tools/syz-execprog: support running unsafe programs

author: Dmitry Vyukov <dvyukov@google.com> 2024-11-25 11:55:36 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2024-11-26 09:04:16 +0000
commit: a188cd36e162cc98a3f0cdbeb062bac2e7fa185d (patch)
tree: a43192bd56899aa5c534128ff18510958dfc5c6d
parent: d1656bfaa236ca8bb0ce36693aa283a568c62bd8 (diff)
5 files changed, 15 insertions, 10 deletions
diff --git a/pkg/repro/repro.go b/pkg/repro/repro.go
index 9edacb3be..c196f71c7 100644
--- a/pkg/repro/repro.go
+++ b/pkg/repro/repro.go
@@ -92,7 +92,7 @@ var ErrEmptyCrashLog = errors.New("no programs")
 
 func runInner(ctx context.Context, crashLog []byte, cfg *mgrconfig.Config, features flatrpc.Feature,
 	reporter *report.Reporter, fast bool, exec execInterface) (*Result, *Stats, error) {
-	entries := cfg.Target.ParseLog(crashLog)
+	entries := cfg.Target.ParseLog(crashLog, prog.NonStrict)
 	if len(entries) == 0 {
 		return nil, nil, fmt.Errorf("log (%d bytes) parse failed: %w", len(crashLog), ErrEmptyCrashLog)
 	}
diff --git a/prog/parse.go b/prog/parse.go
index bad2dcecc..324a74911 100644
--- a/prog/parse.go
+++ b/prog/parse.go
@@ -17,7 +17,7 @@ type LogEntry struct {
 	End   int // end offset in log
 }
 
-func (target *Target) ParseLog(data []byte) []*LogEntry {
+func (target *Target) ParseLog(data []byte, mode DeserializeMode) []*LogEntry {
 	var entries []*LogEntry
 	ent := &LogEntry{
 		ID: -1,
@@ -61,7 +61,7 @@ func (target *Target) ParseLog(data []byte) []*LogEntry {
 
 		tmp := append(cur, line...)
 
-		p, err := target.Deserialize(tmp, NonStrict)
+		p, err := target.Deserialize(tmp, mode)
 		if err != nil {
 			continue
 		}
diff --git a/prog/parse_test.go b/prog/parse_test.go
index 37bc7771e..7fe36ae6c 100644
--- a/prog/parse_test.go
+++ b/prog/parse_test.go
@@ -18,7 +18,7 @@ func TestParseSingle(t *testing.T) {
 	const execLog = `getpid()
 gettid()	
 `
-	entries := target.ParseLog([]byte(execLog))
+	entries := target.ParseLog([]byte(execLog), NonStrict)
 	if len(entries) != 1 {
 		t.Fatalf("got %v programs, want 1", len(entries))
 	}
@@ -48,7 +48,7 @@ func TestParseMulti(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	entries := target.ParseLog([]byte(execLogNew))
+	entries := target.ParseLog([]byte(execLogNew), NonStrict)
 	validateProgs(t, entries, len(execLogNew))
 	if entries[0].ID != -1 ||
 		entries[1].ID != 70 ||
@@ -65,7 +65,7 @@ func TestParseMultiLegacy(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	entries := target.ParseLog([]byte(execLogOld))
+	entries := target.ParseLog([]byte(execLogOld), NonStrict)
 	validateProgs(t, entries, len(execLogOld))
 	for _, ent := range entries {
 		assert.Equal(t, -1, ent.ID)
@@ -166,7 +166,7 @@ func TestParseFault(t *testing.T) {
 gettid()
 getpid()
 `
-	entries := target.ParseLog([]byte(execLog))
+	entries := target.ParseLog([]byte(execLog), NonStrict)
 	if len(entries) != 1 {
 		t.Fatalf("got %v programs, want 1", len(entries))
 	}
diff --git a/prog/test/fuzz.go b/prog/test/fuzz.go
index ab2582cbe..9b47234b3 100644
--- a/prog/test/fuzz.go
+++ b/prog/test/fuzz.go
@@ -58,7 +58,7 @@ func FuzzDeserialize(data []byte) int {
 }
 
 func FuzzParseLog(data []byte) int {
-	if len(fuzzTarget.ParseLog(data)) != 0 {
+	if len(fuzzTarget.ParseLog(data, prog.NonStrict)) != 0 {
 		return 1
 	}
 	return 0
diff --git a/tools/syz-execprog/execprog.go b/tools/syz-execprog/execprog.go
index d108f87fa..9d7f082ed 100644
--- a/tools/syz-execprog/execprog.go
+++ b/tools/syz-execprog/execprog.go
@@ -52,6 +52,7 @@ var (
 	flagSandboxArg = flag.Int("sandbox_arg", 0, "argument for sandbox runner to adjust it via config")
 	flagDebug      = flag.Bool("debug", false, "debug output from executor")
 	flagSlowdown   = flag.Int("slowdown", 1, "execution slowdown caused by emulation/instrumentation")
+	flagUnsafe     = flag.Bool("unsafe", false, "use unsafe program deserialization mode")
 
 	// The in the stress mode resembles simple unguided fuzzer.
 	// This mode can be used as an intermediate step when porting syzkaller to a new OS,
@@ -364,10 +365,14 @@ func (ctx *Context) createStressProg() *prog.Prog {
 
 func loadPrograms(target *prog.Target, files []string) []*prog.Prog {
 	var progs []*prog.Prog
+	mode := prog.NonStrict
+	if *flagUnsafe {
+		mode = prog.NonStrictUnsafe
+	}
 	for _, fn := range files {
 		if corpus, err := db.Open(fn, false); err == nil {
 			for _, rec := range corpus.Records {
-				p, err := target.Deserialize(rec.Val, prog.NonStrict)
+				p, err := target.Deserialize(rec.Val, mode)
 				if err != nil {
 					continue
 				}
@@ -379,7 +384,7 @@ func loadPrograms(target *prog.Target, files []string) []*prog.Prog {
 		if err != nil {
 			log.Fatalf("failed to read log file: %v", err)
 		}
-		for _, entry := range target.ParseLog(data) {
+		for _, entry := range target.ParseLog(data, mode) {
 			progs = append(progs, entry.P)
 		}
 	}
author	Dmitry Vyukov <dvyukov@google.com>	2024-11-25 11:55:36 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2024-11-26 09:04:16 +0000
commit	a188cd36e162cc98a3f0cdbeb062bac2e7fa185d (patch)
tree	a43192bd56899aa5c534128ff18510958dfc5c6d
parent	d1656bfaa236ca8bb0ce36693aa283a568c62bd8 (diff)