Hi, I'm a first time contributor to QEMU. I am using qemu-user for
fuzzing using LibAFL and as part of that including support for address
sanitizer
(https://github.com/google/sanitizers/wiki/addresssanitizeralgorithm).
In essence, this requires that my process running in QEMU requires very
large (albeit sparsely populated) memory ranges (terrabytes in size) for
the shadow maps. When ASAN detects an error, it causes the target to
crash. As a result a coredump is generated (which would usually provide
a very welcome opportunity to perform a post mortem), but QEMU includes
these shadow maps in the core dump which it generates quickly exhausting
disk space.
The function vma_dump_size performs only basic filtering of the ranges
included in the core dump and the implementation of target_madvise
disregards MADV_DONTDUMP (which per the spec it is at liberty to do).
However, it would be very helpful if QEMU were able to exclude ranges
marked with MADV_DONTDUMP. I believe it should be a simple case of
adding a flag to page-protection.h and using pageflags_find to update
the flags in target_madvise. Then the logic in vma_dump_size could be
updated accordingly. A more colourful and easier to read description of
this is in the following markdown gist (with references to the code in
question):
https://gist.github.com/WorksButNotTested/becd7a1f89690fad89b3e8b44ed7192d
Would you be receptive to such a modification? Is my strategy for the
fix correct?
Many thanks for your advice.
Kind Regards.
Jon
