diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2024-11-27 17:23:09 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-12-11 15:22:17 +0000 |
| commit | 299ee674e6c124a35f1cf258df4f0f3c6e1db1f3 (patch) | |
| tree | 416b515e959a1d0a64a9516b1524a062ae63ba7d /tools/syz-execprog | |
| parent | ff949d2512c5ac33d0407d26d80f1df77b2de0e7 (diff) | |
executor: query globs in the test program context
We query globs for 2 reasons:
1. Expand glob types in syscall descriptions.
2. Dynamic file probing for automatic descriptions generation.
In both of these contexts are are interested in files
that will be present during test program execution
(rather than normal unsandboxed execution).
For example, some files may not be accessible to test programs
after pivot root. On the other hand, we create and link
some additional files for the test program that don't
normally exist.
Add a new request type for querying of globs that are
executed in the test program context.
Diffstat (limited to 'tools/syz-execprog')
| -rw-r--r-- | tools/syz-execprog/execprog.go | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/tools/syz-execprog/execprog.go b/tools/syz-execprog/execprog.go index 9d7f082ed..4ab808ad0 100644 --- a/tools/syz-execprog/execprog.go +++ b/tools/syz-execprog/execprog.go @@ -53,6 +53,7 @@ var ( flagDebug = flag.Bool("debug", false, "debug output from executor") flagSlowdown = flag.Int("slowdown", 1, "execution slowdown caused by emulation/instrumentation") flagUnsafe = flag.Bool("unsafe", false, "use unsafe program deserialization mode") + flagGlob = flag.String("glob", "", "run glob expansion request") // The in the stress mode resembles simple unguided fuzzer. // This mode can be used as an intermediate step when porting syzkaller to a new OS, @@ -138,7 +139,7 @@ func main() { } progs := loadPrograms(target, flag.Args()) - if !*flagStress && len(progs) == 0 { + if *flagGlob == "" && !*flagStress && len(progs) == 0 { flag.Usage() os.Exit(1) } @@ -147,6 +148,7 @@ func main() { target: target, done: done, progs: progs, + globs: strings.Split(*flagGlob, ":"), rs: rand.NewSource(time.Now().UnixNano()), coverFile: *flagCoverFile, output: *flagOutput, @@ -191,6 +193,7 @@ type Context struct { target *prog.Target done func() progs []*prog.Prog + globs []string defaultOpts flatrpc.ExecOpts choiceTable *prog.ChoiceTable logMu sync.Mutex @@ -217,6 +220,18 @@ func (ctx *Context) machineChecked(features flatrpc.Feature, syscalls map[*prog. } func (ctx *Context) Next() *queue.Request { + if *flagGlob != "" { + idx := int(ctx.resultIndex.Add(1) - 1) + if idx >= len(ctx.globs) { + return nil + } + req := &queue.Request{ + Type: flatrpc.RequestTypeGlob, + GlobPattern: ctx.globs[idx], + } + req.OnDone(ctx.doneGlob) + return req + } var p *prog.Prog if ctx.stress { p = ctx.createStressProg() @@ -246,6 +261,25 @@ func (ctx *Context) Next() *queue.Request { return req } +func (ctx *Context) doneGlob(req *queue.Request, res *queue.Result) bool { + if res.Status == queue.Success { + files := res.GlobFiles() + ctx.logMu.Lock() + fmt.Printf("glob %q expanded to %v files\n", req.GlobPattern, len(files)) + for _, file := range files { + fmt.Printf("\t%q\n", file) + } + ctx.logMu.Unlock() + } else { + fmt.Printf("request failed: %v (%v)\n%s\n", res.Status, res.Err, res.Output) + } + completed := int(ctx.completed.Add(1)) + if completed >= len(ctx.globs) { + ctx.done() + } + return true +} + func (ctx *Context) Done(req *queue.Request, res *queue.Result) bool { if res.Info != nil { ctx.printCallResults(res.Info) |