From 723f4a1cb0f49956ffad18c453d9615dafd0415b Mon Sep 17 00:00:00 2001
From: Romain Malmain <romain.malmain@pm.me>
Date: Mon, 5 Aug 2024 23:48:35 +0200
Subject: [PATCH] Fix various QEMU bugs (#2475)

* Update LibAFL QEMU to the latest version (V9.0.2 update, important bug fixes, ... - check the dedicated repo for more info)
* fix bug in hook execution, causing first execution hooks to be run multiple times.
---
 .dockerignore                              | 3 ++-
 fuzzers/qemu/qemu_launcher/Cargo.toml      | 8 ++++----
 libafl_qemu/Cargo.toml                     | 2 +-
 libafl_qemu/libafl_qemu_build/src/build.rs | 2 +-
 libafl_qemu/src/emu/mod.rs                 | 7 ++++++-
 libafl_qemu/src/modules/edges.rs           | 4 ++--
 6 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index a00386f1f7..4d7b3cf3cd 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,4 +1,5 @@
-target
+**/target
+**/.git
 Cargo.lock
 
 *.o
diff --git a/fuzzers/qemu/qemu_launcher/Cargo.toml b/fuzzers/qemu/qemu_launcher/Cargo.toml
index f5f34bbbdf..5809f5676a 100644
--- a/fuzzers/qemu/qemu_launcher/Cargo.toml
+++ b/fuzzers/qemu/qemu_launcher/Cargo.toml
@@ -48,13 +48,13 @@ vergen = { version = "8.2", features = [
 
 [dependencies]
 clap = { version = "4.3", features = ["derive", "string"] }
-libafl = { path = "../../../libafl/" }
-libafl_bolts = { path = "../../../libafl_bolts/", features = [
+libafl = { path = "../../../libafl" }
+libafl_bolts = { path = "../../../libafl_bolts", features = [
   "errors_backtrace",
 ] }
-libafl_qemu = { path = "../../../libafl_qemu/", features = ["usermode"] }
+libafl_qemu = { path = "../../../libafl_qemu", features = ["usermode"] }
 log = { version = "0.4.20" }
 nix = { version = "0.29", features = ["fs"] }
 rangemap = { version = "1.3" }
 readonly = { version = "0.2.10" }
-typed-builder = { version = "0.18" }
+typed-builder = { version = "0.19" }
diff --git a/libafl_qemu/Cargo.toml b/libafl_qemu/Cargo.toml
index f634a47410..5081a25a63 100644
--- a/libafl_qemu/Cargo.toml
+++ b/libafl_qemu/Cargo.toml
@@ -125,7 +125,7 @@ serde_yaml = { version = "0.9", optional = true } # For parsing the injections y
 toml = { version = "0.8.13", optional = true } # For parsing the injections toml file
 pyo3 = { version = "0.22", optional = true, features = ["multiple-pymethods"] }
 bytes-utils = "0.1"
-typed-builder = "0.18"
+typed-builder = "0.19"
 memmap2 = "0.9"
 # Document all features of this crate (for `cargo doc`)
 document-features = { version = "0.2", optional = true }
diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs
index ff4793b572..55a28e28bf 100644
--- a/libafl_qemu/libafl_qemu_build/src/build.rs
+++ b/libafl_qemu/libafl_qemu_build/src/build.rs
@@ -11,7 +11,7 @@ use crate::cargo_add_rpath;
 
 pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
 pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
-pub const QEMU_REVISION: &str = "4cafaa9a087dae6674b0fdc11ba34d3e6a8364d2";
+pub const QEMU_REVISION: &str = "24abc2a717226bedc047167f639aef0edc9ce92d";
 
 #[allow(clippy::module_name_repetitions)]
 pub struct BuildResult {
diff --git a/libafl_qemu/src/emu/mod.rs b/libafl_qemu/src/emu/mod.rs
index 8dfb316907..a0ec4efda5 100644
--- a/libafl_qemu/src/emu/mod.rs
+++ b/libafl_qemu/src/emu/mod.rs
@@ -477,6 +477,7 @@ where
     breakpoints_by_id: RefCell<HashMap<BreakpointId, BreakpointMutRef<CM, EH, ET, S>>>,
     #[builder(setter(transform = |args: &[String], env: &[(String, String)]| Qemu::init(args, env).unwrap()))]
     qemu: Qemu,
+    first_exec: bool,
     _phantom: PhantomData<(ET, S)>,
 }
 
@@ -513,6 +514,7 @@ where
             exit_handler: RefCell::new(exit_handler),
             breakpoints_by_addr: RefCell::new(HashMap::new()),
             breakpoints_by_id: RefCell::new(HashMap::new()),
+            first_exec: true,
             _phantom: PhantomData,
             qemu,
         })
@@ -678,7 +680,10 @@ where
     }
 
     pub fn first_exec_all(&mut self) {
-        self.modules.first_exec_all();
+        if self.first_exec {
+            self.modules.first_exec_all();
+            self.first_exec = false;
+        }
     }
 
     pub fn pre_exec_all(&mut self, input: &S::Input) {
diff --git a/libafl_qemu/src/modules/edges.rs b/libafl_qemu/src/modules/edges.rs
index a8522788cf..767ea5b20c 100644
--- a/libafl_qemu/src/modules/edges.rs
+++ b/libafl_qemu/src/modules/edges.rs
@@ -162,7 +162,7 @@ where
         ET: EmulatorModuleTuple<S>,
     {
         if self.use_hitcounts {
-            // hooks.edges(
+            // emulator_modules.edges(
             //     Hook::Function(gen_unique_edge_ids::<ET, S>),
             //     Hook::Raw(trace_edge_hitcount),
             // );
@@ -175,7 +175,7 @@ where
                 );
             }
         } else {
-            // hooks.edges(
+            // emulator_modules.edges(
             //     Hook::Function(gen_unique_edge_ids::<ET, S>),
             //     Hook::Raw(trace_edge_single),
             // );