diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2025-12-30 18:50:25 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2026-01-02 13:38:49 +0000 |
| commit | f1519a95877e13662cbf16c7344b3e23d5b3982c (patch) | |
| tree | 73f3ff8f753aecddfee46eabe0f2144227adf225 | |
| parent | af6b70b9a2c145f9a687e6c4056f035c6d62f2c0 (diff) | |
prog: support snapshot-only calls
Update #5308
| -rw-r--r-- | docs/syscall_descriptions_syntax.md | 10 | ||||
| -rw-r--r-- | pkg/mgrconfig/load.go | 36 | ||||
| -rw-r--r-- | prog/types.go | 1 |
3 files changed, 27 insertions, 20 deletions
diff --git a/docs/syscall_descriptions_syntax.md b/docs/syscall_descriptions_syntax.md index 366903d2c..aa03c48a4 100644 --- a/docs/syscall_descriptions_syntax.md +++ b/docs/syscall_descriptions_syntax.md @@ -95,7 +95,7 @@ Call attributes are: ``` "disabled": the call will not be used in fuzzing; useful to temporary disable some calls or prohibit particular argument combinations. -"timeout[N]": additional execution timeout (in ms) for the call on top of some default value +"timeout[N]": additional execution timeout (in ms) for the call on top of some default value. "prog_timeout[N]": additional execution timeout (in ms) for the whole program if it contains this call; if a program contains several such calls, the max value is used. "ignore_return": ignore return value of this syscall in fallback feedback; need to be used for calls @@ -107,9 +107,13 @@ Call attributes are: Without that, the fuzzer will sometimes attempt to replace complex structures with arrays of bytes, possibly triggering interesting mutations, but also making programs hard to reason about. "fsck": the content of the compressed buffer argument for this syscall is a file system and the - string argument is a fsck-like command that will be called to verify the filesystem + string argument is a fsck-like command that will be called to verify the filesystem. "remote_cover": wait longer to collect remote coverage for this call. -"kfuzz_test": the call is a kfuzztest target +"kfuzz_test": the call is a kfuzztest target. +"snapshot": the call is enabled by default only in snapshot fuzzing mode, + but "enable_syscalls" and "disable_syscalls" config parameters override this. + It is generally used to mark calls that are not safe to execute in non-snapshot mode + (can lead to false positives, or lost connections to test machines. ``` ## Ints diff --git a/pkg/mgrconfig/load.go b/pkg/mgrconfig/load.go index dec412b9d..531dc26d8 100644 --- a/pkg/mgrconfig/load.go +++ b/pkg/mgrconfig/load.go @@ -112,21 +112,20 @@ func DefaultValues() *Config { type DescriptionsMode int const ( - invalidDescriptions = iota - ManualDescriptions + ManualDescriptions = 1 << iota AutoDescriptions - AnyDescriptions + SnapshotDescriptions + + AnyDescriptions = ManualDescriptions | AutoDescriptions ) const manualDescriptions = "manual" -var ( - strToDescriptionsMode = map[string]DescriptionsMode{ - manualDescriptions: ManualDescriptions, - "auto": AutoDescriptions, - "any": AnyDescriptions, - } -) +var strToDescriptionsMode = map[string]DescriptionsMode{ + manualDescriptions: ManualDescriptions, + "auto": AutoDescriptions, + "any": AnyDescriptions, +} func SetTargets(cfg *Config) error { var err error @@ -184,9 +183,13 @@ func Complete(cfg *Config) error { return fmt.Errorf("fuzzing_vms cannot be less than 0") } + descriptionsMode := strToDescriptionsMode[cfg.Experimental.DescriptionsMode] + if cfg.Snapshot { + descriptionsMode |= SnapshotDescriptions + } var err error cfg.Syscalls, err = ParseEnabledSyscalls(cfg.Target, cfg.EnabledSyscalls, cfg.DisabledSyscalls, - strToDescriptionsMode[cfg.Experimental.DescriptionsMode]) + descriptionsMode) if err != nil { return err } @@ -419,10 +422,6 @@ func SplitTarget(str string) (os, vmarch, arch string, target *prog.Target, sysT func ParseEnabledSyscalls(target *prog.Target, enabled, disabled []string, descriptionsMode DescriptionsMode) ([]int, error) { - if descriptionsMode == invalidDescriptions { - return nil, fmt.Errorf("config param descriptions_mode must contain one of auto/manual/any") - } - syscalls := make(map[int]bool) if len(enabled) != 0 { for _, c := range enabled { @@ -439,14 +438,17 @@ func ParseEnabledSyscalls(target *prog.Target, enabled, disabled []string, } } else { for _, call := range target.Syscalls { + if call.Attrs.Snapshot && (descriptionsMode&SnapshotDescriptions) == 0 { + continue + } syscalls[call.ID] = true } } for call := range syscalls { if target.Syscalls[call].Attrs.Disabled || - descriptionsMode == ManualDescriptions && target.Syscalls[call].Attrs.Automatic || - descriptionsMode == AutoDescriptions && + (descriptionsMode&AutoDescriptions) == 0 && target.Syscalls[call].Attrs.Automatic || + (descriptionsMode&ManualDescriptions) == 0 && !target.Syscalls[call].Attrs.Automatic && !target.Syscalls[call].Attrs.AutomaticHelper { delete(syscalls, call) } diff --git a/prog/types.go b/prog/types.go index 2329c348f..1d636fbda 100644 --- a/prog/types.go +++ b/prog/types.go @@ -49,6 +49,7 @@ type SyscallAttrs struct { Automatic bool AutomaticHelper bool KFuzzTest bool + Snapshot bool Fsck string // Filesystem is used in tools/syz-imagegen when fs name cannot be deduced from // the part after $. |