diff options
| -rw-r--r-- | syz-fuzzer/fuzzer.go | 29 | ||||
| -rw-r--r-- | syz-fuzzer/proc.go | 45 |
2 files changed, 8 insertions, 66 deletions
diff --git a/syz-fuzzer/fuzzer.go b/syz-fuzzer/fuzzer.go index 6e45bc229..2d62d65d5 100644 --- a/syz-fuzzer/fuzzer.go +++ b/syz-fuzzer/fuzzer.go @@ -31,7 +31,6 @@ import ( type FuzzerTool struct { name string - outputType OutputType config *ipc.Config procs []*Proc gate *ipc.Gate @@ -66,15 +65,6 @@ type executionRequest struct { prog *prog.Prog } -type OutputType int - -const ( - OutputNone OutputType = iota - OutputStdout - OutputDmesg - OutputFile -) - func createIPCConfig(features *host.Features, config *ipc.Config) { if features[host.FeatureExtraCoverage].Enabled { config.Flags |= ipc.FlagExtraCover @@ -123,7 +113,6 @@ func main() { flagArch = flag.String("arch", runtime.GOARCH, "target arch") flagManager = flag.String("manager", "", "manager rpc address") flagProcs = flag.Int("procs", 1, "number of parallel test processes") - flagOutput = flag.String("output", "stdout", "write programs to none/stdout/dmesg/file") flagTest = flag.Bool("test", false, "enable image testing mode") // used by syz-ci flagRunTest = flag.Bool("runtest", false, "enable program testing mode") // used by pkg/runtest flagRawCover = flag.Bool("raw_cover", false, "fetch raw coverage") @@ -134,7 +123,6 @@ func main() { flagResetAccState = flag.Bool("reset_acc_state", false, "restarts executor before most executions") ) defer tool.Init()() - outputType := parseOutputType(*flagOutput) log.Logf(0, "fuzzer started") target, err := prog.GetTarget(*flagOS, *flagArch) @@ -242,7 +230,6 @@ func main() { inputsCount := *flagProcs * 2 fuzzerTool := &FuzzerTool{ name: *flagName, - outputType: outputType, manager: manager, target: target, timeouts: timeouts, @@ -468,19 +455,3 @@ func setupPprofHandler(port int) { } }() } - -func parseOutputType(str string) OutputType { - switch str { - case "none": - return OutputNone - case "stdout": - return OutputStdout - case "dmesg": - return OutputDmesg - case "file": - return OutputFile - default: - log.SyzFatalf("-output flag must be one of none/stdout/dmesg/file") - return OutputNone - } -} diff --git a/syz-fuzzer/proc.go b/syz-fuzzer/proc.go index 4f7a00076..0a94cdc69 100644 --- a/syz-fuzzer/proc.go +++ b/syz-fuzzer/proc.go @@ -4,12 +4,9 @@ package main import ( - "bytes" "fmt" "math/rand" - "os" "runtime/debug" - "syscall" "time" "github.com/google/syzkaller/pkg/ipc" @@ -101,7 +98,7 @@ func (proc *Proc) executeRaw(opts *ipc.ExecOpts, p *prog.Prog) *ipc.ProgInfo { if err == nil { // Limit concurrency. ticket := proc.tool.gate.Enter() - proc.logProgram(opts, p) + proc.logProgram(p) output, info, hanged, err = proc.env.Exec(opts, p) proc.tool.gate.Leave(ticket) } @@ -126,39 +123,13 @@ func (proc *Proc) executeRaw(opts *ipc.ExecOpts, p *prog.Prog) *ipc.ProgInfo { } } -func (proc *Proc) logProgram(opts *ipc.ExecOpts, p *prog.Prog) { - if proc.tool.outputType == OutputNone { - return - } - - data := p.Serialize() - +func (proc *Proc) logProgram(p *prog.Prog) { // The following output helps to understand what program crashed kernel. // It must not be intermixed. - switch proc.tool.outputType { - case OutputStdout: - now := time.Now() - proc.tool.logMu.Lock() - fmt.Printf("%02v:%02v:%02v executing program %v:\n%s\n", - now.Hour(), now.Minute(), now.Second(), - proc.pid, data) - proc.tool.logMu.Unlock() - case OutputDmesg: - fd, err := syscall.Open("/dev/kmsg", syscall.O_WRONLY, 0) - if err == nil { - buf := new(bytes.Buffer) - fmt.Fprintf(buf, "syzkaller: executing program %v:\n%s\n", - proc.pid, data) - syscall.Write(fd, buf.Bytes()) - syscall.Close(fd) - } - case OutputFile: - f, err := os.Create(fmt.Sprintf("%v-%v.prog", proc.tool.name, proc.pid)) - if err == nil { - f.Write(data) - f.Close() - } - default: - log.SyzFatalf("unknown output type: %v", proc.tool.outputType) - } + now := time.Now() + data := p.Serialize() + proc.tool.logMu.Lock() + fmt.Printf("%02v:%02v:%02v executing program %v:\n%s\n", + now.Hour(), now.Minute(), now.Second(), proc.pid, data) + proc.tool.logMu.Unlock() } |