From e2d5e973c12c393b5cb50c3fa9252146c2cb0447 Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Tue, 6 Jun 2017 13:52:57 +0200 Subject: csource: don't use guard macros for debug() and NONFAILING() --- csource/common.go | 176 +++++++++++++++++--------------------------- csource/csource.go | 44 +++++++---- executor/common.h | 33 --------- executor/common_kvm_amd64.h | 145 +++++++++++++++++------------------- 4 files changed, 166 insertions(+), 232 deletions(-) diff --git a/csource/common.go b/csource/common.go index 4db577579..8c63b637e 100644 --- a/csource/common.go +++ b/csource/common.go @@ -235,14 +235,10 @@ static void segv_handler(int sig, siginfo_t* info, void* uctx) const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("SIGSEGV on %p, skipping\n", addr); -#endif _longjmp(segv_env, 1); } -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("SIGSEGV on %p, exiting\n", addr); -#endif doexit(sig); for (;;) { } @@ -465,9 +461,7 @@ static uintptr_t syz_emit_ethernet(uintptr_t a0, uintptr_t a1) int64_t length = a0; char* data = (char*)a1; -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug_dump_data(data, length); -#endif return write(tunfd, data, length); } #endif @@ -511,9 +505,7 @@ static uintptr_t syz_extract_tcp_res(uintptr_t a0, uintptr_t a1, uintptr_t a2) if (rv == -1) return (uintptr_t)-1; size_t length = rv; -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug_dump_data(data, length); -#endif struct tcphdr* tcphdr; @@ -542,18 +534,11 @@ static uintptr_t syz_extract_tcp_res(uintptr_t a0, uintptr_t a1, uintptr_t a2) } struct tcp_resources* res = (struct tcp_resources*)a0; -#if defined(SYZ_EXECUTOR) || defined(SYZ_HANDLE_SEGV) NONFAILING(res->seq = htonl((ntohl(tcphdr->seq) + (uint32_t)a1))); NONFAILING(res->ack = htonl((ntohl(tcphdr->ack_seq) + (uint32_t)a2))); -#else - res->seq = htonl((ntohl(tcphdr->seq) + (uint32_t)a1)); - res->ack = htonl((ntohl(tcphdr->ack_seq) + (uint32_t)a2)); -#endif -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("extracted seq: %08x\n", res->seq); debug("extracted ack: %08x\n", res->ack); -#endif return 0; } @@ -569,11 +554,7 @@ static uintptr_t syz_open_dev(uintptr_t a0, uintptr_t a1, uintptr_t a2) } else { char buf[1024]; char* hash; -#if defined(SYZ_EXECUTOR) || defined(SYZ_HANDLE_SEGV) NONFAILING(strncpy(buf, (char*)a0, sizeof(buf))); -#else - strncpy(buf, (char*)a0, sizeof(buf)); -#endif buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); @@ -659,13 +640,6 @@ static uintptr_t syz_fuseblk_mount(uintptr_t a0, uintptr_t a1, uintptr_t a2, uin -#ifndef NONFAILING -#define NONFAILING(x) \ - { \ - x; \ - } -#endif - const char kvm_asm16_cpl3[] = "\x0f\x20\xc0\x66\x83\xc8\x01\x0f\x22\xc0\xb8\xa0\x00\x0f\x00\xd8\xb8\x2b\x00\x8e\xd8\x8e\xc0\x8e\xe0\x8e\xe8\xbc\x00\x01\xc7\x06\x00\x01\x1d\xba\xc7\x06\x02\x01\x23\x00\xc7\x06\x04\x01\x00\x01\xc7\x06\x06\x01\x2b\x00\xcb"; const char kvm_asm32_paged[] = "\x0f\x20\xc0\x0d\x00\x00\x00\x80\x0f\x22\xc0"; const char kvm_asm32_vm86[] = "\x66\xb8\xb8\x00\x0f\x00\xd8\xea\x00\x00\x00\x00\xd0\x00"; @@ -1352,69 +1326,71 @@ static uintptr_t syz_kvm_setup_cpu(uintptr_t a0, uintptr_t a1, uintptr_t a2, uin } } - struct tss16* tss16 = (struct tss16*)(host_mem + seg_tss16_2.base); - NONFAILING( - struct tss16* tss = tss16; - memset(tss, 0, sizeof(*tss)); - tss->ss0 = tss->ss1 = tss->ss2 = SEL_DS16; - tss->sp0 = tss->sp1 = tss->sp2 = ADDR_STACK0; - tss->ip = ADDR_VAR_USER_CODE2; - tss->flags = (1 << 1); - tss->cs = SEL_CS16; - tss->es = tss->ds = tss->ss = SEL_DS16; - tss->ldt = SEL_LDT); - struct tss16* tss16_cpl3 = (struct tss16*)(host_mem + seg_tss16_cpl3.base); - NONFAILING( - struct tss16* tss = tss16_cpl3; - memset(tss, 0, sizeof(*tss)); - tss->ss0 = tss->ss1 = tss->ss2 = SEL_DS16; - tss->sp0 = tss->sp1 = tss->sp2 = ADDR_STACK0; - tss->ip = ADDR_VAR_USER_CODE2; - tss->flags = (1 << 1); - tss->cs = SEL_CS16_CPL3; - tss->es = tss->ds = tss->ss = SEL_DS16_CPL3; - tss->ldt = SEL_LDT); - struct tss32* tss32 = (struct tss32*)(host_mem + seg_tss32_vm86.base); - NONFAILING( - struct tss32* tss = tss32; - memset(tss, 0, sizeof(*tss)); - tss->ss0 = tss->ss1 = tss->ss2 = SEL_DS32; - tss->sp0 = tss->sp1 = tss->sp2 = ADDR_STACK0; - tss->ip = ADDR_VAR_USER_CODE; - tss->flags = (1 << 1) | (1 << 17); - tss->ldt = SEL_LDT; - tss->cr3 = sregs.cr3; - tss->io_bitmap = offsetof(struct tss32, io_bitmap)); - struct tss32* tss32_cpl3 = (struct tss32*)(host_mem + seg_tss32_2.base); - NONFAILING( - struct tss32* tss = tss32_cpl3; - memset(tss, 0, sizeof(*tss)); - tss->ss0 = tss->ss1 = tss->ss2 = SEL_DS32; - tss->sp0 = tss->sp1 = tss->sp2 = ADDR_STACK0; - tss->ip = ADDR_VAR_USER_CODE; - tss->flags = (1 << 1); - tss->cr3 = sregs.cr3; - tss->es = tss->ds = tss->ss = tss->gs = tss->fs = SEL_DS32; - tss->cs = SEL_CS32; - tss->ldt = SEL_LDT; - tss->cr3 = sregs.cr3; - tss->io_bitmap = offsetof(struct tss32, io_bitmap)); - struct tss64* tss64 = (struct tss64*)(host_mem + seg_tss64.base); - NONFAILING( - struct tss64* tss = tss64; - memset(tss, 0, sizeof(*tss)); - tss->rsp[0] = ADDR_STACK0; - tss->rsp[1] = ADDR_STACK0; - tss->rsp[2] = ADDR_STACK0; - tss->io_bitmap = offsetof(struct tss64, io_bitmap)); - struct tss64* tss64_cpl3 = (struct tss64*)(host_mem + seg_tss64_cpl3.base); - NONFAILING( - struct tss64* tss = tss64_cpl3; - memset(tss, 0, sizeof(*tss)); - tss->rsp[0] = ADDR_STACK0; - tss->rsp[1] = ADDR_STACK0; - tss->rsp[2] = ADDR_STACK0; - tss->io_bitmap = offsetof(struct tss64, io_bitmap)); + struct tss16 tss16; + memset(&tss16, 0, sizeof(tss16)); + tss16.ss0 = tss16.ss1 = tss16.ss2 = SEL_DS16; + tss16.sp0 = tss16.sp1 = tss16.sp2 = ADDR_STACK0; + tss16.ip = ADDR_VAR_USER_CODE2; + tss16.flags = (1 << 1); + tss16.cs = SEL_CS16; + tss16.es = tss16.ds = tss16.ss = SEL_DS16; + tss16.ldt = SEL_LDT; + struct tss16* tss16_addr = (struct tss16*)(host_mem + seg_tss16_2.base); + NONFAILING(memcpy(tss16_addr, &tss16, sizeof(tss16))); + + memset(&tss16, 0, sizeof(tss16)); + tss16.ss0 = tss16.ss1 = tss16.ss2 = SEL_DS16; + tss16.sp0 = tss16.sp1 = tss16.sp2 = ADDR_STACK0; + tss16.ip = ADDR_VAR_USER_CODE2; + tss16.flags = (1 << 1); + tss16.cs = SEL_CS16_CPL3; + tss16.es = tss16.ds = tss16.ss = SEL_DS16_CPL3; + tss16.ldt = SEL_LDT; + struct tss16* tss16_cpl3_addr = (struct tss16*)(host_mem + seg_tss16_cpl3.base); + NONFAILING(memcpy(tss16_cpl3_addr, &tss16, sizeof(tss16))); + + struct tss32 tss32; + memset(&tss32, 0, sizeof(tss32)); + tss32.ss0 = tss32.ss1 = tss32.ss2 = SEL_DS32; + tss32.sp0 = tss32.sp1 = tss32.sp2 = ADDR_STACK0; + tss32.ip = ADDR_VAR_USER_CODE; + tss32.flags = (1 << 1) | (1 << 17); + tss32.ldt = SEL_LDT; + tss32.cr3 = sregs.cr3; + tss32.io_bitmap = offsetof(struct tss32, io_bitmap); + struct tss32* tss32_addr = (struct tss32*)(host_mem + seg_tss32_vm86.base); + NONFAILING(memcpy(tss32_addr, &tss32, sizeof(tss32))); + + memset(&tss32, 0, sizeof(tss32)); + tss32.ss0 = tss32.ss1 = tss32.ss2 = SEL_DS32; + tss32.sp0 = tss32.sp1 = tss32.sp2 = ADDR_STACK0; + tss32.ip = ADDR_VAR_USER_CODE; + tss32.flags = (1 << 1); + tss32.cr3 = sregs.cr3; + tss32.es = tss32.ds = tss32.ss = tss32.gs = tss32.fs = SEL_DS32; + tss32.cs = SEL_CS32; + tss32.ldt = SEL_LDT; + tss32.cr3 = sregs.cr3; + tss32.io_bitmap = offsetof(struct tss32, io_bitmap); + struct tss32* tss32_cpl3_addr = (struct tss32*)(host_mem + seg_tss32_2.base); + NONFAILING(memcpy(tss32_cpl3_addr, &tss32, sizeof(tss32))); + + struct tss64 tss64; + memset(&tss64, 0, sizeof(tss64)); + tss64.rsp[0] = ADDR_STACK0; + tss64.rsp[1] = ADDR_STACK0; + tss64.rsp[2] = ADDR_STACK0; + tss64.io_bitmap = offsetof(struct tss64, io_bitmap); + struct tss64* tss64_addr = (struct tss64*)(host_mem + seg_tss64.base); + NONFAILING(memcpy(tss64_addr, &tss64, sizeof(tss64))); + + memset(&tss64, 0, sizeof(tss64)); + tss64.rsp[0] = ADDR_STACK0; + tss64.rsp[1] = ADDR_STACK0; + tss64.rsp[2] = ADDR_STACK0; + tss64.io_bitmap = offsetof(struct tss64, io_bitmap); + struct tss64* tss64_cpl3_addr = (struct tss64*)(host_mem + seg_tss64_cpl3.base); + NONFAILING(memcpy(tss64_cpl3_addr, &tss64, sizeof(tss64))); if (text_size > 1000) text_size = 1000; @@ -1466,10 +1442,10 @@ static uintptr_t syz_kvm_setup_cpu(uintptr_t a0, uintptr_t a1, uintptr_t a2, uin val &= ((1 << 8) | (1 << 9) | (1 << 10) | (1 << 12) | (1 << 13) | (1 << 14) | (1 << 15) | (1 << 18) | (1 << 19) | (1 << 20) | (1 << 21)); regs.rflags ^= val; - NONFAILING(tss16->flags ^= val); - NONFAILING(tss16_cpl3->flags ^= val); - NONFAILING(tss32->flags ^= val); - NONFAILING(tss32_cpl3->flags ^= val); + NONFAILING(tss16_addr->flags ^= val); + NONFAILING(tss16_cpl3_addr->flags ^= val); + NONFAILING(tss32_addr->flags ^= val); + NONFAILING(tss32_cpl3_addr->flags ^= val); break; case 4: seg_cs16.type = val & 0xf; @@ -1795,9 +1771,7 @@ static int namespace_sandbox_proc(void* arg) if (mkdir("./syz-tmp/pivot", 0777)) fail("mkdir failed"); if (syscall(SYS_pivot_root, "./syz-tmp", "./syz-tmp/pivot")) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("pivot_root failed"); -#endif if (chdir("./syz-tmp")) fail("chdir failed"); } else { @@ -1867,22 +1841,16 @@ retry: } int i; for (i = 0;; i++) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("unlink(%s)\n", filename); -#endif if (unlink(filename) == 0) break; if (errno == EROFS) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("ignoring EROFS\n"); -#endif break; } if (errno != EBUSY || i > 100) exitf("unlink(%s) failed", filename); -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("umount(%s)\n", filename); -#endif if (umount2(filename, MNT_DETACH)) exitf("umount(%s) failed", filename); } @@ -1890,22 +1858,16 @@ retry: closedir(dp); int i; for (i = 0;; i++) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("rmdir(%s)\n", dir); -#endif if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EROFS) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("ignoring EROFS\n"); -#endif break; } if (errno == EBUSY) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("umount(%s)\n", dir); -#endif if (umount2(dir, MNT_DETACH)) exitf("umount(%s) failed", dir); continue; diff --git a/csource/csource.go b/csource/csource.go index 45a52dcf7..6caac68bf 100644 --- a/csource/csource.go +++ b/csource/csource.go @@ -14,6 +14,7 @@ import ( "io/ioutil" "os" "os/exec" + "regexp" "strings" "unsafe" @@ -144,16 +145,31 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) { fmt.Fprint(w, "\treturn 0;\n}\n") } } + + // Remove NONFAILING and debug calls. + out0 := w.String() + if !opts.HandleSegv { + re := regexp.MustCompile(`\t*NONFAILING\((.*)\);\n`) + out0 = re.ReplaceAllString(out0, "$1;\n") + } + if !opts.Debug { + re := regexp.MustCompile(`\t*debug\(.*\);\n`) + out0 = re.ReplaceAllString(out0, "") + re = regexp.MustCompile(`\t*debug_dump_data\(.*\);\n`) + out0 = re.ReplaceAllString(out0, "") + } + // Remove duplicate new lines. - out := w.Bytes() + out1 := []byte(out0) for { - out1 := bytes.Replace(out, []byte{'\n', '\n', '\n'}, []byte{'\n', '\n'}, -1) - if len(out) == len(out1) { + out2 := bytes.Replace(out1, []byte{'\n', '\n', '\n'}, []byte{'\n', '\n'}, -1) + if len(out1) == len(out2) { break } - out = out1 + out1 = out2 } - return out, nil + + return out1, nil } func generateTestFunc(w io.Writer, opts Options, calls []string, name string) { @@ -225,10 +241,6 @@ func generateCalls(exec []byte, opts Options) ([]string, int) { } return res } - nonfailPre, nonfailPost := "", "" - if opts.HandleSegv { - nonfailPre, nonfailPost = "NONFAILING(", ")" - } lastCall := 0 seenCall := false var calls []string @@ -257,12 +269,12 @@ loop: bfOff := read() bfLen := read() if bfOff == 0 && bfLen == 0 { - fmt.Fprintf(w, "\t%s*(uint%v_t*)0x%x = (uint%v_t)0x%x%s;\n", nonfailPre, size*8, addr, size*8, arg, nonfailPost) + fmt.Fprintf(w, "\tNONFAILING(*(uint%v_t*)0x%x = (uint%v_t)0x%x);\n", size*8, addr, size*8, arg) } else { - fmt.Fprintf(w, "\t%sSTORE_BY_BITMASK(uint%v_t, 0x%x, 0x%x, %v, %v)%s;\n", nonfailPre, size*8, addr, arg, bfOff, bfLen, nonfailPost) + fmt.Fprintf(w, "\tNONFAILING(STORE_BY_BITMASK(uint%v_t, 0x%x, 0x%x, %v, %v));\n", size*8, addr, arg, bfOff, bfLen) } case prog.ExecArgResult: - fmt.Fprintf(w, "\t%s*(uint%v_t*)0x%x = %v%s;\n", nonfailPre, size*8, addr, resultRef(), nonfailPost) + fmt.Fprintf(w, "\tNONFAILING(*(uint%v_t*)0x%x = %v);\n", size*8, addr, resultRef()) case prog.ExecArgData: data := exec[:size] exec = exec[(size+7)/8*8:] @@ -276,7 +288,7 @@ loop: } esc = append(esc, '\\', 'x', hex(v>>4), hex(v<<4>>4)) } - fmt.Fprintf(w, "\t%smemcpy((void*)0x%x, \"%s\", %v)%s;\n", nonfailPre, addr, esc, size, nonfailPost) + fmt.Fprintf(w, "\tNONFAILING(memcpy((void*)0x%x, \"%s\", %v));\n", addr, esc, size) case prog.ExecArgCsum: csum_kind := read() switch csum_kind { @@ -290,7 +302,7 @@ loop: chunk_size := read() switch chunk_kind { case prog.ExecArgCsumChunkData: - fmt.Fprintf(w, "\t%scsum_inet_update(&csum_%d, (const uint8_t*)0x%x, %d)%s;\n", nonfailPre, n, chunk_value, chunk_size, nonfailPost) + fmt.Fprintf(w, "\tNONFAILING(csum_inet_update(&csum_%d, (const uint8_t*)0x%x, %d));\n", n, chunk_value, chunk_size) case prog.ExecArgCsumChunkConst: fmt.Fprintf(w, "\tuint%d_t csum_%d_chunk_%d = 0x%x;\n", chunk_size*8, n, i, chunk_value) fmt.Fprintf(w, "\tcsum_inet_update(&csum_%d, (const uint8_t*)&csum_%d_chunk_%d, %d);\n", n, n, i, chunk_size) @@ -298,7 +310,7 @@ loop: panic(fmt.Sprintf("unknown checksum chunk kind %v", chunk_kind)) } } - fmt.Fprintf(w, "\t%s*(uint16_t*)0x%x = csum_inet_digest(&csum_%d)%s;\n", nonfailPre, addr, n, nonfailPost) + fmt.Fprintf(w, "\tNONFAILING(*(uint16_t*)0x%x = csum_inet_digest(&csum_%d));\n", addr, n) default: panic(fmt.Sprintf("unknown csum kind %v", csum_kind)) } @@ -309,7 +321,7 @@ loop: addr := read() size := read() fmt.Fprintf(w, "\tif (r[%v] != -1)\n", lastCall) - fmt.Fprintf(w, "\t\t%sr[%v] = *(uint%v_t*)0x%x%s;\n", nonfailPre, n, size*8, addr, nonfailPost) + fmt.Fprintf(w, "\t\tNONFAILING(r[%v] = *(uint%v_t*)0x%x);\n", n, size*8, addr) default: // Normal syscall. newCall() diff --git a/executor/common.h b/executor/common.h index 1be840bc4..7778cb7e0 100644 --- a/executor/common.h +++ b/executor/common.h @@ -257,14 +257,10 @@ static void segv_handler(int sig, siginfo_t* info, void* uctx) const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("SIGSEGV on %p, skipping\n", addr); -#endif _longjmp(segv_env, 1); } -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("SIGSEGV on %p, exiting\n", addr); -#endif doexit(sig); for (;;) { } @@ -497,9 +493,7 @@ static uintptr_t syz_emit_ethernet(uintptr_t a0, uintptr_t a1) int64_t length = a0; char* data = (char*)a1; -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug_dump_data(data, length); -#endif return write(tunfd, data, length); } #endif @@ -546,9 +540,7 @@ static uintptr_t syz_extract_tcp_res(uintptr_t a0, uintptr_t a1, uintptr_t a2) if (rv == -1) return (uintptr_t)-1; size_t length = rv; -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug_dump_data(data, length); -#endif struct tcphdr* tcphdr; @@ -578,18 +570,11 @@ static uintptr_t syz_extract_tcp_res(uintptr_t a0, uintptr_t a1, uintptr_t a2) } struct tcp_resources* res = (struct tcp_resources*)a0; -#if defined(SYZ_EXECUTOR) || defined(SYZ_HANDLE_SEGV) NONFAILING(res->seq = htonl((ntohl(tcphdr->seq) + (uint32_t)a1))); NONFAILING(res->ack = htonl((ntohl(tcphdr->ack_seq) + (uint32_t)a2))); -#else - res->seq = htonl((ntohl(tcphdr->seq) + (uint32_t)a1)); - res->ack = htonl((ntohl(tcphdr->ack_seq) + (uint32_t)a2)); -#endif -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("extracted seq: %08x\n", res->seq); debug("extracted ack: %08x\n", res->ack); -#endif return 0; } @@ -608,11 +593,7 @@ static uintptr_t syz_open_dev(uintptr_t a0, uintptr_t a1, uintptr_t a2) // syz_open_dev(dev strconst, id intptr, flags flags[open_flags]) fd char buf[1024]; char* hash; -#if defined(SYZ_EXECUTOR) || defined(SYZ_HANDLE_SEGV) NONFAILING(strncpy(buf, (char*)a0, sizeof(buf))); -#else - strncpy(buf, (char*)a0, sizeof(buf)); -#endif buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); // 10 devices should be enough for everyone. @@ -890,9 +871,7 @@ static int namespace_sandbox_proc(void* arg) if (mkdir("./syz-tmp/pivot", 0777)) fail("mkdir failed"); if (syscall(SYS_pivot_root, "./syz-tmp", "./syz-tmp/pivot")) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("pivot_root failed"); -#endif if (chdir("./syz-tmp")) fail("chdir failed"); } else { @@ -974,22 +953,16 @@ retry: } int i; for (i = 0;; i++) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("unlink(%s)\n", filename); -#endif if (unlink(filename) == 0) break; if (errno == EROFS) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("ignoring EROFS\n"); -#endif break; } if (errno != EBUSY || i > 100) exitf("unlink(%s) failed", filename); -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("umount(%s)\n", filename); -#endif if (umount2(filename, MNT_DETACH)) exitf("umount(%s) failed", filename); } @@ -997,22 +970,16 @@ retry: closedir(dp); int i; for (i = 0;; i++) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("rmdir(%s)\n", dir); -#endif if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EROFS) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("ignoring EROFS\n"); -#endif break; } if (errno == EBUSY) { -#if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) debug("umount(%s)\n", dir); -#endif if (umount2(dir, MNT_DETACH)) exitf("umount(%s) failed", dir); continue; diff --git a/executor/common_kvm_amd64.h b/executor/common_kvm_amd64.h index e4753223e..5dce25311 100644 --- a/executor/common_kvm_amd64.h +++ b/executor/common_kvm_amd64.h @@ -7,15 +7,6 @@ // See Intel Software Developer’s Manual Volume 3: System Programming Guide // for details on what happens here. -// We could put each NONFAILING use in this file under ifdef, -// but I don't think it's worth it. -#ifndef NONFAILING -#define NONFAILING(x) \ - { \ - x; \ - } -#endif - #include "kvm.S.h" #include "kvm.h" @@ -632,69 +623,71 @@ static uintptr_t syz_kvm_setup_cpu(uintptr_t a0, uintptr_t a1, uintptr_t a2, uin } } - struct tss16* tss16 = (struct tss16*)(host_mem + seg_tss16_2.base); - NONFAILING( - struct tss16* tss = tss16; - memset(tss, 0, sizeof(*tss)); - tss->ss0 = tss->ss1 = tss->ss2 = SEL_DS16; - tss->sp0 = tss->sp1 = tss->sp2 = ADDR_STACK0; - tss->ip = ADDR_VAR_USER_CODE2; - tss->flags = (1 << 1); - tss->cs = SEL_CS16; - tss->es = tss->ds = tss->ss = SEL_DS16; - tss->ldt = SEL_LDT); - struct tss16* tss16_cpl3 = (struct tss16*)(host_mem + seg_tss16_cpl3.base); - NONFAILING( - struct tss16* tss = tss16_cpl3; - memset(tss, 0, sizeof(*tss)); - tss->ss0 = tss->ss1 = tss->ss2 = SEL_DS16; - tss->sp0 = tss->sp1 = tss->sp2 = ADDR_STACK0; - tss->ip = ADDR_VAR_USER_CODE2; - tss->flags = (1 << 1); - tss->cs = SEL_CS16_CPL3; - tss->es = tss->ds = tss->ss = SEL_DS16_CPL3; - tss->ldt = SEL_LDT); - struct tss32* tss32 = (struct tss32*)(host_mem + seg_tss32_vm86.base); - NONFAILING( - struct tss32* tss = tss32; - memset(tss, 0, sizeof(*tss)); - tss->ss0 = tss->ss1 = tss->ss2 = SEL_DS32; - tss->sp0 = tss->sp1 = tss->sp2 = ADDR_STACK0; - tss->ip = ADDR_VAR_USER_CODE; - tss->flags = (1 << 1) | (1 << 17); - tss->ldt = SEL_LDT; - tss->cr3 = sregs.cr3; - tss->io_bitmap = offsetof(struct tss32, io_bitmap)); - struct tss32* tss32_cpl3 = (struct tss32*)(host_mem + seg_tss32_2.base); - NONFAILING( - struct tss32* tss = tss32_cpl3; - memset(tss, 0, sizeof(*tss)); - tss->ss0 = tss->ss1 = tss->ss2 = SEL_DS32; - tss->sp0 = tss->sp1 = tss->sp2 = ADDR_STACK0; - tss->ip = ADDR_VAR_USER_CODE; - tss->flags = (1 << 1); - tss->cr3 = sregs.cr3; - tss->es = tss->ds = tss->ss = tss->gs = tss->fs = SEL_DS32; - tss->cs = SEL_CS32; - tss->ldt = SEL_LDT; - tss->cr3 = sregs.cr3; - tss->io_bitmap = offsetof(struct tss32, io_bitmap)); - struct tss64* tss64 = (struct tss64*)(host_mem + seg_tss64.base); - NONFAILING( - struct tss64* tss = tss64; - memset(tss, 0, sizeof(*tss)); - tss->rsp[0] = ADDR_STACK0; - tss->rsp[1] = ADDR_STACK0; - tss->rsp[2] = ADDR_STACK0; - tss->io_bitmap = offsetof(struct tss64, io_bitmap)); - struct tss64* tss64_cpl3 = (struct tss64*)(host_mem + seg_tss64_cpl3.base); - NONFAILING( - struct tss64* tss = tss64_cpl3; - memset(tss, 0, sizeof(*tss)); - tss->rsp[0] = ADDR_STACK0; - tss->rsp[1] = ADDR_STACK0; - tss->rsp[2] = ADDR_STACK0; - tss->io_bitmap = offsetof(struct tss64, io_bitmap)); + struct tss16 tss16; + memset(&tss16, 0, sizeof(tss16)); + tss16.ss0 = tss16.ss1 = tss16.ss2 = SEL_DS16; + tss16.sp0 = tss16.sp1 = tss16.sp2 = ADDR_STACK0; + tss16.ip = ADDR_VAR_USER_CODE2; + tss16.flags = (1 << 1); + tss16.cs = SEL_CS16; + tss16.es = tss16.ds = tss16.ss = SEL_DS16; + tss16.ldt = SEL_LDT; + struct tss16* tss16_addr = (struct tss16*)(host_mem + seg_tss16_2.base); + NONFAILING(memcpy(tss16_addr, &tss16, sizeof(tss16))); + + memset(&tss16, 0, sizeof(tss16)); + tss16.ss0 = tss16.ss1 = tss16.ss2 = SEL_DS16; + tss16.sp0 = tss16.sp1 = tss16.sp2 = ADDR_STACK0; + tss16.ip = ADDR_VAR_USER_CODE2; + tss16.flags = (1 << 1); + tss16.cs = SEL_CS16_CPL3; + tss16.es = tss16.ds = tss16.ss = SEL_DS16_CPL3; + tss16.ldt = SEL_LDT; + struct tss16* tss16_cpl3_addr = (struct tss16*)(host_mem + seg_tss16_cpl3.base); + NONFAILING(memcpy(tss16_cpl3_addr, &tss16, sizeof(tss16))); + + struct tss32 tss32; + memset(&tss32, 0, sizeof(tss32)); + tss32.ss0 = tss32.ss1 = tss32.ss2 = SEL_DS32; + tss32.sp0 = tss32.sp1 = tss32.sp2 = ADDR_STACK0; + tss32.ip = ADDR_VAR_USER_CODE; + tss32.flags = (1 << 1) | (1 << 17); + tss32.ldt = SEL_LDT; + tss32.cr3 = sregs.cr3; + tss32.io_bitmap = offsetof(struct tss32, io_bitmap); + struct tss32* tss32_addr = (struct tss32*)(host_mem + seg_tss32_vm86.base); + NONFAILING(memcpy(tss32_addr, &tss32, sizeof(tss32))); + + memset(&tss32, 0, sizeof(tss32)); + tss32.ss0 = tss32.ss1 = tss32.ss2 = SEL_DS32; + tss32.sp0 = tss32.sp1 = tss32.sp2 = ADDR_STACK0; + tss32.ip = ADDR_VAR_USER_CODE; + tss32.flags = (1 << 1); + tss32.cr3 = sregs.cr3; + tss32.es = tss32.ds = tss32.ss = tss32.gs = tss32.fs = SEL_DS32; + tss32.cs = SEL_CS32; + tss32.ldt = SEL_LDT; + tss32.cr3 = sregs.cr3; + tss32.io_bitmap = offsetof(struct tss32, io_bitmap); + struct tss32* tss32_cpl3_addr = (struct tss32*)(host_mem + seg_tss32_2.base); + NONFAILING(memcpy(tss32_cpl3_addr, &tss32, sizeof(tss32))); + + struct tss64 tss64; + memset(&tss64, 0, sizeof(tss64)); + tss64.rsp[0] = ADDR_STACK0; + tss64.rsp[1] = ADDR_STACK0; + tss64.rsp[2] = ADDR_STACK0; + tss64.io_bitmap = offsetof(struct tss64, io_bitmap); + struct tss64* tss64_addr = (struct tss64*)(host_mem + seg_tss64.base); + NONFAILING(memcpy(tss64_addr, &tss64, sizeof(tss64))); + + memset(&tss64, 0, sizeof(tss64)); + tss64.rsp[0] = ADDR_STACK0; + tss64.rsp[1] = ADDR_STACK0; + tss64.rsp[2] = ADDR_STACK0; + tss64.io_bitmap = offsetof(struct tss64, io_bitmap); + struct tss64* tss64_cpl3_addr = (struct tss64*)(host_mem + seg_tss64_cpl3.base); + NONFAILING(memcpy(tss64_cpl3_addr, &tss64, sizeof(tss64))); if (text_size > 1000) text_size = 1000; @@ -747,10 +740,10 @@ static uintptr_t syz_kvm_setup_cpu(uintptr_t a0, uintptr_t a1, uintptr_t a2, uin val &= ((1 << 8) | (1 << 9) | (1 << 10) | (1 << 12) | (1 << 13) | (1 << 14) | (1 << 15) | (1 << 18) | (1 << 19) | (1 << 20) | (1 << 21)); regs.rflags ^= val; - NONFAILING(tss16->flags ^= val); - NONFAILING(tss16_cpl3->flags ^= val); - NONFAILING(tss32->flags ^= val); - NONFAILING(tss32_cpl3->flags ^= val); + NONFAILING(tss16_addr->flags ^= val); + NONFAILING(tss16_cpl3_addr->flags ^= val); + NONFAILING(tss32_addr->flags ^= val); + NONFAILING(tss32_cpl3_addr->flags ^= val); break; case 4: seg_cs16.type = val & 0xf; -- cgit mrf-deployment