how to use nyx mode for amd cpu #1950
Description
Describe the bug
I`m using nyx mode to fuzz, but my cpu is AMD, so, i need use no-pt mode.
but, error happened.
To Reproduce
Steps to reproduce the behavior:
- change coed to following:
/home/nyx/AFLplusplus/nyx_mode/libnyx/fuzz_runner/src/nyx/params.rs:
cmd.push("-machine".to_string());
// cmd.push("kAFL64-v2".to_string());
cmd.push("kAFL64-Q35".to_string());
cmd.push("-cpu".to_string());
// cmd.push("kAFL64-Hypervisor-v1".to_string());
cmd.push("kAFL64-Hypervisor-v2".to_string());
- run cmd: lear; afl-fuzz -i /home/nyx/jc_first_fuzz_sample/in -o /home/nyx/jc_first_fuzz_sample/out -X -- /home/nyx/jc_first_fuzz_sample/nyx
main::489
afl-fuzz++4.10a based on afl by Michal Zalewski and a large online community
[+] AFL++ is maintained by Marc "van Hauser" Heuse, Dominik Maier, Andrea Fioraldi and Heiko "hexcoder" Eißfeldt
[+] AFL++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: AFL++ >= v3 has changed defaults and behaviours - see README.md
[+] AFL++ Nyx mode is enabled (developed and mainted by Sergej Schumilo)
[+] Nyx is open source, get it at https://github.com/Nyx-Fuzz
[+] No -M/-S set, autoconfiguring for "-S default"
[*] Getting to work...
[+] Using exploration-based constant power schedule (EXPLORE)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a length of min=1 max=1048576
main::1797
main::1805
[*] Trying to load libnyx.so plugin...
[+] libnyx plugin is ready!
main::1816
[+] You have 4 CPU cores and 1 runnable tasks (utilization: 25%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/fuzzing_in_depth.md#c-using-multiple-cores
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #0.
[*] Scanning '/home/nyx/jc_first_fuzz_sample/in'...
[+] Loaded a total of 1 seeds.
[*] Creating hard links for all input files...
[*] Validating target binary...
main::2255
afl_fsrv_get_mapsize::1463
afl_fsrv_start::531
[*] Spinning up the NYX backend...
=== /home/nyx/jc_first_fuzz_sample/out/workdir
Current function: /home/nyx/AFLplusplus/nyx_mode/libnyx/fuzz_runner/src/nyx/qemu_process.rs
Line number: 104
[!] libnyx: spawning qemu with:
/home/nyx/AFLplusplus/nyx_mode/QEMU-Nyx/x86_64-softmmu/qemu-system-x86_64 -kernel /home/nyx/AFLplusplus/nyx_mode/packer/linux_initramfs/bzImage-linux-4.15-rc7 -initrd /home/nyx/AFLplusplus/nyx_mode/packer/linux_initramfs/init.cpio.gz -append nokaslr oops=panic nopti ignore_rlimit_data -display none -serial none -enable-kvm -net none -k de -m 512 -chardev socket,server,path=/home/nyx/jc_first_fuzz_sample/out/workdir/interface_0,id=nyx_interface -device nyx,chardev=nyx_interface,bitmap_size=65536,input_buffer_size=1048576,worker_id=0,workdir=/home/nyx/jc_first_fuzz_sample/out/workdir,sharedir=/home/nyx/jc_first_fuzz_sample/nyx,aux_buffer_size=4096 -machine kAFL64-Q35 -cpu kAFL64-Hypervisor-v2 -fast_vm_reload path=/home/nyx/jc_first_fuzz_sample/out/workdir/snapshot/,load=off,skip_serialization=on
[QEMU-Nyx] Could not access KVM-PT kernel module!
[QEMU-Nyx] Trying vanilla KVM...
[QEMU-Nyx] NYX runs in fallback mode (no Intel-PT tracing or nested hypercall support)!
[QEMU-NYX] Max Dirty Ring Size -> 1048576 (Entries: 65536)
[QEMU-Nyx] Warning: Attempt to use unsupported CPU model (PT) without KVM-PT (Hint: use '-cpu kAFL64-Hypervisor-v2' instead)
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.01H:ECX.pcid [bit 17]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.hle [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.erms [bit 9]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.invpcid [bit 10]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-vintr-pending [bit 2]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-tsc-offset [bit 3]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-hlt-exit [bit 7]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-invlpg-exit [bit 9]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-mwait-exit [bit 10]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-rdpmc-exit [bit 11]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-rdtsc-exit [bit 12]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-cr3-load-noexit [bit 15]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-cr3-store-noexit [bit 16]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-cr8-load-exit [bit 19]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-cr8-store-exit [bit 20]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-flexpriority [bit 21]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-vnmi-pending [bit 22]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-movdr-exit [bit 23]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-io-exit [bit 24]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-io-bitmap [bit 25]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-mtf [bit 27]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-msr-bitmap [bit 28]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-monitor-exit [bit 29]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-pause-exit [bit 30]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-secondary-ctls [bit 31]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-apicv-xapic [bit 0]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-ept [bit 1]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-desc-exit [bit 2]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-rdtscp-exit [bit 3]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-apicv-x2apic [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-vpid [bit 5]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-wbinvd-exit [bit 6]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-unrestricted-guest [bit 7]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-invpcid-exit [bit 12]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-vmfunc [bit 13]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-shadow-vmcs [bit 14]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48DH).vmx-intr-exit [bit 0]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48DH).vmx-nmi-exit [bit 3]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48DH).vmx-vnmi [bit 5]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48DH).vmx-preemption-timer [bit 6]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-nosave-debugctl [bit 2]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-ack-intr [bit 15]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-save-pat [bit 18]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-load-pat [bit 19]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-save-efer [bit 20]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-load-efer [bit 21]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-save-preemption-timer [bit 22]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(490H).vmx-entry-noload-debugctl [bit 2]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(490H).vmx-entry-ia32e-mode [bit 9]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(490H).vmx-entry-load-pat [bit 14]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(490H).vmx-entry-load-efer [bit 15]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(485H).vmx-store-lma [bit 5]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(485H).vmx-activity-hlt [bit 6]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(485H).vmx-vmwrite-vmexit-fields [bit 29]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-ept-execonly [bit 0]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-page-walk-4 [bit 6]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH) [bit 14]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-ept-2mb [bit 16]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-ept-1gb [bit 17]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-invept [bit 20]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-eptad [bit 21]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-invept-single-context [bit 25]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-invept-all-context [bit 26]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-invvpid [bit 32]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-invvpid-single-addr [bit 40]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-invept-single-context [bit 41]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-invvpid-all-context [bit 42]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-invept-single-context-noglobals [bit 43]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(480H).vmx-ins-outs [bit 54]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(480H).vmx-true-ctls [bit 55]
qemu-system-x86_64: warning: host doesn't support requested feature: MSR(491H).vmx-eptp-switching [bit 0]
[QEMU-NYX] Dirty ring mmap region located at 0x7f6ea028d000
[QEMU-NYX] Error: KVM-Nyx support is missing...
[!] libnyx: input buffer is write protected
[!] libnyx failed to initialize QEMU-Nyx: agent abort() ->
KVM-Nyx support is missing...
Expected behavior
A clear and concise description of what you expected to happen.
Screen output/Screenshots
If applicable, add copy-paste of the screen output or screenshot that shows the issue. Please ensure the output is in English and not in Chinese, Russian, German, etc.
Additional context
/home/nyx/AFLplusplus/nyx_mode/QEMU-Nyx/x86_64-softmmu/qemu-system-x86_64 -machine help
Supported machines are:
microvm microvm (i386)
pc Standard PC (i440FX + PIIX, 1996) (alias of pc-i440fx-4.2)
pc-i440fx-4.2 Standard PC (i440FX + PIIX, 1996) (default)
pc-i440fx-4.1 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-4.0 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-3.1 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-3.0 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.9 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.8 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.7 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.6 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.5 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.4 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.3 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.2 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.12 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.11 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.10 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.1 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.0 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.7 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.6 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.5 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.4 Standard PC (i440FX + PIIX, 1996)
pc-1.3 Standard PC (i440FX + PIIX, 1996)
pc-1.2 Standard PC (i440FX + PIIX, 1996)
pc-1.1 Standard PC (i440FX + PIIX, 1996)
pc-1.0 Standard PC (i440FX + PIIX, 1996)
pc-0.15 Standard PC (i440FX + PIIX, 1996) (deprecated)
pc-0.14 Standard PC (i440FX + PIIX, 1996) (deprecated)
pc-0.13 Standard PC (i440FX + PIIX, 1996) (deprecated)
pc-0.12 Standard PC (i440FX + PIIX, 1996) (deprecated)
kAFL64 kAFL64 PC (i440FX + PIIX, 1996) (alias of kAFL64-v1)
kAFL64-v1 kAFL64 PC (i440FX + PIIX, 1996)
q35 Standard PC (Q35 + ICH9, 2009) (alias of pc-q35-4.2)
pc-q35-4.2 Standard PC (Q35 + ICH9, 2009)
pc-q35-4.1 Standard PC (Q35 + ICH9, 2009)
pc-q35-4.0.1 Standard PC (Q35 + ICH9, 2009)
pc-q35-4.0 Standard PC (Q35 + ICH9, 2009)
pc-q35-3.1 Standard PC (Q35 + ICH9, 2009)
pc-q35-3.0 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.9 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.8 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.7 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.6 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.5 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.4 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.12 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.11 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.10 Standard PC (Q35 + ICH9, 2009)
kAFL64 kAFL64 PC (Q35 + ICH9, 2009) (alias of kAFL64-Q35)
kAFL64-Q35 kAFL64 PC (Q35 + ICH9, 2009)
isapc ISA-only PC
none empty machine
lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 45 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Vendor ID: AuthenticAMD
Model name: AMD Ryzen 5 3600 6-Core Processor
CPU family: 23
Model: 113
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
Stepping: 0
BogoMIPS: 7200.00
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl tsc_reliable nonstop_tsc cpuid extd_apicid tsc_
known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c hypervisor lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core ssbd ibpb vm
mcall fsgsbase bmi1 avx2 smep bmi2 adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 clzero wbnoinvd arat npt svm_lock nrip_save vmcb_clean flushbyasid decodeassists umip rdpid overflow_recov succor
Virtualization features:
Virtualization: AMD-V
Hypervisor vendor: VMware
Virtualization type: full
Caches (sum of all):
L1d: 128 KiB (4 instances)
L1i: 128 KiB (4 instances)
L2: 2 MiB (4 instances)
L3: 16 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0-3
Vulnerabilities:
Gather data sampling: Not affected
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Retbleed: Mitigation; untrained return thunk; SMT disabled
Spec rstack overflow: Mitigation; SMT disabled
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, IBPB conditional, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
Srbds: Not affected
Tsx async abort: Not affected
how to do, thanks!!!