LibAFL_QEMU/librasan: Add support for reading environment (#3241)

* Add support for reading environment

* Fix clippy

* Review fixes

Author: WorksButNotTested

libafl_qemu/librasan/Justfile

@@ -26,7 +26,7 @@ fix: fix_asan fix_dummy fix_fuzz fix_gasan fix_qasan fix_runner fix_zasan
 
 clippy:
   #!/bin/sh
-  cargo clippy
+  cargo clippy -F test
 
 doc:
   #!/bin/sh
@@ -52,6 +52,8 @@ build_i386_dev:
 
 build_ppc_dev:
   #!/bin/sh
+  RUSTC_BOOTSTRAP=1 \
+  RUSTFLAGS="--cfg rustix_use_experimental_asm" \
   ARCH=ppc PROFILE=dev just build
 
 build_arm_release:
@@ -72,6 +74,8 @@ build_i386_release:
 
 build_ppc_release:
   #!/bin/sh
+  RUSTC_BOOTSTRAP=1 \
+  RUSTFLAGS="--cfg rustix_use_experimental_asm" \
   ARCH=ppc PROFILE=release just build
 
 build_everything_dev: \
@@ -92,6 +96,8 @@ build_everything: build_everything_dev build_everything_release
 
 test_arm:
   #!/bin/sh
+  RUSTC_BOOTSTRAP=1 \
+  RUSTFLAGS="--cfg rustix_use_experimental_asm" \
   ARCH=arm \
   PROFILE=dev \
   RUSTLOG=debug \
@@ -124,6 +130,8 @@ test_i386:
 
 test_ppc:
   #!/bin/sh
+  RUSTC_BOOTSTRAP=1 \
+  RUSTFLAGS="--cfg rustix_use_experimental_asm" \
   ARCH=ppc \
   PROFILE=dev \
   RUSTLOG=debug \

libafl_qemu/librasan/asan/src/env/mod.rs

@@ -0,0 +1,119 @@
+use alloc::{
+    fmt::Debug,
+    string::{String, ToString},
+    vec,
+};
+use core::{hash::BuildHasherDefault, marker::PhantomData};
+
+use ahash::AHasher;
+use hashbrown::HashMap;
+use log::Level;
+use thiserror::Error;
+
+use crate::file::FileReader;
+
+type Hasher = BuildHasherDefault<AHasher>;
+
+#[derive(Debug)]
+pub struct Env<R: FileReader> {
+    envs: HashMap<String, String, Hasher>,
+    phantom: PhantomData<R>,
+}
+
+impl<R: FileReader> Env<R> {
+    /* Environment variable buffer size, should be larger than single largest env variable */
+    const BUFFER_SIZE: usize = 131072;
+    /* Expected maximum number of environment variables to initialize hash table */
+    const MAX_ENVS: usize = 4096;
+
+    pub fn initialize() -> Result<Env<R>, EnvError<R>> {
+        let mut reader = R::new(c"/proc/self/environ").map_err(EnvError::FailedToCreateReader)?;
+
+        let mut buffer = vec![0u8; Self::BUFFER_SIZE];
+
+        let mut envs = HashMap::<String, String, Hasher>::with_capacity_and_hasher(
+            Self::MAX_ENVS,
+            Hasher::default(),
+        );
+
+        let mut start = 0;
+        let mut bytes_read = 0;
+        loop {
+            let skip = bytes_read - start;
+            start = 0;
+            bytes_read = reader
+                .read(&mut buffer[skip..])
+                .map_err(EnvError::FailedToRead)?
+                + skip;
+
+            let mut i = 0;
+
+            while i < bytes_read {
+                if buffer[i] == 0 {
+                    if i == start {
+                        /* We found the null string at the end */
+                        return Ok(Env {
+                            envs,
+                            phantom: PhantomData,
+                        });
+                    }
+
+                    let pair = String::from_utf8_lossy(&buffer[start..i]).to_string();
+                    log::debug!("pair: {pair}");
+
+                    let (key, value) = pair
+                        .split_once('=')
+                        .map(|(k, v)| (k.to_string(), v.to_string()))
+                        .ok_or(EnvError::Split(pair))?;
+                    log::debug!("key: {key} value: {value}");
+
+                    envs.insert(key, value);
+                    start = i + 1;
+                }
+                i += 1;
+            }
+            buffer.copy_within(start..bytes_read, 0);
+
+            if bytes_read == 0 {
+                if start == bytes_read {
+                    break;
+                }
+                let fragment = String::from_utf8_lossy(&buffer[start..bytes_read]).to_string();
+                return Err(EnvError::StringFragment(fragment));
+            }
+        }
+        Ok(Env {
+            envs,
+            phantom: PhantomData,
+        })
+    }
+
+    pub fn get(&self, name: &str) -> Option<&str> {
+        self.envs.get(name).map(|s| s.as_str())
+    }
+
+    pub fn log_level(&self) -> Option<Level> {
+        self.get("RUST_LOG").and_then(|s| s.parse().ok())
+    }
+}
+
+impl<R: FileReader> IntoIterator for Env<R> {
+    type Item = (String, String);
+    type IntoIter = hashbrown::hash_map::IntoIter<String, String>;
+
+    fn into_iter(self) -> Self::IntoIter {
+        self.envs.into_iter()
+    }
+}
+
+#[derive(Error, Debug, PartialEq)]
+pub enum EnvError<R: FileReader> {
+    #[error("Failed to create reader: {0}")]
+    FailedToCreateReader(R::Error),
+    #[error("Failed to read: {0}")]
+    FailedToRead(R::Error),
+    #[error("Failed to split")]
+    Split(String),
+    #[error("String framgent: {0}")]
+    StringFragment(String),
+}

libafl_qemu/librasan/asan/src/file/libc.rs

@@ -0,0 +1,161 @@
+use core::{
+    ffi::{CStr, c_char, c_int},
+    marker::PhantomData,
+};
+
+use libc::{O_NONBLOCK, O_RDONLY};
+use log::trace;
+use thiserror::Error;
+
+use crate::{
+    asan_swap,
+    file::FileReader,
+    size_t, ssize_t,
+    symbols::{AtomicGuestAddr, Function, FunctionPointer, FunctionPointerError, Symbols},
+};
+
+#[derive(Debug)]
+struct FunctionOpen;
+
+impl Function for FunctionOpen {
+    const NAME: &CStr = c"open";
+    type Func = unsafe extern "C" fn(*const c_char, c_int, c_int) -> c_int;
+}
+
+#[derive(Debug)]
+struct FunctionClose;
+
+impl Function for FunctionClose {
+    const NAME: &CStr = c"close";
+    type Func = unsafe extern "C" fn(c_int) -> c_int;
+}
+
+#[derive(Debug)]
+struct FunctionRead;
+
+impl Function for FunctionRead {
+    const NAME: &CStr = c"read";
+    type Func = unsafe extern "C" fn(c_int, *mut c_char, size_t) -> ssize_t;
+}
+
+#[derive(Debug)]
+struct FunctionErrnoLocation;
+
+impl Function for FunctionErrnoLocation {
+    const NAME: &CStr = c"__errno_location";
+    type Func = unsafe extern "C" fn() -> *mut c_int;
+}
+
+static OPEN_ADDR: AtomicGuestAddr = AtomicGuestAddr::new();
+static CLOSE_ADDR: AtomicGuestAddr = AtomicGuestAddr::new();
+static READ_ADDR: AtomicGuestAddr = AtomicGuestAddr::new();
+static GET_ERRNO_LOCATION_ADDR: AtomicGuestAddr = AtomicGuestAddr::new();
+
+#[derive(Debug)]
+pub struct LibcFileReader<S: Symbols> {
+    fd: c_int,
+    _phantom: PhantomData<S>,
+}
+
+impl<S: Symbols> LibcFileReader<S> {
+    fn get_open() -> Result<<FunctionOpen as Function>::Func, LibcFileReaderError<S>> {
+        let addr = OPEN_ADDR.try_get_or_insert_with(|| {
+            S::lookup(FunctionOpen::NAME).map_err(|e| LibcFileReaderError::FailedToFindSymbol(e))
+        })?;
+        let f =
+            FunctionOpen::as_ptr(addr).map_err(|e| LibcFileReaderError::InvalidPointerType(e))?;
+        Ok(f)
+    }
+
+    fn get_close() -> Result<<FunctionClose as Function>::Func, LibcFileReaderError<S>> {
+        let addr = CLOSE_ADDR.try_get_or_insert_with(|| {
+            S::lookup(FunctionClose::NAME).map_err(|e| LibcFileReaderError::FailedToFindSymbol(e))
+        })?;
+        let f =
+            FunctionClose::as_ptr(addr).map_err(|e| LibcFileReaderError::InvalidPointerType(e))?;
+        Ok(f)
+    }
+
+    fn get_read() -> Result<<FunctionRead as Function>::Func, LibcFileReaderError<S>> {
+        let addr = READ_ADDR.try_get_or_insert_with(|| {
+            S::lookup(FunctionRead::NAME).map_err(|e| LibcFileReaderError::FailedToFindSymbol(e))
+        })?;
+        let f =
+            FunctionRead::as_ptr(addr).map_err(|e| LibcFileReaderError::InvalidPointerType(e))?;
+        Ok(f)
+    }
+
+    fn get_errno_location()
+    -> Result<<FunctionErrnoLocation as Function>::Func, LibcFileReaderError<S>> {
+        let addr = GET_ERRNO_LOCATION_ADDR.try_get_or_insert_with(|| {
+            S::lookup(FunctionErrnoLocation::NAME)
+                .map_err(|e| LibcFileReaderError::FailedToFindSymbol(e))
+        })?;
+        let f = FunctionErrnoLocation::as_ptr(addr)
+            .map_err(|e| LibcFileReaderError::InvalidPointerType(e))?;
+        Ok(f)
+    }
+
+    fn errno() -> Result<c_int, LibcFileReaderError<S>> {
+        unsafe { asan_swap(false) };
+        let errno_location = Self::get_errno_location()?;
+        unsafe { asan_swap(true) };
+        let errno = unsafe { *errno_location() };
+        Ok(errno)
+    }
+}
+
+impl<S: Symbols> FileReader for LibcFileReader<S> {
+    type Error = LibcFileReaderError<S>;
+    fn new(path: &CStr) -> Result<LibcFileReader<S>, Self::Error> {
+        let fn_open = Self::get_open()?;
+        unsafe { asan_swap(false) };
+        let fd = unsafe { fn_open(path.as_ptr() as *const c_char, O_NONBLOCK | O_RDONLY, 0) };
+        unsafe { asan_swap(true) };
+        if fd < 0 {
+            let errno = Self::errno().unwrap();
+            return Err(LibcFileReaderError::FailedToOpen(errno));
+        }
+        Ok(LibcFileReader {
+            fd,
+            _phantom: PhantomData,
+        })
+    }
+    fn read(&mut self, buf: &mut [u8]) -> Result<usize, Self::Error> {
+        let fn_read = Self::get_read()?;
+        unsafe { asan_swap(false) };
+        let ret = unsafe { fn_read(self.fd, buf.as_mut_ptr() as *mut c_char, buf.len()) };
+        unsafe { asan_swap(true) };
+        if ret < 0 {
+            let errno = Self::errno().unwrap();
+            return Err(LibcFileReaderError::FailedToRead(self.fd, errno));
+        }
+        Ok(ret as usize)
+    }
+}
+
+impl<S: Symbols> Drop for LibcFileReader<S> {
+    fn drop(&mut self) {
+        let fn_close = Self::get_close().unwrap();
+        unsafe { asan_swap(false) };
+        let ret = unsafe { fn_close(self.fd) };
+        unsafe { asan_swap(true) };
+        if ret < 0 {
+            let errno = Self::errno().unwrap();
+            panic!("Failed to close: {}, Errno: {}", self.fd, errno);
+        }
+        trace!("Closed fd: {}", self.fd);
+    }
+}
+
+#[derive(Error, Debug, PartialEq)]
+pub enum LibcFileReaderError<S: Symbols> {
+    #[error("Failed to find mmap functions")]
+    FailedToFindSymbol(S::Error),
+    #[error("Invalid pointer type: {0:?}")]
+    InvalidPointerType(FunctionPointerError),
+    #[error("Failed to read - fd: {0}, errno: {1}")]
+    FailedToRead(c_int, c_int),
+    #[error("Failed to open - errno: {0}")]
+    FailedToOpen(c_int),
+}

libafl_qemu/librasan/asan/src/file/linux.rs

@@ -0,0 +1,36 @@
+use core::ffi::CStr;
+
+use rustix::{
+    fd::OwnedFd,
+    fs::{Mode, OFlags, open},
+    io::{Errno, read},
+};
+use thiserror::Error;
+
+use crate::file::FileReader;
+
+#[derive(Debug)]
+pub struct LinuxFileReader {
+    fd: OwnedFd,
+}
+
+impl FileReader for LinuxFileReader {
+    type Error = LinuxFileReaderError;
+    fn new(path: &'static CStr) -> Result<LinuxFileReader, Self::Error> {
+        let fd = open(path, OFlags::RDONLY | OFlags::NONBLOCK, Mode::empty())
+            .map_err(LinuxFileReaderError::FailedToOpen)?;
+
+        Ok(LinuxFileReader { fd })
+    }
+    fn read(&mut self, buf: &mut [u8]) -> Result<usize, Self::Error> {
+        read(&self.fd, buf).map_err(LinuxFileReaderError::FailedToRead)
+    }
+}
+
+#[derive(Error, Debug, PartialEq)]
+pub enum LinuxFileReaderError {
+    #[error("Failed to open - errno: {0}")]
+    FailedToOpen(Errno),
+    #[error("Failed to read - errno: {0}")]
+    FailedToRead(Errno),
+}

libafl_qemu/librasan/asan/src/file/mod.rs

@@ -0,0 +1,14 @@
+use alloc::fmt::Debug;
+use core::ffi::CStr;
+
+#[cfg(feature = "libc")]
+pub mod libc;
+
+#[cfg(feature = "linux")]
+pub mod linux;
+
+pub trait FileReader: Debug + Send + Sized {
+    type Error: Debug;
+    fn new(path: &'static CStr) -> Result<Self, Self::Error>;
+    fn read(&mut self, buf: &mut [u8]) -> Result<usize, Self::Error>;
+}

libafl_qemu/librasan/asan/src/hooks/mod.rs

@@ -89,7 +89,7 @@ impl PatchedHook {
     }
 
     pub fn lookup<S: Symbols>(&self) -> Result<GuestAddr, S::Error> {
-        S::lookup(self.name.as_ptr() as *const c_char)
+        unsafe { S::lookup_raw(self.name.as_ptr() as *const c_char) }
     }
 }