libafl-fuzz: introduce nyx_mode

[R9295]

Let's see if the CI works. We need an intel CPU for nyx_mode

[tokatoka]

can you cargo fmt? (inside your others/libafl-fuzz

[R9295]

Looks like nyx mode won't run on github CI according @vanhauser-thc 's script. Can someone with an intel CPU please test?

[rmalmain]

I have a machine on which i usually run kAFL. I can run the tests there if you want.
Do i need a specific version of the kernel to have the tests running?

[tokatoka]

you can't do this on gh ci

[rmalmain]

to integrate this in ci we would need a dedicated machine.
for now I'll just run the test on my machine and see if it works when @R9295 replies

[R9295]

Thanks @tokatoka & @rmalmain . I've got access to an Intel machine now. I'll change libafl-fuzz's nyx mode to use libafl_nyx instead of AFL++'s nyx_mode cause libnyx is Rust anyways so IMO it makes more sense

[domenukk]

Any news here?

[R9295]

@rmalmain Could you please test this on a machine with kvm? you just need to run cargo make test_nyx_mode

[rmalmain]

@rmalmain Could you please test this on a machine with kvm? you just need to run cargo make test_nyx_mode

No problem, I'll run it now @R9295

[rmalmain]

@R9295 i received a link error during building:

/usr/bin/ld: /tmp/lto-llvm-05edc4.o: in function `main':
ld-temp.o:(.text.main+0x300): undefined reference to `net_fuzz_bitmap'
/usr/bin/ld: ld-temp.o:(.text.main+0x30e): undefined reference to `pt_decoder_init'
/usr/bin/ld: ld-temp.o:(.text.main+0x32c): undefined reference to `init_disassembler'
/usr/bin/ld: ld-temp.o:(.text.main+0x342): undefined reference to `fuzz_bitmap_reset'
/usr/bin/ld: ld-temp.o:(.text.main+0x34b): undefined reference to `destroy_disassembler'
/usr/bin/ld: ld-temp.o:(.text.main+0x353): undefined reference to `pt_decoder_destroy'
/usr/bin/ld: ld-temp.o:(.text.main+0x3aa): undefined reference to `decode_buffer'
/usr/bin/ld: ld-temp.o:(.text.main+0x3eb): undefined reference to `pt_decoder_get_page_fault_addr'
/usr/bin/ld: ld-temp.o:(.text.main+0x44d): undefined reference to `destroy_disassembler'
/usr/bin/ld: ld-temp.o:(.text.main+0x456): undefined reference to `pt_decoder_destroy'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [Makefile:34: ptdump_static] Error 1

cp: cannot stat 'libnyx/libnyx/target/release/liblibnyx.so': No such file or directory

[R9295]

@rmalmain is this a Rust (libafl-fuzz / libafl_nyx) issue or a AFL++ one?

[R9295]

Could you please try again?

[rmalmain]

the error does not trigger when CC is not clang (i have a very recent version, should be the problem)
I'll try again with your change

[rmalmain]

didn't change much on my side

[R9295]

@rmalmain thanks. I'll need to have a look myself cause this is compiling just fine on my Intel THinkpad with clang-18 (just no kvm stuff so it won't actually run). I'll DIY it

[rmalmain]

I tried with multiple versions of clang:

• clang 19: cf the error message above
• clang 17, clang 18, gcc: various errors (expected i guess)
  pip error:

b'[...]/LibAFL/libafl_nyx/packer/linux_initramfs\n'
[ERROR]   Package 'msgpack' is missing (Hint: `pip install msgpack`)!
[ERROR]   Tool 'lddtree' is missing (Hint: run `sudo apt install pax-utils`)!

kvm backdoor error:

[QEMU-Nyx] ERROR: vmware backdoor is not enabled...

	Run the following commands to fix the issue:
	-----------------------------------------
	sudo modprobe -r kvm-intel
	sudo modprobe -r kvm
	sudo modprobe  kvm enable_vmware_backdoor=y
	sudo modprobe  kvm-intel
	cat /sys/module/kvm/parameters/enable_vmware_backdoor
	-----------------------------------------

for the last few errors i guess it's the user's responsibility to handle that?

otherwise it ended up working correctly

[R9295]

Ah I see. Thanks @rmalmain