From 73a895df6168bc12559d1fa16aae7e52646d7ec3 Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Thu, 18 May 2017 17:03:02 +0200 Subject: csource: use sandbox only when required --- csource/common.go | 2 ++ csource/csource.go | 41 ++++++++++++++++++++++++++++++++--------- csource/csource_test.go | 2 +- executor/common.h | 2 ++ repro/repro.go | 11 +++++++++++ tools/syz-prog2c/prog2c.go | 2 +- 6 files changed, 49 insertions(+), 11 deletions(-) diff --git a/csource/common.go b/csource/common.go index 3ac10334d..74f4aba35 100644 --- a/csource/common.go +++ b/csource/common.go @@ -1556,6 +1556,7 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a } } +#if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NONE) || defined(SYZ_SANDBOX_SETUID) || defined(SYZ_SANDBOX_NAMESPACE) static void loop(); static void sandbox_common() @@ -1578,6 +1579,7 @@ static void sandbox_common() unshare(CLONE_NEWIPC); unshare(CLONE_IO); } +#endif #if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NONE) static int do_sandbox_none(int executor_pid, bool enable_tun) diff --git a/csource/csource.go b/csource/csource.go index 8faae8e5e..603cb37f5 100644 --- a/csource/csource.go +++ b/csource/csource.go @@ -86,9 +86,16 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) { if opts.UseTmpDir { fmt.Fprintf(w, "\tuse_temporary_dir();\n") } - fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun) - fmt.Fprint(w, "\tint status = 0;\n") - fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n") + if opts.Sandbox != "" { + fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun) + fmt.Fprint(w, "\tint status = 0;\n") + fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n") + } else { + if opts.EnableTun { + fmt.Fprintf(w, "\tsetup_tun(0, %v);\n", opts.EnableTun) + } + fmt.Fprint(w, "\tloop();\n") + } fmt.Fprint(w, "\treturn 0;\n}\n") } else { generateTestFunc(w, opts, calls, "test") @@ -100,9 +107,16 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) { if opts.UseTmpDir { fmt.Fprintf(w, "\tuse_temporary_dir();\n") } - fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun) - fmt.Fprint(w, "\tint status = 0;\n") - fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n") + if opts.Sandbox != "" { + fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun) + fmt.Fprint(w, "\tint status = 0;\n") + fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n") + } else { + if opts.EnableTun { + fmt.Fprintf(w, "\tsetup_tun(0, %v);\n", opts.EnableTun) + } + fmt.Fprint(w, "\tloop();\n") + } fmt.Fprint(w, "\treturn 0;\n}\n") } else { fmt.Fprint(w, "int main()\n{\n") @@ -115,9 +129,16 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) { if opts.UseTmpDir { fmt.Fprintf(w, "\t\t\tuse_temporary_dir();\n") } - fmt.Fprintf(w, "\t\t\tint pid = do_sandbox_%v(i, %v);\n", opts.Sandbox, opts.EnableTun) - fmt.Fprint(w, "\t\t\tint status = 0;\n") - fmt.Fprint(w, "\t\t\twhile (waitpid(pid, &status, __WALL) != pid) {}\n") + if opts.Sandbox != "" { + fmt.Fprintf(w, "\t\t\tint pid = do_sandbox_%v(i, %v);\n", opts.Sandbox, opts.EnableTun) + fmt.Fprint(w, "\t\t\tint status = 0;\n") + fmt.Fprint(w, "\t\t\twhile (waitpid(pid, &status, __WALL) != pid) {}\n") + } else { + if opts.EnableTun { + fmt.Fprintf(w, "\t\t\tsetup_tun(i, %v);\n", opts.EnableTun) + } + fmt.Fprint(w, "\t\t\tloop();\n") + } fmt.Fprint(w, "\t\t\treturn 0;\n") fmt.Fprint(w, "\t\t}\n") fmt.Fprint(w, "\t}\n") @@ -334,6 +355,8 @@ func preprocessCommonHeader(opts Options, handled map[string]int, useBitmasks bo defines = append(defines, "SYZ_USE_BITMASKS") } switch opts.Sandbox { + case "": + // No sandbox, do nothing. case "none": defines = append(defines, "SYZ_SANDBOX_NONE") case "setuid": diff --git a/csource/csource_test.go b/csource/csource_test.go index dbecec54c..ca39b162a 100644 --- a/csource/csource_test.go +++ b/csource/csource_test.go @@ -33,7 +33,7 @@ func allOptionsPermutations() []Options { for _, opt.Collide = range []bool{false, true} { for _, opt.Repeat = range []bool{false, true} { for _, opt.Procs = range []int{1, 4} { - for _, opt.Sandbox = range []string{"none", "setuid", "namespace"} { + for _, opt.Sandbox = range []string{"", "none", "setuid", "namespace"} { for _, opt.Repro = range []bool{false, true} { for _, opt.Fault = range []bool{false, true} { for _, opt.EnableTun = range []bool{false, true} { diff --git a/executor/common.h b/executor/common.h index 609bab1c8..4ee1cd140 100644 --- a/executor/common.h +++ b/executor/common.h @@ -644,6 +644,7 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a } } +#if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NONE) || defined(SYZ_SANDBOX_SETUID) || defined(SYZ_SANDBOX_NAMESPACE) static void loop(); static void sandbox_common() @@ -667,6 +668,7 @@ static void sandbox_common() unshare(CLONE_NEWIPC); unshare(CLONE_IO); } +#endif #if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NONE) static int do_sandbox_none(int executor_pid, bool enable_tun) diff --git a/repro/repro.go b/repro/repro.go index e6ab35cc3..d6d46eff3 100644 --- a/repro/repro.go +++ b/repro/repro.go @@ -289,6 +289,17 @@ func (ctx *context) repro(entries []*prog.LogEntry, crashStart int) (*Result, er res.Opts = opts } } + if res.Opts.Sandbox != "" { + opts = res.Opts + opts.Sandbox = "" + crashed, err := ctx.testCProg(res.Prog, duration, opts) + if err != nil { + return res, err + } + if crashed { + res.Opts = opts + } + } if res.Opts.UseTmpDir { opts = res.Opts opts.UseTmpDir = false diff --git a/tools/syz-prog2c/prog2c.go b/tools/syz-prog2c/prog2c.go index 1d2007755..75a5126e3 100644 --- a/tools/syz-prog2c/prog2c.go +++ b/tools/syz-prog2c/prog2c.go @@ -18,7 +18,7 @@ var ( flagCollide = flag.Bool("collide", false, "create collide program") flagRepeat = flag.Bool("repeat", false, "repeat program infinitely or not") flagProcs = flag.Int("procs", 4, "number of parallel processes") - flagSandbox = flag.String("sandbox", "none", "sandbox to use (none, setuid, namespace)") + flagSandbox = flag.String("sandbox", "", "sandbox to use (none, setuid, namespace)") flagProg = flag.String("prog", "", "file with program to convert (required)") flagFaultCall = flag.Int("fault_call", -1, "inject fault into this call (0-based)") flagFaultNth = flag.Int("fault_nth", 0, "inject fault on n-th operation (0-based)") -- cgit mrf-deployment