Fixes for ASAn (#3308)

* Fix broken Justfile

* Rename AsanModule to AsanHostModule

* Add asan to publish script

Author: WorksButNotTested

fuzzers/binary_only/qemu_launcher/src/client.rs

@@ -11,7 +11,7 @@ use libafl::{
 };
 use libafl_bolts::{rands::StdRand, tuples::tuple_list};
 use libafl_qemu::modules::{
-    asan::AsanModule, asan_guest::AsanGuestModule, cmplog::CmpLogModule,
+    asan_guest::AsanGuestModule, asan_host::AsanHostModule, cmplog::CmpLogModule,
     utils::filters::StdAddressFilter, DrCovModule, InjectionModule,
 };
 
@@ -138,7 +138,7 @@ impl Client<'_> {
                             .full_trace(true)
                             .build(),
                         unsafe {
-                            AsanModule::builder()
+                            AsanHostModule::builder()
                                 .env(&env)
                                 .filter(asan_filter)
                                 .asan_report()
@@ -167,7 +167,7 @@ impl Client<'_> {
                 }
             } else if is_asan_host {
                 let modules = tuple_list!(unsafe {
-                    AsanModule::builder()
+                    AsanHostModule::builder()
                         .env(&env)
                         .filter(asan_filter)
                         .asan_report()
@@ -190,7 +190,10 @@ impl Client<'_> {
                     args,
                     tuple_list!(
                         CmpLogModule::default(),
-                        AsanModule::builder().env(&env).filter(asan_filter).build(),
+                        AsanHostModule::builder()
+                            .env(&env)
+                            .filter(asan_filter)
+                            .build(),
                         injection_module,
                     ),
                     state,
@@ -200,7 +203,10 @@ impl Client<'_> {
                     args,
                     tuple_list!(
                         CmpLogModule::default(),
-                        AsanModule::builder().env(&env).filter(asan_filter).build()
+                        AsanHostModule::builder()
+                            .env(&env)
+                            .filter(asan_filter)
+                            .build()
                     ),
                     state,
                 )
@@ -231,15 +237,21 @@ impl Client<'_> {
                 instance_builder.build().run(
                     args,
                     tuple_list!(
-                        AsanModule::builder().env(&env).filter(asan_filter).build(),
+                        AsanHostModule::builder()
+                            .env(&env)
+                            .filter(asan_filter)
+                            .build(),
                         injection_module
                     ),
                     state,
                 )
             } else {
                 instance_builder.build().run(
                     args,
-                    tuple_list!(AsanModule::builder().env(&env).filter(asan_filter).build()),
+                    tuple_list!(AsanHostModule::builder()
+                        .env(&env)
+                        .filter(asan_filter)
+                        .build()),
                     state,
                 )
             }

libafl_qemu/libafl_qemu_runner/Justfile

@@ -7,7 +7,7 @@ build:
   . {{ DOTENV }}
   cargo \
     build \
-    --package runner \
+    --package libafl_qemu_runner \
     --target x86_64-unknown-linux-gnu \
     --profile {{ PROFILE }} \
     --target-dir {{ TARGET_DIR }} \
@@ -19,7 +19,7 @@ fix:
   . {{ DOTENV }}
   cargo \
     fix \
-    --package runner \
+    --package libafl_qemu_runner \
     --target x86_64-unknown-linux-gnu \
     --profile {{ PROFILE }} \
     --target-dir {{ TARGET_DIR }} \

libafl_qemu/libafl_qemu_runner/src/fuzz.rs

@@ -6,7 +6,9 @@ use libafl_qemu::{
     Emulator, GuestAddr, NopEmulatorDriver, NopSnapshotManager, QemuExitError, QemuInitError,
     command::NopCommandManager,
     elf::EasyElf,
-    modules::{AsanGuestModule, AsanModule, EmulatorModuleTuple, utils::filters::StdAddressFilter},
+    modules::{
+        AsanGuestModule, AsanHostModule, EmulatorModuleTuple, utils::filters::StdAddressFilter,
+    },
 };
 use log::{error, info};
 use thiserror::Error;
@@ -123,7 +125,12 @@ pub fn fuzz() {
 
     let ret = if options.asan_host {
         info!("Enabling ASAN");
-        let modules = tuple_list!(AsanModule::builder().env(&env).filter(asan_filter).build());
+        let modules = tuple_list!(
+            AsanHostModule::builder()
+                .env(&env)
+                .filter(asan_filter)
+                .build()
+        );
         info!("Modules: {:#?}", modules);
         run(options, modules)
     } else if options.asan_guest {

libafl_qemu/src/modules/usermode/asan.rs renamed to libafl_qemu/src/modules/usermode/asan_host.rs

@@ -54,7 +54,7 @@ pub const SHADOW_PAGE_MASK: GuestAddr = !(SHADOW_PAGE_SIZE as GuestAddr - 1);
 pub const DEFAULT_REDZONE_SIZE: usize = 128;
 
 #[derive(Debug)]
-pub struct AsanModule {
+pub struct AsanHostModule {
     env: Vec<(String, String)>,
     enabled: bool,
     detect_leaks: bool,
@@ -76,7 +76,7 @@ pub struct AsanGiovese {
     pub error_found: bool,
 }
 
-pub struct AsanModuleBuilder {
+pub struct AsanHostModuleBuilder {
     env: Vec<(String, String)>,
     detect_leaks: bool,
     snapshot: bool,
@@ -240,7 +240,7 @@ impl Debug for AsanGiovese {
     }
 }
 
-impl AsanModuleBuilder {
+impl AsanHostModuleBuilder {
     #[must_use]
     pub fn new(
         env: Vec<(String, String)>,
@@ -351,8 +351,8 @@ impl AsanModuleBuilder {
     }
 
     #[must_use]
-    pub fn build(self) -> AsanModule {
-        AsanModule::new(
+    pub fn build(self) -> AsanHostModule {
+        AsanHostModule::new(
             self.env.as_ref(),
             self.detect_leaks,
             self.snapshot,
@@ -363,7 +363,7 @@ impl AsanModuleBuilder {
     }
 }
 
-impl Default for AsanModuleBuilder {
+impl Default for AsanHostModuleBuilder {
     fn default() -> Self {
         let env = env::vars()
             .filter(|(k, _v)| k != "LD_LIBRARY_PATH")
@@ -379,10 +379,10 @@ impl Default for AsanModuleBuilder {
     }
 }
 
-impl AsanModule {
+impl AsanHostModule {
     #[must_use]
-    pub fn builder() -> AsanModuleBuilder {
-        AsanModuleBuilder::default()
+    pub fn builder() -> AsanHostModuleBuilder {
+        AsanHostModuleBuilder::default()
     }
 
     #[must_use]
@@ -967,7 +967,7 @@ impl AsanGiovese {
     }
 }
 
-impl<I, S> EmulatorModule<I, S> for AsanModule
+impl<I, S> EmulatorModule<I, S> for AsanHostModule
 where
     I: Unpin,
     S: Unpin,
@@ -1155,7 +1155,7 @@ where
     }
 }
 
-impl HasAddressFilter for AsanModule {
+impl HasAddressFilter for AsanHostModule {
     type AddressFilter = StdAddressFilter;
     fn address_filter(&self) -> &Self::AddressFilter {
         &self.filter
@@ -1175,7 +1175,7 @@ pub fn oncrash_asan<ET, I, S>(
     I: Unpin,
     S: Unpin,
 {
-    let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+    let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
     let pc: GuestAddr = qemu.read_reg(Regs::Pc).unwrap();
     h.rt.report(qemu, pc, AsanError::Signal(target_sig));
 }
@@ -1193,7 +1193,7 @@ where
     I: Unpin,
     S: Unpin,
 {
-    let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+    let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
     if !h.must_instrument(pc) {
         return None;
     }
@@ -1223,7 +1223,7 @@ pub fn trace_read_asan<ET, I, S, const N: usize>(
     I: Unpin,
     S: Unpin,
 {
-    let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+    let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
     h.read::<N>(qemu, id as GuestAddr, addr);
 }
 
@@ -1240,7 +1240,7 @@ pub fn trace_read_n_asan<ET, I, S>(
     I: Unpin,
     S: Unpin,
 {
-    let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+    let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
     h.read_n(qemu, id as GuestAddr, addr, size);
 }
 
@@ -1256,7 +1256,7 @@ pub fn trace_write_asan<ET, I, S, const N: usize>(
     I: Unpin,
     S: Unpin,
 {
-    let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+    let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
     h.write::<N>(qemu, id as GuestAddr, addr);
 }
 
@@ -1273,7 +1273,7 @@ pub fn trace_write_n_asan<ET, I, S>(
     I: Unpin,
     S: Unpin,
 {
-    let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+    let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
     h.read_n(qemu, id as GuestAddr, addr, size);
 }
 
@@ -1290,7 +1290,7 @@ where
     I: Unpin,
     S: Unpin,
 {
-    let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+    let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
     if !h.must_instrument(pc) {
         return Some(0);
     }
@@ -1321,7 +1321,7 @@ pub fn trace_write_asan_snapshot<ET, I, S, const N: usize>(
     S: Unpin,
 {
     if id != 0 {
-        let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+        let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
         h.write::<N>(qemu, id as GuestAddr, addr);
     }
     let h = emulator_modules.get_mut::<SnapshotModule>().unwrap();
@@ -1342,7 +1342,7 @@ pub fn trace_write_n_asan_snapshot<ET, I, S>(
     S: Unpin,
 {
     if id != 0 {
-        let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+        let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
         h.read_n(qemu, id as GuestAddr, addr, size);
     }
     let h = emulator_modules.get_mut::<SnapshotModule>().unwrap();
@@ -1370,7 +1370,7 @@ where
     S: Unpin,
 {
     if sys_num == QASAN_FAKESYS_NR {
-        let h = emulator_modules.get_mut::<AsanModule>().unwrap();
+        let h = emulator_modules.get_mut::<AsanHostModule>().unwrap();
         match QasanAction::try_from(a0).expect("Invalid QASan action number") {
             QasanAction::CheckLoad => {
                 let pc: GuestAddr = qemu.read_reg(Regs::Pc).unwrap();

libafl_qemu/src/modules/usermode/mod.rs

@@ -9,9 +9,9 @@ pub mod snapshot;
 pub use snapshot::{IntervalSnapshotFilter, SnapshotModule};
 
 #[cfg(not(cpu_target = "hexagon"))]
-pub mod asan;
+pub mod asan_host;
 #[cfg(not(cpu_target = "hexagon"))]
-pub use asan::AsanModule;
+pub use asan_host::AsanHostModule;
 
 #[cfg(not(cpu_target = "hexagon"))]
 pub mod asan_guest;

libafl_qemu/src/modules/usermode/snapshot.rs

@@ -25,7 +25,7 @@ use crate::{
     emu::EmulatorModules,
     modules::{
         EmulatorModule, EmulatorModuleTuple,
-        asan::AsanModule,
+        asan_host::AsanHostModule,
         utils::filters::{HasAddressFilter, NOP_ADDRESS_FILTER, NopAddressFilter},
     },
     qemu::{Hook, SyscallHookResult},
@@ -785,7 +785,7 @@ where
     where
         ET: EmulatorModuleTuple<I, S>,
     {
-        if emulator_modules.get::<AsanModule>().is_none() {
+        if emulator_modules.get::<AsanHostModule>().is_none() {
             // The ASan module, if present, will call the tracer hook for the snapshot helper as opt
             emulator_modules.writes(
                 Hook::Empty,

scripts/publish.sh

@@ -86,3 +86,39 @@ cd ../.. || exit 1
 cd libafl_libfuzzer
 cargo publish "$@"
 cd .. || exit 1
+
+sleep 20
+
+cd libafl_asan
+cargo publish "$@"
+cd .. || exit 1
+
+sleep 20
+
+cd libafl_asan/libafl_asan_libc
+cargo publish "$@"
+cd ../.. || exit 1
+
+sleep 20
+
+cd libafl_qemu/libafl_qemu_asan/libafl_qemu_asan_guest
+cargo publish "$@"
+cd ../../.. || exit 1
+
+sleep 20
+
+cd libafl_qemu/libafl_qemu_asan/libafl_qemu_asan_host
+cargo publish "$@"
+cd ../../.. || exit 1
+
+sleep 20
+
+cd libafl_qemu/libafl_qemu_asan/libafl_qemu_asan_nolibc
+cargo publish "$@"
+cd ../../.. || exit 1
+
+sleep 20
+
+cd libafl_qemu/libafl_qemu_runner
+cargo publish "$@"
+cd ../.. || exit 1