| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Move the VM count restriction logic info vm package.
This avoids lots of duplication, makes it supported
for VM types that failed to do this, and allows
to unify more VM count logic in future.
|
| |
|
|
|
|
|
|
|
| |
The pause function is useful to make manager stop consuming CPU
for some time, e.g. when it runs on a shared machine,
and a user wants to use CPU for something else.
Previously one would need to kill the manager process and
restart later to achieve this, but the restart is costly,
and aborts all bug reproductions.
|
| |
|
|
|
|
|
|
|
| |
Pools and ReproLoop and always created on start,
so there is no need to support lazy set for them.
It only complicates code and makes it harder to reason about.
Also introduce vm.Dispatcher as an alias to dispatcher.Pool,
as it's the only specialization we use in the project.
|
| | |
|
| |
|
|
| |
Co-authored-by: eep@google.com
|
| |
|
|
|
|
| |
Even though we are yet to see arm64 hosts on which `-accel kvm` works
properly, require the users to explicitly set request TCG in their
manager configs.
|
| |
|
|
|
| |
They are very noisy and can cause important crash information to run off
the end of the buffer; this is a temporary fix to avoid that.
|
| |
|
|
|
|
|
|
|
| |
- Extraneous references to the `ffx log` pipe are closed, allowing the
EOF from the subprocess to be propagated properly.
- The SSH bridge into the Starnix sshd is now properly shut down when
the instance is closed, avoiding a zombie process.
- Some of the starnix code has been updated to be in line with a
refactor that took place in other VM types.
|
| |
|
|
|
| |
This allows for multiple starnix VM pools to exist simultaneously
without conflict, and avoids any unintential global state.
|
| |
|
|
| |
I want to create more than 128.
|
| |
|
|
| |
This seems to be an acceptable compromise between speed and coverage
|
| | |
|
| |
|
|
| |
./tools/syz-env make generate
|
| |
|
|
|
| |
Include VM output into snapshot error messages.
Otherwise it's hard to understand what happened.
|
| |
|
|
| |
Stop all default VMs and restart them with the new handler.
|
| | |
|
| |
|
|
|
| |
The test should aid the Go race detector to detect bugs in the
dispatcher.Pool code.
|
| |
|
|
|
|
|
|
| |
It was possible for poolInstance.reserve() and free() to race with
instance restart in Pool.Loop().
Add more locking to poolInstance. Remove locks in one case where it was
excessive.
|
| |
|
|
|
|
| |
This is needed to have access to newer features like nested virtualization.
Because those features slow down CPU emulation in QEMU, disable SVE and
pointer authentication, which are of less importance for us now.
|
| |
|
|
|
| |
Newer virtual IRQ controllers provide more features, so this should
hopefully increase the coverage.
|
| |
|
|
|
| |
This should be calculated in dispatcher.Pool that actually does boot
VMs.
|
| | |
|
| |
|
|
|
| |
More qemu arguments building into separate function to prevent
linter error about max function length in next commits.
|
| | |
|
| |
|
|
|
|
|
|
| |
Go package names should generally be singular form:
https://go.dev/blog/package-names
https://rakyll.org/style-packages
https://groups.google.com/g/golang-nuts/c/buBwLar1gNw
|
| |
|
|
|
|
| |
New is more idiomatic name and is shorter
(lines where stats.Create is used are usually long,
so making them a bit shorter is good).
|
| |
|
|
| |
Fixes #5028
|
| |
|
|
|
|
|
|
|
| |
Pass Type struct directly during registration.
This allows to add additional optional parameters to VM types
without changing all VM implementations.
We we will need to add SupportsSnapshots flag and one flag to resolve #5028.
With this change it will be possible to add "SupportsSnapshots: true"
to just one VM type implemenetation.
|
| |
|
|
|
|
|
|
|
| |
There was a race between starting the job and resetting the reserved VM
count.
Rewrite the test to let it run regardless of the thread interleaving.
Closes #5090.
|
| |
|
|
|
|
|
|
|
| |
The sleep in Multiplex is unconditional and it sleeps idle
even for commands that has nothting to do with executor,
and for executor in other modes that has nothing to do with fuzzing.
Since the original reason for the sleep was related to failing executor,
sleep only when the command fails. This allows to at least run
successful commands fast.
|
| |
|
|
|
| |
Rely on instance.Pool to perform fuzzing and do bug reproductions.
Extract the reproduction queue logic to separate testable class.
|
| |
|
|
|
|
|
| |
The pool operates on a low level and assumes that there's one default
activity (=fuzzing) that is performed by the VMs and that there are
also occasional non-default activities that must be performed by some
VMs (=bug reproduction).
|
| |
|
|
| |
It's better to follow standard interfaces.
|
| | |
|
| |
|
|
|
| |
If qmp is used all the time for snapshotting,
it produces tons of uniniteresting logs at level 1 (manager web UI).
|
| |
|
|
|
|
| |
Sometimes qemu just returns an "Error: ..." string in reply
instead of returning an error. Handle these cases.
Also log all qmp commands in debug mode.
|
| |
|
|
|
|
| |
It will let us reduce code duplication and use the more appropriate
approach to the graceful Run() shutdown - by enforcing a delay between
stopping the command and stopping the collection of the console output.
|
| |
|
|
|
| |
Introduce a MultiplexConfig structure that contains optional parameters.
Include a Scale parameter to control the intended slowdown.
|
| |
|
|
|
| |
It usually means a kernel crash, in which case we want to give the
kernel some more time to print the whole coverage report to the console.
|
| | |
|
| |
|
|
| |
We never write to the channel.
|
| |
|
|
| |
Make it also "host:port" form ("stdin:0").
|
| |
|
|
|
|
|
| |
Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.
Update #4917 (sets most signal handlers to SIG_IGN)
|
| |
|
|
|
| |
Now these logs go to stdout when syz-manager runs with the `-debug`
flag.
|
| |
|
|
|
|
|
| |
Removes the SYZ_STARNIX_HACK envvar and runs syz-fuzzer
on the VM.
Co-authored-by: mvanotti@google.com
|
| |
|
|
|
|
|
|
|
|
|
| |
fuchsia build instructions:
fx set workbench_eng.x64 --with-base \
//src/testing/fuzzing/syzkaller/starnix:syzkaller_starnix \
&& fx build
Co-authored-by: eep@google.com
Co-authored-by: mvanotti@google.com
|
| |
|
|
| |
This reverts commit 5aa1a7c940d309a8251de3a1fb423ab0cacb6317.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
bhyve recently grew support for using libslirp (from QEMU) as the
networking backend, which is useful for syzkaller since it requires no
configuration on the host. This patch causes syz-manager to make use of
the slirp backend when no VM bridge is configured.
|
