pkg/flatrpc: add schema

Add schema for manager<->fuzzer communication.
We may need to change things when we start to use this,
but this serves as a proof of concept that we can
express things that we need in flatbuffers.

1 files changed, 208 insertions, 0 deletions

diff --git a/pkg/flatrpc/flatrpc.fbs b/pkg/flatrpc/flatrpc.fbs
new file mode 100644
index 000000000..ac57f7425
--- /dev/null
+++ b/pkg/flatrpc/flatrpc.fbs
@@ -0,0 +1,208 @@
+// Copyright 2024 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+namespace rpc;
+
+enum Feature : uint64 (bit_flags) {
+	Coverage,
+	Comparisons,
+	ExtraCoverage,
+	DelayKcovMmap,
+	SandboxSetuid,
+	SandboxNamespace,
+	SandboxAndroid,
+	Fault,
+	Leak,
+	NetInjection,
+	NetDevices,
+	KCSAN,
+	DevlinkPCI,
+	NicVF,
+	USBEmulation,
+	VhciInjection,
+	WifiEmulation,
+	LRWPANEmulation,	// 802.15.4 standard
+	BinFmtMisc,
+	Swap,
+}
+ 
+table ConnectRequest {
+	name			:string;
+	arch			:string;
+	git_revision		:string;
+	syz_revision		:string;
+}
+
+table ConnectReply {
+	leak_frames		:[string];
+	race_frames		:[string];
+	// Features are forwarded from CheckArgs, if checking was already done.
+	features		:Feature;
+	// Fuzzer reads these files inside of the VM and returns contents in CheckArgs.Files.
+	files			:[string];
+	globs			:[string];
+}
+
+table InfoRequest {
+	error			:string;
+	features		:Feature;
+	globs			:[GlobInfo];
+	files			:[FileInfo];
+}
+
+table InfoReply {
+	cover_filter		:[uint32];
+}
+
+table FileInfo {
+	name			:string;
+	exists			:bool;
+	error			:string;
+	data			:[uint8];
+}
+
+table GlobInfo {
+	name			:string;
+	files			:[string];
+}
+
+// Messages sent from the host to the executor.
+union HostMessages {
+	ExecRequest		:ExecRequest,
+	SignalUpdate		:SignalUpdate,
+}
+
+table HostMessage {
+	msg			:HostMessages;
+}
+
+// Messages sent from the executor to the host.
+union ExecutorMessages {
+	ExecResult		:ExecResult,
+	Executing		:ExecutingMessage,
+	Stats			:StatsMessage,
+}
+
+table ExecutorMessage {
+	msg			:ExecutorMessages;
+}
+
+enum RequestFlag : uint64 (bit_flags) {
+	// If set, prog_data contains compiled executable binary
+	// that needs to be written to disk and executed.
+	IsBinary,
+	// Return only new signal rather than all signal.
+	NewSignal,
+	// If set, fully reset executor state befor executing the test.
+	ResetState,
+	// If set, collect program output and return in output field.
+	ReturnOutput,
+	// If set, don't fail on program failures, instead return the error in error field.
+	ReturnError,
+}
+
+// Note: New / changed flags should be added to parse_env_flags in executor.cc.
+enum ExecEnv : uint64 (bit_flags) {
+	Debug,			// debug output from executor
+	Signal,			// collect feedback signals (coverage)
+	SandboxSetuid,		// impersonate nobody user
+	SandboxNamespace,	// use namespaces for sandboxing
+	SandboxAndroid,		// use Android sandboxing for the untrusted_app domain
+	ExtraCover,		// collect extra coverage
+	EnableTun,		// setup and use /dev/tun for packet injection
+	EnableNetDev,		// setup more network devices for testing
+	EnableNetReset,		// reset network namespace between programs
+	EnableCgroups,		// setup cgroups for testing
+	EnableCloseFds,		// close fds after each program
+	EnableDevlinkPCI,	// setup devlink PCI device
+	EnableVhciInjection,	// setup and use /dev/vhci for hci packet injection
+	EnableWifi,		// setup and use mac80211_hwsim for wifi emulation
+	DelayKcovMmap,		// manage kcov memory in an optimized way
+	EnableNicVF,		// setup NIC VF device
+}
+
+enum ExecFlag : uint64 (bit_flags) {
+	CollectSignal,		// collect feedback signals
+	CollectCover,		// collect coverage
+	DedupCover,		// deduplicate coverage in executor
+	CollectComps,		// collect KCOV comparisons
+	Threaded,		// use multiple threads to mitigate blocked syscalls
+	CoverFilter,		// setup and use bitmap to do coverage filter
+}
+
+// Request to execute a test program.
+table ExecRequest {
+	id			:int64;
+	prog_data		:[uint8];
+	flags			:RequestFlag;
+	exec_env		:ExecEnv;
+	exec_flags		:ExecFlag;
+	sandbox_arg		:int64;
+	signal_filter		:[uint32];
+	signal_filter_call	:int32;
+	// Repeat the program that many times (0 means 1).
+	repeat			:int32;
+}
+
+table SignalUpdate {
+	new_max			:[uint32];
+	drop_max		:[uint32];
+}
+
+// Notification from the executor that it started executing the program 'id'.
+// We want this request to be as small and as fast as possible b/c we need it
+// to reach the host (or at least leave the VM) before the VM crashes
+// executing this program.
+table ExecutingMessage {
+	id			:int64;
+	proc_id			:int32;
+	try			:int32;
+}
+
+table StatsMessage {
+	noexec_count		:int64;
+	noexec_duration		:int64;
+}
+
+enum CallFlag : uint8 (bit_flags) {
+	Executed,		// was started at all
+	Finished,		// finished executing (rather than blocked forever)
+	Blocked,		// finished but blocked during execution
+	FaultInjected,		// fault was injected into this call
+}
+
+table CallInfo {
+	flags			:CallFlag;
+	// Call errno (0 if the call was successful).
+	error			:int32;
+	// Feedback signal, filled if ExecFlag.CollectSignal is set.
+	signal			:[uint32];
+	// Code coverage, filled if ExecFlag.CollectCover is set.
+	// If ExecFlag.DedupCover is set, then duplicates are removed, otherwise it contains a trace.
+	cover			:[uint32];
+	// Comparison operands.
+	comps			:[Comparison];
+}
+
+struct Comparison {
+	op1			:uint64;
+	op2			:uint64;
+}
+
+table ProgInfo {
+	calls			:[CallInfo];
+	// Contains signal and cover collected from background threads.
+	extra			:CallInfo;
+	// Total execution time of the program in nanoseconds.
+	elapsed			:uint64;
+	// Number of programs executed in the same process before this one.
+	freshness		:uint64;
+}
+
+// Result of executing a test program.
+table ExecResult {
+	executing	:ExecutingMessage;
+	output		:[uint8];
+	error		:string;
+	info		:ProgInfo;
+}