTK_ADDR 14 /* deprecated */ +#define HYPERCALL_KAFL_PRINTK 15 /* deprecated */ + +/* user space only hypercalls */ +#define HYPERCALL_KAFL_USER_RANGE_ADVISE 16 +#define HYPERCALL_KAFL_USER_SUBMIT_MODE 17 +#define HYPERCALL_KAFL_USER_FAST_ACQUIRE 18 +/* 19 is already used for exit reason KVM_EXIT_KAFL_TOPA_MAIN_FULL */ +#define HYPERCALL_KAFL_USER_ABORT 20 +#define HYPERCALL_KAFL_TIMEOUT 21 /* deprecated */ +#define HYPERCALL_KAFL_RANGE_SUBMIT 29 +#define HYPERCALL_KAFL_REQ_STREAM_DATA 30 +#define HYPERCALL_KAFL_PANIC_EXTENDED 32 + +#define HYPERCALL_KAFL_CREATE_TMP_SNAPSHOT 33 +#define HYPERCALL_KAFL_DEBUG_TMP_SNAPSHOT \ + 34 /* hypercall for debugging / development purposes */ + +#define HYPERCALL_KAFL_GET_HOST_CONFIG 35 +#define HYPERCALL_KAFL_SET_AGENT_CONFIG 36 + +#define HYPERCALL_KAFL_DUMP_FILE 37 + +#define HYPERCALL_KAFL_REQ_STREAM_DATA_BULK 38 +#define HYPERCALL_KAFL_PERSIST_PAGE_PAST_SNAPSHOT 39 + +/* hypertrash only hypercalls */ +#define HYPERTRASH_HYPERCALL_MASK 0xAA000000 + +#define HYPERCALL_KAFL_NESTED_PREPARE (0 | HYPERTRASH_HYPERCALL_MASK) +#define HYPERCALL_KAFL_NESTED_CONFIG (1 | HYPERTRASH_HYPERCALL_MASK) +#define HYPERCALL_KAFL_NESTED_ACQUIRE (2 | HYPERTRASH_HYPERCALL_MASK) +#define HYPERCALL_KAFL_NESTED_RELEASE (3 | HYPERTRASH_HYPERCALL_MASK) +#define HYPERCALL_KAFL_NESTED_HPRINTF (4 | HYPERTRASH_HYPERCALL_MASK) + +#define HPRINTF_MAX_SIZE 0x1000 /* up to 4KB hprintf strings */ + +#define KAFL_MODE_64 0 +#define KAFL_MODE_32 1 +#define KAFL_MODE_16 2 + +typedef struct { + int32_t size; + uint8_t data[]; +} kAFL_payload; + +typedef struct { + uint64_t ip[4]; + uint64_t size[4]; + uint8_t enabled[4]; +} kAFL_ranges; + +#if defined(__i386__) +static inline uint32_t kAFL_hypercall(uint32_t p1, uint32_t p2) { + uint32_t nr = HYPERCALL_KAFL_RAX_ID; + asm volatile("vmcall" : "=a"(nr) : "a"(nr), "b"(p1), "c"(p2)); + return nr; +} +#elif defined(__x86_64__) +static inline uint64_t kAFL_hypercall(uint64_t p1, uint64_t p2) { + uint64_t nr = HYPERCALL_KAFL_RAX_ID; + asm volatile("vmcall" : "=a"(nr) : "a"(nr), "b"(p1), "c"(p2)); + return nr; +} +#endif + +static void habort(char *msg) __attribute__((unused)); +static void habort(char *msg) { + kAFL_hypercall(HYPERCALL_KAFL_USER_ABORT, (uintptr_t)msg); +} + +static void hprintf(const char *format, ...) __attribute__((unused)); +static void hprintf(const char *format, ...) { + static char hprintf_buffer[HPRINTF_MAX_SIZE] __attribute__((aligned(4096))); + + va_list args; + va_start(args, format); + vsnprintf((char *)hprintf_buffer, HPRINTF_MAX_SIZE, format, args); + // printf("%s", hprintf_buffer); + kAFL_hypercall(HYPERCALL_KAFL_PRINTF, (uintptr_t)hprintf_buffer); + va_end(args); +} + +#define NYX_HOST_MAGIC 0x4878794e +#define NYX_AGENT_MAGIC 0x4178794e + +#define NYX_HOST_VERSION 2 +#define NYX_AGENT_VERSION 1 + +typedef struct { + uint32_t host_magic; + uint32_t host_version; + uint32_t bitmap_size; + uint32_t ijon_bitmap_size; + uint32_t payload_buffer_size; + uint32_t worker_id; + /* more to come */ +} __attribute__((packed)) host_config_t; + +typedef struct { + uint32_t agent_magic; + uint32_t agent_version; + uint8_t agent_timeout_detection; + uint8_t agent_tracing; + uint8_t agent_ijon_tracing; + uint8_t agent_non_reload_mode; + uint64_t trace_buffer_vaddr; + uint64_t ijon_trace_buffer_vaddr; + uint32_t coverage_bitmap_size; + uint32_t input_buffer_size; + uint8_t dump_payloads; /* set by hypervisor */ + /* more to come */ +} __attribute__((packed)) agent_config_t; + +typedef struct { + uint64_t file_name_str_ptr; + uint64_t data_ptr; + uint64_t bytes; + uint8_t append; +} __attribute__((packed)) kafl_dump_file_t; + +typedef struct { + char file_name[256]; + uint64_t num_addresses; + uint64_t addresses[479]; +} __attribute__((packed)) req_data_bulk_t; + +#endif /* NYX_API_H */ \ No newline at end of file diff --git a/libafl_qemu/runtime/nyx_stub_bindings.rs b/libafl_qemu/runtime/nyx_stub_bindings.rs new file mode 100644 index 0000000000..34700e8f41 --- /dev/null +++ b/libafl_qemu/runtime/nyx_stub_bindings.rs @@ -0,0 +1,1255 @@ +/* 1.85.0-nightly */ +/* qemu git hash: 81e52dc60f83c3ae191c1a07b39bb255e633c234 */ +/* automatically generated by rust-bindgen 0.71.1 */ + +#[repr(C)] +#[derive(Default)] +pub struct __IncompleteArrayField(::std::marker::PhantomData, [T; 0]); +impl __IncompleteArrayField { + #[inline] + pub const fn new() -> Self { + __IncompleteArrayField(::std::marker::PhantomData, []) + } + #[inline] + pub fn as_ptr(&self) -> *const T { + self as *const _ as *const T + } + #[inline] + pub fn as_mut_ptr(&mut self) -> *mut T { + self as *mut _ as *mut T + } + #[inline] + pub unsafe fn as_slice(&self, len: usize) -> &[T] { + ::std::slice::from_raw_parts(self.as_ptr(), len) + } + #[inline] + pub unsafe fn as_mut_slice(&mut self, len: usize) -> &mut [T] { + ::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len) + } +} +impl ::std::fmt::Debug for __IncompleteArrayField { + fn fmt(&self, fmt: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + fmt.write_str("__IncompleteArrayField") + } +} +pub const _STDIO_H: u32 = 1; +pub const _FEATURES_H: u32 = 1; +pub const _DEFAULT_SOURCE: u32 = 1; +pub const __GLIBC_USE_ISOC23: u32 = 0; +pub const __USE_ISOC11: u32 = 1; +pub const __USE_ISOC99: u32 = 1; +pub const __USE_ISOC95: u32 = 1; +pub const __USE_POSIX_IMPLICITLY: u32 = 1; +pub const _POSIX_SOURCE: u32 = 1; +pub const _POSIX_C_SOURCE: u32 = 200809; +pub const __USE_POSIX: u32 = 1; +pub const __USE_POSIX2: u32 = 1; +pub const __USE_POSIX199309: u32 = 1; +pub const __USE_POSIX199506: u32 = 1; +pub const __USE_XOPEN2K: u32 = 1; +pub const __USE_XOPEN2K8: u32 = 1; +pub const _ATFILE_SOURCE: u32 = 1; +pub const __WORDSIZE: u32 = 64; +pub const __WORDSIZE_TIME64_COMPAT32: u32 = 1; +pub const __SYSCALL_WORDSIZE: u32 = 64; +pub const __TIMESIZE: u32 = 64; +pub const __USE_TIME_BITS64: u32 = 1; +pub const __USE_MISC: u32 = 1; +pub const __USE_ATFILE: u32 = 1; +pub const __USE_FORTIFY_LEVEL: u32 = 0; +pub const __GLIBC_USE_DEPRECATED_GETS: u32 = 0; +pub const __GLIBC_USE_DEPRECATED_SCANF: u32 = 0; +pub const __GLIBC_USE_C23_STRTOL: u32 = 0; +pub const _STDC_PREDEF_H: u32 = 1; +pub const __STDC_IEC_559__: u32 = 1; +pub const __STDC_IEC_60559_BFP__: u32 = 201404; +pub const __STDC_IEC_559_COMPLEX__: u32 = 1; +pub const __STDC_IEC_60559_COMPLEX__: u32 = 201404; +pub const __STDC_ISO_10646__: u32 = 201706; +pub const __GNU_LIBRARY__: u32 = 6; +pub const __GLIBC__: u32 = 2; +pub const __GLIBC_MINOR__: u32 = 40; +pub const _SYS_CDEFS_H: u32 = 1; +pub const __glibc_c99_flexarr_available: u32 = 1; +pub const __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI: u32 = 0; +pub const __HAVE_GENERIC_SELECTION: u32 = 1; +pub const __GLIBC_USE_LIB_EXT2: u32 = 0; +pub const __GLIBC_USE_IEC_60559_BFP_EXT: u32 = 0; +pub const __GLIBC_USE_IEC_60559_BFP_EXT_C23: u32 = 0; +pub const __GLIBC_USE_IEC_60559_EXT: u32 = 0; +pub const __GLIBC_USE_IEC_60559_FUNCS_EXT: u32 = 0; +pub const __GLIBC_USE_IEC_60559_FUNCS_EXT_C23: u32 = 0; +pub const __GLIBC_USE_IEC_60559_TYPES_EXT: u32 = 0; +pub const _BITS_TYPES_H: u32 = 1; +pub const _BITS_TYPESIZES_H: u32 = 1; +pub const __OFF_T_MATCHES_OFF64_T: u32 = 1; +pub const __INO_T_MATCHES_INO64_T: u32 = 1; +pub const __RLIM_T_MATCHES_RLIM64_T: u32 = 1; +pub const __STATFS_MATCHES_STATFS64: u32 = 1; +pub const __KERNEL_OLD_TIMEVAL_MATCHES_TIMEVAL64: u32 = 1; +pub const __FD_SETSIZE: u32 = 1024; +pub const _BITS_TIME64_H: u32 = 1; +pub const _____fpos_t_defined: u32 = 1; +pub const ____mbstate_t_defined: u32 = 1; +pub const _____fpos64_t_defined: u32 = 1; +pub const ____FILE_defined: u32 = 1; +pub const __FILE_defined: u32 = 1; +pub const __struct_FILE_defined: u32 = 1; +pub const _IO_EOF_SEEN: u32 = 16; +pub const _IO_ERR_SEEN: u32 = 32; +pub const _IO_USER_LOCK: u32 = 32768; +pub const __cookie_io_functions_t_defined: u32 = 1; +pub const _IOFBF: u32 = 0; +pub const _IOLBF: u32 = 1; +pub const _IONBF: u32 = 2; +pub const BUFSIZ: u32 = 8192; +pub const EOF: i32 = -1; +pub const SEEK_SET: u32 = 0; +pub const SEEK_CUR: u32 = 1; +pub const SEEK_END: u32 = 2; +pub const P_tmpdir: &[u8; 5] = b"/tmp\0"; +pub const L_tmpnam: u32 = 20; +pub const TMP_MAX: u32 = 238328; +pub const _BITS_STDIO_LIM_H: u32 = 1; +pub const FILENAME_MAX: u32 = 4096; +pub const L_ctermid: u32 = 9; +pub const FOPEN_MAX: u32 = 16; +pub const __HAVE_FLOAT128: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT128: u32 = 0; +pub const __HAVE_FLOAT64X: u32 = 1; +pub const __HAVE_FLOAT64X_LONG_DOUBLE: u32 = 1; +pub const __HAVE_FLOAT16: u32 = 0; +pub const __HAVE_FLOAT32: u32 = 1; +pub const __HAVE_FLOAT64: u32 = 1; +pub const __HAVE_FLOAT32X: u32 = 1; +pub const __HAVE_FLOAT128X: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT16: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT32: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT64: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT32X: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT64X: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT128X: u32 = 0; +pub const __HAVE_FLOATN_NOT_TYPEDEF: u32 = 0; +pub const _STDINT_H: u32 = 1; +pub const _BITS_WCHAR_H: u32 = 1; +pub const _BITS_STDINT_INTN_H: u32 = 1; +pub const _BITS_STDINT_UINTN_H: u32 = 1; +pub const _BITS_STDINT_LEAST_H: u32 = 1; +pub const INT8_MIN: i32 = -128; +pub const INT16_MIN: i32 = -32768; +pub const INT32_MIN: i32 = -2147483648; +pub const INT8_MAX: u32 = 127; +pub const INT16_MAX: u32 = 32767; +pub const INT32_MAX: u32 = 2147483647; +pub const UINT8_MAX: u32 = 255; +pub const UINT16_MAX: u32 = 65535; +pub const UINT32_MAX: u32 = 4294967295; +pub const INT_LEAST8_MIN: i32 = -128; +pub const INT_LEAST16_MIN: i32 = -32768; +pub const INT_LEAST32_MIN: i32 = -2147483648; +pub const INT_LEAST8_MAX: u32 = 127; +pub const INT_LEAST16_MAX: u32 = 32767; +pub const INT_LEAST32_MAX: u32 = 2147483647; +pub const UINT_LEAST8_MAX: u32 = 255; +pub const UINT_LEAST16_MAX: u32 = 65535; +pub const UINT_LEAST32_MAX: u32 = 4294967295; +pub const INT_FAST8_MIN: i32 = -128; +pub const INT_FAST16_MIN: i64 = -9223372036854775808; +pub const INT_FAST32_MIN: i64 = -9223372036854775808; +pub const INT_FAST8_MAX: u32 = 127; +pub const INT_FAST16_MAX: u64 = 9223372036854775807; +pub const INT_FAST32_MAX: u64 = 9223372036854775807; +pub const UINT_FAST8_MAX: u32 = 255; +pub const UINT_FAST16_MAX: i32 = -1; +pub const UINT_FAST32_MAX: i32 = -1; +pub const INTPTR_MIN: i64 = -9223372036854775808; +pub const INTPTR_MAX: u64 = 9223372036854775807; +pub const UINTPTR_MAX: i32 = -1; +pub const PTRDIFF_MIN: i64 = -9223372036854775808; +pub const PTRDIFF_MAX: u64 = 9223372036854775807; +pub const SIG_ATOMIC_MIN: i32 = -2147483648; +pub const SIG_ATOMIC_MAX: u32 = 2147483647; +pub const SIZE_MAX: i32 = -1; +pub const WINT_MIN: u32 = 0; +pub const WINT_MAX: u32 = 4294967295; +pub const HYPERCALL_KAFL_RAX_ID: u32 = 31; +pub const HYPERCALL_KAFL_ACQUIRE: u32 = 0; +pub const HYPERCALL_KAFL_GET_PAYLOAD: u32 = 1; +pub const HYPERCALL_KAFL_GET_PROGRAM: u32 = 2; +pub const HYPERCALL_KAFL_GET_ARGV: u32 = 3; +pub const HYPERCALL_KAFL_RELEASE: u32 = 4; +pub const HYPERCALL_KAFL_SUBMIT_CR3: u32 = 5; +pub const HYPERCALL_KAFL_SUBMIT_PANIC: u32 = 6; +pub const HYPERCALL_KAFL_SUBMIT_KASAN: u32 = 7; +pub const HYPERCALL_KAFL_PANIC: u32 = 8; +pub const HYPERCALL_KAFL_KASAN: u32 = 9; +pub const HYPERCALL_KAFL_LOCK: u32 = 10; +pub const HYPERCALL_KAFL_INFO: u32 = 11; +pub const HYPERCALL_KAFL_NEXT_PAYLOAD: u32 = 12; +pub const HYPERCALL_KAFL_PRINTF: u32 = 13; +pub const HYPERCALL_KAFL_PRINTK_ADDR: u32 = 14; +pub const HYPERCALL_KAFL_PRINTK: u32 = 15; +pub const HYPERCALL_KAFL_USER_RANGE_ADVISE: u32 = 16; +pub const HYPERCALL_KAFL_USER_SUBMIT_MODE: u32 = 17; +pub const HYPERCALL_KAFL_USER_FAST_ACQUIRE: u32 = 18; +pub const HYPERCALL_KAFL_USER_ABORT: u32 = 20; +pub const HYPERCALL_KAFL_TIMEOUT: u32 = 21; +pub const HYPERCALL_KAFL_RANGE_SUBMIT: u32 = 29; +pub const HYPERCALL_KAFL_REQ_STREAM_DATA: u32 = 30; +pub const HYPERCALL_KAFL_PANIC_EXTENDED: u32 = 32; +pub const HYPERCALL_KAFL_CREATE_TMP_SNAPSHOT: u32 = 33; +pub const HYPERCALL_KAFL_DEBUG_TMP_SNAPSHOT: u32 = 34; +pub const HYPERCALL_KAFL_GET_HOST_CONFIG: u32 = 35; +pub const HYPERCALL_KAFL_SET_AGENT_CONFIG: u32 = 36; +pub const HYPERCALL_KAFL_DUMP_FILE: u32 = 37; +pub const HYPERCALL_KAFL_REQ_STREAM_DATA_BULK: u32 = 38; +pub const HYPERCALL_KAFL_PERSIST_PAGE_PAST_SNAPSHOT: u32 = 39; +pub const HYPERTRASH_HYPERCALL_MASK: u32 = 2852126720; +pub const HYPERCALL_KAFL_NESTED_PREPARE: u32 = 2852126720; +pub const HYPERCALL_KAFL_NESTED_CONFIG: u32 = 2852126721; +pub const HYPERCALL_KAFL_NESTED_ACQUIRE: u32 = 2852126722; +pub const HYPERCALL_KAFL_NESTED_RELEASE: u32 = 2852126723; +pub const HYPERCALL_KAFL_NESTED_HPRINTF: u32 = 2852126724; +pub const HPRINTF_MAX_SIZE: u32 = 4096; +pub const KAFL_MODE_64: u32 = 0; +pub const KAFL_MODE_32: u32 = 1; +pub const KAFL_MODE_16: u32 = 2; +pub const NYX_HOST_MAGIC: u32 = 1215854926; +pub const NYX_AGENT_MAGIC: u32 = 1098414414; +pub const NYX_HOST_VERSION: u32 = 2; +pub const NYX_AGENT_VERSION: u32 = 1; +pub type __gnuc_va_list = __builtin_va_list; +pub type va_list = __builtin_va_list; +pub type __u_char = ::std::os::raw::c_uchar; +pub type __u_short = ::std::os::raw::c_ushort; +pub type __u_int = ::std::os::raw::c_uint; +pub type __u_long = ::std::os::raw::c_ulong; +pub type __int8_t = ::std::os::raw::c_schar; +pub type __uint8_t = ::std::os::raw::c_uchar; +pub type __int16_t = ::std::os::raw::c_short; +pub type __uint16_t = ::std::os::raw::c_ushort; +pub type __int32_t = ::std::os::raw::c_int; +pub type __uint32_t = ::std::os::raw::c_uint; +pub type __int64_t = ::std::os::raw::c_long; +pub type __uint64_t = ::std::os::raw::c_ulong; +pub type __int_least8_t = __int8_t; +pub type __uint_least8_t = __uint8_t; +pub type __int_least16_t = __int16_t; +pub type __uint_least16_t = __uint16_t; +pub type __int_least32_t = __int32_t; +pub type __uint_least32_t = __uint32_t; +pub type __int_least64_t = __int64_t; +pub type __uint_least64_t = __uint64_t; +pub type __quad_t = ::std::os::raw::c_long; +pub type __u_quad_t = ::std::os::raw::c_ulong; +pub type __intmax_t = ::std::os::raw::c_long; +pub type __uintmax_t = ::std::os::raw::c_ulong; +pub type __dev_t = ::std::os::raw::c_ulong; +pub type __uid_t = ::std::os::raw::c_uint; +pub type __gid_t = ::std::os::raw::c_uint; +pub type __ino_t = ::std::os::raw::c_ulong; +pub type __ino64_t = ::std::os::raw::c_ulong; +pub type __mode_t = ::std::os::raw::c_uint; +pub type __nlink_t = ::std::os::raw::c_ulong; +pub type __off_t = ::std::os::raw::c_long; +pub type __off64_t = ::std::os::raw::c_long; +pub type __pid_t = ::std::os::raw::c_int; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct __fsid_t { + pub __val: [::std::os::raw::c_int; 2usize], +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of __fsid_t"][::std::mem::size_of::<__fsid_t>() - 8usize]; + ["Alignment of __fsid_t"][::std::mem::align_of::<__fsid_t>() - 4usize]; + ["Offset of field: __fsid_t::__val"][::std::mem::offset_of!(__fsid_t, __val) - 0usize]; +}; +pub type __clock_t = ::std::os::raw::c_long; +pub type __rlim_t = ::std::os::raw::c_ulong; +pub type __rlim64_t = ::std::os::raw::c_ulong; +pub type __id_t = ::std::os::raw::c_uint; +pub type __time_t = ::std::os::raw::c_long; +pub type __useconds_t = ::std::os::raw::c_uint; +pub type __suseconds_t = ::std::os::raw::c_long; +pub type __suseconds64_t = ::std::os::raw::c_long; +pub type __daddr_t = ::std::os::raw::c_int; +pub type __key_t = ::std::os::raw::c_int; +pub type __clockid_t = ::std::os::raw::c_int; +pub type __timer_t = *mut ::std::os::raw::c_void; +pub type __blksize_t = ::std::os::raw::c_long; +pub type __blkcnt_t = ::std::os::raw::c_long; +pub type __blkcnt64_t = ::std::os::raw::c_long; +pub type __fsblkcnt_t = ::std::os::raw::c_ulong; +pub type __fsblkcnt64_t = ::std::os::raw::c_ulong; +pub type __fsfilcnt_t = ::std::os::raw::c_ulong; +pub type __fsfilcnt64_t = ::std::os::raw::c_ulong; +pub type __fsword_t = ::std::os::raw::c_long; +pub type __ssize_t = ::std::os::raw::c_long; +pub type __syscall_slong_t = ::std::os::raw::c_long; +pub type __syscall_ulong_t = ::std::os::raw::c_ulong; +pub type __loff_t = __off64_t; +pub type __caddr_t = *mut ::std::os::raw::c_char; +pub type __intptr_t = ::std::os::raw::c_long; +pub type __socklen_t = ::std::os::raw::c_uint; +pub type __sig_atomic_t = ::std::os::raw::c_int; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct __mbstate_t { + pub __count: ::std::os::raw::c_int, + pub __value: __mbstate_t__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union __mbstate_t__bindgen_ty_1 { + pub __wch: ::std::os::raw::c_uint, + pub __wchb: [::std::os::raw::c_char; 4usize], +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of __mbstate_t__bindgen_ty_1"] + [::std::mem::size_of::<__mbstate_t__bindgen_ty_1>() - 4usize]; + ["Alignment of __mbstate_t__bindgen_ty_1"] + [::std::mem::align_of::<__mbstate_t__bindgen_ty_1>() - 4usize]; + ["Offset of field: __mbstate_t__bindgen_ty_1::__wch"] + [::std::mem::offset_of!(__mbstate_t__bindgen_ty_1, __wch) - 0usize]; + ["Offset of field: __mbstate_t__bindgen_ty_1::__wchb"] + [::std::mem::offset_of!(__mbstate_t__bindgen_ty_1, __wchb) - 0usize]; +}; +impl Default for __mbstate_t__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl ::std::fmt::Debug for __mbstate_t__bindgen_ty_1 { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!(f, "__mbstate_t__bindgen_ty_1 {{ union }}") + } +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of __mbstate_t"][::std::mem::size_of::<__mbstate_t>() - 8usize]; + ["Alignment of __mbstate_t"][::std::mem::align_of::<__mbstate_t>() - 4usize]; + ["Offset of field: __mbstate_t::__count"] + [::std::mem::offset_of!(__mbstate_t, __count) - 0usize]; + ["Offset of field: __mbstate_t::__value"] + [::std::mem::offset_of!(__mbstate_t, __value) - 4usize]; +}; +impl Default for __mbstate_t { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl ::std::fmt::Debug for __mbstate_t { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!( + f, + "__mbstate_t {{ __count: {:?}, __value: {:?} }}", + self.__count, self.__value + ) + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _G_fpos_t { + pub __pos: __off_t, + pub __state: __mbstate_t, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of _G_fpos_t"][::std::mem::size_of::<_G_fpos_t>() - 16usize]; + ["Alignment of _G_fpos_t"][::std::mem::align_of::<_G_fpos_t>() - 8usize]; + ["Offset of field: _G_fpos_t::__pos"][::std::mem::offset_of!(_G_fpos_t, __pos) - 0usize]; + ["Offset of field: _G_fpos_t::__state"][::std::mem::offset_of!(_G_fpos_t, __state) - 8usize]; +}; +impl Default for _G_fpos_t { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl ::std::fmt::Debug for _G_fpos_t { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!( + f, + "_G_fpos_t {{ __pos: {:?}, __state: {:?} }}", + self.__pos, self.__state + ) + } +} +pub type __fpos_t = _G_fpos_t; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _G_fpos64_t { + pub __pos: __off64_t, + pub __state: __mbstate_t, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of _G_fpos64_t"][::std::mem::size_of::<_G_fpos64_t>() - 16usize]; + ["Alignment of _G_fpos64_t"][::std::mem::align_of::<_G_fpos64_t>() - 8usize]; + ["Offset of field: _G_fpos64_t::__pos"][::std::mem::offset_of!(_G_fpos64_t, __pos) - 0usize]; + ["Offset of field: _G_fpos64_t::__state"] + [::std::mem::offset_of!(_G_fpos64_t, __state) - 8usize]; +}; +impl Default for _G_fpos64_t { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl ::std::fmt::Debug for _G_fpos64_t { + fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { + write!( + f, + "_G_fpos64_t {{ __pos: {:?}, __state: {:?} }}", + self.__pos, self.__state + ) + } +} +pub type __fpos64_t = _G_fpos64_t; +pub type __FILE = _IO_FILE; +pub type FILE = _IO_FILE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _IO_marker { + _unused: [u8; 0], +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _IO_codecvt { + _unused: [u8; 0], +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _IO_wide_data { + _unused: [u8; 0], +} +pub type _IO_lock_t = ::std::os::raw::c_void; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _IO_FILE { + pub _flags: ::std::os::raw::c_int, + pub _IO_read_ptr: *mut ::std::os::raw::c_char, + pub _IO_read_end: *mut ::std::os::raw::c_char, + pub _IO_read_base: *mut ::std::os::raw::c_char, + pub _IO_write_base: *mut ::std::os::raw::c_char, + pub _IO_write_ptr: *mut ::std::os::raw::c_char, + pub _IO_write_end: *mut ::std::os::raw::c_char, + pub _IO_buf_base: *mut ::std::os::raw::c_char, + pub _IO_buf_end: *mut ::std::os::raw::c_char, + pub _IO_save_base: *mut ::std::os::raw::c_char, + pub _IO_backup_base: *mut ::std::os::raw::c_char, + pub _IO_save_end: *mut ::std::os::raw::c_char, + pub _markers: *mut _IO_marker, + pub _chain: *mut _IO_FILE, + pub _fileno: ::std::os::raw::c_int, + pub _flags2: ::std::os::raw::c_int, + pub _old_offset: __off_t, + pub _cur_column: ::std::os::raw::c_ushort, + pub _vtable_offset: ::std::os::raw::c_schar, + pub _shortbuf: [::std::os::raw::c_char; 1usize], + pub _lock: *mut _IO_lock_t, + pub _offset: __off64_t, + pub _codecvt: *mut _IO_codecvt, + pub _wide_data: *mut _IO_wide_data, + pub _freeres_list: *mut _IO_FILE, + pub _freeres_buf: *mut ::std::os::raw::c_void, + pub _prevchain: *mut *mut _IO_FILE, + pub _mode: ::std::os::raw::c_int, + pub _unused2: [::std::os::raw::c_char; 20usize], +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of _IO_FILE"][::std::mem::size_of::<_IO_FILE>() - 216usize]; + ["Alignment of _IO_FILE"][::std::mem::align_of::<_IO_FILE>() - 8usize]; + ["Offset of field: _IO_FILE::_flags"][::std::mem::offset_of!(_IO_FILE, _flags) - 0usize]; + ["Offset of field: _IO_FILE::_IO_read_ptr"] + [::std::mem::offset_of!(_IO_FILE, _IO_read_ptr) - 8usize]; + ["Offset of field: _IO_FILE::_IO_read_end"] + [::std::mem::offset_of!(_IO_FILE, _IO_read_end) - 16usize]; + ["Offset of field: _IO_FILE::_IO_read_base"] + [::std::mem::offset_of!(_IO_FILE, _IO_read_base) - 24usize]; + ["Offset of field: _IO_FILE::_IO_write_base"] + [::std::mem::offset_of!(_IO_FILE, _IO_write_base) - 32usize]; + ["Offset of field: _IO_FILE::_IO_write_ptr"] + [::std::mem::offset_of!(_IO_FILE, _IO_write_ptr) - 40usize]; + ["Offset of field: _IO_FILE::_IO_write_end"] + [::std::mem::offset_of!(_IO_FILE, _IO_write_end) - 48usize]; + ["Offset of field: _IO_FILE::_IO_buf_base"] + [::std::mem::offset_of!(_IO_FILE, _IO_buf_base) - 56usize]; + ["Offset of field: _IO_FILE::_IO_buf_end"] + [::std::mem::offset_of!(_IO_FILE, _IO_buf_end) - 64usize]; + ["Offset of field: _IO_FILE::_IO_save_base"] + [::std::mem::offset_of!(_IO_FILE, _IO_save_base) - 72usize]; + ["Offset of field: _IO_FILE::_IO_backup_base"] + [::std::mem::offset_of!(_IO_FILE, _IO_backup_base) - 80usize]; + ["Offset of field: _IO_FILE::_IO_save_end"] + [::std::mem::offset_of!(_IO_FILE, _IO_save_end) - 88usize]; + ["Offset of field: _IO_FILE::_markers"][::std::mem::offset_of!(_IO_FILE, _markers) - 96usize]; + ["Offset of field: _IO_FILE::_chain"][::std::mem::offset_of!(_IO_FILE, _chain) - 104usize]; + ["Offset of field: _IO_FILE::_fileno"][::std::mem::offset_of!(_IO_FILE, _fileno) - 112usize]; + ["Offset of field: _IO_FILE::_flags2"][::std::mem::offset_of!(_IO_FILE, _flags2) - 116usize]; + ["Offset of field: _IO_FILE::_old_offset"] + [::std::mem::offset_of!(_IO_FILE, _old_offset) - 120usize]; + ["Offset of field: _IO_FILE::_cur_column"] + [::std::mem::offset_of!(_IO_FILE, _cur_column) - 128usize]; + ["Offset of field: _IO_FILE::_vtable_offset"] + [::std::mem::offset_of!(_IO_FILE, _vtable_offset) - 130usize]; + ["Offset of field: _IO_FILE::_shortbuf"] + [::std::mem::offset_of!(_IO_FILE, _shortbuf) - 131usize]; + ["Offset of field: _IO_FILE::_lock"][::std::mem::offset_of!(_IO_FILE, _lock) - 136usize]; + ["Offset of field: _IO_FILE::_offset"][::std::mem::offset_of!(_IO_FILE, _offset) - 144usize]; + ["Offset of field: _IO_FILE::_codecvt"][::std::mem::offset_of!(_IO_FILE, _codecvt) - 152usize]; + ["Offset of field: _IO_FILE::_wide_data"] + [::std::mem::offset_of!(_IO_FILE, _wide_data) - 160usize]; + ["Offset of field: _IO_FILE::_freeres_list"] + [::std::mem::offset_of!(_IO_FILE, _freeres_list) - 168usize]; + ["Offset of field: _IO_FILE::_freeres_buf"] + [::std::mem::offset_of!(_IO_FILE, _freeres_buf) - 176usize]; + ["Offset of field: _IO_FILE::_prevchain"] + [::std::mem::offset_of!(_IO_FILE, _prevchain) - 184usize]; + ["Offset of field: _IO_FILE::_mode"][::std::mem::offset_of!(_IO_FILE, _mode) - 192usize]; + ["Offset of field: _IO_FILE::_unused2"][::std::mem::offset_of!(_IO_FILE, _unused2) - 196usize]; +}; +impl Default for _IO_FILE { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type cookie_read_function_t = ::std::option::Option< + unsafe extern "C" fn( + __cookie: *mut ::std::os::raw::c_void, + __buf: *mut ::std::os::raw::c_char, + __nbytes: usize, + ) -> __ssize_t, +>; +pub type cookie_write_function_t = ::std::option::Option< + unsafe extern "C" fn( + __cookie: *mut ::std::os::raw::c_void, + __buf: *const ::std::os::raw::c_char, + __nbytes: usize, + ) -> __ssize_t, +>; +pub type cookie_seek_function_t = ::std::option::Option< + unsafe extern "C" fn( + __cookie: *mut ::std::os::raw::c_void, + __pos: *mut __off64_t, + __w: ::std::os::raw::c_int, + ) -> ::std::os::raw::c_int, +>; +pub type cookie_close_function_t = ::std::option::Option< + unsafe extern "C" fn(__cookie: *mut ::std::os::raw::c_void) -> ::std::os::raw::c_int, +>; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IO_cookie_io_functions_t { + pub read: cookie_read_function_t, + pub write: cookie_write_function_t, + pub seek: cookie_seek_function_t, + pub close: cookie_close_function_t, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of _IO_cookie_io_functions_t"] + [::std::mem::size_of::<_IO_cookie_io_functions_t>() - 32usize]; + ["Alignment of _IO_cookie_io_functions_t"] + [::std::mem::align_of::<_IO_cookie_io_functions_t>() - 8usize]; + ["Offset of field: _IO_cookie_io_functions_t::read"] + [::std::mem::offset_of!(_IO_cookie_io_functions_t, read) - 0usize]; + ["Offset of field: _IO_cookie_io_functions_t::write"] + [::std::mem::offset_of!(_IO_cookie_io_functions_t, write) - 8usize]; + ["Offset of field: _IO_cookie_io_functions_t::seek"] + [::std::mem::offset_of!(_IO_cookie_io_functions_t, seek) - 16usize]; + ["Offset of field: _IO_cookie_io_functions_t::close"] + [::std::mem::offset_of!(_IO_cookie_io_functions_t, close) - 24usize]; +}; +pub type cookie_io_functions_t = _IO_cookie_io_functions_t; +pub type off_t = __off_t; +pub type fpos_t = __fpos_t; +unsafe extern "C" { + pub static mut stdin: *mut FILE; +} +unsafe extern "C" { + pub static mut stdout: *mut FILE; +} +unsafe extern "C" { + pub static mut stderr: *mut FILE; +} +unsafe extern "C" { + pub fn remove(__filename: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn rename( + __old: *const ::std::os::raw::c_char, + __new: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn renameat( + __oldfd: ::std::os::raw::c_int, + __old: *const ::std::os::raw::c_char, + __newfd: ::std::os::raw::c_int, + __new: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fclose(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn tmpfile() -> *mut FILE; +} +unsafe extern "C" { + pub fn tmpnam(arg1: *mut ::std::os::raw::c_char) -> *mut ::std::os::raw::c_char; +} +unsafe extern "C" { + pub fn tmpnam_r(__s: *mut ::std::os::raw::c_char) -> *mut ::std::os::raw::c_char; +} +unsafe extern "C" { + pub fn tempnam( + __dir: *const ::std::os::raw::c_char, + __pfx: *const ::std::os::raw::c_char, + ) -> *mut ::std::os::raw::c_char; +} +unsafe extern "C" { + pub fn fflush(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fflush_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fopen( + __filename: *const ::std::os::raw::c_char, + __modes: *const ::std::os::raw::c_char, + ) -> *mut FILE; +} +unsafe extern "C" { + pub fn freopen( + __filename: *const ::std::os::raw::c_char, + __modes: *const ::std::os::raw::c_char, + __stream: *mut FILE, + ) -> *mut FILE; +} +unsafe extern "C" { + pub fn fdopen(__fd: ::std::os::raw::c_int, __modes: *const ::std::os::raw::c_char) + -> *mut FILE; +} +unsafe extern "C" { + pub fn fopencookie( + __magic_cookie: *mut ::std::os::raw::c_void, + __modes: *const ::std::os::raw::c_char, + __io_funcs: cookie_io_functions_t, + ) -> *mut FILE; +} +unsafe extern "C" { + pub fn fmemopen( + __s: *mut ::std::os::raw::c_void, + __len: usize, + __modes: *const ::std::os::raw::c_char, + ) -> *mut FILE; +} +unsafe extern "C" { + pub fn open_memstream( + __bufloc: *mut *mut ::std::os::raw::c_char, + __sizeloc: *mut usize, + ) -> *mut FILE; +} +unsafe extern "C" { + pub fn setbuf(__stream: *mut FILE, __buf: *mut ::std::os::raw::c_char); +} +unsafe extern "C" { + pub fn setvbuf( + __stream: *mut FILE, + __buf: *mut ::std::os::raw::c_char, + __modes: ::std::os::raw::c_int, + __n: usize, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn setbuffer(__stream: *mut FILE, __buf: *mut ::std::os::raw::c_char, __size: usize); +} +unsafe extern "C" { + pub fn setlinebuf(__stream: *mut FILE); +} +unsafe extern "C" { + pub fn fprintf( + __stream: *mut FILE, + __format: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn printf(__format: *const ::std::os::raw::c_char, ...) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn sprintf( + __s: *mut ::std::os::raw::c_char, + __format: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn vfprintf( + __s: *mut FILE, + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn vprintf( + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn vsprintf( + __s: *mut ::std::os::raw::c_char, + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn snprintf( + __s: *mut ::std::os::raw::c_char, + __maxlen: ::std::os::raw::c_ulong, + __format: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn vsnprintf( + __s: *mut ::std::os::raw::c_char, + __maxlen: ::std::os::raw::c_ulong, + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn vasprintf( + __ptr: *mut *mut ::std::os::raw::c_char, + __f: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn __asprintf( + __ptr: *mut *mut ::std::os::raw::c_char, + __fmt: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn asprintf( + __ptr: *mut *mut ::std::os::raw::c_char, + __fmt: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn vdprintf( + __fd: ::std::os::raw::c_int, + __fmt: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn dprintf( + __fd: ::std::os::raw::c_int, + __fmt: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fscanf( + __stream: *mut FILE, + __format: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn scanf(__format: *const ::std::os::raw::c_char, ...) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn sscanf( + __s: *const ::std::os::raw::c_char, + __format: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +pub type _Float32 = f32; +pub type _Float64 = f64; +pub type _Float32x = f64; +pub type _Float64x = u128; +unsafe extern "C" { + #[link_name = "\u{1}__isoc99_fscanf"] + pub fn fscanf1( + __stream: *mut FILE, + __format: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + #[link_name = "\u{1}__isoc99_scanf"] + pub fn scanf1(__format: *const ::std::os::raw::c_char, ...) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + #[link_name = "\u{1}__isoc99_sscanf"] + pub fn sscanf1( + __s: *const ::std::os::raw::c_char, + __format: *const ::std::os::raw::c_char, + ... + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn vfscanf( + __s: *mut FILE, + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn vscanf( + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn vsscanf( + __s: *const ::std::os::raw::c_char, + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + #[link_name = "\u{1}__isoc99_vfscanf"] + pub fn vfscanf1( + __s: *mut FILE, + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + #[link_name = "\u{1}__isoc99_vscanf"] + pub fn vscanf1( + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + #[link_name = "\u{1}__isoc99_vsscanf"] + pub fn vsscanf1( + __s: *const ::std::os::raw::c_char, + __format: *const ::std::os::raw::c_char, + __arg: *mut __va_list_tag, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fgetc(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn getc(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn getchar() -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn getc_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn getchar_unlocked() -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fgetc_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fputc(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn putc(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn putchar(__c: ::std::os::raw::c_int) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fputc_unlocked(__c: ::std::os::raw::c_int, __stream: *mut FILE) + -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn putc_unlocked(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn putchar_unlocked(__c: ::std::os::raw::c_int) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn getw(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn putw(__w: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fgets( + __s: *mut ::std::os::raw::c_char, + __n: ::std::os::raw::c_int, + __stream: *mut FILE, + ) -> *mut ::std::os::raw::c_char; +} +unsafe extern "C" { + pub fn __getdelim( + __lineptr: *mut *mut ::std::os::raw::c_char, + __n: *mut usize, + __delimiter: ::std::os::raw::c_int, + __stream: *mut FILE, + ) -> __ssize_t; +} +unsafe extern "C" { + pub fn getdelim( + __lineptr: *mut *mut ::std::os::raw::c_char, + __n: *mut usize, + __delimiter: ::std::os::raw::c_int, + __stream: *mut FILE, + ) -> __ssize_t; +} +unsafe extern "C" { + pub fn getline( + __lineptr: *mut *mut ::std::os::raw::c_char, + __n: *mut usize, + __stream: *mut FILE, + ) -> __ssize_t; +} +unsafe extern "C" { + pub fn fputs(__s: *const ::std::os::raw::c_char, __stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn puts(__s: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn ungetc(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fread( + __ptr: *mut ::std::os::raw::c_void, + __size: ::std::os::raw::c_ulong, + __n: ::std::os::raw::c_ulong, + __stream: *mut FILE, + ) -> ::std::os::raw::c_ulong; +} +unsafe extern "C" { + pub fn fwrite( + __ptr: *const ::std::os::raw::c_void, + __size: ::std::os::raw::c_ulong, + __n: ::std::os::raw::c_ulong, + __s: *mut FILE, + ) -> ::std::os::raw::c_ulong; +} +unsafe extern "C" { + pub fn fread_unlocked( + __ptr: *mut ::std::os::raw::c_void, + __size: usize, + __n: usize, + __stream: *mut FILE, + ) -> usize; +} +unsafe extern "C" { + pub fn fwrite_unlocked( + __ptr: *const ::std::os::raw::c_void, + __size: usize, + __n: usize, + __stream: *mut FILE, + ) -> usize; +} +unsafe extern "C" { + pub fn fseek( + __stream: *mut FILE, + __off: ::std::os::raw::c_long, + __whence: ::std::os::raw::c_int, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn ftell(__stream: *mut FILE) -> ::std::os::raw::c_long; +} +unsafe extern "C" { + pub fn rewind(__stream: *mut FILE); +} +unsafe extern "C" { + pub fn fseeko( + __stream: *mut FILE, + __off: __off_t, + __whence: ::std::os::raw::c_int, + ) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn ftello(__stream: *mut FILE) -> __off_t; +} +unsafe extern "C" { + pub fn fgetpos(__stream: *mut FILE, __pos: *mut fpos_t) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fsetpos(__stream: *mut FILE, __pos: *const fpos_t) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn clearerr(__stream: *mut FILE); +} +unsafe extern "C" { + pub fn feof(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn ferror(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn clearerr_unlocked(__stream: *mut FILE); +} +unsafe extern "C" { + pub fn feof_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn ferror_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn perror(__s: *const ::std::os::raw::c_char); +} +unsafe extern "C" { + pub fn fileno(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn fileno_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn pclose(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn popen( + __command: *const ::std::os::raw::c_char, + __modes: *const ::std::os::raw::c_char, + ) -> *mut FILE; +} +unsafe extern "C" { + pub fn ctermid(__s: *mut ::std::os::raw::c_char) -> *mut ::std::os::raw::c_char; +} +unsafe extern "C" { + pub fn flockfile(__stream: *mut FILE); +} +unsafe extern "C" { + pub fn ftrylockfile(__stream: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn funlockfile(__stream: *mut FILE); +} +unsafe extern "C" { + pub fn __uflow(arg1: *mut FILE) -> ::std::os::raw::c_int; +} +unsafe extern "C" { + pub fn __overflow(arg1: *mut FILE, arg2: ::std::os::raw::c_int) -> ::std::os::raw::c_int; +} +pub type int_least8_t = __int_least8_t; +pub type int_least16_t = __int_least16_t; +pub type int_least32_t = __int_least32_t; +pub type int_least64_t = __int_least64_t; +pub type uint_least8_t = __uint_least8_t; +pub type uint_least16_t = __uint_least16_t; +pub type uint_least32_t = __uint_least32_t; +pub type uint_least64_t = __uint_least64_t; +pub type int_fast8_t = ::std::os::raw::c_schar; +pub type int_fast16_t = ::std::os::raw::c_long; +pub type int_fast32_t = ::std::os::raw::c_long; +pub type int_fast64_t = ::std::os::raw::c_long; +pub type uint_fast8_t = ::std::os::raw::c_uchar; +pub type uint_fast16_t = ::std::os::raw::c_ulong; +pub type uint_fast32_t = ::std::os::raw::c_ulong; +pub type uint_fast64_t = ::std::os::raw::c_ulong; +pub type intmax_t = __intmax_t; +pub type uintmax_t = __uintmax_t; +#[repr(C)] +#[derive(Debug, Default)] +pub struct kAFL_payload { + pub size: i32, + pub data: __IncompleteArrayField, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of kAFL_payload"][::std::mem::size_of::() - 4usize]; + ["Alignment of kAFL_payload"][::std::mem::align_of::() - 4usize]; + ["Offset of field: kAFL_payload::size"][::std::mem::offset_of!(kAFL_payload, size) - 0usize]; + ["Offset of field: kAFL_payload::data"][::std::mem::offset_of!(kAFL_payload, data) - 4usize]; +}; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct kAFL_ranges { + pub ip: [u64; 4usize], + pub size: [u64; 4usize], + pub enabled: [u8; 4usize], +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of kAFL_ranges"][::std::mem::size_of::() - 72usize]; + ["Alignment of kAFL_ranges"][::std::mem::align_of::() - 8usize]; + ["Offset of field: kAFL_ranges::ip"][::std::mem::offset_of!(kAFL_ranges, ip) - 0usize]; + ["Offset of field: kAFL_ranges::size"][::std::mem::offset_of!(kAFL_ranges, size) - 32usize]; + ["Offset of field: kAFL_ranges::enabled"] + [::std::mem::offset_of!(kAFL_ranges, enabled) - 64usize]; +}; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct host_config_t { + pub host_magic: u32, + pub host_version: u32, + pub bitmap_size: u32, + pub ijon_bitmap_size: u32, + pub payload_buffer_size: u32, + pub worker_id: u32, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of host_config_t"][::std::mem::size_of::() - 24usize]; + ["Alignment of host_config_t"][::std::mem::align_of::() - 1usize]; + ["Offset of field: host_config_t::host_magic"] + [::std::mem::offset_of!(host_config_t, host_magic) - 0usize]; + ["Offset of field: host_config_t::host_version"] + [::std::mem::offset_of!(host_config_t, host_version) - 4usize]; + ["Offset of field: host_config_t::bitmap_size"] + [::std::mem::offset_of!(host_config_t, bitmap_size) - 8usize]; + ["Offset of field: host_config_t::ijon_bitmap_size"] + [::std::mem::offset_of!(host_config_t, ijon_bitmap_size) - 12usize]; + ["Offset of field: host_config_t::payload_buffer_size"] + [::std::mem::offset_of!(host_config_t, payload_buffer_size) - 16usize]; + ["Offset of field: host_config_t::worker_id"] + [::std::mem::offset_of!(host_config_t, worker_id) - 20usize]; +}; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct agent_config_t { + pub agent_magic: u32, + pub agent_version: u32, + pub agent_timeout_detection: u8, + pub agent_tracing: u8, + pub agent_ijon_tracing: u8, + pub agent_non_reload_mode: u8, + pub trace_buffer_vaddr: u64, + pub ijon_trace_buffer_vaddr: u64, + pub coverage_bitmap_size: u32, + pub input_buffer_size: u32, + pub dump_payloads: u8, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of agent_config_t"][::std::mem::size_of::() - 37usize]; + ["Alignment of agent_config_t"][::std::mem::align_of::() - 1usize]; + ["Offset of field: agent_config_t::agent_magic"] + [::std::mem::offset_of!(agent_config_t, agent_magic) - 0usize]; + ["Offset of field: agent_config_t::agent_version"] + [::std::mem::offset_of!(agent_config_t, agent_version) - 4usize]; + ["Offset of field: agent_config_t::agent_timeout_detection"] + [::std::mem::offset_of!(agent_config_t, agent_timeout_detection) - 8usize]; + ["Offset of field: agent_config_t::agent_tracing"] + [::std::mem::offset_of!(agent_config_t, agent_tracing) - 9usize]; + ["Offset of field: agent_config_t::agent_ijon_tracing"] + [::std::mem::offset_of!(agent_config_t, agent_ijon_tracing) - 10usize]; + ["Offset of field: agent_config_t::agent_non_reload_mode"] + [::std::mem::offset_of!(agent_config_t, agent_non_reload_mode) - 11usize]; + ["Offset of field: agent_config_t::trace_buffer_vaddr"] + [::std::mem::offset_of!(agent_config_t, trace_buffer_vaddr) - 12usize]; + ["Offset of field: agent_config_t::ijon_trace_buffer_vaddr"] + [::std::mem::offset_of!(agent_config_t, ijon_trace_buffer_vaddr) - 20usize]; + ["Offset of field: agent_config_t::coverage_bitmap_size"] + [::std::mem::offset_of!(agent_config_t, coverage_bitmap_size) - 28usize]; + ["Offset of field: agent_config_t::input_buffer_size"] + [::std::mem::offset_of!(agent_config_t, input_buffer_size) - 32usize]; + ["Offset of field: agent_config_t::dump_payloads"] + [::std::mem::offset_of!(agent_config_t, dump_payloads) - 36usize]; +}; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone)] +pub struct kafl_dump_file_t { + pub file_name_str_ptr: u64, + pub data_ptr: u64, + pub bytes: u64, + pub append: u8, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of kafl_dump_file_t"][::std::mem::size_of::() - 25usize]; + ["Alignment of kafl_dump_file_t"][::std::mem::align_of::() - 1usize]; + ["Offset of field: kafl_dump_file_t::file_name_str_ptr"] + [::std::mem::offset_of!(kafl_dump_file_t, file_name_str_ptr) - 0usize]; + ["Offset of field: kafl_dump_file_t::data_ptr"] + [::std::mem::offset_of!(kafl_dump_file_t, data_ptr) - 8usize]; + ["Offset of field: kafl_dump_file_t::bytes"] + [::std::mem::offset_of!(kafl_dump_file_t, bytes) - 16usize]; + ["Offset of field: kafl_dump_file_t::append"] + [::std::mem::offset_of!(kafl_dump_file_t, append) - 24usize]; +}; +#[repr(C, packed)] +#[derive(Debug, Copy, Clone)] +pub struct req_data_bulk_t { + pub file_name: [::std::os::raw::c_char; 256usize], + pub num_addresses: u64, + pub addresses: [u64; 479usize], +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of req_data_bulk_t"][::std::mem::size_of::() - 4096usize]; + ["Alignment of req_data_bulk_t"][::std::mem::align_of::() - 1usize]; + ["Offset of field: req_data_bulk_t::file_name"] + [::std::mem::offset_of!(req_data_bulk_t, file_name) - 0usize]; + ["Offset of field: req_data_bulk_t::num_addresses"] + [::std::mem::offset_of!(req_data_bulk_t, num_addresses) - 256usize]; + ["Offset of field: req_data_bulk_t::addresses"] + [::std::mem::offset_of!(req_data_bulk_t, addresses) - 264usize]; +}; +impl Default for req_data_bulk_t { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type __builtin_va_list = [__va_list_tag; 1usize]; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct __va_list_tag { + pub gp_offset: ::std::os::raw::c_uint, + pub fp_offset: ::std::os::raw::c_uint, + pub overflow_arg_area: *mut ::std::os::raw::c_void, + pub reg_save_area: *mut ::std::os::raw::c_void, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of __va_list_tag"][::std::mem::size_of::<__va_list_tag>() - 24usize]; + ["Alignment of __va_list_tag"][::std::mem::align_of::<__va_list_tag>() - 8usize]; + ["Offset of field: __va_list_tag::gp_offset"] + [::std::mem::offset_of!(__va_list_tag, gp_offset) - 0usize]; + ["Offset of field: __va_list_tag::fp_offset"] + [::std::mem::offset_of!(__va_list_tag, fp_offset) - 4usize]; + ["Offset of field: __va_list_tag::overflow_arg_area"] + [::std::mem::offset_of!(__va_list_tag, overflow_arg_area) - 8usize]; + ["Offset of field: __va_list_tag::reg_save_area"] + [::std::mem::offset_of!(__va_list_tag, reg_save_area) - 16usize]; +}; +impl Default for __va_list_tag { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} diff --git a/libafl_qemu/src/command/mod.rs b/libafl_qemu/src/command/mod.rs index 25e64f5329..602cef26e9 100644 --- a/libafl_qemu/src/command/mod.rs +++ b/libafl_qemu/src/command/mod.rs @@ -32,6 +32,8 @@ use crate::{ IsSnapshotManager, Qemu, QemuMemoryChunk, QemuRWError, Regs, StdEmulatorDriver, CPU, }; +#[cfg(any(cpu_target = "i386", cpu_target = "x86_64"))] +pub mod nyx; pub mod parser; mod bindings { diff --git a/libafl_qemu/src/command/nyx.rs b/libafl_qemu/src/command/nyx.rs new file mode 100644 index 0000000000..06b0d9fc41 --- /dev/null +++ b/libafl_qemu/src/command/nyx.rs @@ -0,0 +1,532 @@ +//! # Nyx API Command handlers +//! +//! Nyx command handlers. +//! Makes it possible to run Nyx targets in `LibAFL` QEMU. +//! The [Nyx API](https://github.com/IntelLabs/kafl.targets/blob/master/nyx_api.h) refers to the hypercalls used in Nyx to communicate with the fuzzer, not to the fuzzer itself. +//! This is mostly a convenient way to run Nyx-compatible targets in `LibAFL` QEMU directly, without having to change a single bit of the target files. + +use std::{ + fmt, + fmt::{Debug, Formatter}, + marker::PhantomData, + mem::offset_of, + ptr, + slice::from_raw_parts, +}; + +use enum_map::EnumMap; +use libafl::{ + executors::ExitKind, + inputs::{HasTargetBytes, UsesInput}, +}; +use libafl_qemu_sys::GuestVirtAddr; +use libc::c_uint; +use paste::paste; + +use crate::{ + command::{ + parser::nyx::{ + AcquireCommandParser, GetHostConfigCommandParser, GetPayloadCommandParser, + NextPayloadCommandParser, PrintfCommandParser, ReleaseCommandParser, + SetAgentConfigCommandParser, + }, + CommandError, CommandManager, IsCommand, NativeCommandParser, + }, + get_exit_arch_regs, + modules::EmulatorModuleTuple, + sync_exit::ExitArgs, + Emulator, EmulatorDriverError, EmulatorDriverResult, GuestReg, InputLocation, + IsSnapshotManager, NyxEmulatorDriver, Qemu, QemuMemoryChunk, Regs, +}; + +pub(crate) mod bindings { + #![allow(non_upper_case_globals)] + #![allow(non_camel_case_types)] + #![allow(non_snake_case)] + #![allow(improper_ctypes)] + #![allow(unused_mut)] + #![allow(unused)] + #![allow(unused_variables)] + #![allow(clippy::all)] + #![allow(clippy::pedantic)] + + include!(concat!(env!("OUT_DIR"), "/nyx_bindings.rs")); +} + +macro_rules! define_nyx_command_manager { + ($name:ident, [$($command:ty),+], [$($native_command_parser:ty),+]) => { + paste! { + pub struct $name { + has_started: bool, + phantom: PhantomData, + } + + impl Clone for $name { + fn clone(&self) -> Self { + Self { + has_started: self.has_started, + phantom: PhantomData, + } + } + } + + impl Debug for $name { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + write!(f, "{} (has started? {:?})", stringify!($name), self.has_started) + } + } + + impl Default for $name { + fn default() -> Self { + Self { + has_started: false, + phantom: PhantomData, + } + } + } + + impl $name { + fn start(&mut self) -> bool { + let tmp = self.has_started; + self.has_started = true; + tmp + } + + fn has_started(&self) -> bool { + self.has_started + } + } + + impl CommandManager for $name + where + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + S::Input: HasTargetBytes, + SM: IsSnapshotManager, + { + type Commands = [<$name Commands>]; + + #[deny(unreachable_patterns)] + fn parse(&self, qemu: Qemu) -> Result { + let arch_regs_map: &'static EnumMap = get_exit_arch_regs(); + let nyx_backdoor = qemu.read_reg(arch_regs_map[ExitArgs::Cmd])? as c_uint; + + // Check nyx backdoor correctness + debug_assert_eq!(nyx_backdoor, 0x1f); + + let cmd_id = qemu.read_reg(arch_regs_map[ExitArgs::Arg1])? as c_uint; + + match cmd_id { + // >::COMMAND_ID => Ok(StdCommandManagerCommands::StartPhysCommandParserCmd(>::parse(qemu, arch_regs_map)?)), + $(<$native_command_parser as NativeCommandParser>::COMMAND_ID => Ok(<$native_command_parser as NativeCommandParser>::parse(qemu, arch_regs_map)?.into())),+, + _ => Err(CommandError::UnknownCommand(cmd_id.into())), + } + } + } + + #[derive(Clone, Debug)] + pub enum [<$name Commands>] + { + // StartPhysCommand(StartPhysCommand) + $($command($command)),+, + } + + impl IsCommand<$name, NyxEmulatorDriver, ET, S, SM> for [<$name Commands>] + where + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + S::Input: HasTargetBytes, + SM: IsSnapshotManager, + { + fn usable_at_runtime(&self) -> bool { + match self { + $([<$name Commands>]::$command(cmd) => <$command as IsCommand<$name, NyxEmulatorDriver, ET, S, SM>>::usable_at_runtime(cmd)),+ + } + } + + fn run(&self, + emu: &mut Emulator<$name, NyxEmulatorDriver, ET, S, SM>, + state: &mut S, + input: &S::Input, + ret_reg: Option + ) -> Result, NyxEmulatorDriver, ET, S, SM>>, EmulatorDriverError> { + match self { + $([<$name Commands>]::$command(cmd) => cmd.run(emu, state, input, ret_reg)),+ + } + } + } + + $( + impl From<$command> for [<$name Commands>] { + fn from(cmd: $command) -> [<$name Commands>] { + [<$name Commands>]::$command(cmd) + } + } + )+ + } + }; +} + +define_nyx_command_manager!( + NyxCommandManager, + [ + AcquireCommand, + ReleaseCommand, + GetHostConfigCommand, + SetAgentConfigCommand, + PrintfCommand, + GetPayloadCommand, + NextPayloadCommand + ], + [ + AcquireCommandParser, + ReleaseCommandParser, + GetHostConfigCommandParser, + SetAgentConfigCommandParser, + PrintfCommandParser, + GetPayloadCommandParser, + NextPayloadCommandParser + ] +); + +#[derive(Debug, Clone)] +pub struct AcquireCommand; +impl IsCommand for AcquireCommand +where + CM: CommandManager, + S: UsesInput, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + _emu: &mut Emulator, + _state: &mut S, + _input: &S::Input, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct GetPayloadCommand { + input_struct_location: GuestVirtAddr, +} + +impl GetPayloadCommand { + #[must_use] + pub fn new(input_struct_location: GuestVirtAddr) -> Self { + Self { + input_struct_location, + } + } +} + +impl IsCommand, NyxEmulatorDriver, ET, S, SM> for GetPayloadCommand +where + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + S::Input: HasTargetBytes, + SM: IsSnapshotManager, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + emu: &mut Emulator, NyxEmulatorDriver, ET, S, SM>, + _state: &mut S, + _input: &S::Input, + _ret_reg: Option, + ) -> Result< + Option, NyxEmulatorDriver, ET, S, SM>>, + EmulatorDriverError, + > { + let qemu = emu.qemu(); + + let struct_addr = self.input_struct_location; + let input_addr = + self.input_struct_location + offset_of!(bindings::kAFL_payload, data) as GuestVirtAddr; + + let payload_struct_mem_chunk = QemuMemoryChunk::virt( + struct_addr, + size_of::() as GuestReg, + qemu.current_cpu().unwrap(), + ); + let payload_mem_chunk = QemuMemoryChunk::virt( + input_addr, + emu.driver().max_input_size() as GuestReg, + qemu.current_cpu().unwrap(), + ); + + // Save input struct location for next runs + emu.driver_mut() + .set_input_struct_location(InputLocation::new( + payload_struct_mem_chunk, + qemu.current_cpu().unwrap(), + None, + )) + .unwrap(); + + // Save input location for next runs + emu.driver_mut() + .set_input_location(InputLocation::new( + payload_mem_chunk, + qemu.current_cpu().unwrap(), + None, + )) + .unwrap(); + + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct NextPayloadCommand; + +impl IsCommand, NyxEmulatorDriver, ET, S, SM> for NextPayloadCommand +where + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + S::Input: HasTargetBytes, + SM: IsSnapshotManager, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + emu: &mut Emulator, NyxEmulatorDriver, ET, S, SM>, + state: &mut S, + input: &S::Input, + _ret_reg: Option, + ) -> Result< + Option, NyxEmulatorDriver, ET, S, SM>>, + EmulatorDriverError, + > { + if emu.command_manager_mut().start() { + return Err(EmulatorDriverError::CommandError( + CommandError::StartedTwice, + )); + } + + let qemu = emu.qemu(); + + // Snapshot VM + let snapshot_id = emu.snapshot_manager_mut().save(qemu); + + // Set snapshot ID to restore to after fuzzing ends + emu.driver_mut() + .set_snapshot_id(snapshot_id) + .map_err(|_| EmulatorDriverError::MultipleSnapshotDefinition)?; + + // write nyx input to vm + emu.driver().write_input(qemu, input)?; + + // Unleash hooks if locked + if emu.driver_mut().unlock_hooks() { + // Prepare hooks + emu.modules_mut().first_exec_all(qemu, state); + emu.modules_mut().pre_exec_all(qemu, state, input); + } + + // Auto page filtering if option is enabled + #[cfg(feature = "systemmode")] + if emu.driver_mut().allow_page_on_start() { + if let Some(page_id) = qemu.current_cpu().unwrap().current_paging_id() { + emu.modules_mut().modules_mut().allow_page_id_all(page_id); + } + } + + #[cfg(feature = "x86_64")] + if emu.driver_mut().is_process_only() { + emu.modules_mut() + .modules_mut() + .allow_address_range_all(crate::PROCESS_ADDRESS_RANGE); + } + + // Make sure JIT cache is empty just before starting + qemu.flush_jit(); + + log::info!("Fuzzing starts"); + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct ReleaseCommand; +impl IsCommand, NyxEmulatorDriver, ET, S, SM> for ReleaseCommand +where + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + S::Input: HasTargetBytes, + SM: IsSnapshotManager, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + emu: &mut Emulator, NyxEmulatorDriver, ET, S, SM>, + _state: &mut S, + _input: &S::Input, + _ret_reg: Option, + ) -> Result< + Option, NyxEmulatorDriver, ET, S, SM>>, + EmulatorDriverError, + > { + let qemu = emu.qemu(); + + if emu.command_manager().has_started() { + let snapshot_id = emu + .driver_mut() + .snapshot_id() + .ok_or(EmulatorDriverError::SnapshotNotFound)?; + + emu.snapshot_manager_mut().restore(qemu, &snapshot_id)?; + + #[cfg(feature = "paranoid_debug")] + emu.snapshot_manager_mut().check(qemu, &snapshot_id)?; + + Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Ok))) + } else { + Ok(None) + } + } +} + +#[derive(Debug, Clone)] +pub struct GetHostConfigCommand { + host_config_location: QemuMemoryChunk, +} + +impl GetHostConfigCommand { + #[must_use] + pub fn new(host_config_location: QemuMemoryChunk) -> Self { + Self { + host_config_location, + } + } +} + +impl IsCommand for GetHostConfigCommand +where + CM: CommandManager, + S: UsesInput, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + emu: &mut Emulator, + _state: &mut S, + _input: &S::Input, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + // TODO: check this against fuzzer code + let host_config = bindings::host_config_t { + bitmap_size: 0, + ijon_bitmap_size: 0, + payload_buffer_size: 0, + worker_id: 0, + host_magic: bindings::NYX_HOST_MAGIC, + host_version: bindings::NYX_HOST_VERSION, + }; + + let host_config_buf = unsafe { + from_raw_parts( + ptr::from_ref(&host_config) as *const u8, + size_of::(), + ) + }; + + let qemu = emu.qemu(); + + self.host_config_location + .write(qemu, host_config_buf) + .unwrap(); + + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct PrintfCommand { + content: String, +} + +impl PrintfCommand { + #[must_use] + pub fn new(content: String) -> Self { + Self { content } + } +} + +impl IsCommand for PrintfCommand +where + CM: CommandManager, + S: UsesInput, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + _emu: &mut Emulator, + _state: &mut S, + _input: &S::Input, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + println!("hprintf: {}", self.content); + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct SetAgentConfigCommand { + agent_config: bindings::agent_config_t, +} + +impl SetAgentConfigCommand { + #[must_use] + pub fn new(agent_config: bindings::agent_config_t) -> Self { + Self { agent_config } + } +} + +impl IsCommand for SetAgentConfigCommand +where + CM: CommandManager, + S: UsesInput, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + _emu: &mut Emulator, + _state: &mut S, + _input: &S::Input, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + let agent_magic = self.agent_config.agent_magic; + let agent_version = self.agent_config.agent_version; + + assert_eq!(agent_magic, bindings::NYX_AGENT_MAGIC); + assert_eq!(agent_version, bindings::NYX_AGENT_VERSION); + + // TODO: use agent config + + Ok(None) + } +} diff --git a/libafl_qemu/src/command/parser.rs b/libafl_qemu/src/command/parser/mod.rs similarity index 99% rename from libafl_qemu/src/command/parser.rs rename to libafl_qemu/src/command/parser/mod.rs index 8183cafb4a..476245678f 100644 --- a/libafl_qemu/src/command/parser.rs +++ b/libafl_qemu/src/command/parser/mod.rs @@ -20,6 +20,9 @@ use crate::{ GuestReg, IsSnapshotManager, Qemu, QemuMemoryChunk, Regs, StdEmulatorDriver, }; +#[cfg(any(cpu_target = "i386", cpu_target = "x86_64"))] +pub mod nyx; + pub static EMU_EXIT_KIND_MAP: OnceLock>> = OnceLock::new(); pub trait NativeCommandParser diff --git a/libafl_qemu/src/command/parser/nyx.rs b/libafl_qemu/src/command/parser/nyx.rs new file mode 100644 index 0000000000..5fa074186a --- /dev/null +++ b/libafl_qemu/src/command/parser/nyx.rs @@ -0,0 +1,189 @@ +use std::{ffi::CStr, mem::transmute, sync::OnceLock}; + +use enum_map::EnumMap; +use libafl::{ + executors::ExitKind, + inputs::{HasTargetBytes, UsesInput}, +}; +use libafl_qemu_sys::GuestVirtAddr; +use libc::c_uint; + +use crate::{ + command::{ + nyx::{ + bindings, AcquireCommand, GetHostConfigCommand, GetPayloadCommand, NextPayloadCommand, + NyxCommandManager, PrintfCommand, ReleaseCommand, SetAgentConfigCommand, + }, + parser::NativeCommandParser, + CommandError, CommandManager, NativeExitKind, + }, + modules::EmulatorModuleTuple, + sync_exit::ExitArgs, + IsSnapshotManager, NyxEmulatorDriver, Qemu, QemuMemoryChunk, Regs, +}; + +pub static EMU_EXIT_KIND_MAP: OnceLock>> = OnceLock::new(); + +pub struct AcquireCommandParser; +impl NativeCommandParser for AcquireCommandParser +where + CM: CommandManager, + S: UsesInput, + S::Input: HasTargetBytes, +{ + type OutputCommand = AcquireCommand; + + const COMMAND_ID: c_uint = bindings::HYPERCALL_KAFL_ACQUIRE; + + fn parse( + _qemu: Qemu, + _arch_regs_map: &'static EnumMap, + ) -> Result { + Ok(AcquireCommand) + } +} + +pub struct GetPayloadCommandParser; +impl NativeCommandParser, NyxEmulatorDriver, ET, S, SM> + for GetPayloadCommandParser +where + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + S::Input: HasTargetBytes, + SM: IsSnapshotManager, +{ + type OutputCommand = GetPayloadCommand; + + const COMMAND_ID: c_uint = bindings::HYPERCALL_KAFL_GET_PAYLOAD; + + fn parse( + qemu: Qemu, + arch_regs_map: &'static EnumMap, + ) -> Result { + let payload_addr = qemu.read_reg(arch_regs_map[ExitArgs::Arg2]).unwrap() as GuestVirtAddr; + + Ok(GetPayloadCommand::new(payload_addr)) + } +} + +pub struct NextPayloadCommandParser; +impl NativeCommandParser, NyxEmulatorDriver, ET, S, SM> + for NextPayloadCommandParser +where + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + S::Input: HasTargetBytes, + SM: IsSnapshotManager, +{ + type OutputCommand = NextPayloadCommand; + + const COMMAND_ID: c_uint = bindings::HYPERCALL_KAFL_NEXT_PAYLOAD; + + fn parse( + _qemu: Qemu, + _arch_regs_map: &'static EnumMap, + ) -> Result { + Ok(NextPayloadCommand) + } +} + +pub struct ReleaseCommandParser; +impl NativeCommandParser, NyxEmulatorDriver, ET, S, SM> + for ReleaseCommandParser +where + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + S::Input: HasTargetBytes, + SM: IsSnapshotManager, +{ + type OutputCommand = ReleaseCommand; + + const COMMAND_ID: c_uint = bindings::HYPERCALL_KAFL_RELEASE; + + fn parse( + _qemu: Qemu, + _arch_regs_map: &'static EnumMap, + ) -> Result { + Ok(ReleaseCommand) + } +} + +pub struct GetHostConfigCommandParser; +impl NativeCommandParser for GetHostConfigCommandParser +where + CM: CommandManager, + S: UsesInput, + S::Input: HasTargetBytes, +{ + type OutputCommand = GetHostConfigCommand; + + const COMMAND_ID: c_uint = bindings::HYPERCALL_KAFL_GET_HOST_CONFIG; + + fn parse( + qemu: Qemu, + arch_regs_map: &'static EnumMap, + ) -> Result { + let host_config_addr = qemu.read_reg(arch_regs_map[ExitArgs::Arg2])? as GuestVirtAddr; + + Ok(GetHostConfigCommand::new(QemuMemoryChunk::virt( + host_config_addr, + GuestVirtAddr::try_from(size_of::()).unwrap(), + qemu.current_cpu().unwrap(), + ))) + } +} + +pub struct SetAgentConfigCommandParser; +impl NativeCommandParser for SetAgentConfigCommandParser +where + CM: CommandManager, + S: UsesInput, + S::Input: HasTargetBytes, +{ + type OutputCommand = SetAgentConfigCommand; + + const COMMAND_ID: c_uint = bindings::HYPERCALL_KAFL_SET_AGENT_CONFIG; + + fn parse( + qemu: Qemu, + arch_regs_map: &'static EnumMap, + ) -> Result { + let agent_config_addr = qemu.read_reg(arch_regs_map[ExitArgs::Arg2])? as GuestVirtAddr; + + let mut agent_config_buf: [u8; size_of::()] = + [0; size_of::()]; + + qemu.read_mem(agent_config_addr, &mut agent_config_buf)?; + + let agent_config: bindings::agent_config_t = unsafe { transmute(agent_config_buf) }; + + Ok(SetAgentConfigCommand::new(agent_config)) + } +} + +pub struct PrintfCommandParser; +impl NativeCommandParser for PrintfCommandParser +where + CM: CommandManager, + S: UsesInput, + S::Input: HasTargetBytes, +{ + type OutputCommand = PrintfCommand; + + const COMMAND_ID: c_uint = bindings::HYPERCALL_KAFL_PRINTF; + + fn parse( + qemu: Qemu, + arch_regs_map: &'static EnumMap, + ) -> Result { + let str_addr = qemu.read_reg(arch_regs_map[ExitArgs::Arg2])? as GuestVirtAddr; + + let mut msg_chunk: [u8; bindings::HPRINTF_MAX_SIZE as usize] = + [0; bindings::HPRINTF_MAX_SIZE as usize]; + qemu.read_mem(str_addr, &mut msg_chunk)?; + + let cstr = CStr::from_bytes_until_nul(&msg_chunk).unwrap(); + + Ok(PrintfCommand::new(cstr.to_str().unwrap().to_string())) + } +} diff --git a/libafl_qemu/src/emu/drivers.rs b/libafl_qemu/src/emu/drivers/mod.rs similarity index 94% rename from libafl_qemu/src/emu/drivers.rs rename to libafl_qemu/src/emu/drivers/mod.rs index 2a9d0ff4be..d739fe15c2 100644 --- a/libafl_qemu/src/emu/drivers.rs +++ b/libafl_qemu/src/emu/drivers/mod.rs @@ -14,10 +14,15 @@ use typed_builder::TypedBuilder; use crate::{ command::{CommandError, CommandManager, InputCommand, IsCommand}, modules::EmulatorModuleTuple, - Emulator, EmulatorExitError, EmulatorExitResult, InputLocation, IsSnapshotManager, + Emulator, EmulatorExitError, EmulatorExitResult, InputLocation, IsSnapshotManager, QemuError, QemuShutdownCause, Regs, SnapshotId, SnapshotManagerCheckError, SnapshotManagerError, }; +#[cfg(any(cpu_target = "i386", cpu_target = "x86_64"))] +pub mod nyx; +#[cfg(any(cpu_target = "i386", cpu_target = "x86_64"))] +pub use nyx::{NyxEmulatorDriver, NyxEmulatorDriverBuilder}; + #[derive(Debug, Clone)] pub enum EmulatorDriverResult where @@ -33,6 +38,7 @@ where #[derive(Debug, Clone)] pub enum EmulatorDriverError { + QemuError(QemuError), QemuExitReasonError(EmulatorExitError), SMError(SnapshotManagerError), SMCheckError(SnapshotManagerCheckError), @@ -43,6 +49,12 @@ pub enum EmulatorDriverError { SnapshotNotFound, } +impl From for EmulatorDriverError { + fn from(error: QemuError) -> Self { + EmulatorDriverError::QemuError(error) + } +} + /// An Emulator Driver. // TODO remove 'static when specialization will be stable pub trait EmulatorDriver: 'static + Sized @@ -252,9 +264,9 @@ where return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Timeout))) } EmulatorExitResult::Breakpoint(bp) => (bp.trigger(qemu), None), - EmulatorExitResult::SyncExit(sync_backdoor) => { - let command = sync_backdoor.command().clone(); - (Some(command), Some(sync_backdoor.ret_reg())) + EmulatorExitResult::CustomInsn(custom_insn) => { + let command = custom_insn.command().clone(); + (Some(command), Some(custom_insn.ret_reg())) } }; diff --git a/libafl_qemu/src/emu/drivers/nyx.rs b/libafl_qemu/src/emu/drivers/nyx.rs new file mode 100644 index 0000000000..0eb9b0e75c --- /dev/null +++ b/libafl_qemu/src/emu/drivers/nyx.rs @@ -0,0 +1,223 @@ +use std::{cell::OnceCell, cmp::min, ptr, slice::from_raw_parts}; + +use libafl::{ + executors::ExitKind, + inputs::{HasTargetBytes, UsesInput}, + observers::ObserversTuple, +}; +use libafl_bolts::os::CTRL_C_EXIT; +use typed_builder::TypedBuilder; + +use crate::{ + command::{nyx::bindings, CommandManager, IsCommand}, + modules::EmulatorModuleTuple, + Emulator, EmulatorDriver, EmulatorDriverError, EmulatorDriverResult, EmulatorExitError, + EmulatorExitResult, InputLocation, IsSnapshotManager, Qemu, QemuError, QemuShutdownCause, Regs, + SnapshotId, +}; + +#[derive(Clone, Debug, TypedBuilder)] +#[allow(clippy::struct_excessive_bools)] // cfg dependent +pub struct NyxEmulatorDriver { + #[builder(default = OnceCell::new())] + snapshot_id: OnceCell, + #[builder(default = OnceCell::new())] + input_struct_location: OnceCell, + #[builder(default = OnceCell::new())] + input_location: OnceCell, + #[builder(default = true)] + hooks_locked: bool, + #[cfg(feature = "systemmode")] + #[builder(default = false)] + allow_page_on_start: bool, // when fuzzing starts, module filters will only allow the current page table. + #[cfg(feature = "x86_64")] + #[builder(default = false)] + process_only: bool, // adds x86_64 process address space in the address filters of every module. + #[builder(default = false)] + print_commands: bool, + #[builder(default = (1024 * 1024))] + max_input_size: usize, +} + +impl NyxEmulatorDriver { + pub fn max_input_size(&self) -> usize { + self.max_input_size + } + + pub fn write_input(&self, qemu: Qemu, input: &I) -> Result<(), QemuError> + where + I: HasTargetBytes, + { + let input_len = + i32::try_from(min(self.max_input_size, input.target_bytes().len())).unwrap(); + + let kafl_payload = bindings::kAFL_payload { + size: input_len, + ..Default::default() + }; + + let kafl_payload_buf = unsafe { + from_raw_parts( + ptr::from_ref(&kafl_payload) as *const u8, + size_of::(), + ) + }; + + let input_struct_mem_chunk = &self.input_struct_location.get().unwrap().mem_chunk; + + // TODO: manage endianness correctly. + input_struct_mem_chunk.write(qemu, kafl_payload_buf)?; + + // write struct first + self.input_location + .get() + .unwrap() + .mem_chunk + .write(qemu, input.target_bytes().as_ref())?; + + Ok(()) + } + + pub fn set_input_location(&self, input_location: InputLocation) -> Result<(), InputLocation> { + self.input_location.set(input_location) + } + + pub fn set_input_struct_location( + &self, + input_struct_location: InputLocation, + ) -> Result<(), InputLocation> { + self.input_struct_location.set(input_struct_location) + } + + pub fn set_snapshot_id(&self, snapshot_id: SnapshotId) -> Result<(), SnapshotId> { + self.snapshot_id.set(snapshot_id) + } + + pub fn snapshot_id(&self) -> Option { + Some(*self.snapshot_id.get()?) + } + + // return if was locked or not + pub fn unlock_hooks(&mut self) -> bool { + let was_locked = self.hooks_locked; + self.hooks_locked = false; + was_locked + } + + #[cfg(feature = "systemmode")] + pub fn allow_page_on_start(&self) -> bool { + self.allow_page_on_start + } + + #[cfg(feature = "x86_64")] + pub fn is_process_only(&self) -> bool { + self.process_only + } +} + +impl EmulatorDriver for NyxEmulatorDriver +where + CM: CommandManager, + ET: EmulatorModuleTuple, + S: UsesInput + Unpin, + S::Input: HasTargetBytes, + SM: IsSnapshotManager, +{ + fn first_harness_exec(emulator: &mut Emulator, state: &mut S) { + if !emulator.driver.hooks_locked { + emulator.modules.first_exec_all(emulator.qemu, state); + } + } + + fn pre_harness_exec( + emulator: &mut Emulator, + state: &mut S, + input: &S::Input, + ) { + if !emulator.driver.hooks_locked { + emulator.modules.pre_exec_all(emulator.qemu, state, input); + } + + if emulator.driver.input_location.get().is_some() { + let qemu = emulator.qemu(); + + emulator.driver.write_input(qemu, input).unwrap(); + } + } + + fn post_harness_exec( + emulator: &mut Emulator, + input: &S::Input, + observers: &mut OT, + state: &mut S, + exit_kind: &mut ExitKind, + ) where + OT: ObserversTuple, + { + if !emulator.driver.hooks_locked { + emulator + .modules + .post_exec_all(emulator.qemu, state, input, observers, exit_kind); + } + } + + fn pre_qemu_exec(_emulator: &mut Emulator, _input: &S::Input) {} + + fn post_qemu_exec( + emulator: &mut Emulator, + state: &mut S, + exit_reason: &mut Result, EmulatorExitError>, + input: &S::Input, + ) -> Result>, EmulatorDriverError> { + let qemu = emulator.qemu(); + + let mut exit_reason = match exit_reason { + Ok(exit_reason) => exit_reason, + Err(exit_error) => match exit_error { + EmulatorExitError::UnexpectedExit => { + if let Some(snapshot_id) = emulator.driver.snapshot_id.get() { + emulator.snapshot_manager.restore(qemu, snapshot_id)?; + } + return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Crash))); + } + _ => Err(exit_error.clone())?, + }, + }; + + let (command, ret_reg): (Option, Option) = match &mut exit_reason { + EmulatorExitResult::QemuExit(shutdown_cause) => match shutdown_cause { + QemuShutdownCause::HostSignal(signal) => { + signal.handle(); + return Err(EmulatorDriverError::UnhandledSignal(*signal)); + } + QemuShutdownCause::GuestPanic => { + return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Crash))) + } + QemuShutdownCause::GuestShutdown | QemuShutdownCause::HostQmpQuit => { + log::warn!("Guest shutdown. Stopping fuzzing..."); + std::process::exit(CTRL_C_EXIT); + } + _ => panic!("Unhandled QEMU shutdown cause: {shutdown_cause:?}."), + }, + EmulatorExitResult::Timeout => { + return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Timeout))) + } + EmulatorExitResult::Breakpoint(bp) => (bp.trigger(qemu), None), + EmulatorExitResult::CustomInsn(sync_backdoor) => { + let command = sync_backdoor.command().clone(); + (Some(command), Some(sync_backdoor.ret_reg())) + } + }; + + if let Some(cmd) = command { + if emulator.driver.print_commands { + println!("Received command: {cmd:?}"); + } + cmd.run(emulator, state, input, ret_reg) + } else { + Ok(Some(EmulatorDriverResult::ReturnToHarness( + exit_reason.clone(), + ))) + } + } +} diff --git a/libafl_qemu/src/emu/mod.rs b/libafl_qemu/src/emu/mod.rs index 42820e4ea7..9a75b862e9 100644 --- a/libafl_qemu/src/emu/mod.rs +++ b/libafl_qemu/src/emu/mod.rs @@ -20,7 +20,7 @@ use crate::{ breakpoint::{Breakpoint, BreakpointId}, command::{CommandError, CommandManager, NopCommandManager, StdCommandManager}, modules::EmulatorModuleTuple, - sync_exit::SyncExit, + sync_exit::CustomInsn, Qemu, QemuExitError, QemuExitReason, QemuHooks, QemuInitError, QemuMemoryChunk, QemuParams, QemuShutdownCause, Regs, CPU, }; @@ -62,8 +62,8 @@ where { QemuExit(QemuShutdownCause), // QEMU ended for some reason. Breakpoint(Breakpoint), // Breakpoint triggered. Contains the address of the trigger. - SyncExit(SyncExit), // Synchronous backdoor: The guest triggered a backdoor and should return to LibAFL. - Timeout, // Timeout + CustomInsn(CustomInsn), // Synchronous backdoor: The guest triggered a backdoor and should return to LibAFL. + Timeout, // Timeout } impl Clone for EmulatorExitResult @@ -77,8 +77,8 @@ where EmulatorExitResult::QemuExit(qemu_exit.clone()) } EmulatorExitResult::Breakpoint(bp) => EmulatorExitResult::Breakpoint(bp.clone()), - EmulatorExitResult::SyncExit(sync_exit) => { - EmulatorExitResult::SyncExit(sync_exit.clone()) + EmulatorExitResult::CustomInsn(sync_exit) => { + EmulatorExitResult::CustomInsn(sync_exit.clone()) } EmulatorExitResult::Timeout => EmulatorExitResult::Timeout, } @@ -98,7 +98,7 @@ where EmulatorExitResult::Breakpoint(bp) => { write!(f, "{bp:?}") } - EmulatorExitResult::SyncExit(sync_exit) => { + EmulatorExitResult::CustomInsn(sync_exit) => { write!(f, "{sync_exit:?}") } EmulatorExitResult::Timeout => { @@ -220,6 +220,16 @@ impl InputLocation { ret_register, } } + + #[must_use] + pub fn mem_chunk(&self) -> &QemuMemoryChunk { + &self.mem_chunk + } + + #[must_use] + pub fn ret_register(&self) -> &Option { + &self.ret_register + } } impl From for EmulatorDriverError { @@ -243,7 +253,7 @@ where match self { EmulatorExitResult::QemuExit(shutdown_cause) => write!(f, "End: {shutdown_cause:?}"), EmulatorExitResult::Breakpoint(bp) => write!(f, "{bp}"), - EmulatorExitResult::SyncExit(sync_exit) => { + EmulatorExitResult::CustomInsn(sync_exit) => { write!(f, "Sync exit: {sync_exit:?}") } EmulatorExitResult::Timeout => { @@ -445,7 +455,9 @@ where ED::pre_qemu_exec(self, input); // Run QEMU + log::debug!("Running QEMU..."); let mut exit_reason = self.run_qemu(); + log::debug!("QEMU stopped."); // Handle QEMU exit if let Some(exit_handler_result) = @@ -479,7 +491,7 @@ where .clone(); EmulatorExitResult::Breakpoint(bp.clone()) } - QemuExitReason::SyncExit => EmulatorExitResult::SyncExit(SyncExit::new( + QemuExitReason::SyncExit => EmulatorExitResult::CustomInsn(CustomInsn::new( self.command_manager.parse(self.qemu)?, )), }), diff --git a/libafl_qemu/src/emu/snapshot.rs b/libafl_qemu/src/emu/snapshot.rs index 8d9f1a2c55..77f754a5a8 100644 --- a/libafl_qemu/src/emu/snapshot.rs +++ b/libafl_qemu/src/emu/snapshot.rs @@ -62,6 +62,7 @@ impl Default for NopSnapshotManager { impl IsSnapshotManager for NopSnapshotManager { fn save(&mut self, _qemu: Qemu) -> SnapshotId { + log::warn!("Saving snapshot with the NopSnapshotManager"); SnapshotId { id: 0 } } @@ -70,6 +71,7 @@ impl IsSnapshotManager for NopSnapshotManager { _qemu: Qemu, _snapshot_id: &SnapshotId, ) -> Result<(), SnapshotManagerError> { + log::warn!("Restoring snapshot with the NopSnapshotManager"); Ok(()) } diff --git a/libafl_qemu/src/modules/calls.rs b/libafl_qemu/src/modules/calls.rs index 3817c93243..fe28cb556a 100644 --- a/libafl_qemu/src/modules/calls.rs +++ b/libafl_qemu/src/modules/calls.rs @@ -11,11 +11,12 @@ use libafl_qemu_sys::GuestAddr; use thread_local::ThreadLocal; #[cfg(feature = "systemmode")] -use crate::modules::{NopPageFilter, NOP_PAGE_FILTER}; +use crate::modules::utils::filters::{NopPageFilter, NOP_PAGE_FILTER}; use crate::{ capstone, modules::{ - AddressFilter, EmulatorModule, EmulatorModuleTuple, EmulatorModules, StdAddressFilter, + utils::filters::StdAddressFilter, AddressFilter, EmulatorModule, EmulatorModuleTuple, + EmulatorModules, }, qemu::{ArchExtras, Hook}, Qemu, diff --git a/libafl_qemu/src/modules/cmplog.rs b/libafl_qemu/src/modules/cmplog.rs index e30b705f24..194942023e 100644 --- a/libafl_qemu/src/modules/cmplog.rs +++ b/libafl_qemu/src/modules/cmplog.rs @@ -2,6 +2,7 @@ use capstone::{arch::BuildsCapstone, Capstone, InsnDetail}; use hashbrown::HashMap; use libafl::{inputs::UsesInput, HasMetadata}; +use libafl_bolts::hash_64_fast; use libafl_qemu_sys::GuestAddr; pub use libafl_targets::{ cmps::{ @@ -12,12 +13,14 @@ pub use libafl_targets::{ use serde::{Deserialize, Serialize}; #[cfg(feature = "systemmode")] -use crate::modules::{NopPageFilter, NOP_PAGE_FILTER}; +use crate::modules::utils::filters::{NopPageFilter, NOP_PAGE_FILTER}; #[cfg(feature = "usermode")] use crate::{capstone, qemu::ArchExtras, CallingConvention}; use crate::{ emu::EmulatorModules, - modules::{hash_me, AddressFilter, EmulatorModule, EmulatorModuleTuple, StdAddressFilter}, + modules::{ + utils::filters::StdAddressFilter, AddressFilter, EmulatorModule, EmulatorModuleTuple, + }, qemu::Hook, Qemu, }; @@ -229,7 +232,7 @@ where return None; } } - Some(hash_me(pc.into()) & (CMPLOG_MAP_W as u64 - 1)) + Some(hash_64_fast(pc.into()) & (CMPLOG_MAP_W as u64 - 1)) } pub extern "C" fn trace_cmp1_cmplog(_: *const (), id: u64, v0: u8, v1: u8) { @@ -358,7 +361,7 @@ impl CmpLogRoutinesModule { for detail in insn_detail.groups() { match u32::from(detail.0) { capstone::InsnGroupType::CS_GRP_CALL => { - let k = (hash_me(pc.into())) & (CMPLOG_MAP_W as u64 - 1); + let k = (hash_64_fast(pc.into())) & (CMPLOG_MAP_W as u64 - 1); qemu.hooks().add_instruction_hooks( k, insn.address() as GuestAddr, diff --git a/libafl_qemu/src/modules/drcov.rs b/libafl_qemu/src/modules/drcov.rs index d10f9498ec..e6629ddbd3 100644 --- a/libafl_qemu/src/modules/drcov.rs +++ b/libafl_qemu/src/modules/drcov.rs @@ -8,10 +8,12 @@ use rangemap::RangeMap; use serde::{Deserialize, Serialize}; #[cfg(feature = "systemmode")] -use crate::modules::{NopPageFilter, NOP_PAGE_FILTER}; +use crate::modules::utils::filters::{NopPageFilter, NOP_PAGE_FILTER}; use crate::{ emu::EmulatorModules, - modules::{AddressFilter, EmulatorModule, EmulatorModuleTuple, NopAddressFilter}, + modules::{ + utils::filters::NopAddressFilter, AddressFilter, EmulatorModule, EmulatorModuleTuple, + }, qemu::Hook, Qemu, }; diff --git a/libafl_qemu/src/modules/edges/child.rs b/libafl_qemu/src/modules/edges/child.rs index b823621940..6180d69d32 100644 --- a/libafl_qemu/src/modules/edges/child.rs +++ b/libafl_qemu/src/modules/edges/child.rs @@ -6,8 +6,9 @@ use super::{ }; use crate::{ modules::{ + utils::filters::{StdAddressFilter, StdPageFilter}, AddressFilter, EdgeCoverageModule, EdgeCoverageModuleBuilder, EmulatorModuleTuple, - PageFilter, StdAddressFilter, StdPageFilter, + PageFilter, }, EmulatorModules, Hook, }; diff --git a/libafl_qemu/src/modules/edges/classic.rs b/libafl_qemu/src/modules/edges/classic.rs index ed16c124ef..51f9de4c6d 100644 --- a/libafl_qemu/src/modules/edges/classic.rs +++ b/libafl_qemu/src/modules/edges/classic.rs @@ -8,8 +8,9 @@ use super::{ }; use crate::{ modules::{ + utils::filters::{StdAddressFilter, StdPageFilter}, AddressFilter, EdgeCoverageModule, EdgeCoverageModuleBuilder, EmulatorModuleTuple, - PageFilter, StdAddressFilter, StdPageFilter, + PageFilter, }, EmulatorModules, Hook, }; diff --git a/libafl_qemu/src/modules/edges/full.rs b/libafl_qemu/src/modules/edges/full.rs index 43de4a45d8..ccd6b061fc 100644 --- a/libafl_qemu/src/modules/edges/full.rs +++ b/libafl_qemu/src/modules/edges/full.rs @@ -6,8 +6,9 @@ use super::{ }; use crate::{ modules::{ + utils::filters::{StdAddressFilter, StdPageFilter}, AddressFilter, EdgeCoverageModule, EdgeCoverageModuleBuilder, EmulatorModuleTuple, - PageFilter, StdAddressFilter, StdPageFilter, + PageFilter, }, EmulatorModules, Hook, }; diff --git a/libafl_qemu/src/modules/edges/helpers.rs b/libafl_qemu/src/modules/edges/helpers.rs index 5dd0712617..82183ac0d4 100644 --- a/libafl_qemu/src/modules/edges/helpers.rs +++ b/libafl_qemu/src/modules/edges/helpers.rs @@ -52,6 +52,7 @@ mod generators { use hashbrown::hash_map::Entry; use libafl::{inputs::UsesInput, HasMetadata}; + use libafl_bolts::hash_64_fast; use libafl_qemu_sys::GuestAddr; use super::{ @@ -59,7 +60,7 @@ mod generators { LIBAFL_QEMU_EDGES_MAP_SIZE_PTR, }; use crate::{ - modules::{hash_me, AddressFilter, EdgeCoverageModule, EmulatorModuleTuple, PageFilter}, + modules::{AddressFilter, EdgeCoverageModule, EmulatorModuleTuple, PageFilter}, EmulatorModules, Qemu, }; @@ -192,7 +193,7 @@ mod generators { let mask = get_mask::() as u64; #[expect(clippy::unnecessary_cast)] - let id = (hash_me(src as u64) ^ hash_me(dest as u64)) & mask; + let id = (hash_64_fast(src as u64) ^ hash_64_fast(dest as u64)) & mask; if !IS_CONST_MAP { unsafe { @@ -245,7 +246,7 @@ mod generators { let mask = get_mask::() as u64; - let id = hash_me(pc as u64) & mask; + let id = hash_64_fast(pc as u64) & mask; if !IS_CONST_MAP { unsafe { diff --git a/libafl_qemu/src/modules/mod.rs b/libafl_qemu/src/modules/mod.rs index 83b32f39c2..a63f3276b4 100644 --- a/libafl_qemu/src/modules/mod.rs +++ b/libafl_qemu/src/modules/mod.rs @@ -1,10 +1,16 @@ use core::{fmt::Debug, ops::Range}; -use std::cell::UnsafeCell; -use hashbrown::HashSet; use libafl::{executors::ExitKind, inputs::UsesInput, observers::ObserversTuple}; use libafl_bolts::tuples::{MatchFirstType, SplitBorrowExtractFirstType}; -use libafl_qemu_sys::{GuestAddr, GuestPhysAddr}; +use libafl_qemu_sys::GuestAddr; +#[cfg(feature = "systemmode")] +use libafl_qemu_sys::GuestPhysAddr; + +use crate::{ + emu::EmulatorModules, + modules::utils::filters::{AddressFilter, PageFilter}, + Qemu, QemuParams, +}; #[cfg(feature = "usermode")] pub mod usermode; @@ -40,7 +46,7 @@ pub mod drcov; #[cfg(not(cpu_target = "hexagon"))] pub use drcov::{DrCovMetadata, DrCovModule, DrCovModuleBuilder}; -use crate::{emu::EmulatorModules, Qemu, QemuParams}; +pub mod utils; /// A module for `libafl_qemu`. // TODO remove 'static when specialization will be stable @@ -374,224 +380,3 @@ where self.1.allow_page_id_all(page_id); } } - -#[derive(Debug, Clone)] -pub enum FilterList { - AllowList(T), - DenyList(T), - None, -} - -impl AddressFilter for FilterList -where - T: AddressFilter, -{ - fn register(&mut self, address_range: Range) { - match self { - FilterList::AllowList(allow_list) => allow_list.register(address_range), - FilterList::DenyList(deny_list) => deny_list.register(address_range), - FilterList::None => {} - } - } - - fn allowed(&self, address: &GuestAddr) -> bool { - match self { - FilterList::AllowList(allow_list) => allow_list.allowed(address), - FilterList::DenyList(deny_list) => !deny_list.allowed(address), - FilterList::None => true, - } - } -} - -impl PageFilter for FilterList -where - T: PageFilter, -{ - fn register(&mut self, page_id: GuestPhysAddr) { - match self { - FilterList::AllowList(allow_list) => allow_list.register(page_id), - FilterList::DenyList(deny_list) => deny_list.register(page_id), - FilterList::None => {} - } - } - - fn allowed(&self, page: &GuestPhysAddr) -> bool { - match self { - FilterList::AllowList(allow_list) => allow_list.allowed(page), - FilterList::DenyList(deny_list) => !deny_list.allowed(page), - FilterList::None => true, - } - } -} - -#[derive(Clone, Debug, Default)] -pub struct AddressFilterVec { - // ideally, we should use a tree - registered_addresses: Vec>, -} -#[derive(Clone, Debug)] -pub struct StdAddressFilter(FilterList); - -impl Default for StdAddressFilter { - fn default() -> Self { - Self(FilterList::None) - } -} - -impl StdAddressFilter { - #[must_use] - pub fn allow_list(registered_addresses: Vec>) -> Self { - StdAddressFilter(FilterList::AllowList(AddressFilterVec::new( - registered_addresses, - ))) - } - - #[must_use] - pub fn deny_list(registered_addresses: Vec>) -> Self { - StdAddressFilter(FilterList::DenyList(AddressFilterVec::new( - registered_addresses, - ))) - } -} - -impl AddressFilterVec { - #[must_use] - pub fn new(registered_addresses: Vec>) -> Self { - Self { - registered_addresses, - } - } -} - -impl AddressFilter for AddressFilterVec { - fn register(&mut self, address_range: Range) { - self.registered_addresses.push(address_range); - Qemu::get().unwrap().flush_jit(); - } - - fn allowed(&self, addr: &GuestAddr) -> bool { - if self.registered_addresses.is_empty() { - return true; - } - - for addr_range in &self.registered_addresses { - if addr_range.contains(addr) { - return true; - } - } - - false - } -} - -impl AddressFilter for StdAddressFilter { - fn register(&mut self, address_range: Range) { - self.0.register(address_range); - } - - fn allowed(&self, address: &GuestAddr) -> bool { - self.0.allowed(address) - } -} - -#[derive(Clone, Debug)] -pub struct PageFilterVec { - registered_pages: HashSet, -} - -#[cfg(feature = "systemmode")] -#[derive(Clone, Debug)] -pub struct StdPageFilter(FilterList); - -#[cfg(feature = "usermode")] -pub type StdPageFilter = NopPageFilter; - -impl Default for PageFilterVec { - fn default() -> Self { - Self { - registered_pages: HashSet::new(), - } - } -} - -#[cfg(feature = "systemmode")] -impl Default for StdPageFilter { - fn default() -> Self { - Self(FilterList::None) - } -} - -impl PageFilter for PageFilterVec { - fn register(&mut self, page_id: GuestPhysAddr) { - self.registered_pages.insert(page_id); - Qemu::get().unwrap().flush_jit(); - } - - fn allowed(&self, paging_id: &GuestPhysAddr) -> bool { - // if self.allowed_pages.is_empty() { - // return true; - // } - - self.registered_pages.contains(paging_id) - } -} - -#[cfg(feature = "systemmode")] -impl PageFilter for StdPageFilter { - fn register(&mut self, page_id: GuestPhysAddr) { - self.0.register(page_id); - } - - fn allowed(&self, page_id: &GuestPhysAddr) -> bool { - self.0.allowed(page_id) - } -} - -// adapted from https://xorshift.di.unimi.it/splitmix64.c -#[must_use] -pub fn hash_me(mut x: u64) -> u64 { - x = (x ^ (x.overflowing_shr(30).0)) - .overflowing_mul(0xbf58476d1ce4e5b9) - .0; - x = (x ^ (x.overflowing_shr(27).0)) - .overflowing_mul(0x94d049bb133111eb) - .0; - x ^ (x.overflowing_shr(31).0) -} - -pub trait AddressFilter: 'static + Debug { - fn register(&mut self, address_range: Range); - - fn allowed(&self, address: &GuestAddr) -> bool; -} - -#[derive(Debug)] -pub struct NopAddressFilter; -impl AddressFilter for NopAddressFilter { - fn register(&mut self, _address: Range) {} - - fn allowed(&self, _address: &GuestAddr) -> bool { - true - } -} - -pub trait PageFilter: 'static + Debug { - fn register(&mut self, page_id: GuestPhysAddr); - - fn allowed(&self, page_id: &GuestPhysAddr) -> bool; -} - -#[derive(Clone, Debug, Default)] -pub struct NopPageFilter; -impl PageFilter for NopPageFilter { - fn register(&mut self, _page_id: GuestPhysAddr) {} - - fn allowed(&self, _page_id: &GuestPhysAddr) -> bool { - true - } -} - -#[cfg(feature = "usermode")] -static mut NOP_ADDRESS_FILTER: UnsafeCell = UnsafeCell::new(NopAddressFilter); -#[cfg(feature = "systemmode")] -static mut NOP_PAGE_FILTER: UnsafeCell = UnsafeCell::new(NopPageFilter); diff --git a/libafl_qemu/src/modules/usermode/asan.rs b/libafl_qemu/src/modules/usermode/asan.rs index 8c963938bb..a03d8971ab 100644 --- a/libafl_qemu/src/modules/usermode/asan.rs +++ b/libafl_qemu/src/modules/usermode/asan.rs @@ -153,7 +153,7 @@ use object::{Object, ObjectSection}; use crate::{ emu::EmulatorModules, - modules::{AddressFilter, StdAddressFilter}, + modules::{utils::filters::StdAddressFilter, AddressFilter}, qemu::{Hook, QemuHooks, SyscallHookResult}, }; diff --git a/libafl_qemu/src/modules/usermode/asan_guest.rs b/libafl_qemu/src/modules/usermode/asan_guest.rs index bf031a800b..9964aa75a0 100644 --- a/libafl_qemu/src/modules/usermode/asan_guest.rs +++ b/libafl_qemu/src/modules/usermode/asan_guest.rs @@ -14,7 +14,9 @@ use libafl_qemu_sys::{GuestAddr, MapInfo}; use crate::sys::libafl_tcg_gen_asan; use crate::{ emu::EmulatorModules, - modules::{AddressFilter, EmulatorModule, EmulatorModuleTuple, StdAddressFilter}, + modules::{ + utils::filters::StdAddressFilter, AddressFilter, EmulatorModule, EmulatorModuleTuple, + }, qemu::{Hook, MemAccessInfo, Qemu}, sys::TCGTemp, QemuParams, diff --git a/libafl_qemu/src/modules/usermode/injections.rs b/libafl_qemu/src/modules/usermode/injections.rs index 3dc87b49c1..6ccfc0d523 100644 --- a/libafl_qemu/src/modules/usermode/injections.rs +++ b/libafl_qemu/src/modules/usermode/injections.rs @@ -23,7 +23,10 @@ use crate::SYS_execve; use crate::{ elf::EasyElf, emu::EmulatorModules, - modules::{EmulatorModule, EmulatorModuleTuple, NopAddressFilter, NOP_ADDRESS_FILTER}, + modules::{ + utils::filters::{NopAddressFilter, NOP_ADDRESS_FILTER}, + EmulatorModule, EmulatorModuleTuple, + }, qemu::{ArchExtras, Hook, SyscallHookResult}, CallingConvention, Qemu, }; diff --git a/libafl_qemu/src/modules/usermode/snapshot.rs b/libafl_qemu/src/modules/usermode/snapshot.rs index 5e5bfaf458..0e9c7e447f 100644 --- a/libafl_qemu/src/modules/usermode/snapshot.rs +++ b/libafl_qemu/src/modules/usermode/snapshot.rs @@ -24,8 +24,9 @@ use crate::SYS_newfstatat; use crate::{ emu::EmulatorModules, modules::{ - asan::AsanModule, EmulatorModule, EmulatorModuleTuple, NopAddressFilter, Range, - NOP_ADDRESS_FILTER, + asan::AsanModule, + utils::filters::{NopAddressFilter, NOP_ADDRESS_FILTER}, + EmulatorModule, EmulatorModuleTuple, Range, }, qemu::{Hook, SyscallHookResult}, Qemu, SYS_brk, SYS_mprotect, SYS_mremap, SYS_munmap, SYS_pread64, SYS_read, SYS_readlinkat, diff --git a/libafl_qemu/src/modules/utils/filters.rs b/libafl_qemu/src/modules/utils/filters.rs new file mode 100644 index 0000000000..1601a57b00 --- /dev/null +++ b/libafl_qemu/src/modules/utils/filters.rs @@ -0,0 +1,221 @@ +//! Helpers to get filtering for modules +//! +//! It is not a module by itself, but instead used as helper to have filters +//! in other modules. + +use std::{cell::UnsafeCell, fmt::Debug, ops::Range}; + +use hashbrown::HashSet; +use libafl_qemu_sys::{GuestAddr, GuestPhysAddr}; + +use crate::Qemu; + +#[derive(Debug, Clone)] +pub enum FilterList { + AllowList(T), + DenyList(T), + None, +} + +impl AddressFilter for FilterList +where + T: AddressFilter, +{ + fn register(&mut self, address_range: Range) { + match self { + FilterList::AllowList(allow_list) => allow_list.register(address_range), + FilterList::DenyList(deny_list) => deny_list.register(address_range), + FilterList::None => {} + } + } + + fn allowed(&self, address: &GuestAddr) -> bool { + match self { + FilterList::AllowList(allow_list) => allow_list.allowed(address), + FilterList::DenyList(deny_list) => !deny_list.allowed(address), + FilterList::None => true, + } + } +} + +impl PageFilter for FilterList +where + T: PageFilter, +{ + fn register(&mut self, page_id: GuestPhysAddr) { + match self { + FilterList::AllowList(allow_list) => allow_list.register(page_id), + FilterList::DenyList(deny_list) => deny_list.register(page_id), + FilterList::None => {} + } + } + + fn allowed(&self, page: &GuestPhysAddr) -> bool { + match self { + FilterList::AllowList(allow_list) => allow_list.allowed(page), + FilterList::DenyList(deny_list) => !deny_list.allowed(page), + FilterList::None => true, + } + } +} + +#[derive(Clone, Debug, Default)] +pub struct AddressFilterVec { + // ideally, we should use a tree + registered_addresses: Vec>, +} +#[derive(Clone, Debug)] +pub struct StdAddressFilter(FilterList); + +impl Default for StdAddressFilter { + fn default() -> Self { + Self(FilterList::None) + } +} + +impl StdAddressFilter { + #[must_use] + pub fn allow_list(registered_addresses: Vec>) -> Self { + StdAddressFilter(FilterList::AllowList(AddressFilterVec::new( + registered_addresses, + ))) + } + + #[must_use] + pub fn deny_list(registered_addresses: Vec>) -> Self { + StdAddressFilter(FilterList::DenyList(AddressFilterVec::new( + registered_addresses, + ))) + } +} + +impl AddressFilterVec { + #[must_use] + pub fn new(registered_addresses: Vec>) -> Self { + Self { + registered_addresses, + } + } +} + +impl AddressFilter for AddressFilterVec { + fn register(&mut self, address_range: Range) { + self.registered_addresses.push(address_range); + Qemu::get().unwrap().flush_jit(); + } + + fn allowed(&self, addr: &GuestAddr) -> bool { + if self.registered_addresses.is_empty() { + return true; + } + + for addr_range in &self.registered_addresses { + if addr_range.contains(addr) { + return true; + } + } + + false + } +} + +impl AddressFilter for StdAddressFilter { + fn register(&mut self, address_range: Range) { + self.0.register(address_range); + } + + fn allowed(&self, address: &GuestAddr) -> bool { + self.0.allowed(address) + } +} + +#[derive(Clone, Debug)] +pub struct PageFilterVec { + registered_pages: HashSet, +} + +#[cfg(feature = "systemmode")] +#[derive(Clone, Debug)] +pub struct StdPageFilter(FilterList); + +#[cfg(feature = "usermode")] +pub type StdPageFilter = NopPageFilter; + +impl Default for PageFilterVec { + fn default() -> Self { + Self { + registered_pages: HashSet::new(), + } + } +} + +#[cfg(feature = "systemmode")] +impl Default for StdPageFilter { + fn default() -> Self { + Self(FilterList::None) + } +} + +impl PageFilter for PageFilterVec { + fn register(&mut self, page_id: GuestPhysAddr) { + self.registered_pages.insert(page_id); + Qemu::get().unwrap().flush_jit(); + } + + fn allowed(&self, paging_id: &GuestPhysAddr) -> bool { + // if self.allowed_pages.is_empty() { + // return true; + // } + + self.registered_pages.contains(paging_id) + } +} + +#[cfg(feature = "systemmode")] +impl PageFilter for StdPageFilter { + fn register(&mut self, page_id: GuestPhysAddr) { + self.0.register(page_id); + } + + fn allowed(&self, page_id: &GuestPhysAddr) -> bool { + self.0.allowed(page_id) + } +} + +pub trait AddressFilter: 'static + Debug { + fn register(&mut self, address_range: Range); + + fn allowed(&self, address: &GuestAddr) -> bool; +} + +#[derive(Debug)] +pub struct NopAddressFilter; +impl AddressFilter for NopAddressFilter { + fn register(&mut self, _address: Range) {} + + fn allowed(&self, _address: &GuestAddr) -> bool { + true + } +} + +pub trait PageFilter: 'static + Debug { + fn register(&mut self, page_id: GuestPhysAddr); + + fn allowed(&self, page_id: &GuestPhysAddr) -> bool; +} + +#[derive(Clone, Debug, Default)] +pub struct NopPageFilter; +impl PageFilter for NopPageFilter { + fn register(&mut self, _page_id: GuestPhysAddr) {} + + fn allowed(&self, _page_id: &GuestPhysAddr) -> bool { + true + } +} + +#[cfg(feature = "usermode")] +pub(crate) static mut NOP_ADDRESS_FILTER: UnsafeCell = + UnsafeCell::new(NopAddressFilter); +#[cfg(feature = "systemmode")] +pub(crate) static mut NOP_PAGE_FILTER: UnsafeCell = UnsafeCell::new(NopPageFilter); diff --git a/libafl_qemu/src/modules/utils/mod.rs b/libafl_qemu/src/modules/utils/mod.rs new file mode 100644 index 0000000000..2589ce38d4 --- /dev/null +++ b/libafl_qemu/src/modules/utils/mod.rs @@ -0,0 +1 @@ +pub mod filters; diff --git a/libafl_qemu/src/qemu/error.rs b/libafl_qemu/src/qemu/error.rs index 6c4ce50ad8..304e50e7d6 100644 --- a/libafl_qemu/src/qemu/error.rs +++ b/libafl_qemu/src/qemu/error.rs @@ -5,14 +5,14 @@ use libafl_qemu_sys::{CPUStatePtr, GuestAddr}; use crate::CallingConvention; -#[derive(Debug)] +#[derive(Clone, Debug)] pub enum QemuError { Init(QemuInitError), Exit(QemuExitError), RW(QemuRWError), } -#[derive(Debug)] +#[derive(Clone, Debug)] pub enum QemuInitError { MultipleInstances, NoParametersProvided, @@ -21,19 +21,19 @@ pub enum QemuInitError { TooManyArgs(usize), } -#[derive(Debug, Clone)] +#[derive(Clone, Debug)] pub enum QemuExitError { UnknownKind, // Exit reason was not NULL, but exit kind is unknown. Should never happen. UnexpectedExit, // Qemu exited without going through an expected exit point. Can be caused by a crash for example. } -#[derive(Debug, Clone)] +#[derive(Clone, Debug)] pub enum QemuRWErrorKind { Read, Write, } -#[derive(Debug, Clone)] +#[derive(Clone, Debug)] pub enum QemuRWErrorCause { WrongCallingConvention(CallingConvention, CallingConvention), // expected, given WrongArgument(i32), @@ -42,7 +42,7 @@ pub enum QemuRWErrorCause { WrongMemoryLocation(GuestAddr, usize), // addr, size } -#[derive(Debug, Clone)] +#[derive(Clone, Debug)] #[expect(dead_code)] pub struct QemuRWError { kind: QemuRWErrorKind, @@ -142,6 +142,12 @@ impl QemuRWError { } } +impl From for QemuError { + fn from(qemu_rw_error: QemuRWError) -> Self { + QemuError::RW(qemu_rw_error) + } +} + impl From for libafl::Error { fn from(qemu_error: QemuError) -> Self { libafl::Error::runtime(qemu_error) diff --git a/libafl_qemu/src/qemu/mod.rs b/libafl_qemu/src/qemu/mod.rs index 482830dd01..1204e77bd1 100644 --- a/libafl_qemu/src/qemu/mod.rs +++ b/libafl_qemu/src/qemu/mod.rs @@ -675,7 +675,7 @@ impl Qemu { let bp_addr = exit_reason.data.breakpoint.addr; QemuExitReason::Breakpoint(bp_addr) }, - libafl_qemu_sys::libafl_exit_reason_kind_SYNC_EXIT => QemuExitReason::SyncExit, + libafl_qemu_sys::libafl_exit_reason_kind_CUSTOM_INSN => QemuExitReason::SyncExit, #[cfg(feature = "systemmode")] libafl_qemu_sys::libafl_exit_reason_kind_TIMEOUT => QemuExitReason::Timeout, diff --git a/libafl_qemu/src/qemu/usermode.rs b/libafl_qemu/src/qemu/usermode.rs index f9549ede64..7353eb4a53 100644 --- a/libafl_qemu/src/qemu/usermode.rs +++ b/libafl_qemu/src/qemu/usermode.rs @@ -286,9 +286,7 @@ pub mod pybind { a6: u64, a7: u64, ) -> SyscallHookResult { - // If we don't deref_addrof we run into the "static-mut-references" lint which is worse. - #[expect(clippy::deref_addrof)] - unsafe { (*(&raw const PY_SYSCALL_HOOK)).as_ref() }.map_or_else( + unsafe { (&raw const PY_SYSCALL_HOOK).read() }.map_or_else( || SyscallHookResult::new(None), |obj| { let args = (sys_num, a0, a1, a2, a3, a4, a5, a6, a7); diff --git a/libafl_qemu/src/sync_exit.rs b/libafl_qemu/src/sync_exit.rs index 558e28bb60..3693092d8b 100644 --- a/libafl_qemu/src/sync_exit.rs +++ b/libafl_qemu/src/sync_exit.rs @@ -17,7 +17,7 @@ pub enum ExitArgs { Arg6, } -pub struct SyncExit +pub struct CustomInsn where CM: CommandManager, S: UsesInput, @@ -25,7 +25,7 @@ where command: CM::Commands, } -impl Clone for SyncExit +impl Clone for CustomInsn where CM: CommandManager, S: UsesInput, @@ -37,7 +37,7 @@ where } } -impl Debug for SyncExit +impl Debug for CustomInsn where CM: CommandManager, S: UsesInput, @@ -47,7 +47,7 @@ where } } -impl SyncExit +impl CustomInsn where CM: CommandManager, S: UsesInput, diff --git a/utils/libafl_fmt/src/main.rs b/utils/libafl_fmt/src/main.rs index b716c5a78a..7429c6efb3 100644 --- a/utils/libafl_fmt/src/main.rs +++ b/utils/libafl_fmt/src/main.rs @@ -223,6 +223,7 @@ async fn main() -> io::Result<()> { r".*Little-CMS.*", r".*cms_transform_fuzzer.cc.*", r".*sqlite3.*", + r".*libfuzzer_libmozjpeg.*", ]) .expect("Could not create the regex set from the given regex");