A dozen of vmm's running on a GCE machine can be really slow to boot.
Timeouts have only single goal: preventing complete system stalls
when/if external commands episodically hang. There is no value
in keeping them as close as possible to expected durations.
This can only lead to various flakes. Increase timeouts by an
order of magnitude.
The goroutine sends on bootOutputStop to notify about its completion,
but the main goroutine is not receiving from the chan on success
and since the chan in unbuffered, the output reading goroutine
hangs on the send forever.
I am getting:
failed to run vmctl -name syzkaller-ci-openbsd-main-test-0
vmctl: name too long
The name is auto-generated from parts which ensure that it is unique.
We can't easily name it shorter. So strip the syzkaller prefix,
which is not strictly necessary.
Move debug_dump_data back to executor.cc.
debug_dump_data in common_linux.h does not play well
with pkg/csource debug stripping logic. It strips a large
random piece of code since it thinks debug_dump_data
definition is actually debug_dump_data call site.
If we don't determine correct prefix (e.g. some paths are not full paths),
we can plumb kernel source path twice. It seems that it's not possible
to do the right thing in all possible combinations of what can be in
debug info, if the kernel sources were moved or not, if we have kernel_src
or not. But at least don't plumb kernel_src second time.
Fix build after "executor: remove unused var flag_sandbox_privs".
Some variables/functions can't be static as they are unused on some OSes,
which produces unused warnings.
I guess the condition was always meant to be "!ok || try > 10".
So we always ignored non-executor failures, and failed on executor ones.
I think now it's better to just retry always. If the error is something
persistent we will fail after 10 tries anyway.
Currently we have a global fixed set of sandboxes,
which makes it hard to add new OS-specific ones
(all OSes need to updated to say that they don't
support this sandbox).
Let it each OS say what sandboxes it supports instead.
executor: add support for android_untrusted_app sandbox
This adds a new sandbox type, 'android_untrusted_app', which restricts
syz-executor to the privileges which are available to third-party applications,
e.g. those installed from the Google Play store.
In particular, this uses the UID space reserved for applications (instead of
the 'setuid' sandbox, which uses the traditional 'nobody' user / 65534)
as well as a set of groups which the Android-specific kernels are aware of,
and finally ensures that the SELinux context is set appropriately.
Dependencies on libselinux are avoided by manually implementing the few
functions that are needed to change the context of the current process,
and arbitrary files. The underlying mechanisms are relatively simple.
Fixesgoogle/syzkaller#643
Test: make presubmit
Bug: http://b/112900774
We used to use gcc for test OS, but this is linux-specific.
Other OSes may use c++ or clang as main compiler, so use whatever
is the default for the host OS.
Update #712
For vmm we need a pre-created image.
So if one is provided in the userspace dir,
copy it to output. This should be enough
to get vmm working.
Update #712
We currently have this list in multiple places (somewhat diverged).
Specify this "overcommit" property in VM implementations.
In particular, we also want to allow overcommit for "vmm" type.
Update #712
After generating syscall description for fidl files using fidlgen, prune
all unused structs using the exact same mechanism used by the compiler's
check for unused structs. This allows the FIDL compiler to support
modular compilation; it does not need to have global knowledge of
whether each struct is used or not.
Allow a special case of cross-reporting duping:
rom last but one reporting to the last one (which is stable, final destination)
provided that these two reportings have the same access level and type.
The rest of the combinations can lead to surprising states and
information hiding, so we still don't allow them.
Fixes#569
