From 34889ee3b09e7b4d381828377aa6173bfcc36cc7 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Tue, 28 May 2024 11:01:35 +0200
Subject: executor: fix coverfilter header size

Manager was switched to 64-bit PCs, but executor still expected
4-byte PC start in the header.
Fix it and switch size to uint64 for simplicity as well.
---
 executor/cov_filter.h         | 17 ++++++++---------
 executor/test.h               | 19 +++++++++----------
 syz-manager/covfilter.go      | 14 +++++++-------
 syz-manager/covfilter_test.go |  2 +-
 4 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/executor/cov_filter.h b/executor/cov_filter.h
index 61f8f9e3f..192ecbc2d 100644
--- a/executor/cov_filter.h
+++ b/executor/cov_filter.h
@@ -7,8 +7,8 @@
 #include <sys/stat.h>
 
 struct cov_filter_t {
-	uint32 pcstart;
-	uint32 pcsize;
+	uint64 pcstart;
+	uint64 pcsize;
 	uint8 bitmap[];
 };
 
@@ -31,7 +31,7 @@ static void init_coverage_filter(char* filename)
 	cov_filter = (cov_filter_t*)mmap(preferred, st.st_size, PROT_READ, MAP_PRIVATE, f, 0);
 	if (cov_filter != preferred)
 		failmsg("failed to mmap coverage filter bitmap", "want=%p, got=%p", preferred, cov_filter);
-	if ((uint32)st.st_size != sizeof(uint32) * 2 + ((cov_filter->pcsize >> 4) / 8 + 2))
+	if ((uint32)st.st_size != sizeof(uint64) * 2 + ((cov_filter->pcsize >> 4) / 8 + 2))
 		fail("bad coverage filter bitmap size");
 	close(f);
 }
@@ -43,14 +43,13 @@ static bool coverage_filter(uint64 pc)
 	if (cov_filter == NULL)
 		fail("coverage filter was enabled but bitmap initialization failed");
 	// Prevent out of bound while searching bitmap.
-	uint32 pc32 = (uint32)(pc & 0xffffffff);
-	if (pc32 < cov_filter->pcstart || pc32 > cov_filter->pcstart + cov_filter->pcsize)
+	if (pc < cov_filter->pcstart || pc > cov_filter->pcstart + cov_filter->pcsize)
 		return false;
 	// For minimizing the size of bitmap, the lowest 4-bit will be dropped.
-	pc32 -= cov_filter->pcstart;
-	pc32 = pc32 >> 4;
-	uint32 idx = pc32 / 8;
-	uint32 shift = pc32 % 8;
+	pc -= cov_filter->pcstart;
+	pc = pc >> 4;
+	uint64 idx = pc / 8;
+	uint64 shift = pc % 8;
 	return (cov_filter->bitmap[idx] & (1 << shift)) > 0;
 }
 
diff --git a/executor/test.h b/executor/test.h
index 9cbc88cc1..977cbd0ef 100644
--- a/executor/test.h
+++ b/executor/test.h
@@ -205,30 +205,29 @@ static int test_csum_inet_acc()
 static int test_coverage_filter()
 {
 	struct tmp_cov_filter_t {
-		uint32 pcstart;
-		uint32 pcsize;
+		uint64 pcstart;
+		uint64 pcsize;
 		uint8 bitmap[((0x1000 >> 4) + 7) / 8];
 	};
 	static struct tmp_cov_filter_t tmp_cov_filter;
-	tmp_cov_filter.pcstart = 0x81000000;
+	tmp_cov_filter.pcstart = 0xffffffff81000000;
 	tmp_cov_filter.pcsize = 0x1000;
 	cov_filter = (cov_filter_t*)&tmp_cov_filter;
 	flag_coverage_filter = true;
 
-	uint64 full_enable_pc = 0xffffffff81000765;
-	uint64 full_disable_pc = 0xffffffff81000627;
-	uint64 full_out_pc = 0xffffffff82000000;
+	uint64 enable_pc = 0xffffffff81000765;
+	uint64 disable_pc = 0xffffffff81000627;
+	uint64 out_pc = 0xffffffff82000000;
 
-	uint32 enable_pc = (uint32)full_enable_pc & 0xffffffff;
 	uint32 idx = ((enable_pc - cov_filter->pcstart) >> 4) / 8;
 	uint32 shift = ((enable_pc - cov_filter->pcstart) >> 4) % 8;
 	cov_filter->bitmap[idx] |= (1 << shift);
 
-	if (!coverage_filter(full_enable_pc))
+	if (!coverage_filter(enable_pc))
 		return 1;
-	if (coverage_filter(full_disable_pc))
+	if (coverage_filter(disable_pc))
 		return 1;
-	if (coverage_filter(full_out_pc))
+	if (coverage_filter(out_pc))
 		return 1;
 
 	cov_filter = NULL;
diff --git a/syz-manager/covfilter.go b/syz-manager/covfilter.go
index 2bf3adeec..e1a5e840c 100644
--- a/syz-manager/covfilter.go
+++ b/syz-manager/covfilter.go
@@ -141,16 +141,16 @@ func createCoverageBitmap(cfg *mgrconfig.Config, pcs map[uint64]uint32) []byte {
 		return nil
 	}
 	start, size := coverageFilterRegion(pcs)
-	log.Logf(0, "coverage filter from 0x%x to 0x%x, size 0x%x, pcs %v", start, start+uint64(size), size, len(pcs))
-	// The file starts with two uint32: covFilterStart and covFilterSize,
+	log.Logf(2, "coverage filter from 0x%x to 0x%x, size 0x%x, pcs %v", start, start+size, size, len(pcs))
+	// The file starts with two uint64: covFilterStart and covFilterSize,
 	// and a bitmap with size ((covFilterSize>>4)/8+2 bytes follow them.
 	// 8-bit = 1-byte
-	data := make([]byte, 12+((size>>4)/8+2))
+	data := make([]byte, 16+((size>>4)/8+2))
 	order := cfg.SysTarget.HostEndian
 	order.PutUint64(data, start)
-	order.PutUint32(data[8:], size)
+	order.PutUint64(data[8:], size)
 
-	bitmap := data[12:]
+	bitmap := data[16:]
 	for pc := range pcs {
 		// The lowest 4-bit is dropped.
 		pc = backend.NextInstructionPC(cfg.SysTarget, cfg.Type, pc)
@@ -160,7 +160,7 @@ func createCoverageBitmap(cfg *mgrconfig.Config, pcs map[uint64]uint32) []byte {
 	return data
 }
 
-func coverageFilterRegion(pcs map[uint64]uint32) (uint64, uint32) {
+func coverageFilterRegion(pcs map[uint64]uint32) (uint64, uint64) {
 	start, end := ^uint64(0), uint64(0)
 	for pc := range pcs {
 		if start > pc {
@@ -170,7 +170,7 @@ func coverageFilterRegion(pcs map[uint64]uint32) (uint64, uint32) {
 			end = pc
 		}
 	}
-	return start, uint32(end - start)
+	return start, end - start
 }
 
 func compileRegexps(regexpStrings []string) ([]*regexp.Regexp, error) {
diff --git a/syz-manager/covfilter_test.go b/syz-manager/covfilter_test.go
index 5c0bbbaf9..43c8549d0 100644
--- a/syz-manager/covfilter_test.go
+++ b/syz-manager/covfilter_test.go
@@ -28,7 +28,7 @@ func TestCreateBitmap(t *testing.T) {
 	if start != 0x81000002 || size != 0x20001b {
 		t.Fatalf("bad region 0x%x/0x%x", start, size)
 	}
-	for i, byte := range bitmap[12:] {
+	for i, byte := range bitmap[16:] {
 		var expect uint8
 		switch i {
 		case 0:
-- 
cgit mrf-deployment