| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we stop both executor binary and the RPC server concurrently
due to use of errgroup.WithContext. As the result, executor may SYZFAIL
on the closed network connection before it's killed.
This race leads to very high percent (25%) of failed repro attempts
for my local syz-manager runs. When we run syz-execprog with Repeat=false,
the race triggers frequently. May have something to do with heavily
instrumented kernel where some operations may take longer (e.g. killing
syz-executor and stopping all of its threads).
This should also fix #6091
|
| |
|
|
|
| |
If an instance crashed during machine check, that should not normally
abort all RPCServer operation.
|
| |
|
|
|
| |
Accept context as a function argument.
Split out the code that creates a syz-executor process instance.
|
| |
|
|
| |
It should hopefully let us debug #5674.
|
| |
|
|
| |
Apply necessary changes to pkg/flatrpc and pkg/manager as well.
|
| |
|
|
|
|
|
| |
The context is assumed to be passed into the function doing the actual
processing. Refactor vminfo to follow this approach.
This will help refactor pkg/rpcserver later.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We query globs for 2 reasons:
1. Expand glob types in syscall descriptions.
2. Dynamic file probing for automatic descriptions generation.
In both of these contexts are are interested in files
that will be present during test program execution
(rather than normal unsandboxed execution).
For example, some files may not be accessible to test programs
after pivot root. On the other hand, we create and link
some additional files for the test program that don't
normally exist.
Add a new request type for querying of globs that are
executed in the test program context.
|
| |
|
|
|
|
|
|
|
|
|
| |
Few assorted changes to reduce future diffs:
- add rpcserver.RemoteConfig similar to LocalConfig
(there are too many parameters)
- add CheckGlobs to requesting additional globs from VMs
- pass whole InfoRequest to the MachineChecked callback
so that it's possible to read globs information
- add per-mode config checking in the manager
- add Manager.saveJson helper
|
| |
|
|
|
| |
It will enable collecting statistics for several simultaneous RPCServer
objects.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added more test coverage of the package and created an interface of
rpcserver to use it as the dependency (for syz-manager).
Also tried to cover with tests a private method handleConn(),
though it calls handleRunnerConn which has a separate logic in
Handshake(), which within handleConn() unit test we should've mocked.
This will require a refactoring of `runners map[int]*Runner` and
runner.go in general with a separate interface which we can mock as
well.
General idea is to have interfaces of Server (rpc), Runner etc. and mock a
compound logic like Handshake during a separate public (or private if it
has callable, if-else logic) method unit-testing.
|
| |
|
|
|
|
| |
Using actual VM indices for VM identification allows to match these indices to VMs in the pool,
allows to use dense arrays to store information about runners (e.g. in queue.Distributor),
and just removes string names as unnecessary additional entities.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For local rpcserver runs, we do not reboot the executor in case of
errors. Moreover, if the error did not lead to the executor process
exit, we may never detect that something went wrong.
Return an error channel from CreateInstance() to be able to act on
connection loop errors.
Explicitly register the instance during local executions and exit from
RunLocal() in case of connection problems.
|
| | |
|
| |
|
|
|
| |
It's assumed that the caller would use a context to control waits on
individual requests.
|
| |
|
|
| |
The object enables a graceful shutdown of machine checks.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We see some errors of the form:
SYZFAIL: coverage filter is full
pc=0x80007000c0008 regions=[0xffffffffbfffffff 0x243fffffff 0x143fffffff 0xc3fffffff] alloc=156
Executor shouldn't send non kernel addresses in signal,
but somehow it does. It can happen if the VM memory is corrupted,
or if the test program does something very nasty (e.g. discovers
the output region and writes to it).
It's not possible to reliably filter signal in the tested VM.
Move all of the filtering logic to the host.
Fixes #4942
|
| | |
|
|
|
Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.
Update #4917 (sets most signal handlers to SIG_IGN)
|
