From c31305be010d582f31e7283f1cc64029ce5e159c Mon Sep 17 00:00:00 2001 From: Wim de With Date: Sat, 22 Nov 2025 14:28:19 +0100 Subject: [PATCH 1/3] Clear dirty pages on snapshot in SnapshotModule --- crates/libafl_qemu/src/modules/usermode/snapshot.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crates/libafl_qemu/src/modules/usermode/snapshot.rs b/crates/libafl_qemu/src/modules/usermode/snapshot.rs index d96c5b2d163..0cfaf828713 100644 --- a/crates/libafl_qemu/src/modules/usermode/snapshot.rs +++ b/crates/libafl_qemu/src/modules/usermode/snapshot.rs @@ -238,6 +238,9 @@ impl SnapshotModule { self.initial_brk = qemu.get_initial_brk(); self.mmap_start = qemu.get_mmap_start(); self.pages.clear(); + for acc in &mut self.accesses { + unsafe { (*acc.get()).clear() }; + } for map in qemu.mappings() { println!("mapping: {map:?}"); From 0f4e15cee134592b53c1ac862bc241d9030b0e05 Mon Sep 17 00:00:00 2001 From: Wim de With Date: Sat, 22 Nov 2025 14:30:20 +0100 Subject: [PATCH 2/3] Use log statement for memory map in SnapshotModule --- crates/libafl_qemu/src/modules/usermode/snapshot.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/libafl_qemu/src/modules/usermode/snapshot.rs b/crates/libafl_qemu/src/modules/usermode/snapshot.rs index 0cfaf828713..8b9e643a21c 100644 --- a/crates/libafl_qemu/src/modules/usermode/snapshot.rs +++ b/crates/libafl_qemu/src/modules/usermode/snapshot.rs @@ -242,7 +242,7 @@ impl SnapshotModule { unsafe { (*acc.get()).clear() }; } for map in qemu.mappings() { - println!("mapping: {map:?}"); + log::debug!("mapping: {map:}"); let mut addr = map.start(); while addr < map.end() { From b00e45cbf9f3c2873c6bfab283e743a6a130c6ef Mon Sep 17 00:00:00 2001 From: Wim de With Date: Sat, 22 Nov 2025 14:34:02 +0100 Subject: [PATCH 3/3] Fix SnapshotModule filter bugs --- crates/libafl_qemu/src/modules/usermode/snapshot.rs | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/crates/libafl_qemu/src/modules/usermode/snapshot.rs b/crates/libafl_qemu/src/modules/usermode/snapshot.rs index 8b9e643a21c..72ab758c561 100644 --- a/crates/libafl_qemu/src/modules/usermode/snapshot.rs +++ b/crates/libafl_qemu/src/modules/usermode/snapshot.rs @@ -246,9 +246,7 @@ impl SnapshotModule { let mut addr = map.start(); while addr < map.end() { - let zero = self.interval_filter.to_zero(addr); - let skip = self.interval_filter.to_skip(addr); - if let Some(range) = zero.or(skip) { + if let Some(range) = self.interval_filter.to_skip(addr) { addr = range.end; continue; } @@ -258,7 +256,7 @@ impl SnapshotModule { private: map.is_priv(), data: None, }; - if map.flags().readable() { + if map.flags().readable() && self.interval_filter.to_zero(addr).is_none() { // TODO not just for R pages unsafe { info.data = Some(Box::new(core::mem::zeroed())); @@ -481,7 +479,7 @@ impl SnapshotModule { for acc in &mut self.accesses { unsafe { &mut (*acc.get()) }.dirty.retain(|page| { if let Some(info) = self.pages.get_mut(page) { - if self.interval_filter.to_skip(*page as u64).is_some() { + if self.interval_filter.to_zero(*page as u64).is_some() { if !Self::modify_mapping(qemu, new_maps, *page) { return true; // Restore later } @@ -526,7 +524,7 @@ impl SnapshotModule { } } - if self.interval_filter.to_skip(*page as u64).is_some() { + if self.interval_filter.to_zero(*page as u64).is_some() { unsafe { qemu.write_mem_unchecked(*page, &SNAPSHOT_PAGE_ZEROES) }; } else if let Some(info) = self.pages.get_mut(page) { // TODO avoid duplicated memcpy