intel/kernel-fuzzer-for-xen-project

Paging mode not set during harness setup

v-p-b opened this issue ยท 3 comments

v-p-b commented

I'm harnessing a 32-bit Windows userland target using breakpoints. Restoring the "start byte" doesn't work, because vmi_write_8() can't translate the virtual address, so the setup fails.

I placed some debug prints in libvmi and found that vmi->arch_interface not being set caused the lookup failure:

https://github.com/libvmi/libvmi/blob/master/libvmi/write.c#L102

I set the last parameter of setup_vmi(...,init_pm) to true - now the restoration seems to work, but I'm not sure what's the proper fix for this:

https://github.com/intel/kernel-fuzzer-for-xen-project/blob/master/src/setup.c#L113

(I'm using an older symbol JSON, but as far as I can tell the paging mode is determined based on VCPU info, so I guess this shouldn't be a problem.)

tklengyel commented

I set the last parameter of setup_vmi(...,init_pm) to true

That's an appropriate solution. But there is actually no need to do any translation for placing back the start-byte, the Xen event actually already has the info about the physical address, so we can just use that directly. I'll push an update soon.

  • ๐Ÿ‘1
tklengyel commented

Pushed a5d06ef

  • ๐ŸŽ‰1
v-p-b commented

thanks, I can confirm it is working!

  • ๐Ÿ‘1