fork_fuzz.ld - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt

fork_fuzz.ld (1313B)

      1/*
      2 * We adjust linker script modification to place all of the stuff that needs to
      3 * persist across fuzzing runs into a contiguous section of memory. Then, it is
      4 * easy to re-map the counter-related memory as shared.
      5 */
      6
      7SECTIONS
      8{
      9  .data.fuzz_start : ALIGN(4K)
     10  {
     11      __FUZZ_COUNTERS_START = .;
     12      __start___sancov_cntrs = .;
     13      *(_*sancov_cntrs);
     14      __stop___sancov_cntrs = .;
     15
     16      /* Lowest stack counter */
     17      *(__sancov_lowest_stack);
     18  }
     19}
     20INSERT AFTER .data;
     21
     22SECTIONS
     23{
     24  .data.fuzz_ordered :
     25  {
     26      /*
     27       * Coverage counters. They're not necessary for fuzzing, but are useful
     28       * for analyzing the fuzzing performance
     29       */
     30      __start___llvm_prf_cnts = .;
     31      *(*llvm_prf_cnts);
     32      __stop___llvm_prf_cnts = .;
     33
     34      /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */
     35      FuzzerTracePC*(.bss*);
     36      /*
     37       * In case the above line fails, explicitly specify the (mangled) name of
     38       * the object we care about
     39       */
     40       *(.bss._ZN6fuzzer3TPCE);
     41  }
     42}
     43INSERT AFTER .data.fuzz_start;
     44
     45SECTIONS
     46{
     47  .data.fuzz_end : ALIGN(4K)
     48  {
     49      __FUZZ_COUNTERS_END = .;
     50  }
     51}
     52/*
     53 * Don't overwrite the SECTIONS in the default linker script. Instead insert the
     54 * above into the default script
     55 */
     56INSERT AFTER .data.fuzz_ordered;