From 4d1df73af9a6d40d3111e3f2a7dfb9f138fbde4b Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Thu, 18 May 2017 16:08:43 +0200 Subject: csource: force enable tun flag when required --- csource/common.go | 12 ++---------- csource/csource.go | 16 ++++++++++++++++ executor/common.h | 12 ++---------- prog/analysis.go | 26 ++++++++++++++++++++++++++ repro/repro.go | 2 +- 5 files changed, 47 insertions(+), 21 deletions(-) diff --git a/csource/common.go b/csource/common.go index 8d4a74146..c0abd4412 100644 --- a/csource/common.go +++ b/csource/common.go @@ -1536,21 +1536,13 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a case __NR_syz_fuseblk_mount: return syz_fuseblk_mount(a0, a1, a2, a3, a4, a5, a6, a7); #endif -#if defined(__NR_syz_emit_ethernet) +#ifdef __NR_syz_emit_ethernet case __NR_syz_emit_ethernet: -#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) return syz_emit_ethernet(a0, a1); -#else - return 0; -#endif #endif -#if defined(__NR_syz_extract_tcp_res) +#ifdef __NR_syz_extract_tcp_res case __NR_syz_extract_tcp_res: -#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) return syz_extract_tcp_res(a0, a1, a2); -#else - return 0; -#endif #endif #ifdef __NR_syz_kvm_setup_cpu case __NR_syz_kvm_setup_cpu: diff --git a/csource/csource.go b/csource/csource.go index ccc235f7e..0a5bcddd7 100644 --- a/csource/csource.go +++ b/csource/csource.go @@ -42,6 +42,18 @@ type Options struct { Repro bool } +func RequiresTun(p *prog.Prog) bool { + for _, c := range p.Calls { + switch c.Meta.CallName { + case "syz_emit_ethernet": + return true + case "syz_extract_tcp_seq": + return true + } + } + return false +} + func Write(p *prog.Prog, opts Options) ([]byte, error) { exec := make([]byte, prog.ExecBufferSize) if err := p.SerializeForExec(exec, 0); err != nil { @@ -49,6 +61,10 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) { } w := new(bytes.Buffer) + if RequiresTun(p) { + opts.EnableTun = true + } + fmt.Fprint(w, "// autogenerated by syzkaller (http://github.com/google/syzkaller)\n\n") handled := make(map[string]int) diff --git a/executor/common.h b/executor/common.h index 032365471..934f98cf5 100644 --- a/executor/common.h +++ b/executor/common.h @@ -627,21 +627,13 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a case __NR_syz_fuseblk_mount: return syz_fuseblk_mount(a0, a1, a2, a3, a4, a5, a6, a7); #endif -#if defined(__NR_syz_emit_ethernet) +#ifdef __NR_syz_emit_ethernet case __NR_syz_emit_ethernet: -#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) return syz_emit_ethernet(a0, a1); -#else - return 0; -#endif #endif -#if defined(__NR_syz_extract_tcp_res) +#ifdef __NR_syz_extract_tcp_res case __NR_syz_extract_tcp_res: -#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) return syz_extract_tcp_res(a0, a1, a2); -#else - return 0; -#endif #endif #ifdef __NR_syz_kvm_setup_cpu case __NR_syz_kvm_setup_cpu: diff --git a/prog/analysis.go b/prog/analysis.go index 5b786c753..67a254273 100644 --- a/prog/analysis.go +++ b/prog/analysis.go @@ -260,3 +260,29 @@ func sanitizeCall(c *Call) { } } } + +func RequiresTun(p *Prog) bool { + for _, c := range p.Calls { + switch c.Meta.CallName { + case "syz_emit_ethernet": + return true + case "syz_extract_tcp_res": + return true + } + } + return false +} + +func RequiresBitmasks(p *Prog) bool { + result := false + for _, c := range p.Calls { + foreachArg(c, func(arg, _ *Arg, _ *[]*Arg) { + if arg.Kind == ArgConst { + if arg.Type.BitfieldOffset() != 0 || arg.Type.BitfieldLength() != 0 { + result = true + } + } + }) + } + return result +} diff --git a/repro/repro.go b/repro/repro.go index f4cfde322..741387af9 100644 --- a/repro/repro.go +++ b/repro/repro.go @@ -278,7 +278,7 @@ func (ctx *context) repro(entries []*prog.LogEntry, crashStart int) (*Result, er } // Try to simplify the C reproducer. - if res.Opts.EnableTun { + if res.Opts.EnableTun && !csource.RequiresTun(res.Prog) { opts = res.Opts opts.EnableTun = false crashed, err := ctx.testCProg(res.Prog, duration, opts) -- cgit mrf-deployment