From e16e2c9a4cb6937323e861b646792a6c4c978a3c Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Tue, 4 Jun 2024 12:55:41 +0200 Subject: executor: add runner mode Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer. Also restore syz-runtest functionality in the manager. Update #4917 (sets most signal handlers to SIG_IGN) --- docs/internals.md | 9 ++++----- docs/setup_syzbot.md | 6 ++++-- docs/syz_verifier.md | 7 ------- docs/troubleshooting.md | 6 +++--- 4 files changed, 11 insertions(+), 17 deletions(-) (limited to 'docs') diff --git a/docs/internals.md b/docs/internals.md index 7d192b738..b4d893791 100644 --- a/docs/internals.md +++ b/docs/internals.md @@ -18,14 +18,13 @@ red labels indicate corresponding configuration options. It runs on a host with a stable kernel which does not experience white-noise fuzzer load. -`syz-manager` starts `syz-fuzzer` processes (one inside each VM). -`syz-fuzzer`s comminucate with `syz-manager` over RPC to receive the programs +`syz-manager` starts `syz-executor` processes (one inside each VM). +`syz-executor`s comminucate with `syz-manager` over RPC to receive the programs that must be executed and to report back the results (error statuses, collected coverage, etc.). -To execute programs, `syz-fuzzer` starts transient `syz-executor` processes. +To execute programs, `syz-executor` starts transient subprocesses. -Each `syz-executor` process executes a single input (a sequence of syscalls). -It accepts the program to execute from the `syz-fuzzer` process and sends results back. +Each transient subprocess executes a single input (a sequence of syscalls). It is designed to be as simple as possible (to not interfere with fuzzing process), written in C++, compiled as static binary and uses shared memory for communication. diff --git a/docs/setup_syzbot.md b/docs/setup_syzbot.md index 060efcc6d..b6c05b00b 100644 --- a/docs/setup_syzbot.md +++ b/docs/setup_syzbot.md @@ -4,7 +4,9 @@ This doc will be useful to you: - should you wish to hack on user interface bits like the dashboard / mailing list integration or - should you wish to continuously run a separate syzbot dashboard for your own kernels -Note: For most development purposes you don't need a full syzbot setup. The meat of syzkaller is really located in syz-manager, syz-fuzzer and syz-executor. You can run syz-manager directly which is usually what you will want to do during fuzzer development. [See this documentation for syz-manager setup instructions](setup.md). +Note: For most development purposes you don't need a full syzbot setup. The meat of syzkaller is really located +in syz-manager and syz-executor. You can run syz-manager directly which is usually what you will want to do during +fuzzer development. [See this documentation for syz-manager setup instructions](setup.md). This doc assumes that you: - have a GCP account and billing setup @@ -366,4 +368,4 @@ sudo journalctl -fu syz-ci ``` gcloud app browse --project=$PROJECT ``` -Once syzkaller finds the first crashes they should show up here. This might take a while. \ No newline at end of file +Once syzkaller finds the first crashes they should show up here. This might take a while. diff --git a/docs/syz_verifier.md b/docs/syz_verifier.md index f2a1437a9..798965cef 100644 --- a/docs/syz_verifier.md +++ b/docs/syz_verifier.md @@ -107,10 +107,3 @@ ERRNO mismatches found for program: The order of the results is given by the order in which configuration files were passed so `Pool: 0 ` reports results for the kernel created using `kernel0.cfg` and so on. - -The [Flags](/pkg/ipc/ipc.go#L82) can be used to determine the state reached by -the system call: -* `0` = syscall not even started -* `1` = syscall started -* `3` = syscall finished executing -* `7` = syscall blocked diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 7b1d77b51..930adbc04 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -3,11 +3,11 @@ Here are some things to check if there are problems running syzkaller. - Use the `-debug` command line option to make syzkaller print all possible debug output, - from both the `syz-manager` top-level program and the `syz-fuzzer` instances. With this option - syzkaller will only run one VM instance. + from both the `syz-manager` top-level program and the `syz-executor` instances. + With this option syzkaller will only run one VM instance. - Use the `-vv N` command line option to increase the amount of logging output, from both - the `syz-manager` top-level program and the `syz-fuzzer` instances (which go to the + the `syz-manager` top-level program and the `syz-executor` instances (which go to the output files in the `crashes` subdirectory of the working directory). Higher values of N give more output. -- cgit mrf-deployment