pkg/host: add "network devices" feature

Linux executor sets up some network devices for testing, detect when that's supported on the machine and don't do it if it's not supported.
2025-03-03 09:07:18 +00:00 · 2018-07-13 12:46:32 +02:00 · 2018-07-13 12:46:32 +02:00 · 92a4950507
commit 92a4950507
parent fcdb43e97d
8 changed files with 40 additions and 3 deletions
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@ -394,10 +394,18 @@ static void snprintf_check(char* str, size_t size, const char* format, ...)
 	va_end(args);
 }

+#ifdef SYZ_EXECUTOR
+extern bool flag_enable_net_dev;
+#endif
+
 // We test in a separate namespace, which does not have any network devices initially (even lo).
 // Create/up as many as we can.
 static void initialize_netdevices(void)
 {
+#ifdef SYZ_EXECUTOR
+	if (!flag_enable_net_dev)
+		return;
+#endif
 	unsigned i;
 	const char* devtypes[] = {"ip6gretap", "bridge", "vcan", "bond", "team"};
 	// If you extend this array, also update netdev_addr_id in vnet.txt.
--- a/executor/executor.h
+++ b/executor/executor.h
@ -54,6 +54,7 @@ bool flag_cover;
 bool flag_sandbox_privs;
 sandbox_type flag_sandbox;
 bool flag_enable_tun;
+bool flag_enable_net_dev;
 bool flag_enable_fault_injection;

 bool flag_collect_cover;
@ -243,7 +244,8 @@ void parse_env_flags(uint64 flags)
 	else if (flags & (1 << 3))
 		flag_sandbox = sandbox_namespace;
 	flag_enable_tun = flags & (1 << 4);
-	flag_enable_fault_injection = flags & (1 << 5);
+	flag_enable_net_dev = flags & (1 << 5);
+	flag_enable_fault_injection = flags & (1 << 6);
 }

 void receive_handshake()
--- a/pkg/csource/linux_common.go
+++ b/pkg/csource/linux_common.go
@ -538,8 +538,16 @@ static void snprintf_check(char* str, size_t size, const char* format, ...)
 	va_end(args);
 }

+#ifdef SYZ_EXECUTOR
+extern bool flag_enable_net_dev;
+#endif
+
 static void initialize_netdevices(void)
 {
+#ifdef SYZ_EXECUTOR
+	if (!flag_enable_net_dev)
+		return;
+#endif
 	unsigned i;
 	const char* devtypes[] = {"ip6gretap", "bridge", "vcan", "bond", "team"};
 	const char* devnames[] = {"lo", "sit0", "bridge0", "vcan0", "tunl0",
--- a/pkg/host/host.go
+++ b/pkg/host/host.go
@ -44,6 +44,7 @@ const (
 	FeatureFaultInjection
 	FeatureLeakChecking
 	FeatureNetworkInjection
+	FeatureNetworkDevices
 	numFeatures
 )

@ -74,6 +75,7 @@ func Check(target *prog.Target) (*Features, error) {
 		FeatureFaultInjection:   {Name: "fault injection", Reason: unsupported},
 		FeatureLeakChecking:     {Name: "leak checking", Reason: unsupported},
 		FeatureNetworkInjection: {Name: "net packed injection", Reason: unsupported},
+		FeatureNetworkDevices:   {Name: "net device setup", Reason: unsupported},
 	}
 	if target.OS == "akaros" {
 		return res, nil
--- a/pkg/host/host_linux.go
+++ b/pkg/host/host_linux.go
@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"runtime"
 	"strconv"
 	"strings"
@ -320,6 +321,7 @@ func init() {
 	setupFeature[FeatureLeakChecking] = setupLeakChecking
 	callbFeature[FeatureLeakChecking] = callbackLeakChecking
 	checkFeature[FeatureNetworkInjection] = checkNetworkInjection
+	checkFeature[FeatureNetworkDevices] = checkNetworkDevices
 }

 func checkCoverage() string {
@ -549,6 +551,13 @@ func checkNetworkInjection() string {
 	if err := osutil.IsAccessible("/dev/net/tun"); err != nil {
 		return err.Error()
 	}
+	return checkNetworkDevices()
+}
+
+func checkNetworkDevices() string {
+	if _, err := exec.LookPath("ip"); err != nil {
+		return "ip command is not found"
+	}
 	return ""
 }

--- a/pkg/ipc/ipc.go
+++ b/pkg/ipc/ipc.go
@ -31,9 +31,11 @@ const (
 	FlagSandboxSetuid                         // impersonate nobody user
 	FlagSandboxNamespace                      // use namespaces for sandboxing
 	FlagEnableTun                             // initialize and use tun in executor
+	FlagEnableNetDev                          // setup a bunch of various network devices for testing
 	FlagEnableFault                           // enable fault injection support
-	FlagUseShmem                              // use shared memory instead of pipes for communication
-	FlagUseForkServer                         // use extended protocol with handshake
+	// Executor does not know about these:
+	FlagUseShmem      // use shared memory instead of pipes for communication
+	FlagUseForkServer // use extended protocol with handshake
 )

 // Per-exec flags for ExecOpts.Flags:
--- a/syz-fuzzer/fuzzer.go
+++ b/syz-fuzzer/fuzzer.go
@ -203,6 +203,9 @@ func main() {
 	if r.CheckResult.Features[host.FeatureNetworkInjection].Enabled {
 		config.Flags |= ipc.FlagEnableTun
 	}
+	if r.CheckResult.Features[host.FeatureNetworkDevices].Enabled {
+		config.Flags |= ipc.FlagEnableNetDev
+	}
 	if r.CheckResult.Features[host.FeatureFaultInjection].Enabled {
 		config.Flags |= ipc.FlagEnableFault
 	}
--- a/tools/syz-stress/stress.go
+++ b/tools/syz-stress/stress.go
@ -67,6 +67,9 @@ func main() {
 	if features[host.FeatureNetworkInjection].Enabled {
 		config.Flags |= ipc.FlagEnableTun
 	}
+	if features[host.FeatureNetworkDevices].Enabled {
+		config.Flags |= ipc.FlagEnableNetDev
+	}
 	gate = ipc.NewGate(2**flagProcs, nil)
 	for pid := 0; pid < *flagProcs; pid++ {
 		pid := pid