syzkaller/vm/vm.go
Greg Steuck 6419afbb77 openbsd: run on gce
* build/openbsd: minor cleanup (use tuples instead of maps)

* Grammar nits in comments.

* Simplify openbsd.Create, will defer when there's more than one error exit.

* pkg/build: Support copying kernel into GCE image

* Simple test for openbsd image copy build.

* Cleanup in case something failed before.

* Support multi-processor VMs on GCE.

* More debug

* Reformat

* OpenBSD gce image needs to be raw.

* GC

* Force format to GNU directly on Go 1.10 or newer.

* Use vmType passed as a parameter inside openbsd.go

* gofmt

* more fmt

* Can't use GENERIC.mp just yet.

* capitalize

* Copyright
2018-11-27 13:14:06 +01:00

293 lines
8.2 KiB
Go

// Copyright 2015 syzkaller project authors. All rights reserved.
// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
// Package vm provides an abstract test machine (VM, physical machine, etc)
// interface for the rest of the system.
// For convenience test machines are subsequently collectively called VMs.
// Package wraps vmimpl package interface with some common functionality
// and higher-level interface.
package vm
import (
"bytes"
"fmt"
"os"
"time"
"github.com/google/syzkaller/pkg/mgrconfig"
"github.com/google/syzkaller/pkg/osutil"
"github.com/google/syzkaller/pkg/report"
"github.com/google/syzkaller/vm/vmimpl"
// Import all VM implementations, so that users only need to import vm.
_ "github.com/google/syzkaller/vm/adb"
_ "github.com/google/syzkaller/vm/gce"
_ "github.com/google/syzkaller/vm/gvisor"
_ "github.com/google/syzkaller/vm/isolated"
_ "github.com/google/syzkaller/vm/kvm"
_ "github.com/google/syzkaller/vm/odroid"
_ "github.com/google/syzkaller/vm/qemu"
_ "github.com/google/syzkaller/vm/vmm"
)
type Pool struct {
impl vmimpl.Pool
workdir string
}
type Instance struct {
impl vmimpl.Instance
workdir string
index int
}
var (
Shutdown = vmimpl.Shutdown
ErrTimeout = vmimpl.ErrTimeout
)
type BootErrorer interface {
BootError() (string, []byte)
}
// AllowsOvercommit returns if the instance type allows overcommit of instances
// (i.e. creation of instances out-of-thin-air). Overcommit is used during image
// and patch testing in syz-ci when it just asks for more than specified in config
// instances. Generally virtual machines (qemu, gce) support overcommit,
// while physical machines (adb, isolated) do not. Strictly speaking, we should
// never use overcommit and use only what's specified in config, because we
// override resource limits specified in config (e.g. can OOM). But it works and
// makes lots of things much simpler.
func AllowsOvercommit(typ string) bool {
return vmimpl.Types[typ].Overcommit
}
// Create creates a VM pool that can be used to create individual VMs.
func Create(cfg *mgrconfig.Config, debug bool) (*Pool, error) {
typ, ok := vmimpl.Types[cfg.Type]
if !ok {
return nil, fmt.Errorf("unknown instance type '%v'", cfg.Type)
}
env := &vmimpl.Env{
Name: cfg.Name,
OS: cfg.TargetOS,
Arch: cfg.TargetVMArch,
Workdir: cfg.Workdir,
Image: cfg.Image,
SSHKey: cfg.SSHKey,
SSHUser: cfg.SSHUser,
Debug: debug,
Config: cfg.VM,
}
impl, err := typ.Ctor(env)
if err != nil {
return nil, err
}
return &Pool{
impl: impl,
workdir: env.Workdir,
}, nil
}
func (pool *Pool) Count() int {
return pool.impl.Count()
}
func (pool *Pool) Create(index int) (*Instance, error) {
if index < 0 || index >= pool.Count() {
return nil, fmt.Errorf("invalid VM index %v (count %v)", index, pool.Count())
}
workdir, err := osutil.ProcessTempDir(pool.workdir)
if err != nil {
return nil, fmt.Errorf("failed to create instance temp dir: %v", err)
}
impl, err := pool.impl.Create(workdir, index)
if err != nil {
os.RemoveAll(workdir)
return nil, err
}
return &Instance{
impl: impl,
workdir: workdir,
index: index,
}, nil
}
func (inst *Instance) Copy(hostSrc string) (string, error) {
return inst.impl.Copy(hostSrc)
}
func (inst *Instance) Forward(port int) (string, error) {
return inst.impl.Forward(port)
}
func (inst *Instance) Run(timeout time.Duration, stop <-chan bool, command string) (
outc <-chan []byte, errc <-chan error, err error) {
return inst.impl.Run(timeout, stop, command)
}
func (inst *Instance) Diagnose() bool {
return inst.impl.Diagnose()
}
func (inst *Instance) Close() {
inst.impl.Close()
os.RemoveAll(inst.workdir)
}
// MonitorExecution monitors execution of a program running inside of a VM.
// It detects kernel oopses in output, lost connections, hangs, etc.
// outc/errc is what vm.Instance.Run returns, reporter parses kernel output for oopses.
// If canExit is false and the program exits, it is treated as an error.
// Returns a non-symbolized crash report, or nil if no error happens.
func (inst *Instance) MonitorExecution(outc <-chan []byte, errc <-chan error,
reporter report.Reporter, canExit bool) (rep *report.Report) {
mon := &monitor{
inst: inst,
outc: outc,
errc: errc,
reporter: reporter,
canExit: canExit,
}
lastExecuteTime := time.Now()
ticker := time.NewTicker(10 * time.Second)
defer ticker.Stop()
for {
select {
case err := <-errc:
switch err {
case nil:
// The program has exited without errors,
// but wait for kernel output in case there is some delayed oops.
return mon.extractError("")
case ErrTimeout:
return nil
default:
// Note: connection lost can race with a kernel oops message.
// In such case we want to return the kernel oops.
return mon.extractError("lost connection to test machine")
}
case out := <-outc:
lastPos := len(mon.output)
mon.output = append(mon.output, out...)
if bytes.Contains(mon.output[lastPos:], executingProgram1) ||
bytes.Contains(mon.output[lastPos:], executingProgram2) {
lastExecuteTime = time.Now()
}
if reporter.ContainsCrash(mon.output[mon.matchPos:]) {
return mon.extractError("unknown error")
}
if len(mon.output) > 2*beforeContext {
copy(mon.output, mon.output[len(mon.output)-beforeContext:])
mon.output = mon.output[:beforeContext]
}
mon.matchPos = len(mon.output) - maxErrorLength
if mon.matchPos < 0 {
mon.matchPos = 0
}
case <-ticker.C:
// Detect both "not output whatsoever" and "kernel episodically prints
// something to console, but fuzzer is not actually executing programs".
// The timeout used to be 3 mins for a long time.
// But (1) we were seeing flakes on linux where net namespace
// destruction can be really slow, and (2) gVisor watchdog timeout
// is 3 mins + 1/4 of that for checking period = 3m45s.
// Current linux max timeout is CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=140
// and workqueue.watchdog_thresh=140 which both actually result
// in 140-280s detection delay.
// So the current timeout is 5 mins (300s).
// We don't want it to be too long too because it will waste time on real hangs.
if time.Since(lastExecuteTime) < 5*time.Minute {
break
}
if inst.Diagnose() {
mon.waitForOutput()
}
rep := &report.Report{
Title: "no output from test machine",
Output: mon.output,
Suppressed: report.IsSuppressed(mon.reporter, mon.output),
}
return rep
case <-Shutdown:
return nil
}
}
}
type monitor struct {
inst *Instance
outc <-chan []byte
errc <-chan error
reporter report.Reporter
canExit bool
output []byte
matchPos int
}
func (mon *monitor) extractError(defaultError string) *report.Report {
// Give it some time to finish writing the error message.
mon.inst.Diagnose()
mon.waitForOutput()
if bytes.Contains(mon.output, []byte("SYZ-FUZZER: PREEMPTED")) {
return nil
}
if !mon.reporter.ContainsCrash(mon.output[mon.matchPos:]) {
if defaultError == "" {
if mon.canExit {
return nil
}
defaultError = "lost connection to test machine"
}
rep := &report.Report{
Title: defaultError,
Output: mon.output,
Suppressed: report.IsSuppressed(mon.reporter, mon.output),
}
return rep
}
rep := mon.reporter.Parse(mon.output[mon.matchPos:])
if rep == nil {
panic(fmt.Sprintf("reporter.ContainsCrash/Parse disagree:\n%s", mon.output[mon.matchPos:]))
}
start := mon.matchPos + rep.StartPos - beforeContext
if start < 0 {
start = 0
}
end := mon.matchPos + rep.EndPos + afterContext
if end > len(mon.output) {
end = len(mon.output)
}
rep.Output = mon.output[start:end]
rep.StartPos += mon.matchPos - start
rep.EndPos += mon.matchPos - start
return rep
}
func (mon *monitor) waitForOutput() {
timer := time.NewTimer(10 * time.Second)
for {
select {
case out, ok := <-mon.outc:
if !ok {
timer.Stop()
return
}
mon.output = append(mon.output, out...)
case <-timer.C:
return
}
}
}
const (
beforeContext = 1024 << 10
afterContext = 128 << 10
maxErrorLength = 512
)
var (
executingProgram1 = []byte("executing program") // syz-fuzzer output
executingProgram2 = []byte("executed programs:") // syz-execprog output
)