syz-cluster: download latest corpuses from syzbot

2 files changed, 38 insertions, 2 deletions

diff --git a/syz-cluster/workflow/fuzz-step/main.go b/syz-cluster/workflow/fuzz-step/main.go
index 6acddc55c..0782b49db 100644
--- a/syz-cluster/workflow/fuzz-step/main.go
+++ b/syz-cluster/workflow/fuzz-step/main.go
@@ -9,6 +9,9 @@ import (
 	"errors"
 	"flag"
 	"fmt"
+	"io"
+	"net/http"
+	"os"
 	"path/filepath"
 	"time"
 
@@ -30,6 +33,7 @@ var (
 	flagPatchedBuild = flag.String("patched_build", "", "patched build ID")
 	flagTime         = flag.String("time", "1h", "how long to fuzz")
 	flagWorkdir      = flag.String("workdir", "/workdir", "base workdir path")
+	flagCorpusURL    = flag.String("corpus_url", "", "an URL to download corpus from")
 )
 
 const testName = "Fuzzing"
@@ -39,8 +43,6 @@ func main() {
 	if *flagConfig == "" || *flagSession == "" || *flagTime == "" {
 		app.Fatalf("--config, --session and --time must be set")
 	}
-	// TODO: download the corpus from somewhere. Should that be a mgrconfig option?
-
 	client := app.DefaultClient()
 	d, err := time.ParseDuration(*flagTime)
 	if err != nil {
@@ -85,6 +87,15 @@ func run(baseCtx context.Context, client *api.Client) error {
 	}
 	manager.PatchFocusAreas(patched, series.PatchBodies())
 
+	if *flagCorpusURL != "" {
+		err := downloadCorpus(baseCtx, patched.Workdir, *flagCorpusURL)
+		if err != nil {
+			return fmt.Errorf("failed to download the corpus: %w", err)
+		} else {
+			log.Logf(0, "downloaded the corpus from %s", *flagCorpusURL)
+		}
+	}
+
 	eg, ctx := errgroup.WithContext(baseCtx)
 	bugs := make(chan *manager.UniqueBug)
 	eg.Go(func() error {
@@ -128,6 +139,28 @@ func run(baseCtx context.Context, client *api.Client) error {
 	return eg.Wait()
 }
 
+func downloadCorpus(ctx context.Context, workdir, url string) error {
+	out, err := os.Create(filepath.Join(workdir, "corpus.db"))
+	if err != nil {
+		return err
+	}
+	defer out.Close()
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+	if err != nil {
+		return err
+	}
+	resp, err := (&http.Client{}).Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("status is not 200: %s", resp.Status)
+	}
+	_, err = io.Copy(out, resp.Body)
+	return err
+}
+
 // To reduce duplication, patched configs are stored as a delta to their corresponding base.cfg version.
 // loadConfigs performs all the necessary merging and parsing and returns two ready to use configs.
 func loadConfigs(configFolder, configName string, complete bool) (*mgrconfig.Config, *mgrconfig.Config, error) {
diff --git a/syz-cluster/workflow/fuzz-step/workflow-template.yaml b/syz-cluster/workflow/fuzz-step/workflow-template.yaml
index 9fd2abecd..31a43df19 100644
--- a/syz-cluster/workflow/fuzz-step/workflow-template.yaml
+++ b/syz-cluster/workflow/fuzz-step/workflow-template.yaml
@@ -16,6 +16,8 @@ spec:
             value: ""
           - name: patched-build-id
             value: ""
+          - name: corpus-url
+            value: ""
         artifacts:
           - name: base-kernel
             path: /base
@@ -31,6 +33,7 @@ spec:
           "--session", "{{workflow.parameters.session-id}}",
           "--base_build", "{{inputs.parameters.base-build-id}}",
           "--patched_build", "{{inputs.parameters.patched-build-id}}",
+          "--corpus_url", "{{inputs.parameters.corpus-url}}",
           "--time", "3h",
           "--workdir", "/workdir",
           "--vv", "1"