pkg/csource, pkg/instance, pkg/ipc, pkg/mgrconfig, tools/syz-prog2c, syz-manager: introduce a new setting 'sandbox_arg' (#3263)

author: Andrey Artemiev <artemiev@google.com> 2022-08-06 05:17:33 -0700
committer: GitHub <noreply@github.com> 2022-08-06 14:17:33 +0200
commit: 88e3a1226bc591d81c1fb98e83cb63cd4f341c6e (patch)
tree: 323b7fa492a8d9698e432c1d3bd4514771fc3252 /pkg/instance
parent: e853abd9a2542fcccb8e1a23eb8ae475500ecaf9 (diff)
3 files changed, 17 insertions, 14 deletions
diff --git a/pkg/instance/execprog.go b/pkg/instance/execprog.go
index 1fa01b620..3c54342ac 100644
--- a/pkg/instance/execprog.go
+++ b/pkg/instance/execprog.go
@@ -169,7 +169,7 @@ func (inst *ExecProgInstance) RunSyzProgFile(progFile string, duration time.Dura
 		faultCall = opts.FaultCall
 	}
 	command := ExecprogCmd(inst.execprogBin, inst.executorBin, target.OS, target.Arch, opts.Sandbox,
-		opts.Repeat, opts.Threaded, opts.Collide, opts.Procs, faultCall, opts.FaultNth,
+		opts.SandboxArg, opts.Repeat, opts.Threaded, opts.Collide, opts.Procs, faultCall, opts.FaultNth,
 		!inst.OldFlagsCompatMode, inst.mgrCfg.Timeouts.Slowdown, vmProgFile)
 	return inst.runCommand(command, duration)
 }
diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go
index 9f3e46c82..d25eae4c5 100644
--- a/pkg/instance/instance.go
+++ b/pkg/instance/instance.go
@@ -349,7 +349,7 @@ func (inst *inst) testInstance() error {
 	}
 
 	cmd := OldFuzzerCmd(fuzzerBin, executorBin, targets.TestOS, inst.cfg.TargetOS, inst.cfg.TargetArch, fwdAddr,
-		inst.cfg.Sandbox, 0, inst.cfg.Cover, true, inst.optionalFlags, inst.cfg.Timeouts.Slowdown)
+		inst.cfg.Sandbox, inst.cfg.SandboxArg, 0, inst.cfg.Cover, true, inst.optionalFlags, inst.cfg.Timeouts.Slowdown)
 	outc, errc, err := inst.vm.Run(10*time.Minute*inst.cfg.Timeouts.Scale, nil, cmd)
 	if err != nil {
 		return fmt.Errorf("failed to run binary in VM: %v", err)
@@ -418,8 +418,9 @@ func (inst *inst) testRepro() ([]byte, error) {
 }
 
 type OptionalFuzzerArgs struct {
-	Slowdown int
-	RawCover bool
+	Slowdown   int
+	RawCover   bool
+	SandboxArg int
 }
 
 type FuzzerCmdArgs struct {
@@ -460,6 +461,7 @@ func FuzzerCmd(args *FuzzerCmdArgs) string {
 		flags := []tool.Flag{
 			{Name: "slowdown", Value: fmt.Sprint(args.Optional.Slowdown)},
 			{Name: "raw_cover", Value: fmt.Sprint(args.Optional.RawCover)},
+			{Name: "sandbox_arg", Value: fmt.Sprint(args.Optional.SandboxArg)},
 		}
 		optionalArg = " " + tool.OptionalFlags(flags)
 	}
@@ -469,19 +471,19 @@ func FuzzerCmd(args *FuzzerCmdArgs) string {
 		args.Procs, args.Cover, args.Debug, args.Test, runtestArg, verbosityArg, optionalArg)
 }
 
-func OldFuzzerCmd(fuzzer, executor, name, OS, arch, fwdAddr, sandbox string, procs int,
+func OldFuzzerCmd(fuzzer, executor, name, OS, arch, fwdAddr, sandbox string, sandboxArg, procs int,
 	cover, test, optionalFlags bool, slowdown int) string {
 	var optional *OptionalFuzzerArgs
 	if optionalFlags {
-		optional = &OptionalFuzzerArgs{Slowdown: slowdown}
+		optional = &OptionalFuzzerArgs{Slowdown: slowdown, SandboxArg: sandboxArg}
 	}
 	return FuzzerCmd(&FuzzerCmdArgs{Fuzzer: fuzzer, Executor: executor, Name: name,
-		OS: OS, Arch: arch, FwdAddr: fwdAddr, Sandbox: sandbox, Procs: procs,
-		Verbosity: 0, Cover: cover, Debug: false, Test: test, Runtest: false,
+		OS: OS, Arch: arch, FwdAddr: fwdAddr, Sandbox: sandbox,
+		Procs: procs, Verbosity: 0, Cover: cover, Debug: false, Test: test, Runtest: false,
 		Optional: optional})
 }
 
-func ExecprogCmd(execprog, executor, OS, arch, sandbox string, repeat, threaded, collide bool,
+func ExecprogCmd(execprog, executor, OS, arch, sandbox string, sandboxArg int, repeat, threaded, collide bool,
 	procs, faultCall, faultNth int, optionalFlags bool, slowdown int, progFile string) string {
 	repeatCount := 1
 	if repeat {
@@ -501,6 +503,7 @@ func ExecprogCmd(execprog, executor, OS, arch, sandbox string, repeat, threaded,
 	if optionalFlags {
 		optionalArg += " " + tool.OptionalFlags([]tool.Flag{
 			{Name: "slowdown", Value: fmt.Sprint(slowdown)},
+			{Name: "sandboxArg", Value: fmt.Sprint(sandboxArg)},
 		})
 	}
 
diff --git a/pkg/instance/instance_test.go b/pkg/instance/instance_test.go
index 2f5c08625..843334ebd 100644
--- a/pkg/instance/instance_test.go
+++ b/pkg/instance/instance_test.go
@@ -16,7 +16,7 @@ import (
 
 func TestFuzzerCmd(t *testing.T) {
 	// IMPORTANT: if this test fails, do not fix it by changing flags here!
-	// Test how an old version of syz-fuzzer parses flags genereated by the current FuzzerCmd.
+	// Test how an old version of syz-fuzzer parses flags generated by the current FuzzerCmd.
 	// This actually happens in syz-ci when we test a patch for an old bug and use an old syz-fuzzer/execprog.
 	flags := flag.NewFlagSet("", flag.ContinueOnError)
 	flagName := flags.String("name", "", "unique name for manager")
@@ -29,11 +29,11 @@ func TestFuzzerCmd(t *testing.T) {
 	flagTest := flags.Bool("test", false, "enable image testing mode") // used by syz-ci
 	flagExecutor := flags.String("executor", "./syz-executor", "path to executor binary")
 	flagSignal := flags.Bool("cover", false, "collect feedback signals (coverage)")
-	flagSandbox := flags.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace)")
+	flagSandbox := flags.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace/android)")
 	flagDebug := flags.Bool("debug", false, "debug output from executor")
 	flagV := flags.Int("v", 0, "verbosity")
 	cmdLine := OldFuzzerCmd(os.Args[0], "/myexecutor", "myname", targets.Linux, targets.I386, "localhost:1234",
-		"namespace", 3, true, true, false, 5)
+		"namespace", 23, 3, true, true, false, 5)
 	args := strings.Split(cmdLine, " ")[1:]
 	if err := flags.Parse(args); err != nil {
 		t.Fatal(err)
@@ -96,10 +96,10 @@ func TestExecprogCmd(t *testing.T) {
 	// sets this flag and never relies on the default value.
 	flagCollide := flags.Bool("collide", false, "collide syscalls to provoke data races")
 	flagSignal := flags.Bool("cover", false, "collect feedback signals (coverage)")
-	flagSandbox := flags.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace)")
+	flagSandbox := flags.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace/android)")
 	flagSlowdown := flags.Int("slowdown", 1, "")
 	cmdLine := ExecprogCmd(os.Args[0], "/myexecutor", targets.FreeBSD, targets.I386,
-		"namespace", true, false, true, 7, 2, 3, true, 10, "myprog")
+		"namespace", 3, true, false, true, 7, 2, 3, true, 10, "myprog")
 	args := strings.Split(cmdLine, " ")[1:]
 	if err := tool.ParseFlags(flags, args); err != nil {
 		t.Fatal(err)
author	Andrey Artemiev <artemiev@google.com>	2022-08-06 05:17:33 -0700
committer	GitHub <noreply@github.com>	2022-08-06 14:17:33 +0200
commit	88e3a1226bc591d81c1fb98e83cb63cd4f341c6e (patch)
tree	323b7fa492a8d9698e432c1d3bd4514771fc3252 /pkg/instance
parent	e853abd9a2542fcccb8e1a23eb8ae475500ecaf9 (diff)