reactos/syzkaller
1
0
Fork 0
mirror of https://github.com/reactos/syzkaller.git synced 2024-11-23 11:29:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
syzkaller/pkg/csource/common.go

166 lines
5.3 KiB
Go
Raw Permalink Normal View History

pkg/csource: refactor csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
2017-12-15 10:25:19 +00:00
// Copyright 2017 syzkaller project authors. All rights reserved.
// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
pkg/csource: rewrite gen.sh in Go Shell files cause portability problems. On Linux it's hard to install /bin/sh, /bin/bash is not present on *BSD. Any solution is hard to test on Darwin. Don't even want to mention Windows. Just do it in Go.
2018-07-27 08:17:52 +00:00
//go:generate go run gen.go
executor: overhaul Make as much code as possible shared between all OSes. In particular main is now common across all OSes. Make more code shared between executor and csource (in particular, loop function and threaded execution logic). Also make loop and threaded logic shared across all OSes. Make more posix/unix code shared across OSes (e.g. signal handling, pthread creation, etc). Plus other changes along similar lines. Also support test OS in executor (based on portable posix) and add 4 arches that cover all execution modes (fork server/no fork server, shmem/no shmem). This change paves way for testing of executor code and allows to preserve consistency across OSes and executor/csource.
2018-07-20 18:26:05 +00:00
pkg/csource: refactor csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
2017-12-15 10:25:19 +00:00
package csource
import (
"bytes"
"fmt"
executor: implement support for leak checking Leak checking support was half done and did not really work. This is heavy-lifting to make it work. 1. Move leak/fault setup into executor. pkg/host was a wrong place for them because we need then in C repros too. The pkg/host periodic callback functionality did not work too, we need it in executor so that we can reuse it in C repros too. Remove setup/callback functions in pkg/host entirely. 2. Do leak setup/checking in C repros. The way leak checking is invoked is slightly different from fuzzer, but much better then no support at all. At least the checking code is shared. 3. Add Leak option to pkg/csource and -leak flag to syz-prog2c. 4. Don't enalbe leak checking in fuzzer while we are triaging initial corpus. It's toooo slow. 5. Fix pkg/repro to do something more sane for leak bugs. Few other minor fixes here and there.
2019-05-18 15:54:03 +00:00
"regexp"
pkg/runtest: make tests pass on freebsd The problem is stupid: <endian.h> should be included as <sys/endian.h> on freebsd. Pass actual host OS to executor build as HOSTGOOS and use it to figure out how we should include this header.
2019-03-07 19:36:03 +00:00
"runtime"
pkg/csource: refactor defineList Make it simpler and shorter. Update #538
2018-08-02 14:50:09 +00:00
"sort"
pkg/csource: refactor csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
2017-12-15 10:25:19 +00:00
"strings"
"github.com/google/syzkaller/pkg/osutil"
"github.com/google/syzkaller/prog"
"github.com/google/syzkaller/sys/targets"
)
executor: overhaul Make as much code as possible shared between all OSes. In particular main is now common across all OSes. Make more code shared between executor and csource (in particular, loop function and threaded execution logic). Also make loop and threaded logic shared across all OSes. Make more posix/unix code shared across OSes (e.g. signal handling, pthread creation, etc). Plus other changes along similar lines. Also support test OS in executor (based on portable posix) and add 4 arches that cover all execution modes (fork server/no fork server, shmem/no shmem). This change paves way for testing of executor code and allows to preserve consistency across OSes and executor/csource.
2018-07-20 18:26:05 +00:00
const (
pkg/csource: sort sys/types.h to the top on FreeBSD sys/types.h is a special header that is required by many other system headers on FreeBSD.
2019-03-07 01:32:44 +00:00
linux = "linux"
freebsd = "freebsd"
openbsd = "openbsd"
pkg/csource: fix failing syz-runtest for NetBSD * pkg/csource: fix failing syz-runtest for NetBSD * update common.go
2019-08-21 14:13:43 +00:00
netbsd = "netbsd"
executor: overhaul Make as much code as possible shared between all OSes. In particular main is now common across all OSes. Make more code shared between executor and csource (in particular, loop function and threaded execution logic). Also make loop and threaded logic shared across all OSes. Make more posix/unix code shared across OSes (e.g. signal handling, pthread creation, etc). Plus other changes along similar lines. Also support test OS in executor (based on portable posix) and add 4 arches that cover all execution modes (fork server/no fork server, shmem/no shmem). This change paves way for testing of executor code and allows to preserve consistency across OSes and executor/csource.
2018-07-20 18:26:05 +00:00
executor: refactor sandbox flags In preparation for future changes.
2019-11-14 17:56:34 +00:00
sandboxNone = "none"
sandboxSetuid = "setuid"
sandboxNamespace = "namespace"
sandboxAndroid = "android"
executor: overhaul Make as much code as possible shared between all OSes. In particular main is now common across all OSes. Make more code shared between executor and csource (in particular, loop function and threaded execution logic). Also make loop and threaded logic shared across all OSes. Make more posix/unix code shared across OSes (e.g. signal handling, pthread creation, etc). Plus other changes along similar lines. Also support test OS in executor (based on portable posix) and add 4 arches that cover all execution modes (fork server/no fork server, shmem/no shmem). This change paves way for testing of executor code and allows to preserve consistency across OSes and executor/csource.
2018-07-20 18:26:05 +00:00
)
pkg/csource: tidy generated code 1. Remove unnecessary includes. 2. Remove thunk function in threaded mode. 3. Inline syscalls into main for the simplest case. 4. Define main in common.h rather than form with printfs. 5. Fix generation for repeat mode (we had 2 infinite loops: in main and in loop). 6. Remove unused functions (setup/reset_loop, setup/reset_test, sandbox_namespace, etc).
2018-07-26 15:47:27 +00:00
func createCommonHeader(p, mmapProg *prog.Prog, replacements map[string]string, opts Options) ([]byte, error) {
pkg/csource: refactor defineList Make it simpler and shorter. Update #538
2018-08-02 14:50:09 +00:00
defines := defineList(p, mmapProg, opts)
pkg/csource: add support for creating reproducers on OpenBSD
2018-11-17 18:32:19 +00:00
sysTarget := targets.Get(p.Target.OS, p.Target.Arch)
cmd := osutil.Command(sysTarget.CPP, "-nostdinc", "-undef", "-fdirectives-only", "-dDI", "-E", "-P", "-")
pkg/csource: refactor csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
2017-12-15 10:25:19 +00:00
for _, def := range defines {
cmd.Args = append(cmd.Args, "-D"+def)
}
cmd.Stdin = strings.NewReader(commonHeader)
stderr := new(bytes.Buffer)
stdout := new(bytes.Buffer)
cmd.Stderr = stderr
cmd.Stdout = stdout
pkg/csource: add comment re ignoring cpp errors Clarify why we ignore cpp errors.
2020-08-14 12:07:37 +00:00
// Note: we ignore error because we pass -nostdinc so there are lots of errors of the form:
// error: no include path in which to search for stdlib.h
// This is exactly what we want: we don't want these to be included into the C reproducer.
// But the downside is that we can miss some real errors, e.g.:
// error: missing binary operator before token "SYZ_SANDBOX_ANDROID"
// 3776 | #if not SYZ_SANDBOX_ANDROID
// Potentially we could analyze errors manually and ignore only the expected ones.
pkg/csource: refactor csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
2017-12-15 10:25:19 +00:00
if err := cmd.Run(); len(stdout.Bytes()) == 0 {
pkg/csource: add comment re ignoring cpp errors Clarify why we ignore cpp errors.
2020-08-14 12:07:37 +00:00
return nil, fmt.Errorf("cpp failed: %v %v: %v\n%v\n%v", cmd.Path, cmd.Args, err, stdout.String(), stderr.String())
pkg/csource: refactor csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
2017-12-15 10:25:19 +00:00
}
src, err := removeSystemDefines(stdout.Bytes(), defines)
if err != nil {
return nil, err
}
executor: introduce uint64/32/16/8 types The "define uint64_t unsigned long long" were too good to work. With a different toolchain I am getting: cstdint:69:11: error: expected unqualified-id using ::uint64_t; ^ executor/common.h:34:18: note: expanded from macro 'uint64_t' Do it the proper way: introduce uint64/32/16/8 types and use them. pkg/csource then does s/uint64/uint64_t/ to not clutter code with additional typedefs.
2017-12-27 09:56:12 +00:00
pkg/csource: tidy generated code 1. Remove unnecessary includes. 2. Remove thunk function in threaded mode. 3. Inline syscalls into main for the simplest case. 4. Define main in common.h rather than form with printfs. 5. Fix generation for repeat mode (we had 2 infinite loops: in main and in loop). 6. Remove unused functions (setup/reset_loop, setup/reset_test, sandbox_namespace, etc).
2018-07-26 15:47:27 +00:00
for from, to := range replacements {
executor: remove block comments 1. We don't generally use /* */ block comments, few precedents we have are inconsistent with the rest of the code. 2. pkg/csource does not strip them from the resulting code. Remove the cases we have and add a test to prevent new ones being added.
2020-08-04 12:14:40 +00:00
src = bytes.Replace(src, []byte("/*{{{"+from+"}}}*/"), []byte(to), -1)
pkg/csource: tidy generated code 1. Remove unnecessary includes. 2. Remove thunk function in threaded mode. 3. Inline syscalls into main for the simplest case. 4. Define main in common.h rather than form with printfs. 5. Fix generation for repeat mode (we had 2 infinite loops: in main and in loop). 6. Remove unused functions (setup/reset_loop, setup/reset_test, sandbox_namespace, etc).
2018-07-26 15:47:27 +00:00
}
executor: introduce uint64/32/16/8 types The "define uint64_t unsigned long long" were too good to work. With a different toolchain I am getting: cstdint:69:11: error: expected unqualified-id using ::uint64_t; ^ executor/common.h:34:18: note: expanded from macro 'uint64_t' Do it the proper way: introduce uint64/32/16/8 types and use them. pkg/csource then does s/uint64/uint64_t/ to not clutter code with additional typedefs.
2017-12-27 09:56:12 +00:00
for from, to := range map[string]string{
"uint64": "uint64_t",
"uint32": "uint32_t",
"uint16": "uint16_t",
"uint8": "uint8_t",
} {
src = bytes.Replace(src, []byte(from), []byte(to), -1)
}
executor: implement support for leak checking Leak checking support was half done and did not really work. This is heavy-lifting to make it work. 1. Move leak/fault setup into executor. pkg/host was a wrong place for them because we need then in C repros too. The pkg/host periodic callback functionality did not work too, we need it in executor so that we can reuse it in C repros too. Remove setup/callback functions in pkg/host entirely. 2. Do leak setup/checking in C repros. The way leak checking is invoked is slightly different from fuzzer, but much better then no support at all. At least the checking code is shared. 3. Add Leak option to pkg/csource and -leak flag to syz-prog2c. 4. Don't enalbe leak checking in fuzzer while we are triaging initial corpus. It's toooo slow. 5. Fix pkg/repro to do something more sane for leak bugs. Few other minor fixes here and there.
2019-05-18 15:54:03 +00:00
src = regexp.MustCompile("#define SYZ_HAVE_.*").ReplaceAll(src, nil)
executor: introduce uint64/32/16/8 types The "define uint64_t unsigned long long" were too good to work. With a different toolchain I am getting: cstdint:69:11: error: expected unqualified-id using ::uint64_t; ^ executor/common.h:34:18: note: expanded from macro 'uint64_t' Do it the proper way: introduce uint64/32/16/8 types and use them. pkg/csource then does s/uint64/uint64_t/ to not clutter code with additional typedefs.
2017-12-27 09:56:12 +00:00
pkg/csource: refactor csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
2017-12-15 10:25:19 +00:00
return src, nil
}
pkg/csource: refactor defineList Make it simpler and shorter. Update #538
2018-08-02 14:50:09 +00:00
func defineList(p, mmapProg *prog.Prog, opts Options) (defines []string) {
pkg/csoruce: test that executor does not mis-spell any of the SYZ_* macros
2019-11-14 17:36:26 +00:00
for def, ok := range commonDefines(p, opts) {
if ok {
defines = append(defines, def)
}
}
for _, c := range p.Calls {
defines = append(defines, "__NR_"+c.Meta.CallName)
}
for _, c := range mmapProg.Calls {
defines = append(defines, "__NR_"+c.Meta.CallName)
}
sort.Strings(defines)
return
}
func commonDefines(p *prog.Prog, opts Options) map[string]bool {
pkg/csource: refactor defineList Make it simpler and shorter. Update #538
2018-08-02 14:50:09 +00:00
sysTarget := targets.Get(p.Target.OS, p.Target.Arch)
prog: combine RequiresBitmasks and RequiresChecksums into RequiredFeatures
2018-02-18 13:16:07 +00:00
bitmasks, csums := prog.RequiredFeatures(p)
pkg/csoruce: test that executor does not mis-spell any of the SYZ_* macros
2019-11-14 17:36:26 +00:00
return map[string]bool{
executor: rename some macros Rename some macros in preparation for subsequent changes which will align names across the code base.
2019-11-14 17:44:30 +00:00
"GOOS_" + p.Target.OS: true,
"GOARCH_" + p.Target.Arch: true,
"HOSTGOOS_" + runtime.GOOS: true,
"SYZ_USE_BITMASKS": bitmasks,
"SYZ_USE_CHECKSUMS": csums,
"SYZ_SANDBOX_NONE": opts.Sandbox == sandboxNone,
"SYZ_SANDBOX_SETUID": opts.Sandbox == sandboxSetuid,
"SYZ_SANDBOX_NAMESPACE": opts.Sandbox == sandboxNamespace,
executor: refactor sandbox flags In preparation for future changes.
2019-11-14 17:56:34 +00:00
"SYZ_SANDBOX_ANDROID": opts.Sandbox == sandboxAndroid,
executor: rename some macros Rename some macros in preparation for subsequent changes which will align names across the code base.
2019-11-14 17:44:30 +00:00
"SYZ_THREADED": opts.Threaded,
"SYZ_COLLIDE": opts.Collide,
"SYZ_REPEAT": opts.Repeat,
"SYZ_REPEAT_TIMES": opts.RepeatTimes > 1,
"SYZ_MULTI_PROC": opts.Procs > 1,
"SYZ_FAULT": opts.Fault,
"SYZ_LEAK": opts.Leak,
pkg/csource: rename some options Rename some options in preparation for subsequent changes which will align names across the code base.
2019-11-15 09:23:23 +00:00
"SYZ_NET_INJECTION": opts.NetInjection,
"SYZ_NET_DEVICES": opts.NetDevices,
"SYZ_NET_RESET": opts.NetReset,
"SYZ_CGROUPS": opts.Cgroups,
"SYZ_BINFMT_MISC": opts.BinfmtMisc,
"SYZ_CLOSE_FDS": opts.CloseFDs,
"SYZ_KCSAN": opts.KCSAN,
"SYZ_DEVLINK_PCI": opts.DevlinkPCI,
csource, executor: add usb emulation feature The feature gets enabled when /dev/raw-gadget is present and accessible. With this feature enabled, executor will do chmod 0666 /dev/raw-gadget on startup, which makes it possible to do USB fuzzing in setuid and namespace sandboxes. There should be no backwards compatibility issues with syz reproducers that don't explicitly enable this feature, as they currently only work in none sandbox.
2020-04-01 17:37:07 +00:00
"SYZ_USB": opts.USB,
all: initialize vhci in linux * all: initialize vhci in linux * executor/common_linux.h: improve vhci initialization * pkg/repro/repro.go: add missing vhci options * executor/common_linux.h: fix type and add missing header * executor, pkg: do it like NetInjection * pkg/csource/csource.go: do not emit syz_emit_vhci if vhci is not enabled * executor/common_linux.h: fix format string * executor/common_linux.h: initialize with memset For som reason {0} gets complains about missing braces... * executor/common_linux.h: simplify vhci init * executor/common_linux.h: try to bring all available hci devices up * executor/common_linux.h: find which hci device has been registered * executor/common_linux.h: use HCI_VENDOR_PKT response to retrieve device id * sys/linux/dev_vhci.txt: fix structs of inquiry and report packets * executor/common_linux.h: remove unnecessary return statement and check vendor_pkt read size * executor/common_linux.h: remove unnecessary return statement and check vendor_pkt read size * sys/linux/dev_vhci.txt: pack extended_inquiry_info_t * sys/linux/l2cap.txt: add l2cap_conf_opt struct * executor/common_linux.h: just fill bd addr will 0xaa * executor/common_linux.h: just fill bd addr will 0xaa
2020-07-30 09:33:48 +00:00
"SYZ_VHCI_INJECTION": opts.VhciInjection,
executor: rename some macros Rename some macros in preparation for subsequent changes which will align names across the code base.
2019-11-14 17:44:30 +00:00
"SYZ_USE_TMP_DIR": opts.UseTmpDir,
"SYZ_HANDLE_SEGV": opts.HandleSegv,
"SYZ_REPRO": opts.Repro,
"SYZ_TRACE": opts.Trace,
all: integrate with mac80211_hwsim Two virtual wireless devices are instantiated during network devices initialization. A new flag (-wifi) is added that controls whether these virtual wifi devices are instantiated and configured during proc initialization. Also, two new pseudo syscalls are added: 1. syz_80211_inject_frame(mac_addr, packet, packet_len) -- injects an arbitrary packet into the wireless stack. It is injected as if it originated from the device identitied by mac_addr. 2. syz_80211_join_ibss(interface_name, ssid, ssid_len, mode) -- puts a specific network interface into IBSS state and joins an IBSS network. Arguments of syz_80211_join_ibss: 1) interface_name -- null-terminated string that identifies a wireless interface 2) ssid, ssid_len -- SSID of an IBSS network to join to 3) mode -- mode of syz_80211_join_ibss operation (see below) Modes of operation: JOIN_IBSS_NO_SCAN (0x0) -- channel scan is not performed and syz_80211_join_ibss waits until the interface reaches IF_OPER_UP. JOIN_IBSS_BG_SCAN (0x1) -- channel scan is performed (takes ~ 9 seconds), syz_80211_join_ibss does not await IF_OPER_UP. JOIN_IBSS_BG_NO_SCAN (0x2) -- channel scan is not performed, syz_80211_join_ibss does not await IF_OPER_UP. Local testing ensured that these syscalls are indeed able to set up an operating network and inject packets into mac80211.
2020-09-08 05:25:27 +00:00
"SYZ_WIFI": opts.Wifi,
executor: rename some macros Rename some macros in preparation for subsequent changes which will align names across the code base.
2019-11-14 17:44:30 +00:00
"SYZ_EXECUTOR_USES_SHMEM": sysTarget.ExecutorUsesShmem,
"SYZ_EXECUTOR_USES_FORK_SERVER": sysTarget.ExecutorUsesForkServer,
pkg/csource: refactor defineList Make it simpler and shorter. Update #538
2018-08-02 14:50:09 +00:00
}
pkg/csource: refactor csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
2017-12-15 10:25:19 +00:00
}
func removeSystemDefines(src []byte, defines []string) ([]byte, error) {
pkg/csource: tidy generated code 1. Remove unnecessary includes. 2. Remove thunk function in threaded mode. 3. Inline syscalls into main for the simplest case. 4. Define main in common.h rather than form with printfs. 5. Fix generation for repeat mode (we had 2 infinite loops: in main and in loop). 6. Remove unused functions (setup/reset_loop, setup/reset_test, sandbox_namespace, etc).
2018-07-26 15:47:27 +00:00
remove := map[string]string{
"__STDC__": "1",
"__STDC_HOSTED__": "1",
"__STDC_UTF_16__": "1",
"__STDC_UTF_32__": "1",
}
for _, def := range defines {
eq := strings.IndexByte(def, '=')
if eq == -1 {
remove[def] = "1"
} else {
remove[def[:eq]] = def[eq+1:]
}
}
for def, val := range remove {
src = bytes.Replace(src, []byte("#define "+def+" "+val+"\n"), nil, -1)
pkg/csource: refactor csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
2017-12-15 10:25:19 +00:00
}
// strip: #define __STDC_VERSION__ 201112L
for _, def := range []string{"__STDC_VERSION__"} {
pos := bytes.Index(src, []byte("#define "+def))
if pos == -1 {
continue
}
end := bytes.IndexByte(src[pos:], '\n')
if end == -1 {
continue
}
src = bytes.Replace(src, src[pos:end+1], nil, -1)
}
return src, nil
}
Reference in New Issue Copy Permalink