From 9b66d0338b41fbefc27b253ad896dec28bf030b2 Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Fri, 7 Mar 2025 22:51:08 +0100 Subject: syz-cluster: add net config Refactor Tree structure to host both the kernel config and the fuzzer config. Add some basic net fuzzing configs. --- syz-cluster/pkg/api/api.go | 35 ++++++++++++++++--------- syz-cluster/workflow/configs/net/base.cfg | 36 ++++++++++++++++++++++++++ syz-cluster/workflow/configs/net/patched.cfg | 10 +++++++ syz-cluster/workflow/rebuild-kernels-cron.yaml | 2 +- syz-cluster/workflow/triage-step/main.go | 6 ++--- 5 files changed, 73 insertions(+), 16 deletions(-) create mode 100644 syz-cluster/workflow/configs/net/base.cfg create mode 100644 syz-cluster/workflow/configs/net/patched.cfg diff --git a/syz-cluster/pkg/api/api.go b/syz-cluster/pkg/api/api.go index 535808e29..1b2b8f79f 100644 --- a/syz-cluster/pkg/api/api.go +++ b/syz-cluster/pkg/api/api.go @@ -25,12 +25,13 @@ type FuzzConfig struct { // The triage step of the workflow will request these from controller. type Tree struct { - Name string `json:"name"` // Primary key. - URL string `json:"URL"` - Branch string `json:"branch"` - EmailLists []string `json:"email_lists"` - Priority int64 `json:"priority"` // Higher numbers mean higher priority. - ConfigName string `json:"config_name"` + Name string `json:"name"` // Primary key. + URL string `json:"URL"` + Branch string `json:"branch"` + EmailLists []string `json:"email_lists"` + Priority int64 `json:"priority"` // Higher numbers mean higher priority. + KernelConfig string `json:"kernel_config"` + FuzzConfig string `json:"fuzz_config"` } type BuildRequest struct { @@ -147,11 +148,21 @@ type BuildInfo struct { // Let them stay here until we find a better place. var DefaultTrees = []*Tree{ { - Name: `torvalds`, - URL: `https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux`, - Branch: `master`, - Priority: 0, - EmailLists: []string{}, - ConfigName: `upstream-apparmor-kasan.config`, + Name: `torvalds`, + URL: `https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux`, + Branch: `master`, + Priority: 0, + EmailLists: []string{}, + KernelConfig: `upstream-apparmor-kasan.config`, + FuzzConfig: `all`, + }, + { + Name: `netdev`, + URL: `https://kernel.googlesource.com/pub/scm/linux/kernel/git/netdev/net.git`, + Branch: `main`, + Priority: 1, + EmailLists: []string{`netdev@vger.kernel.org`}, + KernelConfig: `upstream-apparmor-kasan.config`, + FuzzConfig: `net`, }, } diff --git a/syz-cluster/workflow/configs/net/base.cfg b/syz-cluster/workflow/configs/net/base.cfg new file mode 100644 index 000000000..223fdda3b --- /dev/null +++ b/syz-cluster/workflow/configs/net/base.cfg @@ -0,0 +1,36 @@ +{ + "name": "base", + "target": "linux/amd64", + "kernel_obj": "/base/obj", + "image": "/base/image", + "syzkaller": "/syzkaller", + "workdir": "/workdir", + "type": "qemu", + "enable_syscalls": [ + "accept", "accept4", "bind", "close", "connect", "epoll_create", + "epoll_create1", "epoll_ctl", "epoll_pwait", "epoll_wait", + "getpeername", "getsockname", "getsockopt", "ioctl", "listen", + "mmap", "poll", "ppoll", "pread64", "preadv", "pselect6", + "pwrite64", "pwritev", "read", "readv", "recvfrom", "recvmmsg", + "recvmsg", "select", "sendfile", "sendmmsg", "sendmsg", "sendto", + "setsockopt", "shutdown", "socket", "socketpair", "splice", + "vmsplice", "write", "writev", "tee", "bpf", "getpid", + "getgid", "getuid", "gettid", "unshare", "pipe", + "syz_emit_ethernet", "syz_extract_tcp_res", + "syz_genetlink_get_family_id", "syz_init_net_socket", + "mkdirat$cgroup*", "openat$cgroup*", "write$cgroup*", + "clock_gettime", "bpf", "openat$tun", "openat$ppp", + "syz_open_procfs$namespace", "syz_80211_*", "nanosleep" + ], + "procs": 3, + "sandbox": "none", + "experimental": {"cover_edges": false}, + "vm": { + "count": 4, + "cmdline": "root=/dev/sda1", + "kernel": "/base/kernel", + "cpu": 2, + "mem": 3072, + "qemu_args": "-machine pc-q35-7.1 -enable-kvm -smp 2,sockets=2,cores=1" + } +} diff --git a/syz-cluster/workflow/configs/net/patched.cfg b/syz-cluster/workflow/configs/net/patched.cfg new file mode 100644 index 000000000..9c2efd8ba --- /dev/null +++ b/syz-cluster/workflow/configs/net/patched.cfg @@ -0,0 +1,10 @@ +{ + "name": "patched", + "target": "linux/amd64", + "kernel_obj": "/patched/obj", + "image": "/patched/image", + "vm": { + "count": 10, + "kernel": "/patched/kernel" + } +} diff --git a/syz-cluster/workflow/rebuild-kernels-cron.yaml b/syz-cluster/workflow/rebuild-kernels-cron.yaml index 3d93a05c5..c8e4a15ad 100644 --- a/syz-cluster/workflow/rebuild-kernels-cron.yaml +++ b/syz-cluster/workflow/rebuild-kernels-cron.yaml @@ -87,7 +87,7 @@ spec: "arch": "amd64", # TODO: consider others as well. "tree_name": input["name"], "commit_hash": input["branch"], - "config_name": input["config_name"] + "config_name": input["kernel_config"] } with open('/output/request.json', 'w') as f: json.dump(output, f) diff --git a/syz-cluster/workflow/triage-step/main.go b/syz-cluster/workflow/triage-step/main.go index 5c7390db1..73cf67fd2 100644 --- a/syz-cluster/workflow/triage-step/main.go +++ b/syz-cluster/workflow/triage-step/main.go @@ -72,7 +72,7 @@ func getVerdict(ctx context.Context, client *api.Client, ops triage.TreeOps) (*a arch := "amd64" lastBuild, err := client.LastBuild(ctx, &api.LastBuildReq{ Arch: arch, - ConfigName: tree.ConfigName, + ConfigName: tree.KernelConfig, TreeName: tree.Name, Status: api.BuildSuccess, }) @@ -94,7 +94,7 @@ func getVerdict(ctx context.Context, client *api.Client, ops triage.TreeOps) (*a } base := api.BuildRequest{ TreeName: tree.Name, - ConfigName: tree.ConfigName, + ConfigName: tree.KernelConfig, CommitHash: commit, Arch: arch, } @@ -102,7 +102,7 @@ func getVerdict(ctx context.Context, client *api.Client, ops triage.TreeOps) (*a Fuzz: &api.FuzzConfig{ Base: base, Patched: base, - Config: "all", + Config: tree.FuzzConfig, }, } ret.Fuzz.Patched.SeriesID = series.ID -- cgit mrf-deployment