Commit Graph

286 Commits

Author SHA1 Message Date
Dmitry Vyukov
c1147c8df7 all: fix comments format
Fix capitalization, dots at the end
and two spaces after a period.

Update #1876
2020-07-12 08:22:44 +02:00
Tobias Klauser
f5b2c665da vm/qemu: add support for linux/riscv64
Since the qemu riscv64 port does not work with the default -net nic
parameter, add support to use in the modern way of specifying network devices
to qemu, i.e. -device virtio-net-device,netdev=0 -netdev user,id=net0,host=...

The same applies for the -hda qemu option. Provide a way to use the
modern way of specifying image devices as well.

Other/new ports may use these options as well in the future by setting
UseNewQemuNetOptions and/or UseNewQemuImageOptions.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2020-06-27 15:04:27 +02:00
Tobias Klauser
30c61a8438 vm/vmimpl: add support for linux/riscv64
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2020-06-26 16:41:30 +02:00
Alexander Egorenkov
aea82c003a sys/linux: first 64bit big-endian architecture s390x
* mmap syscall is special on Linux s390x because
  the parameters for this syscall are passed as a struct
  on user stack instead of registers.
* Introduce the SyscallTrampolines table into targets.Target
  to address the above problem.
* There is a bug in Linux kernel s390x which causes QEMU TCG
  to hang when KASAN is enabled. The bug has been fixed
  in the forthcoming Linux 5.8 version. Until then do not enable
  KASAN when using QEMU TCG, QEMU KVM shall have no problems with
  KASAN.

Signed-off-by: Alexander Egorenkov <Alexander.Egorenkov@ibm.com>
2020-06-25 23:08:45 +02:00
Nicolas Lacasse
db5f1d07c3 vm/gvisor: Send debug logs to stderr so they can be read by syzkaller
The -alsologtostderr flag is a noop if -panic-log is also set. So before
this change, debug logs were not included in the syzkaller output logs.

By setting -debug-log=/dev/stderr, all debug logs are sent to stderr,
which syzkaller scrapes and includes in the output logs.
2020-06-13 11:27:59 +02:00
Dmitry Vyukov
588020678f all: use more respective language
Some terms are normalised on the technical level
but may be oppressive on a societal level.
Replace them with more technically neutral terms.
See the following doc for a longer version:
https://tools.ietf.org/id/draft-knodel-terminology-00.html
2020-06-11 23:19:34 +02:00
Dmitry Vyukov
e3d77cf2a3 .golangci.yml: enable godot checker
A good one. Lots of fixed comments are contributed by episodic contributors.
So it's good to catch these earlier.
2020-06-05 12:23:19 +02:00
Dmitry Vyukov
503fd5b2f7 .golangci.yml: enable whitespace checker
Points to bad empty lines very precisely.
2020-06-05 12:23:19 +02:00
Dipanjan Das
203d1b0208
vm/isolated: fix hang when target_reboot is not set
* updated the contributor list

* Fixes #1750, syz-manager hangs with "target_reboot:" false in isolated VM mode

If in the isolated VM mode, "target_reboot": false option is set in the
syz-manager's configuration, it hangs forever. syz-manager essentially
keeps on waiting for the VM to reboot, while a reboot is never triggered
due to target_reboot option being set to false. The fix is to perform the
waitRebootAndSSH() check only when target_reboot is set to true.

File(s) changed:

    vm/isolated/isolated.go: Move the waitRebootAndSSH() check inside the correct block
2020-05-21 09:08:32 +02:00
Michael Tuexen
64d61b4117 vm/vmimpl: Don't show ktr, but uma on FreeBSD
Right now, kernels are not build with KTR support, so don't
run show ktr. Add showing information about zones like vmstat -z
would show.
2020-05-12 11:25:51 +02:00
Greg Steuck
2dd552a542
vm/.../openbsd: get back traces of the first two cpus. (#1705) 2020-04-29 11:09:59 -07:00
Dmitry Vyukov
78267cec1a vm: better handle VM diagnosis output
1. Always append diagnosis output at the end.
Don't intermix it with kernel output. It's confusing and not useful.

2. Don't include diagnosis output into Report.
It's too verbose and is not the crash. Keep it only in the Output.
2020-03-21 16:30:35 +01:00
Dmitry Vyukov
d60b9c6b0e vm/vmimpl: refactor DiagnoseFree/OpenBSD
Make signatures of these functions match vm.Diagnose.
Both more flexible, less code, more reasonable.
2020-03-21 16:08:02 +01:00
Andrei Vagin
712198accc gvisor: code cleanups
* use RunCmd instead of osutil.Run.
* remove unneeded type casting from string to []byte.

Signed-off-by: Andrei Vagin <avagin@google.com>
2020-03-04 11:13:09 +01:00
Andrei Vagin
4a4e0509de vm/gvisor: allocate a separate stream of GO's runtime messges
GO's runtime calls the write system call twice to print "panic:"
and "the reason of this panic", so here is a race window when
other threads can print something to the log and we will see
something like this:

panic: log messages from another thread
The reason of the panic.

This confuses the syzkaller blacklist and dedup detection.

Signed-off-by: Andrei Vagin <avagin@google.com>
2020-03-01 20:11:27 +01:00
Zubin Mithra
02698d8bc4 vm/isolated: add initial support for fuzzing chromebooks
(WIP PR)

Add support for StartupScript.
* Modify Config{} to contain PostRepairScript.
* Allow repair() to execute a startup_script after reboot. The contents
of this script execute on the DUT.

Add pstore support:
* Modify Config{} to contain Pstore.
* Modify Diagnose() to reboot the DUT and fetch pstore logs,
conditional on inst.cfg.Pstore.
* Add readPstoreContents().
* Allow clearing previous pstore logs upon Create() and after use inside
readPstoreContents().
* Fetching pstore crashlogs relies on reliably getting lost connection
on DUT reboot. Use "ServerAliveInterval=6 ServerAliveCountMax=5" ssh
options when running syz-fuzzer with Pstore support enabled.

Allow parsing pstore contents:
* Diagnose() now returns pstore contents.

Refactoring:
* Move out some reusable parts of repair() to waitRebootAndSSH().
* Have an early return inside repair() if inst.waitForSSH() fails.
2020-02-20 17:37:54 +01:00
Dmitry Vyukov
5d7b90f1af vm/gvisor: fix potential deadlock
Fixes #1591
2020-02-13 18:13:37 +01:00
Jonghyuk Song
ddc3e85997 vm/isolated: update isolated vm
* vm/isolated: update isolated vm

Old isolated.go cannot hard reset the target device when the target device is stuck,
because it used SSH command to reboot.
New isolated.go can reboot the target device using USB hub,
so it can reboot the device when its kernel is crashed during fuzzing.
It also doesn't require 'CGO' like odroid.go

* vm/isolated: set default Host, comment modification

* vm/isolated: restore ssh reboot in repair()

In the previous commit, ssh reboot is removed.
but it should be remained, so this commit restore the ssh reboot.
Now, repair() func can reboot the target using ssh or /sys/bus/usb/devices/.../authorized/

* vm/isolated: update USBdev rebooting method and etc, ...
- change reboot method from using /bin/sh to file method
- change USBDevNum to array type
- restore waiting time when rebooting

* vm/isolated: update USBdev rebooting method and etc, ...
- change reboot method from using '/bin/sh' to file i/o
- change USBDevNum to array type
- restore waiting time when rebooting

* vm/isolated: update USBdev rebooting method and etc, ...
- change reboot method from using '/bin/sh' to file i/o
- change USBDevNum to array type
- restore waiting time when rebooting

* vm/isolated: some fixes based on feedback
- change variable name: USBDevNum -> USBDevNums, USBAuth -> usbAuth
- check whether USBDevNums is empty in ctor(), repair()
- move usbAuth declaration from Create() to repair()

* vm/isolated: remove empty line

* vm/isolated: fix some conditions

* vm/isolated: change comment, add validate length of USBDevNums

* vm/isolated: check whether the len(USBDevNums) and len(Targets) is same

* vm/isolated: change repair() func based on review
- wait 30*time.Minute even if TargetReboot is not set.
- reduce/combine logs
- e -> err

* vm/isolated: In repair(), print error log and return error when ssh is failed
2020-01-08 09:28:19 +01:00
Jouni Hogander
07bfd71dac Implement basic support for MIPS64LE
Add basic stuff to enable MIPS64ELR2 target:
 - build
 - make extract
 - make generate
 - qemu execution
 - system call parsing from /proc/kallsyms
2019-12-17 11:10:52 +01:00
Andrei Vagin
df191c7fd0 vm/gvisor: show a list of processes in case of any failures
Signed-off-by: Andrei Vagin <avagin@google.com>
2019-12-12 09:56:13 +01:00
Dmitry Vyukov
a2d178996b vm: add workdir_template functionality
The new manager config argument workdir_template refers to a directory. Optional.
Each VM will get a recursive copy of the files that are present in workdir_template.
VM config can then use these private copies as needed. The copy directory
can be referenced with "{{TEMPLATE}}" string. This is different from using
the files directly in that each instance will get own clean, private,
scratch copy of the files. Currently supported only for qemu_args argument
of qemu VM type. Use example:
Create a template dir with necessary files:
$ mkdir /mytemplatedir
$ truncate -s 64K /mytemplatedir/fd
Then specify the dir in the manager config:
	"workdir_template": "/mytemplatedir"
Then use these files in VM config:
	"qemu_args": "-fda {{TEMPLATE}}/fd"
2019-12-03 18:48:14 +01:00
Dmitry Vyukov
b5c36524a2 sys/targets: add HostFuzzer flag
Move HostFuzzer from vm/qemu.
It's needed in a number of other packages
and strictly saying is not specific to qemu
(it just happened that both fuchsia and akaros only support qemu).
2019-11-16 09:58:54 +01:00
Andrew Turner
b24d2b8a21 vm: Get debug information when FreeBSD on panics (#1470)
The FreeBSD kernel debugger can provide more information when the
kernel panics. Add support to bhybe and gce to print this information.
2019-10-21 14:25:55 +02:00
Matthew Dempsky
fd37b39ea8 all: convert Fuchsia to use "host fuzzing" mode
Go support is not a priority for Fuchsia at the moment, so it's
preferable to use host fuzzing mode for Fuchsia like currently done
for Akaros.

This commit basically looks for all the places where there was special
logic for OS=="akaros" and extends the same logic for OS=="fuchsia".
2019-08-27 14:39:18 -07:00
Andrei Vagin
bb071d588d vm/gvisor: run runsc with the alsologtostderr option
$ runsc -h
...
  -alsologtostderr=false: send log messages to stderr
...

Now gvisor doesn't send log messages on stderr by default,
and if we want to see these messages, we need to specify the
alsologtostderr option.
2019-07-23 08:47:25 +02:00
Alexander Popov
6732e2c033 qemu: support advanced hard drive configurations
Currently the 'image_device' config option in qemu.go doesn't properly
support the modern '-drive' argument for describing qemu hard disks.

In fact the various old ways to define qemu drives all boil down to
the common form '-drive if=TYPE,bus=BUS,unit=UNIT,OPTS...'
For example '-hda img' is equivalent to '-drive index=0,media=disk,file=img'.

Let's make the 'image_device' config option support both forms.

Signed-off-by: Alexander Popov <alex.popov@linux.com>
2019-07-15 18:12:29 +03:00
Dmitry Vyukov
7636971370 vm: fix typo in comment 2019-06-24 10:50:20 +02:00
Dmitry Vyukov
dfc7d235f5 vm: fix spurious crash detection caused by trimmed lines
We've got a case when "ODEBUG:" was incorrectly detected as crash.
That was caused by a flaw in matchPos logic. Fix that.
See the added test for details.
2019-06-24 10:14:58 +02:00
Dmitry Vyukov
e503f048b0 docs: don't duplicate manager config parameters
Currently we have them duplicated in docs/configuration.md
and the actual source in pkg/mgrconfig/config.go.
Documentation is missing in one place or another,
some is outdated, some is phrased slightly differently.
Move all docs to pkg/mgrconfig/config.go and reference it
from docs/configuration.md instead.
2019-05-21 11:47:51 +02:00
Dmitry Vyukov
32ebe81cf3 pkg/repro: fix no output timeout
We duplicated the no output timeout in the repro package,
and it got out of sync. It's not 3 mins now, but 5 mins.
Remove the duplication and fix this.
2019-05-20 19:40:20 +02:00
Mark Johnston
658d756383 vm/bhyve: ensure the VM is destroyed after closing 2019-05-13 20:23:56 -04:00
Mark Johnston
0637a7f088 Add a bhyve VM backend (#1150)
* vm: add bhyve support

bhyve is FreeBSD's native hypervisor.  Because it is missing snapshot
support and user networking, some additional configuration on the host
is required.  However, unlike QEMU on FreeBSD, bhyve can make use of
hardware virtualization features and is thus faster.

* docs/freebsd: document bhyve support
2019-05-11 19:38:53 +02:00
Dmitry Vyukov
8095117313 all: fix some static analysis warnings
Fix warnings produced by golangci-lint.

Update #977
2019-04-23 17:58:54 +03:00
Dmitry Vyukov
4a9fce1952 all: fix warnings pointed to by golangci-lint
Update #977
2019-03-28 15:30:18 +01:00
Dmitry Vyukov
742f448304 vm/gce: allow non-preemptible VMs
We are seeing some flakes during bisection and image testing.
Hard to tell what's the root cause because they are episodic.
But using non-preemptible VMs for bisection and image testing
looks good on all fronts.

Update #501
2019-03-28 13:22:37 +01:00
Dmitry Vyukov
c298c98302 vm/qemu: detect boot errors faster
Currently we try to ssh into the machine for 10 minutes
even if it crashed right away. Make qemu exit on kernel panic
and stop ssh'ing when qemu exits.
Handling bad kernels fast is actually important for bisection.

Update #501
2019-03-17 18:06:44 +01:00
Dmitry Vyukov
d31d239855 vm/qemu: s/Boot/boot/
Make Boot lower-case to not confuse readers that it's somehow exported.
It is not. Pure implementation detail.
2019-03-17 18:06:44 +01:00
Dmitry Vyukov
b198b1edef vm/vmimpl: don't pass ssh key twice 2019-02-22 18:39:54 +01:00
Siddharth M
7fa29a5895 pkg/build: added feature to copy kernel image for netbsd
* Modified pkg/build/netbsd.go
1. Made kernel build incremental
2. Added code to copy kernel to disk image

* Fix formating issues

* Fixed basic issues

* Fixed copy kernel to disk
1. Added CPU option to default
2. Added snapshot option to vm/qemu/qemu.go
3. Hacky solution to get the build working

* Fixed issues and added vm.MonitorExecution

* Added sync instead of poweroff
2019-02-22 13:18:44 +01:00
Dmitry Vyukov
f16dce862b vm/qemu: fix default flags for arm/arm64
The console and root that we use are specific for 386/amd64.
arm/arm64 usually use a different console and root device.
Use separate settings for 386/amd64 and arm/arm64.
2019-02-13 15:58:42 +01:00
Anton Lindqvist
c69659e352 openbsd: remove shorten report logic (#986)
A line length of 79 in the ddb output does not necessarily imply that the
following line is a continuation of the current line. Since there's no way
to distinguish between ordinary and continuation lines, it could end up
corrupting the report by joining two lines that are disjoint[1].

Instead, disable line wrapping in ddb. If we want some kind of wrapping in
the future it's easier done by pkg/report.

[1] https://syzkaller.appspot.com/bug?extid=03f7377a9848d7d008c9
2019-02-09 08:23:53 -08:00
Anton Lindqvist
66ff894ef5 openbsd: more witness handling
* pkg/report: symbolize witness trace on OpenBSD

* vm/vmimpl: show witness locks on panic

* vm/vmimpl: show memory stats on panic

* fixup! pkg/report: symbolize witness trace on OpenBSD
2019-01-26 09:09:31 +01:00
Dmitry Vyukov
b5d78bce08 vm/vmimpl: fix vet warning about unkeyed struct 2019-01-25 07:29:31 +01:00
Dmitry Vyukov
fea4b504d8 vm/vmimpl: produce better error in WaitForSSH
Currently we squash VerboseError which leads to too lengthy build error titles.
Handle verbose error more carefully.
2019-01-24 18:56:19 +01:00
Andrew Donnellan
4cdc0f5f6b vm/qemu: Disable VGA on ppc64le
Disable qemu VGA output on ppc64le. The current pseries console code in
the kernel has a bunch of bugs, and if you don't disable VGA syzkaller
won't see console output.

Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
2019-01-15 16:45:20 +01:00
Andrew Donnellan
c7d8a8c07b vm/qemu: Enable KVM on ppc64le
ppc64le supports KVM, let's use it.

This obviously won't work on an x86 host, but at present there are issues
using syzkaller on ppc64le with qemu in TCG mode anyway.

Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
2019-01-15 16:45:20 +01:00
Dmitry Vyukov
88f5934633 vm: allow fine-grained control over program exit conditions
Currently we only support canExit flag.
However there are actually 3 separate conditions:
 - program can exit normally
 - program can timeout (e.g. fuzzer test or runtest can't)
 - program can exit with error (e.g. C test can)
Allow to specify these 3 conditions separately.
2018-12-24 09:59:56 +01:00
Michael Pratt
603b512405 vm/gvisor: use runsc debug --stacks to diagnose
This feature has been around longer than -trace-signal. It returns the
stacks directly, which we then append to the kernel log.
2018-12-21 18:08:49 +01:00
Michael Pratt
2fc01104d0 vm: allow Diagnose to directly return diagnosis
Rather than writing the diagnosis to the kernel console, Diagnose can
now directly return the extra debugging info, which will be appended ot
the kernel console log.
2018-12-21 18:08:49 +01:00
Dmitry Vyukov
a9cc88c19f pkg/osutil: provide better Rename
os.Rename fails for cross-device renaming (e.g. to/from tmpfs).
This is quite unpleasant. Provide own version that falls back to copying.
2018-12-17 19:09:10 +01:00