diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2024-07-01 14:26:07 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-07-22 08:35:47 +0000 |
| commit | df655b64ffc2879b80e652329fb7a11508e50310 (patch) | |
| tree | a721bbe875f7e9bc53cf2a297ce2ce7bd06bd204 /pkg/rpcserver | |
| parent | fb8445ca9a36aa91aed98a02092147cb88d49d9f (diff) | |
prog: restricts hints to at most 10 attempts per single kernel PC
We are getting too many generated candidates, the fuzzer may not keep up
with them at all (hints jobs keep growing infinitely). If a hint indeed came
from the input w/o transformation, then we should guess it on the first
attempt (or at least after few attempts). If it did not come from the input,
or came with a non-trivial transformation, then any number of attempts won't
help. So limit the total number of attempts (until the next restart).
Diffstat (limited to 'pkg/rpcserver')
| -rw-r--r-- | pkg/rpcserver/runner.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pkg/rpcserver/runner.go b/pkg/rpcserver/runner.go index 691a5b5d5..21b270421 100644 --- a/pkg/rpcserver/runner.go +++ b/pkg/rpcserver/runner.go @@ -420,6 +420,15 @@ func (runner *Runner) convertCallInfo(call *flatrpc.CallInfo) { call.Cover = runner.canonicalizer.Canonicalize(call.Cover) call.Signal = runner.canonicalizer.Canonicalize(call.Signal) + call.Comps = slices.DeleteFunc(call.Comps, func(cmp *flatrpc.Comparison) bool { + converted := runner.canonicalizer.Canonicalize([]uint64{cmp.Pc}) + if len(converted) == 0 { + return true + } + cmp.Pc = converted[0] + return false + }) + // Check signal belongs to kernel addresses. // Mismatching addresses can mean either corrupted VM memory, or that the fuzzer somehow // managed to inject output signal. If we see any bogus signal, drop whole signal |