Skip to content

ensure Nyx command handler support is more CPU agnostic (#3153) #3167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

ensure Nyx command handler support is more CPU agnostic (#3153) #3167

wants to merge 1 commit into from

Conversation

noperand
Copy link

Description

Straightforward fix ensuring the Nyx command handler uses the local arch_regs_map via get_exit_arch_regs(). This is to determine the correct Ret and Cmd CPU registers for the guest architecture, respectively.

No build errors after overriding the guest CPU architecture in Cargo.toml, as described (i386). Same build result when reverting back to arm. Still, must test to be sure.

Checklist

  • I have run ./scripts/precommit.sh and addressed all comments
  • Test Nyx support for i386 QEMU guest

@rmalmain
Copy link
Member

thank you for the PR.

since nyx is specific to x86 targets, i used x86 registers to make sure it is the same as in the nyx api.

the libafl qemu api is meant to be architecture agnostic (and is using arch_regs_map).

is there any specific reason you need the nyx api for the arm architecture?

@noperand
Copy link
Author

noperand commented Apr 18, 2025
edited
Loading

I've never used Nyx. Seeing #3153 tagged as a bug, I followed the build failure reproduction steps and saw what appeared to be a quick fix based on the specified feature.

I need more clarity on your question about the Nyx API for the arm architecture. The existing example specifies arm but this is designed to be overridden. I could be mistaken, but it seems likely that the reporter is repurposing the QEMU bare metal example for an i386 guest/target. The core Nyx command handler statically referencing RAX will only work for x86_64, not x86. While the registers are synonymous between the two in their lower-level encoding/representation, the compiler is none the wiser with the symbolic enumeration mismatch. The Nyx command handler still needs to reference the right guest register when fetching its contents from QEMU.

The default in the example is currently arm and if what you indicate about Nyx is correct, this sounds like some combination of host/target confusion, feature flag scope/meaning, perhaps an assumption on RAX/EAX being synonymous in the Nyx plumbing, and/or differences at each layer. Regardless, there are now no build errors when building lib_qemu for i386 or arm.

Sounds like there's a better way that may avoid unnecessarily broadening CPU architecture support via feature where it's not meaningful. I'm tracking you there. I do believe it's good to further decouple CPU architecture/register specifics from the Nyx command handler, regardless of limited range of support within Nyx.

I will test this with a proper i386 target and see if anything breaks. If it does, I will provide more updates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@noperand @rmalmain