librasan: Simplify patch for ARM

wfdewith · wfdewith · commit 1fa4cceb92e2 · 2025-05-02T23:15:10.000+02:00
diff --git a/libafl_qemu/librasan/asan/src/patch/raw.rs b/libafl_qemu/librasan/asan/src/patch/raw.rs
@@ -15,34 +15,18 @@ pub struct RawPatch;
 impl Patch for RawPatch {
     type Error = RawPatchError;
 
-    #[cfg(not(target_arch = "arm"))]
-    fn patch(target: GuestAddr, destination: GuestAddr) -> Result<(), Self::Error> {
-        debug!("patch - addr: {:#x}, target: {:#x}", target, destination);
-        if target == destination {
-            Err(RawPatchError::IdentityPatch(target))?;
-        }
-        let patch = Self::get_patch(destination)?;
-        trace!("patch: {:02x?}", patch);
-        let dest = unsafe { from_raw_parts_mut(target as *mut u8, patch.len()) };
-        dest.copy_from_slice(&patch);
-        Ok(())
-    }
-
-    #[cfg(target_arch = "arm")]
     fn patch(target: GuestAddr, destination: GuestAddr) -> Result<(), Self::Error> {
         debug!("patch - addr: {:#x}, target: {:#x}", target, destination);
         if target == destination {
             Err(RawPatchError::IdentityPatch(target))?;
         }
+        let patch = Self::get_patch(target, destination)?;
 
-        let patch = if target & 1 == 1 {
-            Self::get_patch_thumb(destination)?
-        } else {
-            Self::get_patch_arm(destination)?
-        };
+        // Mask the thumb mode indicator bit
+        #[cfg(target_arch = "arm")]
+        let target = target & !1;
 
         trace!("patch: {:02x?}", patch);
-        let target = target & !1;
         let dest = unsafe { from_raw_parts_mut(target as *mut u8, patch.len()) };
         dest.copy_from_slice(&patch);
         Ok(())
@@ -51,7 +35,7 @@ impl Patch for RawPatch {
 
 impl RawPatch {
     #[cfg(target_arch = "x86_64")]
-    fn get_patch(destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
+    fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
         // mov rax, 0xdeadfacef00dd00d
         // jmp rax
         let insns = [
@@ -77,7 +61,7 @@ impl RawPatch {
     }
 
     #[cfg(target_arch = "x86")]
-    fn get_patch(destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
+    fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
         // mov eax, 0xdeadface
         // jmp eax
         let insns = [
@@ -91,37 +75,37 @@ impl RawPatch {
     }
 
     #[cfg(target_arch = "arm")]
-    fn get_patch_arm(destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
-        // ldr ip, [pc]
-        // bx ip
-        // .long 0xdeadface
-        let insns = [
-            [0x00, 0xc0, 0x9f, 0xe5].to_vec(),
-            [0x1c, 0xff, 0x2f, 0xe1].to_vec(),
-            [0xce, 0xfa, 0xad, 0xde].to_vec(),
-        ];
-        let addr = destination.to_ne_bytes().to_vec();
-        let insns_mod = [&insns[0], &insns[1], &addr];
-        Ok(insns_mod.into_iter().flatten().cloned().collect())
-    }
-
-    #[cfg(target_arch = "arm")]
-    fn get_patch_thumb(destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
-        // ldr ip, [pc, #2]
-        // bx ip
-        // .long 0xdeadface
-        let insns = [
-            [0xdf, 0xf8, 0x02, 0xc0].to_vec(),
-            [0x60, 0x47].to_vec(),
-            [0xce, 0xfa, 0xad, 0xde].to_vec(),
-        ];
-        let addr = destination.to_ne_bytes().to_vec();
-        let insns_mod = [&insns[0], &insns[1], &addr];
-        Ok(insns_mod.into_iter().flatten().cloned().collect())
+    fn get_patch(target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
+        // If our target is in thumb mode
+        if target & 1 == 1 {
+            // ldr ip, [pc, #2]
+            // bx ip
+            // .long 0xdeadface
+            let insns = [
+                [0xdf, 0xf8, 0x02, 0xc0].to_vec(),
+                [0x60, 0x47].to_vec(),
+                [0xce, 0xfa, 0xad, 0xde].to_vec(),
+            ];
+            let addr = destination.to_ne_bytes().to_vec();
+            let insns_mod = [&insns[0], &insns[1], &addr];
+            Ok(insns_mod.into_iter().flatten().cloned().collect())
+        } else {
+            // ldr ip, [pc]
+            // bx ip
+            // .long 0xdeadface
+            let insns = [
+                [0x00, 0xc0, 0x9f, 0xe5].to_vec(),
+                [0x1c, 0xff, 0x2f, 0xe1].to_vec(),
+                [0xce, 0xfa, 0xad, 0xde].to_vec(),
+            ];
+            let addr = destination.to_ne_bytes().to_vec();
+            let insns_mod = [&insns[0], &insns[1], &addr];
+            Ok(insns_mod.into_iter().flatten().cloned().collect())
+        }
     }
 
     #[cfg(target_arch = "aarch64")]
-    fn get_patch(destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
+    fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
         // ldr x16, #8
         // br  x16
         // .quad 0xdeadfacef00dd00d
@@ -137,7 +121,7 @@ impl RawPatch {
     }
 
     #[cfg(target_arch = "powerpc")]
-    fn get_patch(destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
+    fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
         // lis 12, 0xdead
         // ori 12, 12, 0xface
         // mtctr 12
