From 06bf8101debe879447d0ef3a7a5b84cb11fa5acf Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Sun, 2 Jun 2024 11:58:29 +0200 Subject: executor: remove noshmem mode All OSes we have now support shmem. Support for Fuchia/Starnix/Windows wasn't implemented, but generally they support shared memory. Remove all of the complexity and code associated with noshmem mode. If/when we revive these OSes, it's easier to properly implement shmem mode for them. --- Makefile | 8 ++--- executor/common.h | 9 ++---- executor/cov_filter.h | 7 ----- executor/executor.cc | 68 ++---------------------------------------- executor/executor_linux.h | 4 --- executor/executor_test.h | 2 -- executor/nocover.h | 2 -- executor/test.h | 4 --- pkg/compiler/compiler_test.go | 2 +- pkg/compiler/testdata/all.txt | 2 +- pkg/csource/common.go | 1 - pkg/ipc/ipc.go | 59 +++++++++++++----------------------- pkg/ipc/ipc_test.go | 10 +++---- pkg/ipc/ipcconfig/ipcconfig.go | 1 - pkg/runtest/run_test.go | 1 - prog/target.go | 17 +++++------ sys/syz-sysgen/sysgen.go | 9 ++---- sys/targets/targets.go | 51 +++++++++++-------------------- sys/test/arch_32.txt | 2 +- sys/test/csource.txt.const | 2 +- sys/test/expressions.txt.const | 4 +-- sys/test/test.txt.const | 4 +-- sys/test/test/align0 | 4 +-- sys/test/test/align0_be | 4 +-- sys/test/test/bf | 4 +-- sys/test/test/bf2 | 4 +-- sys/test/test/bf2_be | 4 +-- sys/test/test/bf_be | 4 +-- syz-manager/covfilter.go | 3 -- 29 files changed, 78 insertions(+), 218 deletions(-) diff --git a/Makefile b/Makefile index c0f45ebdb..a778d9f65 100644 --- a/Makefile +++ b/Makefile @@ -363,12 +363,8 @@ presubmit_arch_executor: descriptions TARGETOS=fuchsia TARGETARCH=arm64 TARGETVMARCH=arm64 $(MAKE) executor TARGETOS=test TARGETARCH=64 TARGETVMARCH=64 $(MAKE) executor TARGETOS=test TARGETARCH=64_fork TARGETVMARCH=64_fork $(MAKE) executor - TARGETOS=test TARGETARCH=32_shmem TARGETVMARCH=32_shmem $(MAKE) executor - TARGETOS=test TARGETARCH=32_fork_shmem TARGETVMARCH=32_fork_shmem $(MAKE) executor - TARGETOS=test TARGETARCH=64 TARGETVMARCH=64 $(MAKE) executor - TARGETOS=test TARGETARCH=64_fork TARGETVMARCH=64_fork $(MAKE) executor - TARGETOS=test TARGETARCH=32_shmem TARGETVMARCH=32_shmem $(MAKE) executor - TARGETOS=test TARGETARCH=32_fork_shmem TARGETVMARCH=32_fork_shmem $(MAKE) executor + TARGETOS=test TARGETARCH=32 TARGETVMARCH=32 $(MAKE) executor + TARGETOS=test TARGETARCH=32_fork TARGETVMARCH=32_fork $(MAKE) executor presubmit_dashboard: descriptions SYZ_CLANG=yes $(GO) test -short -vet=off -coverprofile=.coverage.txt ./dashboard/app diff --git a/executor/common.h b/executor/common.h index 9ea4ec3d9..b31500802 100644 --- a/executor/common.h +++ b/executor/common.h @@ -654,7 +654,7 @@ static void loop(void) #if SYZ_EXECUTOR close(kInPipeFd); #endif -#if SYZ_EXECUTOR && SYZ_EXECUTOR_USES_SHMEM +#if SYZ_EXECUTOR close(kOutPipeFd); #endif execute_one(); @@ -672,7 +672,7 @@ static void loop(void) // should be as efficient as sigtimedwait. int status = 0; uint64 start = current_time_ms(); -#if SYZ_EXECUTOR && SYZ_EXECUTOR_USES_SHMEM +#if SYZ_EXECUTOR uint64 last_executed = start; uint32 executed_calls = __atomic_load_n(output_data, __ATOMIC_RELAXED); #endif @@ -681,7 +681,6 @@ static void loop(void) break; sleep_ms(1); #if SYZ_EXECUTOR -#if SYZ_EXECUTOR_USES_SHMEM // Even though the test process executes exit at the end // and execution time of each syscall is bounded by syscall_timeout_ms (~50ms), // this backup watchdog is necessary and its performance is important. @@ -704,10 +703,6 @@ static void loop(void) if ((now - start < program_timeout_ms) && (now - start < min_timeout_ms || now - last_executed < inactive_timeout_ms)) continue; -#else - if (current_time_ms() - start < program_timeout_ms) - continue; -#endif #else if (current_time_ms() - start < /*{{{PROGRAM_TIMEOUT_MS}}}*/) continue; diff --git a/executor/cov_filter.h b/executor/cov_filter.h index 192ecbc2d..1119a837a 100644 --- a/executor/cov_filter.h +++ b/executor/cov_filter.h @@ -1,7 +1,6 @@ // Copyright 2020 syzkaller project authors. All rights reserved. // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. -#if SYZ_EXECUTOR_USES_SHMEM #include #include #include @@ -52,9 +51,3 @@ static bool coverage_filter(uint64 pc) uint64 shift = pc % 8; return (cov_filter->bitmap[idx] & (1 << shift)) > 0; } - -#else -static void init_coverage_filter(char* filename) -{ -} -#endif diff --git a/executor/executor.cc b/executor/executor.cc index e1bcd2010..6d39b4230 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -125,7 +125,6 @@ static void receive_handshake(); static void reply_handshake(); #endif -#if SYZ_EXECUTOR_USES_SHMEM #if SYZ_EXECUTOR_USES_FORK_SERVER // Allocating (and forking) virtual memory for each executed process is expensive, so we only mmap // the amount we might possibly need for the specific received prog. @@ -153,7 +152,6 @@ static uint32* write_output_64(uint64 v); static void write_completed(uint32 completed); static uint32 hash(uint32 a); static bool dedup(uint32 sig); -#endif // if SYZ_EXECUTOR_USES_SHMEM uint64 start_time_ms = 0; @@ -318,7 +316,6 @@ struct execute_req { uint64 syscall_timeout_ms; uint64 program_timeout_ms; uint64 slowdown_scale; - uint64 prog_size; }; struct execute_reply { @@ -463,16 +460,11 @@ int main(int argc, char** argv) os_init(argc, argv, (char*)SYZ_DATA_OFFSET, SYZ_NUM_PAGES * SYZ_PAGE_SIZE); current_thread = &threads[0]; -#if SYZ_EXECUTOR_USES_SHMEM void* mmap_out = mmap(NULL, kMaxInput, PROT_READ, MAP_PRIVATE, kInFd, 0); -#else - void* mmap_out = mmap(NULL, kMaxInput, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); -#endif if (mmap_out == MAP_FAILED) fail("mmap of input file failed"); input_data = static_cast(mmap_out); -#if SYZ_EXECUTOR_USES_SHMEM mmap_output(kInitialOutput); // Prevent test programs to mess with these fds. // Due to races in collider mode, a program can e.g. ftruncate one of these fds, @@ -483,7 +475,6 @@ int main(int argc, char** argv) #endif // For SYZ_EXECUTOR_USES_FORK_SERVER, close(kOutFd) is invoked in the forked child, // after the program has been received. -#endif // if SYZ_EXECUTOR_USES_SHMEM use_temporary_dir(); install_segv_handler(); @@ -569,7 +560,6 @@ int main(int argc, char** argv) #endif } -#if SYZ_EXECUTOR_USES_SHMEM // This method can be invoked as many times as one likes - MMAP_FIXED can overwrite the previous // mapping without any problems. The only precondition - kOutFd must not be closed. static void mmap_output(int size) @@ -609,7 +599,6 @@ static void mmap_output(int size) output_data = static_cast(result); output_size = size; } -#endif void setup_control_pipes() { @@ -685,8 +674,6 @@ void receive_execute() fail("control pipe read failed"); if (req.magic != kInMagic) failmsg("bad execute request magic", "magic=0x%llx", req.magic); - if (req.prog_size > kMaxInput) - failmsg("bad execute prog size", "size=0x%llx", req.prog_size); parse_env_flags(req.env_flags); procid = req.pid; syscall_timeout_ms = req.syscall_timeout_ms; @@ -700,31 +687,13 @@ void receive_execute() flag_coverage_filter = req.exec_flags & (1 << 5); debug("[%llums] exec opts: procid=%llu threaded=%d cover=%d comps=%d dedup=%d signal=%d" - " timeouts=%llu/%llu/%llu prog=%llu filter=%d\n", + " timeouts=%llu/%llu/%llu filter=%d\n", current_time_ms() - start_time_ms, procid, flag_threaded, flag_collect_cover, flag_comparisons, flag_dedup_cover, flag_collect_signal, syscall_timeout_ms, - program_timeout_ms, slowdown_scale, req.prog_size, flag_coverage_filter); + program_timeout_ms, slowdown_scale, flag_coverage_filter); if (syscall_timeout_ms == 0 || program_timeout_ms <= syscall_timeout_ms || slowdown_scale == 0) failmsg("bad timeouts", "syscall=%llu, program=%llu, scale=%llu", syscall_timeout_ms, program_timeout_ms, slowdown_scale); - if (SYZ_EXECUTOR_USES_SHMEM) { - if (req.prog_size) - fail("need_prog: no program"); - return; - } - if (req.prog_size == 0) - fail("need_prog: no program"); - uint64 pos = 0; - for (;;) { - ssize_t rv = read(kInPipeFd, input_data + pos, kMaxInput - pos); - if (rv < 0) - fail("read failed"); - pos += rv; - if (rv == 0 || pos >= req.prog_size) - break; - } - if (pos != req.prog_size) - failmsg("bad input size", "size=%lld, want=%lld", pos, req.prog_size); } bool cover_collection_required() @@ -742,7 +711,6 @@ void reply_execute(int status) fail("control pipe write failed"); } -#if SYZ_EXECUTOR_USES_SHMEM void realloc_output_data() { #if SYZ_EXECUTOR_USES_FORK_SERVER @@ -756,17 +724,14 @@ void realloc_output_data() fail("failed to close kOutFd"); #endif } -#endif // if SYZ_EXECUTOR_USES_SHMEM // execute_one executes program stored in input_data. void execute_one() { in_execute_one = true; -#if SYZ_EXECUTOR_USES_SHMEM realloc_output_data(); output_pos = output_data; write_output(0); // Number of executed syscalls (updated later). -#endif // if SYZ_EXECUTOR_USES_SHMEM uint64 start = current_time_ms(); uint8* input_pos = input_data; @@ -1019,7 +984,6 @@ thread_t* schedule_call(int call_index, int call_num, uint64 copyout_index, uint return th; } -#if SYZ_EXECUTOR_USES_SHMEM template void write_coverage_signal(cover_t* cov, uint32* signal_count_pos, uint32* cover_count_pos) { @@ -1069,7 +1033,6 @@ void write_coverage_signal(cover_t* cov, uint32* signal_count_pos, uint32* cover *cover_count_pos = cover_size; } } -#endif // if SYZ_EXECUTOR_USES_SHMEM void handle_completion(thread_t* th) { @@ -1141,7 +1104,6 @@ void write_call_output(thread_t* th, bool finished) call_flags |= call_flag_finished | (th->fault_injected ? call_flag_fault_injected : 0); } -#if SYZ_EXECUTOR_USES_SHMEM write_output(kOutMagic); write_output(th->call_index); write_output(th->call_num); @@ -1182,29 +1144,10 @@ void write_call_output(thread_t* th, bool finished) *signal_count_pos, *cover_count_pos, *comps_count_pos); completed++; write_completed(completed); -#else - call_reply reply; - reply.header.magic = kOutMagic; - reply.header.done = 0; - reply.header.status = 0; - reply.magic = kOutMagic; - reply.call_index = th->call_index; - reply.call_num = th->call_num; - reply.reserrno = reserrno; - reply.flags = call_flags; - reply.signal_size = 0; - reply.cover_size = 0; - reply.comps_size = 0; - if (write(kOutPipeFd, &reply, sizeof(reply)) != sizeof(reply)) - fail("control pipe call write failed"); - debug_verbose("out: index=%u num=%u errno=%d finished=%d blocked=%d\n", - th->call_index, th->call_num, reserrno, finished, blocked); -#endif // if SYZ_EXECUTOR_USES_SHMEM } void write_extra_output() { -#if SYZ_EXECUTOR_USES_SHMEM if (!cover_collection_required() || !flag_extra_coverage || flag_comparisons) return; cover_collect(&extra_cov); @@ -1226,7 +1169,6 @@ void write_extra_output() debug_verbose("extra: sig=%u cover=%u\n", *signal_count_pos, *cover_count_pos); completed++; write_completed(completed); -#endif // if SYZ_EXECUTOR_USES_SHMEM } void thread_create(thread_t* th, int id, bool need_coverage) @@ -1334,7 +1276,6 @@ void execute_call(thread_t* th) debug("\n"); } -#if SYZ_EXECUTOR_USES_SHMEM static uint32 hash(uint32 a) { a = (a ^ 61) ^ (a >> 16); @@ -1365,7 +1306,6 @@ static bool dedup(uint32 sig) dedup_table[sig % dedup_table_size] = sig; return false; } -#endif // if SYZ_EXECUTOR_USES_SHMEM template void copyin_int(char* addr, uint64 val, uint64 bf, uint64 bf_off, uint64 bf_len) @@ -1560,7 +1500,6 @@ uint64 read_input(uint8** input_posp, bool peek) return v; } -#if SYZ_EXECUTOR_USES_SHMEM uint32* write_output(uint32 v) { if (output_pos < output_data || (char*)output_pos >= (char*)output_data + output_size) @@ -1584,9 +1523,7 @@ void write_completed(uint32 completed) { __atomic_store_n(output_data, completed, __ATOMIC_RELEASE); } -#endif // if SYZ_EXECUTOR_USES_SHMEM -#if SYZ_EXECUTOR_USES_SHMEM void kcov_comparison_t::write() { if (type > (KCOV_CMP_CONST | KCOV_CMP_SIZE_MASK)) @@ -1674,7 +1611,6 @@ bool kcov_comparison_t::operator<(const struct kcov_comparison_t& other) const // We don't check for PC equality now, because it is not used. return arg2 < other.arg2; } -#endif // if SYZ_EXECUTOR_USES_SHMEM void setup_features(char** enable, int n) { diff --git a/executor/executor_linux.h b/executor/executor_linux.h index 8b37ea598..3956127cd 100644 --- a/executor/executor_linux.h +++ b/executor/executor_linux.h @@ -95,11 +95,9 @@ static void cover_protect(cover_t* cov) { } -#if SYZ_EXECUTOR_USES_SHMEM static void cover_unprotect(cover_t* cov) { } -#endif static void cover_mmap(cover_t* cov) { @@ -174,7 +172,6 @@ static void cover_collect(cover_t* cov) cov->size = *(uint32*)cov->data; } -#if SYZ_EXECUTOR_USES_SHMEM static bool use_cover_edges(uint32 pc) { return true; @@ -195,7 +192,6 @@ static bool use_cover_edges(uint64 pc) #endif return true; } -#endif static bool detect_kernel_bitness() { diff --git a/executor/executor_test.h b/executor/executor_test.h index 09bfacfdb..dd133e422 100644 --- a/executor/executor_test.h +++ b/executor/executor_test.h @@ -83,7 +83,6 @@ static void cover_mmap(cover_t* cov) cov->pc_offset = 0; } -#if SYZ_EXECUTOR_USES_SHMEM static void cover_unprotect(cover_t* cov) { } @@ -92,4 +91,3 @@ static bool use_cover_edges(uint64 pc) { return true; } -#endif diff --git a/executor/nocover.h b/executor/nocover.h index f07f747b6..0ba7a56cc 100644 --- a/executor/nocover.h +++ b/executor/nocover.h @@ -25,7 +25,6 @@ static void cover_mmap(cover_t* cov) { } -#if SYZ_EXECUTOR_USES_SHMEM static void cover_unprotect(cover_t* cov) { } @@ -34,4 +33,3 @@ static bool use_cover_edges(uint64 pc) { return true; } -#endif diff --git a/executor/test.h b/executor/test.h index 977cbd0ef..d2b0d4b94 100644 --- a/executor/test.h +++ b/executor/test.h @@ -201,7 +201,6 @@ static int test_csum_inet_acc() return 0; } -#if SYZ_EXECUTOR_USES_SHMEM static int test_coverage_filter() { struct tmp_cov_filter_t { @@ -234,7 +233,6 @@ static int test_coverage_filter() flag_coverage_filter = false; return 0; } -#endif static struct { const char* name; @@ -246,9 +244,7 @@ static struct { #if GOOS_linux && (GOARCH_amd64 || GOARCH_ppc64 || GOARCH_ppc64le) {"test_kvm", test_kvm}, #endif -#if SYZ_EXECUTOR_USES_SHMEM {"test_coverage_filter", test_coverage_filter}, -#endif }; static int run_tests() diff --git a/pkg/compiler/compiler_test.go b/pkg/compiler/compiler_test.go index 51bbbdf65..f43b2ccb3 100644 --- a/pkg/compiler/compiler_test.go +++ b/pkg/compiler/compiler_test.go @@ -67,7 +67,7 @@ func TestData(t *testing.T) { // E.g. if we failed to parse descriptions, we won't run type checking at all. // Because of this we have one file per phase. for _, name := range []string{"errors.txt", "errors2.txt", "errors3.txt", "warnings.txt", "all.txt"} { - for _, arch := range []string{targets.TestArch32Shmem, targets.TestArch64} { + for _, arch := range []string{targets.TestArch32, targets.TestArch64} { name, arch := name, arch t.Run(fmt.Sprintf("%v/%v", name, arch), func(t *testing.T) { t.Parallel() diff --git a/pkg/compiler/testdata/all.txt b/pkg/compiler/testdata/all.txt index d1baef2f9..38511c2c7 100644 --- a/pkg/compiler/testdata/all.txt +++ b/pkg/compiler/testdata/all.txt @@ -2,7 +2,7 @@ # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. meta noextract -meta arches["32_shmem", "32_fork_shmem", "64", "64_fork"] +meta arches["32", "32_fork", "64", "64_fork"] foo_0(a int8) foo_1(a int8[C1:C2]) diff --git a/pkg/csource/common.go b/pkg/csource/common.go index 109863418..188be26c2 100644 --- a/pkg/csource/common.go +++ b/pkg/csource/common.go @@ -128,7 +128,6 @@ func commonDefines(p *prog.Prog, opts Options) map[string]bool { "SYZ_802154": opts.IEEE802154, "SYZ_SYSCTL": opts.Sysctl, "SYZ_SWAP": opts.Swap, - "SYZ_EXECUTOR_USES_SHMEM": sysTarget.ExecutorUsesShmem, "SYZ_EXECUTOR_USES_FORK_SERVER": sysTarget.ExecutorUsesForkServer, } } diff --git a/pkg/ipc/ipc.go b/pkg/ipc/ipc.go index 84a7b9541..2cde21ce4 100644 --- a/pkg/ipc/ipc.go +++ b/pkg/ipc/ipc.go @@ -29,7 +29,6 @@ type Config struct { // Path to executor binary. Executor string - UseShmem bool // use shared memory instead of pipes for communication UseForkServer bool // use extended protocol with handshake RateLimit bool // rate limit start of new processes for host fuzzer mode @@ -152,29 +151,25 @@ func MakeEnv(config *Config, pid int) (*Env, error) { } var inf, outf *os.File var inmem, outmem []byte - if config.UseShmem { - var err error - inf, inmem, err = osutil.CreateMemMappedFile(prog.ExecBufferSize) - if err != nil { - return nil, err - } - defer func() { - if inf != nil { - osutil.CloseMemMappedFile(inf, inmem) - } - }() - outf, outmem, err = osutil.CreateMemMappedFile(outputSize) - if err != nil { - return nil, err + var err error + inf, inmem, err = osutil.CreateMemMappedFile(prog.ExecBufferSize) + if err != nil { + return nil, err + } + defer func() { + if inf != nil { + osutil.CloseMemMappedFile(inf, inmem) } - defer func() { - if outf != nil { - osutil.CloseMemMappedFile(outf, outmem) - } - }() - } else { - outmem = make([]byte, outputSize) + }() + outf, outmem, err = osutil.CreateMemMappedFile(outputSize) + if err != nil { + return nil, err } + defer func() { + if outf != nil { + osutil.CloseMemMappedFile(outf, outmem) + } + }() env := &Env{ in: inmem, out: outmem, @@ -249,10 +244,7 @@ func (env *Env) ExecProg(opts *flatrpc.ExecOpts, progData []byte) ( return } // Copy-in serialized program. - if env.config.UseShmem { - copy(env.in, progData) - progData = nil - } + copy(env.in, progData) // Zero out the first two words (ncmd and nsig), so that we don't have garbage there // if executor crashes before writing non-garbage there. for i := 0; i < 4; i++ { @@ -265,7 +257,7 @@ func (env *Env) ExecProg(opts *flatrpc.ExecOpts, progData []byte) ( } start := osutil.MonotonicNano() - output, hanged, err0 = env.cmd.exec(opts, progData) + output, hanged, err0 = env.cmd.exec(opts) elapsed := osutil.MonotonicNano() - start if err0 != nil { env.cmd.close() @@ -521,9 +513,6 @@ type executeReq struct { syscallTimeoutMS uint64 programTimeoutMS uint64 slowdownScale uint64 - progSize uint64 - // This structure is followed by a serialized test program in encodingexec format. - // Both when sent over a pipe or in shared memory. } type executeReply struct { @@ -737,7 +726,7 @@ func (c *command) wait() error { return <-c.exited } -func (c *command) exec(opts *flatrpc.ExecOpts, progData []byte) (output []byte, hanged bool, err0 error) { +func (c *command) exec(opts *flatrpc.ExecOpts) (output []byte, hanged bool, err0 error) { if c.flags != opts.EnvFlags || c.sandboxArg != opts.SandboxArg { panic("wrong command") } @@ -749,7 +738,6 @@ func (c *command) exec(opts *flatrpc.ExecOpts, progData []byte) (output []byte, syscallTimeoutMS: uint64(c.config.Timeouts.Syscall / time.Millisecond), programTimeoutMS: uint64(c.config.Timeouts.Program / time.Millisecond), slowdownScale: uint64(c.config.Timeouts.Scale), - progSize: uint64(len(progData)), } reqData := (*[unsafe.Sizeof(*req)]byte)(unsafe.Pointer(req))[:] if _, err := c.outwp.Write(reqData); err != nil { @@ -757,13 +745,6 @@ func (c *command) exec(opts *flatrpc.ExecOpts, progData []byte) (output []byte, err0 = fmt.Errorf("executor %v: failed to write control pipe: %w", c.pid, err) return } - if progData != nil { - if _, err := c.outwp.Write(progData); err != nil { - output = <-c.readDone - err0 = fmt.Errorf("executor %v: failed to write control pipe: %w", c.pid, err) - return - } - } // At this point program is executing. done := make(chan bool) diff --git a/pkg/ipc/ipc_test.go b/pkg/ipc/ipc_test.go index 74a055635..c70bfe79c 100644 --- a/pkg/ipc/ipc_test.go +++ b/pkg/ipc/ipc_test.go @@ -23,7 +23,7 @@ import ( "github.com/google/syzkaller/sys/targets" ) -func initTest(t *testing.T) (*prog.Target, rand.Source, int, bool, bool, targets.Timeouts) { +func initTest(t *testing.T) (*prog.Target, rand.Source, int, bool, targets.Timeouts) { t.Parallel() iters := 100 if testing.Short() { @@ -38,7 +38,7 @@ func initTest(t *testing.T) (*prog.Target, rand.Source, int, bool, bool, targets t.Fatal(err) } rs := testutil.RandSource(t) - return target, rs, iters, cfg.UseShmem, cfg.UseForkServer, cfg.Timeouts + return target, rs, iters, cfg.UseForkServer, cfg.Timeouts } // TestExecutor runs all internal executor unit tests. @@ -77,7 +77,7 @@ func prepareTestProgram(target *prog.Target) *prog.Prog { } func TestExecute(t *testing.T) { - target, _, _, useShmem, useForkServer, timeouts := initTest(t) + target, _, _, useForkServer, timeouts := initTest(t) bin := csource.BuildExecutor(t, target, "../..") @@ -86,7 +86,6 @@ func TestExecute(t *testing.T) { t.Logf("testing flags 0x%x", flag) cfg := &Config{ Executor: bin, - UseShmem: useShmem, UseForkServer: useForkServer, Timeouts: timeouts, } @@ -122,11 +121,10 @@ func TestExecute(t *testing.T) { } func TestParallel(t *testing.T) { - target, _, _, useShmem, useForkServer, timeouts := initTest(t) + target, _, _, useForkServer, timeouts := initTest(t) bin := csource.BuildExecutor(t, target, "../..") cfg := &Config{ Executor: bin, - UseShmem: useShmem, UseForkServer: useForkServer, Timeouts: timeouts, } diff --git a/pkg/ipc/ipcconfig/ipcconfig.go b/pkg/ipc/ipcconfig/ipcconfig.go index 3e4b6fd8e..aef709a23 100644 --- a/pkg/ipc/ipcconfig/ipcconfig.go +++ b/pkg/ipc/ipcconfig/ipcconfig.go @@ -28,7 +28,6 @@ func Default(target *prog.Target) (*ipc.Config, *flatrpc.ExecOpts, error) { Executor: *flagExecutor, Timeouts: sysTarget.Timeouts(*flagSlowdown), } - c.UseShmem = sysTarget.ExecutorUsesShmem c.UseForkServer = sysTarget.ExecutorUsesForkServer c.RateLimit = sysTarget.HostFuzzer && target.OS != targets.TestOS diff --git a/pkg/runtest/run_test.go b/pkg/runtest/run_test.go index fb3f8b8e9..8ccfb3ef6 100644 --- a/pkg/runtest/run_test.go +++ b/pkg/runtest/run_test.go @@ -107,7 +107,6 @@ func test(t *testing.T, sysTarget *targets.Target) { func runTest(req *queue.Request, executor string) *queue.Result { cfg := new(ipc.Config) sysTarget := targets.Get(req.Prog.Target.OS, req.Prog.Target.Arch) - cfg.UseShmem = sysTarget.ExecutorUsesShmem cfg.UseForkServer = sysTarget.ExecutorUsesForkServer cfg.Timeouts = sysTarget.Timeouts(1) cfg.Executor = executor diff --git a/prog/target.go b/prog/target.go index bb49a6f5c..4ac0e9a27 100644 --- a/prog/target.go +++ b/prog/target.go @@ -14,15 +14,14 @@ import ( // Target describes target OS/arch pair. type Target struct { - OS string - Arch string - Revision string // unique hash representing revision of the descriptions - PtrSize uint64 - PageSize uint64 - NumPages uint64 - DataOffset uint64 - LittleEndian bool - ExecutorUsesShmem bool + OS string + Arch string + Revision string // unique hash representing revision of the descriptions + PtrSize uint64 + PageSize uint64 + NumPages uint64 + DataOffset uint64 + LittleEndian bool Syscalls []*Syscall Resources []*ResourceDesc diff --git a/sys/syz-sysgen/sysgen.go b/sys/syz-sysgen/sysgen.go index f170ad410..0022cea12 100644 --- a/sys/syz-sysgen/sysgen.go +++ b/sys/syz-sysgen/sysgen.go @@ -42,7 +42,6 @@ type Define struct { type ArchData struct { Revision string ForkServer int - Shmem int GOARCH string PageSize uint64 NumPages uint64 @@ -252,11 +251,11 @@ func generate(target *targets.Target, prg *compiler.Prog, consts map[string]uint fmt.Fprintf(out, "func init() {\n") fmt.Fprintf(out, "\tRegisterTarget(&Target{"+ "OS: %q, Arch: %q, Revision: revision_%v, PtrSize: %v, PageSize: %v, "+ - "NumPages: %v, DataOffset: %v, LittleEndian: %v, ExecutorUsesShmem: %v, "+ + "NumPages: %v, DataOffset: %v, LittleEndian: %v, "+ "Syscalls: syscalls_%v, Resources: resources_%v, Consts: consts_%v,"+ "Flags: flags_%v}, types_%v, InitTarget)\n}\n\n", target.OS, target.Arch, target.Arch, target.PtrSize, target.PageSize, - target.NumPages, target.DataOffset, target.LittleEndian, target.ExecutorUsesShmem, + target.NumPages, target.DataOffset, target.LittleEndian, target.Arch, target.Arch, target.Arch, target.Arch, target.Arch) fmt.Fprintf(out, "var resources_%v = ", target.Arch) @@ -298,9 +297,6 @@ func generateExecutorSyscalls(target *targets.Target, syscalls []*prog.Syscall, if target.ExecutorUsesForkServer { data.ForkServer = 1 } - if target.ExecutorUsesShmem { - data.Shmem = 1 - } defines := make(map[string]string) for _, c := range syscalls { var attrVals []uint64 @@ -417,7 +413,6 @@ struct call_props_t { {{range $attr := $.CallProps}} #define GOARCH "{{.GOARCH}}" #define SYZ_REVISION "{{.Revision}}" #define SYZ_EXECUTOR_USES_FORK_SERVER {{.ForkServer}} -#define SYZ_EXECUTOR_USES_SHMEM {{.Shmem}} #define SYZ_PAGE_SIZE {{.PageSize}} #define SYZ_NUM_PAGES {{.NumPages}} #define SYZ_DATA_OFFSET {{.DataOffset}} diff --git a/sys/targets/targets.go b/sys/targets/targets.go index 35068af01..5483897a1 100644 --- a/sys/targets/targets.go +++ b/sys/targets/targets.go @@ -66,8 +66,6 @@ type osCommon struct { // E.g. "__NR_" or "SYS_". SyscallPrefix string // ipc<->executor communication tuning. - // If ExecutorUsesShmem, programs and coverage are passed through shmem, otherwise via pipes. - ExecutorUsesShmem bool // If ExecutorUsesForkServer, executor uses extended protocol with handshake. ExecutorUsesForkServer bool // Special mode for OSes that do not have support for building Go binaries. @@ -139,19 +137,19 @@ const ( GVisor = "gvisor" Starnix = "starnix" - AMD64 = "amd64" - ARM64 = "arm64" - ARM = "arm" - I386 = "386" - MIPS64LE = "mips64le" - PPC64LE = "ppc64le" - S390x = "s390x" - RiscV64 = "riscv64" - TestArch64 = "64" - TestArch64Fuzz = "64_fuzz" - TestArch64Fork = "64_fork" - TestArch32Shmem = "32_shmem" - TestArch32ForkShmem = "32_fork_shmem" + AMD64 = "amd64" + ARM64 = "arm64" + ARM = "arm" + I386 = "386" + MIPS64LE = "mips64le" + PPC64LE = "ppc64le" + S390x = "s390x" + RiscV64 = "riscv64" + TestArch64 = "64" + TestArch64Fuzz = "64_fuzz" + TestArch64Fork = "64_fork" + TestArch32 = "32" + TestArch32Fork = "32_fork" ) func Get(OS, arch string) *Target { @@ -193,7 +191,6 @@ var List = map[string]map[string]*Target{ osCommon: osCommon{ SyscallNumbers: true, SyscallPrefix: "SYS_", - ExecutorUsesShmem: false, ExecutorUsesForkServer: false, }, }, @@ -205,7 +202,6 @@ var List = map[string]map[string]*Target{ osCommon: osCommon{ SyscallNumbers: true, SyscallPrefix: "SYS_", - ExecutorUsesShmem: true, ExecutorUsesForkServer: true, }, }, @@ -222,11 +218,10 @@ var List = map[string]map[string]*Target{ osCommon: osCommon{ SyscallNumbers: true, SyscallPrefix: "SYS_", - ExecutorUsesShmem: false, ExecutorUsesForkServer: true, }, }, - TestArch32Shmem: { + TestArch32: { PtrSize: 4, PageSize: 8 << 10, Int64Alignment: 4, @@ -235,11 +230,10 @@ var List = map[string]map[string]*Target{ SyscallNumbers: true, Int64SyscallArgs: true, SyscallPrefix: "SYS_", - ExecutorUsesShmem: true, ExecutorUsesForkServer: false, }, }, - TestArch32ForkShmem: { + TestArch32Fork: { PtrSize: 4, PageSize: 4 << 10, CFlags: []string{"-static-pie"}, @@ -247,7 +241,6 @@ var List = map[string]map[string]*Target{ SyscallNumbers: true, Int64SyscallArgs: true, SyscallPrefix: "SYS_", - ExecutorUsesShmem: true, ExecutorUsesForkServer: true, HostFuzzer: true, }, @@ -498,7 +491,6 @@ var oses = map[string]osCommon{ Linux: { SyscallNumbers: true, SyscallPrefix: "__NR_", - ExecutorUsesShmem: true, ExecutorUsesForkServer: true, KernelObject: "vmlinux", PseudoSyscallDeps: map[string][]string{ @@ -515,7 +507,6 @@ var oses = map[string]osCommon{ SyscallNumbers: true, Int64SyscallArgs: true, SyscallPrefix: "SYS_", - ExecutorUsesShmem: true, ExecutorUsesForkServer: true, KernelObject: "kernel.full", CPP: "g++", @@ -530,10 +521,9 @@ var oses = map[string]osCommon{ }, }, Darwin: { - SyscallNumbers: true, - Int64SyscallArgs: true, - SyscallPrefix: "SYS_", - ExecutorUsesShmem: true, + SyscallNumbers: true, + Int64SyscallArgs: true, + SyscallPrefix: "SYS_", // FIXME(HerrSpace): ForkServer is b0rked in a peculiar way. I did some // printf debugging in parseOutput in ipc.go. It usually works for a // few executions. Eventually the reported ncmd stops making sense and @@ -553,14 +543,12 @@ var oses = map[string]osCommon{ BuildOS: Linux, SyscallNumbers: true, SyscallPrefix: "SYS_", - ExecutorUsesShmem: true, ExecutorUsesForkServer: true, KernelObject: "netbsd.gdb", }, OpenBSD: { SyscallNumbers: false, SyscallPrefix: "SYS_", - ExecutorUsesShmem: true, ExecutorUsesForkServer: true, KernelObject: "bsd.gdb", CPP: "ecpp", @@ -568,7 +556,6 @@ var oses = map[string]osCommon{ Fuchsia: { BuildOS: Linux, SyscallNumbers: false, - ExecutorUsesShmem: false, ExecutorUsesForkServer: false, HostFuzzer: true, ExecutorBin: "syz-executor", @@ -576,7 +563,6 @@ var oses = map[string]osCommon{ }, Windows: { SyscallNumbers: false, - ExecutorUsesShmem: false, ExecutorUsesForkServer: false, ExeExtension: ".exe", KernelObject: "vmlinux", @@ -765,7 +751,6 @@ func initTarget(target *Target, OS, arch string) { } // Temporal hack. if OS == Linux && os.Getenv("SYZ_STARNIX_HACK") != "" { - target.ExecutorUsesShmem = false target.ExecutorUsesForkServer = false target.HostFuzzer = true } diff --git a/sys/test/arch_32.txt b/sys/test/arch_32.txt index 192f308c3..aaa9963a9 100644 --- a/sys/test/arch_32.txt +++ b/sys/test/arch_32.txt @@ -1,7 +1,7 @@ # Copyright 2022 syzkaller project authors. All rights reserved. # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. -meta arches["32_shmem", "32_fork_shmem"] +meta arches["32", "32_fork"] resource unsupported3[int32] diff --git a/sys/test/csource.txt.const b/sys/test/csource.txt.const index 2c90daac7..3a0343e4d 100644 --- a/sys/test/csource.txt.const +++ b/sys/test/csource.txt.const @@ -1,4 +1,4 @@ -arches = 32_fork_shmem, 32_shmem, 64, 64_fork +arches = 32, 32_fork, 64, 64_fork BIT_0 = 1 BIT_1 = 2 BIT_0_AND_1 = 3 diff --git a/sys/test/expressions.txt.const b/sys/test/expressions.txt.const index 77e181281..02c3c0e23 100644 --- a/sys/test/expressions.txt.const +++ b/sys/test/expressions.txt.const @@ -1,3 +1,3 @@ -arches = 32_fork_shmem, 32_shmem, 64, 64_fork, 64_fuzz +arches = 32, 32_fork, 64, 64_fork, 64_fuzz FIELD_FLAG1 = 2 -FIELD_FLAG2 = 4 \ No newline at end of file +FIELD_FLAG2 = 4 diff --git a/sys/test/test.txt.const b/sys/test/test.txt.const index 11f548df0..de2507e56 100644 --- a/sys/test/test.txt.const +++ b/sys/test/test.txt.const @@ -1,6 +1,6 @@ -arches = 32_fork_shmem, 32_shmem, 64, 64_fork +arches = 32, 32_fork, 64, 64_fork IPPROTO_ICMPV6 = 58 IPPROTO_TCP = 6 IPPROTO_UDP = 17 -ONLY_32BITS_CONST = 32_fork_shmem:1, 32_shmem:1 +ONLY_32BITS_CONST = 32:1, 32_fork:1 ARCH_64_SPECIFIC_CONST = 64:10 diff --git a/sys/test/test/align0 b/sys/test/test/align0 index 82272f5a9..e2aaf61ee 100644 --- a/sys/test/test/align0 +++ b/sys/test/test/align0 @@ -1,5 +1,5 @@ -# 32_shmem has 4-byte alignment for int64 and everything goes havoc. -# requires: -arch=32_shmem littleendian +# 32 has 4-byte alignment for int64 and everything goes havoc. +# requires: -arch=32 littleendian syz_compare(&AUTO="010000000200000003000400000000000500000000000000", 0x18, &AUTO=@align0={0x1, 0x2, 0x3, 0x4, 0x5}, AUTO) syz_compare(&AUTO="", 0x18, &AUTO=@align0={0x0, 0x0, 0x0, 0x0, 0x0}, 0x17) # EBADF diff --git a/sys/test/test/align0_be b/sys/test/test/align0_be index 00f251cc9..f9072e841 100644 --- a/sys/test/test/align0_be +++ b/sys/test/test/align0_be @@ -1,5 +1,5 @@ -# 32_shmem has 4-byte alignment for int64 and everything goes havoc. -# requires: -arch=32_shmem -littleendian +# 32 has 4-byte alignment for int64 and everything goes havoc. +# requires: -arch=32 -littleendian syz_compare(&AUTO="000100000000000203000004000000000000000000000005", 0x18, &AUTO=@align0={0x1, 0x2, 0x3, 0x4, 0x5}, AUTO) syz_compare(&AUTO="", 0x18, &AUTO=@align0={0x0, 0x0, 0x0, 0x0, 0x0}, 0x17) # EBADF diff --git a/sys/test/test/bf b/sys/test/test/bf index f35ff1336..6d7bb6364 100644 --- a/sys/test/test/bf +++ b/sys/test/test/bf @@ -1,5 +1,5 @@ -# 32_shmem has 4-byte alignment for int64 and everything goes havoc. -# requires: -arch=32_shmem littleendian +# 32 has 4-byte alignment for int64 and everything goes havoc. +# requires: -arch=32 littleendian syz_compare(&AUTO="ab03000000000000cdcdcdcdcdcdcdcdebffff03ab0303abaa00000000000000", 0x20, &AUTO=@bf0={0xabab, 0xcdcdcdcdcdcdcdcd, 0xabab, 0xffff, 0xffffff, 0xabab, 0xabab, 0xaaa}, AUTO) syz_compare(&AUTO="dcfcde563422f10e", 0x8, &AUTO=@bf2={0x0abc, 0x0bcd, 0xcdef, 0x123456, 0x78ef12}, AUTO) diff --git a/sys/test/test/bf2 b/sys/test/test/bf2 index e0345388b..82b9a0a1f 100644 --- a/sys/test/test/bf2 +++ b/sys/test/test/bf2 @@ -1,5 +1,5 @@ -# 32_shmem has 4-byte alignment for int64 and everything goes havoc. -# requires: -arch=32_shmem littleendian +# 32 has 4-byte alignment for int64 and everything goes havoc. +# requires: -arch=32 littleendian syz_compare(&AUTO="1200000034067800", AUTO, &AUTO=@bf4={0x12, {0x34, 0x56, 0x78}}, AUTO) syz_compare(&AUTO="1200000034060000", AUTO, &AUTO=@bf5={0x12, {0x34, 0x56}}, AUTO) diff --git a/sys/test/test/bf2_be b/sys/test/test/bf2_be index 094c3f6e2..1c39a9f99 100644 --- a/sys/test/test/bf2_be +++ b/sys/test/test/bf2_be @@ -1,5 +1,5 @@ -# 32_shmem has 4-byte alignment for int64 and everything goes havoc. -# requires: -arch=32_shmem -littleendian +# 32 has 4-byte alignment for int64 and everything goes havoc. +# requires: -arch=32 -littleendian syz_compare(&AUTO="1200000034607800", AUTO, &AUTO=@bf4={0x12, {0x34, 0x56, 0x78}}, AUTO) syz_compare(&AUTO="1200000034600000", AUTO, &AUTO=@bf5={0x12, {0x34, 0x56}}, AUTO) diff --git a/sys/test/test/bf_be b/sys/test/test/bf_be index 4c7fc85ec..b03794e91 100644 --- a/sys/test/test/bf_be +++ b/sys/test/test/bf_be @@ -1,5 +1,5 @@ -# 32_shmem has 4-byte alignment for int64 and everything goes havoc. -# requires: -arch=32_shmem -littleendian +# 32 has 4-byte alignment for int64 and everything goes havoc. +# requires: -arch=32 -littleendian syz_compare(&AUTO="eac0000000000000cdcdcdcdcdcdcdcd5fffffc075607560aa", 0x20, &AUTO=@bf0={0xabab, 0xcdcdcdcdcdcdcdcd, 0xabab, 0xffff, 0xffffff, 0xabab, 0xabab, 0xaaa}, AUTO) syz_compare(&AUTO="ccddef23456ef120", 0x8, &AUTO=@bf2={0x0abc, 0x0bcd, 0xcdef, 0x123456, 0x78ef12}, AUTO) diff --git a/syz-manager/covfilter.go b/syz-manager/covfilter.go index e1a5e840c..4477fd25d 100644 --- a/syz-manager/covfilter.go +++ b/syz-manager/covfilter.go @@ -50,9 +50,6 @@ func createCoverageFilter(cfg *mgrconfig.Config, modules []cover.KernelModule) ( if len(pcs) == 0 { return nil, nil, nil } - if !cfg.SysTarget.ExecutorUsesShmem { - return nil, nil, fmt.Errorf("coverage filter is only supported for targets that use shmem") - } // Copy pcs into execPCs. This is used to filter coverage in the executor. execPCs := make(map[uint64]uint32) for pc, val := range pcs { -- cgit mrf-deployment