diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2025-08-11 16:36:56 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2025-08-12 13:49:42 +0000 |
| commit | 51659ac6f1b0b6710ac35c0c4beb31a32d85f728 (patch) | |
| tree | a21c835421377d31e8732bd82a90badc3c01ee66 /syz-cluster/workflow/fuzz-step | |
| parent | 6c0b41a01e303797e859c01e425dc47aafe4cf45 (diff) | |
syz-cluster: skip coverage checks for some fuzz targets
There are cases when we do not need the "if the patched code is not
reached within 30 minutes, abort fuzzing" check.
This is e.g. the case of mm/ code that is not fully instrumented by
KCOV.
Diffstat (limited to 'syz-cluster/workflow/fuzz-step')
| -rw-r--r-- | syz-cluster/workflow/fuzz-step/main.go | 34 | ||||
| -rw-r--r-- | syz-cluster/workflow/fuzz-step/workflow-template.yaml | 3 |
2 files changed, 24 insertions, 13 deletions
diff --git a/syz-cluster/workflow/fuzz-step/main.go b/syz-cluster/workflow/fuzz-step/main.go index f7ed5ef39..77432ec4f 100644 --- a/syz-cluster/workflow/fuzz-step/main.go +++ b/syz-cluster/workflow/fuzz-step/main.go @@ -28,13 +28,14 @@ import ( ) var ( - flagConfig = flag.String("config", "", "syzkaller config") - flagSession = flag.String("session", "", "session ID") - flagBaseBuild = flag.String("base_build", "", "base build ID") - flagPatchedBuild = flag.String("patched_build", "", "patched build ID") - flagTime = flag.String("time", "1h", "how long to fuzz") - flagWorkdir = flag.String("workdir", "/workdir", "base workdir path") - flagCorpusURL = flag.String("corpus_url", "", "an URL to download corpus from") + flagConfig = flag.String("config", "", "syzkaller config") + flagSession = flag.String("session", "", "session ID") + flagBaseBuild = flag.String("base_build", "", "base build ID") + flagPatchedBuild = flag.String("patched_build", "", "patched build ID") + flagTime = flag.String("time", "1h", "how long to fuzz") + flagWorkdir = flag.String("workdir", "/workdir", "base workdir path") + flagCorpusURL = flag.String("corpus_url", "", "an URL to download corpus from") + flagSkipCoverCheck = flag.Bool("skip_cover_check", false, "don't check whether we reached the patched code") ) const testName = "Fuzzing" @@ -134,12 +135,11 @@ func run(baseCtx context.Context, client *api.Client, timeout time.Duration, eg.Go(func() error { defer log.Logf(0, "diff fuzzing terminated") return manager.RunDiffFuzzer(ctx, base, patched, manager.DiffFuzzerConfig{ - Debug: false, - PatchedOnly: bugs, - Store: store, - MaxTriageTime: timeout / 2, - // Allow up to 30 minutes after the corpus triage to reach the patched code. - FuzzToReachPatched: time.Minute * 30, + Debug: false, + PatchedOnly: bugs, + Store: store, + MaxTriageTime: timeout / 2, + FuzzToReachPatched: fuzzToReachPatched(), }) }) const ( @@ -317,6 +317,14 @@ func readJSONMap(file string) (map[string]string, error) { return data, nil } +func fuzzToReachPatched() time.Duration { + if *flagSkipCoverCheck { + return 0 + } + // Allow up to 30 minutes after the corpus triage to reach the patched code. + return time.Minute * 30 +} + func compressArtifacts(dir string) (io.Reader, error) { var buf bytes.Buffer lw := &LimitedWriter{ diff --git a/syz-cluster/workflow/fuzz-step/workflow-template.yaml b/syz-cluster/workflow/fuzz-step/workflow-template.yaml index 1735dfec0..f5e084154 100644 --- a/syz-cluster/workflow/fuzz-step/workflow-template.yaml +++ b/syz-cluster/workflow/fuzz-step/workflow-template.yaml @@ -18,6 +18,8 @@ spec: value: "" - name: corpus-url value: "" + - name: skip-cover-check + value: "false" artifacts: - name: base-kernel path: /base @@ -34,6 +36,7 @@ spec: "--base_build", "{{inputs.parameters.base-build-id}}", "--patched_build", "{{inputs.parameters.patched-build-id}}", "--corpus_url", "{{inputs.parameters.corpus-url}}", + "--skip_cover_check={{inputs.parameters.skip-cover-check}}", "--time", "3h", "--workdir", "/workdir", "--vv", "1" |