| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
GCE instance tags can be used for various purposes, such as applying
network firewall rules or filtering VMs for scheduling onto specific
hosts.
To support these use cases, syzkaller needs the ability to set
instance tags during VM creation.
This patch introduces a new tags field to the gce VM configuration that
allows users to specify a list of tags to be attached to GCE instances
created by syz-manager.
|
| |
|
|
|
|
|
|
|
|
| |
Enable external abortion of the instance creation process. This is
especially useful for the qemu case where we retry the creation/boot up
to 1000 times, which can take significant time (e.g. it timeouts
syz-cluster pods on unstable kernels).
The context can be further propagated to WaitForSSH, but that requires
another quite significant vm/ refactoring.
|
| |
|
|
|
|
| |
Google Cloud cannot automatically infer it from our images, so we need
to explicitly set it. The flag is required to create a GVNIC-based GCE
instance (the only type for C4A machines).
|
| |
|
|
| |
It allows to use context as a single termination signal source.
|
| |
|
|
| |
It reduces WaitForSSH parameter count from 9 to 6.
|
| |
|
|
|
|
| |
Some functions are not the struct members now.
Some functions deleted.
Client mock generated.
|
| |
|
|
|
|
|
| |
Move the VM count restriction logic info vm package.
This avoids lots of duplication, makes it supported
for VM types that failed to do this, and allows
to unify more VM count logic in future.
|
| | |
|
| |
|
|
| |
Fixes #5028
|
| |
|
|
|
|
|
|
|
| |
Pass Type struct directly during registration.
This allows to add additional optional parameters to VM types
without changing all VM implementations.
We we will need to add SupportsSnapshots flag and one flag to resolve #5028.
With this change it will be possible to add "SupportsSnapshots: true"
to just one VM type implemenetation.
|
| |
|
|
| |
It's better to follow standard interfaces.
|
| |
|
|
|
|
| |
It will let us reduce code duplication and use the more appropriate
approach to the graceful Run() shutdown - by enforcing a delay between
stopping the command and stopping the collection of the console output.
|
| |
|
|
|
|
| |
Remove things that are only needed for target VM communication:
conditional compression, timeout scaling, traffic stats.
To minimize diffs when we switch target VM communication to flatrpc.
|
| |
|
|
|
|
|
|
| |
RPC compression take up to 10% of CPU time in profiles,
but it's unlikely to be beneficial for local VM runs
(we are mostly copying memory in this case).
Enable RPC compression based on the VM type
(local VM don't use it, remove machines use it).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Most of the VM types tightly manage the target they SSH into and can
safely assume that system wide SSH configuration would mess with the SSH
flags provided by syzkaller. However, in the "isolate" VM type, one can
connect to a host that is not at all managed by syzkaller. In this case,
it can be useful to leverage system wide SSH config, maybe provided by a
corporate environment.
This adds an option to the isolated config to skip some of the SSH and
SCP flags that would drop system wide config.
|
| |
|
|
|
|
|
| |
It's now the recommended approach.
Co-authored-by: Alex Tyler <alextyler@google.com>
Co-authored-by: Aleksandr Nogikh <nogikh@google.com>
|
| |
|
|
| |
Use a single function instead.
|
| |
|
|
|
|
|
|
| |
In GCP projects with OS Login, the per-VM keys don't play any role in
the authentication. We need to attach an SSH key to a service account
and use it to connect to ssh-serialport.googleapis.com.
Add two new configuration options to enable that.
|
| |
|
|
|
|
| |
We've been seeing an increase in "failed to init gce" errors on syzbot.
These problems seem totally transient, so let's address it by retrying
the initialization instead of aborting syz-manager's execution.
|
| |
|
|
|
|
|
| |
GCE has begun to fail on arm64 instance creation with:
Arm based instances do not support display device.
Enable the feature for amd64 only.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
We're getting sporadic "failed to copy binary to VM" errors, but we lack
the debug info to understand the nature of the problem.
Always collect scp debug info for gce VMs.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
For Cuttlefish we want to read the console from the emulated device
instead of the "host" GCE instance. This allows us to pass a custom
command through to gce.Pool (and then to gce.instance) which is used
instead.
We also need to update runOnHost() to use osutil directly instead of
delegating to gceInst.Run(), since it's called during VM creation. When
setting up the VM the kernel logs don't exist yet.
|
| |
|
|
|
|
|
| |
Since this can be enabled on per-image basis, we don't need to
specifically add this to the creation RPC.
This is basically a revert of https://github.com/google/syzkaller/pull/3328.
|
| |
|
|
|
|
| |
This is needed for Cuttlefish-on-GCE. It adds the field 'nested_virt' to
the config file and then passes it through to the relevant field in the
call to gce.CreateInstance().
|
| |
|
|
|
| |
At the moment syzkaller can only use the zone where it's running. Make it a
configurable option instead (with the old behavior as a fallback).
|
| |
|
|
| |
Now we always enable it, make this configurable for GCE instances.
|
| |
|
|
| |
Allow ssh-rsa not only from getSerialPortOutput(), but also from Run().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSH 8.8 release disables RSA signatures using the SHA-1 hash
algorithm by default.
Sadly, the ssh-serialport.googleapis.com:9600 uses the deprecated
algorithm for host-key. The end-point identifies itself as:
debug1: Remote protocol version 2.0, remote software version Go
debug1: no match: Go
...
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
This should be fixed on the server side, but for now I added a
workaround of enabling this deprecated algorithm.
|
| |
|
|
|
|
| |
These messages are of relevance to debugging problems on syz-ci's side,
but due to log level 1 they are not saved to logs by default. Set their
log level to 0.
|
| |
|
|
|
|
| |
We used to use empty ssh key as indication to use the GCE magic,
but this conflicts with using no ssh key at all (empty password).
Use string "GCE" instead to enable GCE magic.
|
| |
|
|
|
| |
For context see the discussion at:
https://groups.google.com/g/syzkaller/c/ruwaYUvwHTw/m/E9Cg9OfvAgAJ
|
| |
|
|
|
|
|
|
|
| |
The way to diagnose generally depends on the issue.
E.g. do we need register dump to debug this issue?
Do we need host dmesg dump? Some diagnosis may be
directly specific to a particular problem (e.g. dumping
a particular debugfs/procfs file).
Pass Report to Diagnose to make this possible.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We use strings to identify OS/Arch.
These strings are duplicated throughout the code base massively.
golangci-lint points to possiblity of typos and duplication.
We already had to define these names in pkg/csource
and disable checking for prog package. A future change triggers
such warnings in another package.
Add OS/Arch name consts to sys/targets so that they can be used
to refer to OS/Arch. Use the consts everywhere.
|
| |
|
|
| |
Points to bad empty lines very precisely.
|
| |
|
|
|
| |
Make signatures of these functions match vm.Diagnose.
Both more flexible, less code, more reasonable.
|
| |
|
|
| |
The FreeBSD kernel debugger can provide more information when the
kernel panics. Add support to bhybe and gce to print this information.
|
| |
|
|
|
|
|
|
|
| |
We are seeing some flakes during bisection and image testing.
Hard to tell what's the root cause because they are episodic.
But using non-preemptible VMs for bisection and image testing
looks good on all fronts.
Update #501
|
| |
|
|
|
|
|
|
|
| |
Currently we try to ssh into the machine for 10 minutes
even if it crashed right away. Make qemu exit on kernel panic
and stop ssh'ing when qemu exits.
Handling bad kernels fast is actually important for bisection.
Update #501
|
| |
|
|
|
| |
Currently we squash VerboseError which leads to too lengthy build error titles.
Handle verbose error more carefully.
|
| |
|
|
|
|
| |
Rather than writing the diagnosis to the kernel console, Diagnose can
now directly return the extra debugging info, which will be appended ot
the kernel console log.
|
| |
|
|
| |
Run can be executed several times on a VM.
|
| |
|
|
|
|
|
|
| |
* openbsd: use console diagnostic code for both vmm and gce.
* gometalinter wants less indentation and more stuff in scope
* Comment no longer applies
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* vm/qemu: Improve debug output.
When running in debug mode, the number of VMs is reduced to 1.
State this in the debug output.
* vm/qemu: Don't start debug output with a capital letter.
As requested by Dimitry.
* vm: Provide debug message when reduing number of VMs.
Apply this change to all affected platforms for consistency.
Suggested by Dmitry.
* Add myself to AUTHORS/CONTRIBUTORS files.
* vm: Fix compilation issues missed in earlier commit.
* vm: Use logging to write debug message.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* build/openbsd: minor cleanup (use tuples instead of maps)
* Grammar nits in comments.
* Simplify openbsd.Create, will defer when there's more than one error exit.
* pkg/build: Support copying kernel into GCE image
* Simple test for openbsd image copy build.
* Cleanup in case something failed before.
* Support multi-processor VMs on GCE.
* More debug
* Reformat
* OpenBSD gce image needs to be raw.
* GC
* Force format to GNU directly on Go 1.10 or newer.
* Use vmType passed as a parameter inside openbsd.go
* gofmt
* more fmt
* Can't use GENERIC.mp just yet.
* capitalize
* Copyright
|
| |
|
|
|
|
|
|
| |
We currently have this list in multiple places (somewhat diverged).
Specify this "overcommit" property in VM implementations.
In particular, we also want to allow overcommit for "vmm" type.
Update #712
|
| |
|
|
| |
Update #538
|
| |
|
|
| |
fail
|
