LibAFL libafl-fuzz: introduce nyx

Let's see if the CI works. We need an intel CPU for nyx_mode

Aug 29 '24 10:08 R9295

can you cargo fmt? (inside your others/libafl-fuzz

Aug 29 '24 14:08 tokatoka

Looks like nyx mode won't run on github CI according @vanhauser-thc 's script. Can someone with an intel CPU please test?

Aug 29 '24 14:08 R9295

I have a machine on which i usually run kAFL. I can run the tests there if you want. Do i need a specific version of the kernel to have the tests running?

Aug 29 '24 14:08 rmalmain

Any news here?

Sep 08 '24 18:09 domenukk

@rmalmain Could you please test this on a machine with kvm? you just need to run cargo make test_nyx_mode

Sep 12 '24 09:09 R9295

@rmalmain Could you please test this on a machine with kvm? you just need to run cargo make test_nyx_mode

No problem, I'll run it now @R9295

Sep 12 '24 09:09 rmalmain

@R9295 i received a link error during building:

/usr/bin/ld: /tmp/lto-llvm-05edc4.o: in function `main':
ld-temp.o:(.text.main+0x300): undefined reference to `net_fuzz_bitmap'
/usr/bin/ld: ld-temp.o:(.text.main+0x30e): undefined reference to `pt_decoder_init'
/usr/bin/ld: ld-temp.o:(.text.main+0x32c): undefined reference to `init_disassembler'
/usr/bin/ld: ld-temp.o:(.text.main+0x342): undefined reference to `fuzz_bitmap_reset'
/usr/bin/ld: ld-temp.o:(.text.main+0x34b): undefined reference to `destroy_disassembler'
/usr/bin/ld: ld-temp.o:(.text.main+0x353): undefined reference to `pt_decoder_destroy'
/usr/bin/ld: ld-temp.o:(.text.main+0x3aa): undefined reference to `decode_buffer'
/usr/bin/ld: ld-temp.o:(.text.main+0x3eb): undefined reference to `pt_decoder_get_page_fault_addr'
/usr/bin/ld: ld-temp.o:(.text.main+0x44d): undefined reference to `destroy_disassembler'
/usr/bin/ld: ld-temp.o:(.text.main+0x456): undefined reference to `pt_decoder_destroy'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [Makefile:34: ptdump_static] Error 1

cp: cannot stat 'libnyx/libnyx/target/release/liblibnyx.so': No such file or directory

Sep 12 '24 10:09 rmalmain

@rmalmain is this a Rust (libafl-fuzz / libafl_nyx) issue or a AFL++ one?

Sep 12 '24 11:09 R9295

Could you please try again?

Sep 12 '24 11:09 R9295

the error does not trigger when CC is not clang (i have a very recent version, should be the problem) I'll try again with your change

Sep 12 '24 11:09 rmalmain

didn't change much on my side

Sep 12 '24 11:09 rmalmain

@rmalmain thanks. I'll need to have a look myself cause this is compiling just fine on my Intel THinkpad with clang-18 (just no kvm stuff so it won't actually run). I'll DIY it

Sep 12 '24 11:09 R9295

I tried with multiple versions of clang:

clang 19: cf the error message above
clang 17, clang 18, gcc: various errors (expected i guess) pip error:

b'[...]/LibAFL/libafl_nyx/packer/linux_initramfs\n'
[ERROR]   Package 'msgpack' is missing (Hint: `pip install msgpack`)!
[ERROR]   Tool 'lddtree' is missing (Hint: run `sudo apt install pax-utils`)!

kvm backdoor error:

[QEMU-Nyx] ERROR: vmware backdoor is not enabled...

	Run the following commands to fix the issue:
	-----------------------------------------
	sudo modprobe -r kvm-intel
	sudo modprobe -r kvm
	sudo modprobe  kvm enable_vmware_backdoor=y
	sudo modprobe  kvm-intel
	cat /sys/module/kvm/parameters/enable_vmware_backdoor
	-----------------------------------------

for the last few errors i guess it's the user's responsibility to handle that?

otherwise it ended up working correctly

Sep 12 '24 12:09 rmalmain

Ah I see. Thanks @rmalmain

Sep 12 '24 15:09 R9295

Let's merge this for 0.14 @R9295

Nov 07 '24 10:11 domenukk

fmt is missing, I'll fix it in main

Nov 13 '24 01:11 domenukk

libafl-fuzz: introduce nyx_mode