diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2025-09-18 17:36:53 +0200 |
|---|---|---|
| committer | Taras Madan <tarasmadan@google.com> | 2025-10-07 15:25:13 +0000 |
| commit | 99ed12e158687b7aba55eac142d6bad3f147d029 (patch) | |
| tree | a9809d7c5d60f45b805e0346a9a543ba0651a9e1 /syz-cluster/workflow | |
| parent | 790f0ffe2224829b20e4dc6556c090c503e1d161 (diff) | |
syz-cluster: rewrite fuzz config generation
Instead of a predefined set of manually written syz-manager configs,
construct it dynamically from different bits.
During triage, select not just one, but all matching fuzzer
configurations and then merge them together.
Diffstat (limited to 'syz-cluster/workflow')
| -rw-r--r-- | syz-cluster/workflow/boot-step/Dockerfile | 1 | ||||
| -rw-r--r-- | syz-cluster/workflow/boot-step/main.go | 7 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/all/base.cfg | 24 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/all/patched.cfg | 10 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/bpf/base.cfg | 30 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/bpf/patched.cfg | 10 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/fs/base.cfg | 52 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/fs/patched.cfg | 10 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/io-uring/base.cfg | 27 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/io-uring/patched.cfg | 10 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/kvm/base.cfg | 34 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/kvm/patched.cfg | 10 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/net/base.cfg | 40 | ||||
| -rw-r--r-- | syz-cluster/workflow/configs/net/patched.cfg | 10 | ||||
| -rw-r--r-- | syz-cluster/workflow/fuzz-step/Dockerfile | 1 | ||||
| -rw-r--r-- | syz-cluster/workflow/fuzz-step/main.go | 114 | ||||
| -rw-r--r-- | syz-cluster/workflow/fuzz-step/main_test.go | 20 | ||||
| -rw-r--r-- | syz-cluster/workflow/triage-step/main.go | 12 |
18 files changed, 70 insertions, 352 deletions
diff --git a/syz-cluster/workflow/boot-step/Dockerfile b/syz-cluster/workflow/boot-step/Dockerfile index 5bb1245b7..573b13593 100644 --- a/syz-cluster/workflow/boot-step/Dockerfile +++ b/syz-cluster/workflow/boot-step/Dockerfile @@ -39,6 +39,5 @@ RUN useradd --create-home syzkaller COPY --from=syzkaller-builder /build/bin/ /syzkaller/bin/ COPY --from=boot-step-builder /bin/boot-step /bin/boot-step -COPY syz-cluster/workflow/configs/ /configs/ ENTRYPOINT ["/bin/boot-step"] diff --git a/syz-cluster/workflow/boot-step/main.go b/syz-cluster/workflow/boot-step/main.go index 1711ee961..b2001a13c 100644 --- a/syz-cluster/workflow/boot-step/main.go +++ b/syz-cluster/workflow/boot-step/main.go @@ -8,7 +8,6 @@ import ( "flag" "fmt" "log" - "path/filepath" "github.com/google/syzkaller/pkg/instance" "github.com/google/syzkaller/pkg/mgrconfig" @@ -16,6 +15,7 @@ import ( "github.com/google/syzkaller/pkg/report" "github.com/google/syzkaller/syz-cluster/pkg/api" "github.com/google/syzkaller/syz-cluster/pkg/app" + "github.com/google/syzkaller/syz-cluster/pkg/fuzzconfig" ) var ( @@ -80,7 +80,7 @@ const retryCount = 3 const vmCount = 3 func runTest(ctx context.Context, client *api.Client) (bool, error) { - cfg, err := mgrconfig.LoadFile(filepath.Join("/configs", *flagConfig, "base.cfg")) + cfg, err := fuzzconfig.GenerateBase(&api.FuzzConfig{}) if err != nil { return false, err } @@ -88,6 +88,9 @@ func runTest(ctx context.Context, client *api.Client) (bool, error) { return false, err } cfg.Workdir = "/tmp/test-workdir" + if err := mgrconfig.Complete(cfg); err != nil { + return false, fmt.Errorf("failed to complete the config: %w", err) + } var rep *report.Report for i := 0; i < retryCount; i++ { diff --git a/syz-cluster/workflow/configs/all/base.cfg b/syz-cluster/workflow/configs/all/base.cfg deleted file mode 100644 index 8b98015dd..000000000 --- a/syz-cluster/workflow/configs/all/base.cfg +++ /dev/null @@ -1,24 +0,0 @@ -{ - "name": "base", - "target": "linux/amd64", - "kernel_obj": "/base/obj", - "kernel_build_src": "/workdir", - "image": "/base/image", - "syzkaller": "/syzkaller", - "workdir": "/workdir", - "type": "qemu", -# The perf_event_open call generates too many false positive stalls. -# The hfs/gfs mounts result in too many distracting kernel crashes that slow down diff fuzzing. - "disable_syscalls": [ "perf_event_open*", "syz_mount_image$hfs", "syz_mount_image$gfs*"], - "procs": 3, - "sandbox": "none", - "experimental": {"cover_edges": false}, - "vm": { - "count": 3, - "cmdline": "root=/dev/sda1", - "kernel": "/base/kernel", - "cpu": 2, - "mem": 7168, - "qemu_args": "-machine q35 -enable-kvm -smp 2,sockets=2,cores=1" - } -} diff --git a/syz-cluster/workflow/configs/all/patched.cfg b/syz-cluster/workflow/configs/all/patched.cfg deleted file mode 100644 index 8b4027891..000000000 --- a/syz-cluster/workflow/configs/all/patched.cfg +++ /dev/null @@ -1,10 +0,0 @@ -{ - "name": "patched", - "target": "linux/amd64", - "kernel_obj": "/patched/obj", - "image": "/patched/image", - "vm": { - "count": 9, - "kernel": "/patched/kernel" - } -} diff --git a/syz-cluster/workflow/configs/bpf/base.cfg b/syz-cluster/workflow/configs/bpf/base.cfg deleted file mode 100644 index 6dfa3b596..000000000 --- a/syz-cluster/workflow/configs/bpf/base.cfg +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "base", - "target": "linux/amd64", - "kernel_obj": "/base/obj", - "kernel_build_src": "/workdir", - "image": "/base/image", - "syzkaller": "/syzkaller", - "workdir": "/workdir", - "type": "qemu", - "enable_syscalls": [ - "bpf", "mkdir", "mount$bpf", "unlink", "close", - "perf_event_open*", "ioctl$PERF*", "getpid", "gettid", - "socketpair", "sendmsg", "recvmsg", "setsockopt$sock_attach_bpf", - "socket", "ioctl$sock_kcm*", "syz_clone", - "mkdirat$cgroup*", "openat$cgroup*", "write$cgroup*", - "openat$tun", "write$tun", "ioctl$TUN*", "ioctl$SIOCSIFHWADDR", - "openat$ppp", "syz_open_procfs$namespace", "openat$pidfd", "fstat" - ], - "procs": 3, - "sandbox": "none", - "experimental": {"cover_edges": false}, - "vm": { - "count": 3, - "cmdline": "root=/dev/sda1", - "kernel": "/base/kernel", - "cpu": 2, - "mem": 7168, - "qemu_args": "-machine q35 -enable-kvm -smp 2,sockets=2,cores=1" - } -} diff --git a/syz-cluster/workflow/configs/bpf/patched.cfg b/syz-cluster/workflow/configs/bpf/patched.cfg deleted file mode 100644 index 8b4027891..000000000 --- a/syz-cluster/workflow/configs/bpf/patched.cfg +++ /dev/null @@ -1,10 +0,0 @@ -{ - "name": "patched", - "target": "linux/amd64", - "kernel_obj": "/patched/obj", - "image": "/patched/image", - "vm": { - "count": 9, - "kernel": "/patched/kernel" - } -} diff --git a/syz-cluster/workflow/configs/fs/base.cfg b/syz-cluster/workflow/configs/fs/base.cfg deleted file mode 100644 index 2090ca8b3..000000000 --- a/syz-cluster/workflow/configs/fs/base.cfg +++ /dev/null @@ -1,52 +0,0 @@ -{ - "name": "base", - "target": "linux/amd64", - "kernel_obj": "/base/obj", - "kernel_build_src": "/workdir", - "image": "/base/image", - "syzkaller": "/syzkaller", - "workdir": "/workdir", - "type": "qemu", - "enable_syscalls": [ - "syz_mount_image", "open", "openat", "creat", "close", "read", - "pread64", "readv", "preadv", "preadv2", "write", "pwrite64", - "writev", "pwritev", "pwritev2", "lseek", "copy_file_range", "dup", - "dup2", "dup3", "tee", "splice", "vmsplice", "sendfile", "stat", - "lstat", "fstat", "newfstatat", "statx", "poll", "clock_gettime", - "ppoll", "select", "pselect6", "epoll_create", "epoll_create1", - "epoll_ctl", "epoll_wait", "epoll_pwait", "epoll_pwait2", "mmap", - "munmap", "mremap", "msync", "readahead", "fcntl", "mknod", "mknodat", - "chmod", "fchmod", "fchmodat", "chown", "lchown", "fchown", - "fchownat", "fallocate", "faccessat", "faccessat2", "utime", "utimes", - "futimesat", "utimensat", "link", "linkat", "symlinkat", "symlink", - "unlink", "unlinkat", "readlink", "readlinkat", "rename", "renameat", - "renameat2", "mkdir", "mkdirat", "rmdir", "truncate", "ftruncate", - "flock", "fsync", "fdatasync", "sync", "syncfs", "sync_file_range", - "getdents", "getdents64", "name_to_handle_at", "open_by_handle_at", - "chroot", "getcwd", "chdir", "fchdir", "quotactl", "pivot_root", - "statfs", "fstatfs", "syz_open_procfs", "syz_read_part_table", - "mount", "fsopen", "fspick", "fsconfig", "fsmount", "move_mount", - "open_tree", "mount_setattr", "ioctl$FS_*", "ioctl$BTRFS*", - "ioctl$AUTOFS*", "ioctl$EXT4*", "ioctl$F2FS*", "ioctl$FAT*", - "ioctl$VFAT*", "ioctl$FI*" - ], - "no_mutate_syscalls": [ - "syz_mount_image$btrfs", - "syz_mount_image$ext4", - "syz_mount_image$f2fs", - "syz_mount_image$ntfs", - "syz_mount_image$ocfs2", - "syz_mount_image$xfs" - ], - "procs": 3, - "sandbox": "none", - "experimental": {"cover_edges": false}, - "vm": { - "count": 3, - "cmdline": "root=/dev/sda1", - "kernel": "/base/kernel", - "cpu": 2, - "mem": 7168, - "qemu_args": "-machine q35 -enable-kvm -smp 2,sockets=2,cores=1" - } -} diff --git a/syz-cluster/workflow/configs/fs/patched.cfg b/syz-cluster/workflow/configs/fs/patched.cfg deleted file mode 100644 index 8b4027891..000000000 --- a/syz-cluster/workflow/configs/fs/patched.cfg +++ /dev/null @@ -1,10 +0,0 @@ -{ - "name": "patched", - "target": "linux/amd64", - "kernel_obj": "/patched/obj", - "image": "/patched/image", - "vm": { - "count": 9, - "kernel": "/patched/kernel" - } -} diff --git a/syz-cluster/workflow/configs/io-uring/base.cfg b/syz-cluster/workflow/configs/io-uring/base.cfg deleted file mode 100644 index ebee35fa4..000000000 --- a/syz-cluster/workflow/configs/io-uring/base.cfg +++ /dev/null @@ -1,27 +0,0 @@ -{ - "name": "base", - "target": "linux/amd64", - "kernel_obj": "/base/obj", - "kernel_build_src": "/workdir", - "image": "/base/image", - "syzkaller": "/syzkaller", - "workdir": "/workdir", - "type": "qemu", - "enable_syscalls": [ - "io_uring_*", "syz_io_uring_*", "syz_memcpy_off", "mmap", "madvise", - "mprotect", "eventfd", "socket", "setsockopt", "accept", "open", "close", - "clock_gettime", "ioctl$sock_SIOCGIFINDEX", "ioctl$IOCTL_GET_NCIDEV_IDX", - "openat", "epoll_create" - ], - "procs": 3, - "sandbox": "none", - "experimental": {"cover_edges": false}, - "vm": { - "count": 3, - "cmdline": "root=/dev/sda1", - "kernel": "/base/kernel", - "cpu": 2, - "mem": 7168, - "qemu_args": "-machine q35 -enable-kvm -smp 2,sockets=2,cores=1" - } -} diff --git a/syz-cluster/workflow/configs/io-uring/patched.cfg b/syz-cluster/workflow/configs/io-uring/patched.cfg deleted file mode 100644 index 8b4027891..000000000 --- a/syz-cluster/workflow/configs/io-uring/patched.cfg +++ /dev/null @@ -1,10 +0,0 @@ -{ - "name": "patched", - "target": "linux/amd64", - "kernel_obj": "/patched/obj", - "image": "/patched/image", - "vm": { - "count": 9, - "kernel": "/patched/kernel" - } -} diff --git a/syz-cluster/workflow/configs/kvm/base.cfg b/syz-cluster/workflow/configs/kvm/base.cfg deleted file mode 100644 index e70b13601..000000000 --- a/syz-cluster/workflow/configs/kvm/base.cfg +++ /dev/null @@ -1,34 +0,0 @@ -{ - "name": "base", - "target": "linux/amd64", - "kernel_obj": "/base/obj", - "kernel_build_src": "/workdir", - "image": "/base/image", - "syzkaller": "/syzkaller", - "workdir": "/workdir", - "type": "qemu", - "enable_syscalls": [ - "openat$kvm", - "openat$sev", - "close", - "ioctl$KVM*", - "syz_kvm*", - "mmap$KVM_VCPU", - "munmap", - "syz_memcpy_off$KVM_EXIT_MMIO", - "syz_memcpy_off$KVM_EXIT_HYPERCALL", - "eventfd2", - "write$eventfd" - ], - "procs": 3, - "sandbox": "none", - "experimental": {"cover_edges": false}, - "vm": { - "count": 3, - "cmdline": "root=/dev/sda1 kvm-intel.nested=1", - "kernel": "/base/kernel", - "cpu": 2, - "mem": 7168, - "qemu_args": "-machine q35,nvdimm=on,accel=kvm,kernel-irqchip=split -cpu max,migratable=off -enable-kvm -smp 2,sockets=2,cores=1" - } -} diff --git a/syz-cluster/workflow/configs/kvm/patched.cfg b/syz-cluster/workflow/configs/kvm/patched.cfg deleted file mode 100644 index 8b4027891..000000000 --- a/syz-cluster/workflow/configs/kvm/patched.cfg +++ /dev/null @@ -1,10 +0,0 @@ -{ - "name": "patched", - "target": "linux/amd64", - "kernel_obj": "/patched/obj", - "image": "/patched/image", - "vm": { - "count": 9, - "kernel": "/patched/kernel" - } -} diff --git a/syz-cluster/workflow/configs/net/base.cfg b/syz-cluster/workflow/configs/net/base.cfg deleted file mode 100644 index 2a5d57749..000000000 --- a/syz-cluster/workflow/configs/net/base.cfg +++ /dev/null @@ -1,40 +0,0 @@ -{ - "name": "base", - "target": "linux/amd64", - "kernel_obj": "/base/obj", - "kernel_build_src": "/workdir", - "image": "/base/image", - "syzkaller": "/syzkaller", - "workdir": "/workdir", - "type": "qemu", - "enable_syscalls": [ - "accept", "accept4", "bind", "close", "connect", "epoll_create", - "epoll_create1", "epoll_ctl", "epoll_pwait", "epoll_wait", - "getpeername", "getsockname", "getsockopt", "ioctl", "listen", - "mmap", "poll", "ppoll", "pread64", "preadv", "pselect6", - "pwrite64", "pwritev", "read", "readv", "recvfrom", "recvmmsg", - "recvmsg", "select", "sendfile", "sendmmsg", "sendmsg", "sendto", - "setsockopt", "shutdown", "socket", "socketpair", "splice", - "vmsplice", "write", "writev", "tee", "bpf", "getpid", - "getgid", "getuid", "gettid", "unshare", "pipe", - "syz_emit_ethernet", "syz_extract_tcp_res", - "syz_genetlink_get_family_id", "syz_init_net_socket", - "mkdirat$cgroup*", "openat$cgroup*", "write$cgroup*", - "clock_gettime", "bpf", "openat$tun", "openat$ppp", - "syz_open_procfs$namespace", "syz_80211_*", "nanosleep", - "openat$nci", "ioctl$IOCTL_GET_NCIDEV_IDX", "openat$rfkill", - "openat$6lowpan*", "openat$pidfd", "openat$tcp*", "openat$vhost_vsock", - "openat$ptp*", "ioctl$PTP*" - ], - "procs": 3, - "sandbox": "none", - "experimental": {"cover_edges": false}, - "vm": { - "count": 3, - "cmdline": "root=/dev/sda1", - "kernel": "/base/kernel", - "cpu": 2, - "mem": 7168, - "qemu_args": "-machine q35 -enable-kvm -smp 2,sockets=2,cores=1" - } -} diff --git a/syz-cluster/workflow/configs/net/patched.cfg b/syz-cluster/workflow/configs/net/patched.cfg deleted file mode 100644 index 8b4027891..000000000 --- a/syz-cluster/workflow/configs/net/patched.cfg +++ /dev/null @@ -1,10 +0,0 @@ -{ - "name": "patched", - "target": "linux/amd64", - "kernel_obj": "/patched/obj", - "image": "/patched/image", - "vm": { - "count": 9, - "kernel": "/patched/kernel" - } -} diff --git a/syz-cluster/workflow/fuzz-step/Dockerfile b/syz-cluster/workflow/fuzz-step/Dockerfile index 787d95e46..bc11e80da 100644 --- a/syz-cluster/workflow/fuzz-step/Dockerfile +++ b/syz-cluster/workflow/fuzz-step/Dockerfile @@ -33,6 +33,5 @@ RUN useradd --create-home syzkaller COPY --from=fuzz-step-builder /build/bin/ /syzkaller/bin/ COPY --from=fuzz-step-builder /bin/fuzz-step /bin/fuzz-step -COPY syz-cluster/workflow/configs/ /configs/ ENTRYPOINT ["/bin/fuzz-step"] diff --git a/syz-cluster/workflow/fuzz-step/main.go b/syz-cluster/workflow/fuzz-step/main.go index 227e3431d..5eb813e78 100644 --- a/syz-cluster/workflow/fuzz-step/main.go +++ b/syz-cluster/workflow/fuzz-step/main.go @@ -18,7 +18,7 @@ import ( "time" "github.com/google/syzkaller/pkg/build" - "github.com/google/syzkaller/pkg/config" + "github.com/google/syzkaller/pkg/db" "github.com/google/syzkaller/pkg/log" "github.com/google/syzkaller/pkg/manager" "github.com/google/syzkaller/pkg/mgrconfig" @@ -26,6 +26,7 @@ import ( "github.com/google/syzkaller/prog" "github.com/google/syzkaller/syz-cluster/pkg/api" "github.com/google/syzkaller/syz-cluster/pkg/app" + "github.com/google/syzkaller/syz-cluster/pkg/fuzzconfig" "golang.org/x/sync/errgroup" ) @@ -124,7 +125,7 @@ func run(baseCtx context.Context, config *api.FuzzConfig, client *api.Client, const MB = 1000000 log.EnableLogCaching(100000, 10*MB) - base, patched, err := loadConfigs("/configs", config.Config, true) + base, patched, err := generateConfigs(config) if err != nil { return fmt.Errorf("failed to load configs: %w", err) } @@ -139,12 +140,10 @@ func run(baseCtx context.Context, config *api.FuzzConfig, client *api.Client, } manager.PatchFocusAreas(patched, series.PatchBodies(), baseSymbols.Text, patchedSymbols.Text) - if config.CorpusURL != "" { - err := downloadCorpus(baseCtx, patched.Workdir, config.CorpusURL) + if len(config.CorpusURLs) > 0 { + err := prepareCorpus(baseCtx, patched.Workdir, config.CorpusURLs, patched.Target) if err != nil { - return fmt.Errorf("failed to download the corpus: %w", err) - } else { - log.Logf(0, "downloaded the corpus from %s", config.CorpusURL) + app.Errorf("failed to download the corpus: %v", err) } } @@ -233,65 +232,70 @@ func run(baseCtx context.Context, config *api.FuzzConfig, client *api.Client, return err } -func downloadCorpus(ctx context.Context, workdir, url string) error { - out, err := os.Create(filepath.Join(workdir, "corpus.db")) - if err != nil { - return err - } - defer out.Close() - req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) - if err != nil { - return err - } - resp, err := (&http.Client{}).Do(req) - if err != nil { - return err +func prepareCorpus(ctx context.Context, workdir string, urls []string, target *prog.Target) error { + corpusFile := filepath.Join(workdir, "corpus.db") + var otherFiles []string + for i, url := range urls { + log.Logf(0, "downloading corpus #%d: %q", i+1, url) + downloadTo := corpusFile + if i > 0 { + downloadTo = fmt.Sprintf("%s.%d", corpusFile, i) + otherFiles = append(otherFiles, downloadTo) + } + out, err := os.Create(corpusFile) + if err != nil { + return err + } + defer out.Close() + req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) + if err != nil { + return err + } + resp, err := (&http.Client{}).Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("status is not 200: %s", resp.Status) + } + _, err = io.Copy(out, resp.Body) + if err != nil { + return err + } } - defer resp.Body.Close() - if resp.StatusCode != http.StatusOK { - return fmt.Errorf("status is not 200: %s", resp.Status) + if len(otherFiles) > 0 { + log.Logf(0, "merging corpuses") + skipped, err := db.Merge(corpusFile, otherFiles, target) + if err != nil { + return err + } else if len(skipped) > 0 { + log.Logf(0, "skipped %d entries", len(skipped)) + } } - _, err = io.Copy(out, resp.Body) - return err + return nil } -// To reduce duplication, patched configs are stored as a delta to their corresponding base.cfg version. -// loadConfigs performs all the necessary merging and parsing and returns two ready to use configs. -func loadConfigs(configFolder, configName string, complete bool) (*mgrconfig.Config, *mgrconfig.Config, error) { - var baseRaw, deltaRaw json.RawMessage - err := config.LoadFile(filepath.Join(configFolder, configName, "base.cfg"), &baseRaw) +func generateConfigs(config *api.FuzzConfig) (*mgrconfig.Config, *mgrconfig.Config, error) { + base, err := fuzzconfig.GenerateBase(config) if err != nil { - return nil, nil, fmt.Errorf("failed to read the base config: %w", err) + return nil, nil, fmt.Errorf("failed to prepare base config: %w", err) } - err = config.LoadFile(filepath.Join(configFolder, configName, "patched.cfg"), &deltaRaw) + patched, err := fuzzconfig.GeneratePatched(config) if err != nil { - return nil, nil, fmt.Errorf("failed to read the patched config: %w", err) + return nil, nil, fmt.Errorf("failed to prepare patched config: %w", err) } - patchedRaw, err := config.MergeJSONs(baseRaw, deltaRaw) + base.Workdir = filepath.Join(*flagWorkdir, "base") + osutil.MkdirAll(base.Workdir) + patched.Workdir = filepath.Join(*flagWorkdir, "patched") + osutil.MkdirAll(patched.Workdir) + err = mgrconfig.Complete(base) if err != nil { - return nil, nil, fmt.Errorf("failed to merge the configs: %w", err) + return nil, nil, fmt.Errorf("failed to complete the base config: %w", err) } - base, err := mgrconfig.LoadPartialData(baseRaw) + err = mgrconfig.Complete(patched) if err != nil { - return nil, nil, fmt.Errorf("failed to parse the base config: %w", err) - } - patched, err := mgrconfig.LoadPartialData(patchedRaw) - if err != nil { - return nil, nil, fmt.Errorf("failed to parse the patched config: %w", err) - } - if complete { - base.Workdir = filepath.Join(*flagWorkdir, "base") - osutil.MkdirAll(base.Workdir) - patched.Workdir = filepath.Join(*flagWorkdir, "patched") - osutil.MkdirAll(patched.Workdir) - err = mgrconfig.Complete(base) - if err != nil { - return nil, nil, fmt.Errorf("failed to complete the base config: %w", err) - } - err = mgrconfig.Complete(patched) - if err != nil { - return nil, nil, fmt.Errorf("failed to complete the patched config: %w", err) - } + return nil, nil, fmt.Errorf("failed to complete the patched config: %w", err) } return base, patched, nil } diff --git a/syz-cluster/workflow/fuzz-step/main_test.go b/syz-cluster/workflow/fuzz-step/main_test.go index 6f305a818..de10d507a 100644 --- a/syz-cluster/workflow/fuzz-step/main_test.go +++ b/syz-cluster/workflow/fuzz-step/main_test.go @@ -5,9 +5,7 @@ package main import ( "encoding/json" - "io/fs" "os" - "path/filepath" "testing" "github.com/google/syzkaller/pkg/build" @@ -17,24 +15,6 @@ import ( "github.com/stretchr/testify/require" ) -func TestConfigLoad(t *testing.T) { - root := filepath.Join("..", "configs") - filepath.WalkDir(root, func(path string, d fs.DirEntry, err error) error { - if err != nil { - return err - } - if !d.IsDir() || path == root { - return nil - } - t.Logf("checking %v", path) - _, _, err = loadConfigs(root, d.Name(), false) - if err != nil { - t.Fatalf("error proessing %q: %v", path, err) - } - return nil - }) -} - func TestReadSectionHashes(t *testing.T) { hashes := build.SectionHashes{ Text: map[string]string{"A": "1"}, diff --git a/syz-cluster/workflow/triage-step/main.go b/syz-cluster/workflow/triage-step/main.go index 7e8061aef..37eddd5e8 100644 --- a/syz-cluster/workflow/triage-step/main.go +++ b/syz-cluster/workflow/triage-step/main.go @@ -85,14 +85,14 @@ func (triager *seriesTriager) GetVerdict(ctx context.Context, sessionID string) SkipReason: "no suitable base kernel trees found", }, nil } - fuzzConfig := triage.SelectFuzzConfig(series, treesResp.FuzzTargets) - if fuzzConfig == nil { + fuzzConfigs := triage.MergeKernelFuzzConfigs(triage.SelectFuzzConfigs(series, treesResp.FuzzTargets)) + if len(fuzzConfigs) == 0 { return &api.TriageResult{ - SkipReason: "no suitable fuzz config found", + SkipReason: "no suitable fuzz configs found", }, nil } ret := &api.TriageResult{} - for _, campaign := range fuzzConfig.Campaigns { + for _, campaign := range fuzzConfigs { fuzzTask, err := triager.prepareFuzzingTask(ctx, series, selectedTrees, campaign) var skipErr *SkipTriageError if errors.As(err, &skipErr) { @@ -111,7 +111,7 @@ func (triager *seriesTriager) GetVerdict(ctx context.Context, sessionID string) } func (triager *seriesTriager) prepareFuzzingTask(ctx context.Context, series *api.Series, trees []*api.Tree, - target *api.KernelFuzzConfig) (*api.FuzzTask, error) { + target *triage.MergedFuzzConfig) (*api.FuzzTask, error) { var skipErr error for _, tree := range trees { triager.Log("considering tree %q", tree.Name) @@ -151,7 +151,7 @@ func (triager *seriesTriager) prepareFuzzingTask(ctx context.Context, series *ap fuzz := &api.FuzzTask{ Base: base, Patched: base, - FuzzConfig: target.FuzzConfig, + FuzzConfig: *target.FuzzConfig, } fuzz.Patched.SeriesID = series.ID return fuzz, nil |