From 7d7c9c550f5d83c652719be31a350a9f8f306b3c Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Wed, 17 May 2017 20:20:23 +0200 Subject: csource: add EnableTun option --- executor/executor.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'executor/executor.cc') diff --git a/executor/executor.cc b/executor/executor.cc index 044410792..800ac932e 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -31,6 +31,7 @@ #include "syscalls.h" #define SYZ_EXECUTOR +#define SYZ_TUN_ENABLE #include "common.h" #define KCOV_INIT_TRACE _IOR('c', 1, unsigned long long) -- cgit mrf-deployment From e7366c123e8e62cab5e70998b56e832c77178a59 Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Wed, 17 May 2017 20:35:50 +0200 Subject: executor: split setup_main_process into smaller functions --- csource/common.go | 36 +++++++++++++++++------------------- csource/csource.go | 9 ++++++--- executor/common.h | 43 +++++++++++++++++++++---------------------- executor/executor.cc | 3 ++- 4 files changed, 46 insertions(+), 45 deletions(-) (limited to 'executor/executor.cc') diff --git a/csource/common.go b/csource/common.go index 8146de3f4..048df6f52 100644 --- a/csource/common.go +++ b/csource/common.go @@ -137,6 +137,12 @@ static void segv_handler(int sig, siginfo_t* info, void* uctx) static void install_segv_handler() { struct sigaction sa; + + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = SIG_IGN; + syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); + syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); + memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; @@ -144,6 +150,17 @@ static void install_segv_handler() sigaction(SIGBUS, &sa, NULL); } +static void use_temporary_dir() { + char tmpdir_template[] = "./syzkaller.XXXXXX"; + char* tmpdir = mkdtemp(tmpdir_template); + if (!tmpdir) + fail("failed to mkdtemp"); + if (chmod(tmpdir, 0777)) + fail("failed to chmod"); + if (chdir(tmpdir)) + fail("failed to chdir"); +} + #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ @@ -1524,25 +1541,6 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a } } -static void setup_main_process() -{ - struct sigaction sa; - memset(&sa, 0, sizeof(sa)); - sa.sa_handler = SIG_IGN; - syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); - syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); - install_segv_handler(); - - char tmpdir_template[] = "./syzkaller.XXXXXX"; - char* tmpdir = mkdtemp(tmpdir_template); - if (!tmpdir) - fail("failed to mkdtemp"); - if (chmod(tmpdir, 0777)) - fail("failed to chmod"); - if (chdir(tmpdir)) - fail("failed to chdir"); -} - static void loop(); static void sandbox_common() diff --git a/csource/csource.go b/csource/csource.go index cc4d0d944..b41c5ca11 100644 --- a/csource/csource.go +++ b/csource/csource.go @@ -74,7 +74,8 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) { generateTestFunc(w, opts, calls, "loop") fmt.Fprint(w, "int main()\n{\n") - fmt.Fprintf(w, "\tsetup_main_process();\n") + fmt.Fprintf(w, "\tinstall_segv_handler();\n") + fmt.Fprintf(w, "\tuse_temporary_dir();\n") fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun) fmt.Fprint(w, "\tint status = 0;\n") fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n") @@ -83,7 +84,8 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) { generateTestFunc(w, opts, calls, "test") if opts.Procs <= 1 { fmt.Fprint(w, "int main()\n{\n") - fmt.Fprintf(w, "\tsetup_main_process();\n") + fmt.Fprintf(w, "\tinstall_segv_handler();\n") + fmt.Fprintf(w, "\tuse_temporary_dir();\n") fmt.Fprintf(w, "\tint pid = do_sandbox_%v(0, %v);\n", opts.Sandbox, opts.EnableTun) fmt.Fprint(w, "\tint status = 0;\n") fmt.Fprint(w, "\twhile (waitpid(pid, &status, __WALL) != pid) {}\n") @@ -93,7 +95,8 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) { fmt.Fprint(w, "\tint i;") fmt.Fprintf(w, "\tfor (i = 0; i < %v; i++) {\n", opts.Procs) fmt.Fprint(w, "\t\tif (fork() == 0) {\n") - fmt.Fprintf(w, "\t\t\tsetup_main_process();\n") + fmt.Fprintf(w, "\t\t\tinstall_segv_handler();\n") + fmt.Fprintf(w, "\t\t\tuse_temporary_dir();\n") fmt.Fprintf(w, "\t\t\tint pid = do_sandbox_%v(i, %v);\n", opts.Sandbox, opts.EnableTun) fmt.Fprint(w, "\t\t\tint status = 0;\n") fmt.Fprint(w, "\t\t\twhile (waitpid(pid, &status, __WALL) != pid) {}\n") diff --git a/executor/common.h b/executor/common.h index d7b403554..92467dc26 100644 --- a/executor/common.h +++ b/executor/common.h @@ -159,6 +159,15 @@ static void segv_handler(int sig, siginfo_t* info, void* uctx) static void install_segv_handler() { struct sigaction sa; + + // Don't need that SIGCANCEL/SIGSETXID glibc stuff. + // SIGCANCEL sent to main thread causes it to exit + // without bringing down the whole group. + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = SIG_IGN; + syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); + syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); + memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; @@ -166,6 +175,18 @@ static void install_segv_handler() sigaction(SIGBUS, &sa, NULL); } +static void use_temporary_dir() +{ + char tmpdir_template[] = "./syzkaller.XXXXXX"; + char* tmpdir = mkdtemp(tmpdir_template); + if (!tmpdir) + fail("failed to mkdtemp"); + if (chmod(tmpdir, 0777)) + fail("failed to chmod"); + if (chdir(tmpdir)) + fail("failed to chdir"); +} + #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ @@ -616,28 +637,6 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a } } -static void setup_main_process() -{ - // Don't need that SIGCANCEL/SIGSETXID glibc stuff. - // SIGCANCEL sent to main thread causes it to exit - // without bringing down the whole group. - struct sigaction sa; - memset(&sa, 0, sizeof(sa)); - sa.sa_handler = SIG_IGN; - syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); - syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); - install_segv_handler(); - - char tmpdir_template[] = "./syzkaller.XXXXXX"; - char* tmpdir = mkdtemp(tmpdir_template); - if (!tmpdir) - fail("failed to mkdtemp"); - if (chmod(tmpdir, 0777)) - fail("failed to chmod"); - if (chdir(tmpdir)) - fail("failed to chdir"); -} - static void loop(); static void sandbox_common() diff --git a/executor/executor.cc b/executor/executor.cc index 800ac932e..04624cdc8 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -186,7 +186,8 @@ int main(int argc, char** argv) uint64_t executor_pid = *((uint64_t*)input_data + 1); cover_open(); - setup_main_process(); + install_segv_handler(); + use_temporary_dir(); int pid = -1; switch (flag_sandbox) { -- cgit mrf-deployment From acae98dc5463f8aaa13013aab1aa80509d800fb7 Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Thu, 18 May 2017 14:36:53 +0200 Subject: executor: don't define SYZ_ENABLE_TUN in executor --- csource/common.go | 22 +++++++++++----------- executor/common.h | 32 ++++++++++++++++---------------- executor/executor.cc | 1 - 3 files changed, 27 insertions(+), 28 deletions(-) (limited to 'executor/executor.cc') diff --git a/csource/common.go b/csource/common.go index 8fa531598..b748a555a 100644 --- a/csource/common.go +++ b/csource/common.go @@ -187,7 +187,7 @@ static void use_temporary_dir() *(type*)(addr) = new_val; \ } -#ifdef SYZ_TUN_ENABLE +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) static void vsnprintf_check(char* str, size_t size, const char* format, va_list args) { int rv; @@ -319,7 +319,7 @@ void debug_dump_data(const char* data, int length) } #endif -#if (defined(__NR_syz_emit_ethernet) && defined(SYZ_TUN_ENABLE)) || defined(__NR_syz_test) +#if defined(SYZ_EXECUTOR) || (defined(__NR_syz_emit_ethernet) && defined(SYZ_TUN_ENABLE)) || defined(__NR_syz_test) struct csum_inet { uint32_t acc; }; @@ -351,7 +351,7 @@ uint16_t csum_inet_digest(struct csum_inet* csum) } #endif -#if defined(__NR_syz_emit_ethernet) && defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || (defined(__NR_syz_emit_ethernet) && defined(SYZ_TUN_ENABLE)) static uintptr_t syz_emit_ethernet(uintptr_t a0, uintptr_t a1) { @@ -365,7 +365,7 @@ static uintptr_t syz_emit_ethernet(uintptr_t a0, uintptr_t a1) } #endif -#if (defined(SYZ_EXECUTOR) || defined(SYZ_REPEAT)) && defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_TUN_ENABLE)) void flush_tun() { char data[SYZ_TUN_MAX_PACKET_SIZE]; @@ -374,7 +374,7 @@ void flush_tun() } #endif -#if defined(__NR_syz_extract_tcp_res) && defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || (defined(__NR_syz_extract_tcp_res) && defined(SYZ_TUN_ENABLE)) struct ipv6hdr { __u8 priority : 4, version : 4; @@ -1523,7 +1523,7 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a #endif #if defined(__NR_syz_emit_ethernet) case __NR_syz_emit_ethernet: -#if defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) return syz_emit_ethernet(a0, a1); #else return 0; @@ -1531,7 +1531,7 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a #endif #if defined(__NR_syz_extract_tcp_res) case __NR_syz_extract_tcp_res: -#if defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) return syz_extract_tcp_res(a0, a1, a2); #else return 0; @@ -1575,7 +1575,7 @@ static int do_sandbox_none(int executor_pid, bool enable_tun) return pid; sandbox_common(); -#ifdef SYZ_TUN_ENABLE +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) setup_tun(executor_pid, enable_tun); #endif @@ -1592,7 +1592,7 @@ static int do_sandbox_setuid(int executor_pid, bool enable_tun) return pid; sandbox_common(); -#ifdef SYZ_TUN_ENABLE +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) setup_tun(executor_pid, enable_tun); #endif @@ -1651,7 +1651,7 @@ static int namespace_sandbox_proc(void* arg) if (!write_file("/proc/self/gid_map", "0 %d 1\n", real_gid)) fail("write of /proc/self/gid_map failed"); -#ifdef SYZ_TUN_ENABLE +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) setup_tun(epid, etun); #endif @@ -1832,7 +1832,7 @@ void loop() setpgrp(); if (chdir(cwdbuf)) fail("failed to chdir"); -#if defined(SYZ_TUN_ENABLE) +#ifdef SYZ_TUN_ENABLE flush_tun(); #endif test(); diff --git a/executor/common.h b/executor/common.h index 99c3fb9f3..5041aaf7b 100644 --- a/executor/common.h +++ b/executor/common.h @@ -212,7 +212,7 @@ static void use_temporary_dir() *(type*)(addr) = new_val; \ } -#ifdef SYZ_TUN_ENABLE +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) static void vsnprintf_check(char* str, size_t size, const char* format, va_list args) { int rv; @@ -348,9 +348,9 @@ void debug_dump_data(const char* data, int length) if (i % 16 != 0) debug("\n"); } -#endif // SYZ_TUN_ENABLE +#endif -#if (defined(__NR_syz_emit_ethernet) && defined(SYZ_TUN_ENABLE)) || defined(__NR_syz_test) +#if defined(SYZ_EXECUTOR) || (defined(__NR_syz_emit_ethernet) && defined(SYZ_TUN_ENABLE)) || defined(__NR_syz_test) struct csum_inet { uint32_t acc; }; @@ -382,7 +382,7 @@ uint16_t csum_inet_digest(struct csum_inet* csum) } #endif -#if defined(__NR_syz_emit_ethernet) && defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || (defined(__NR_syz_emit_ethernet) && defined(SYZ_TUN_ENABLE)) static uintptr_t syz_emit_ethernet(uintptr_t a0, uintptr_t a1) { // syz_emit_ethernet(len len[packet], packet ptr[in, eth_packet]) @@ -397,7 +397,7 @@ static uintptr_t syz_emit_ethernet(uintptr_t a0, uintptr_t a1) } #endif -#if (defined(SYZ_EXECUTOR) || defined(SYZ_REPEAT)) && defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_TUN_ENABLE)) void flush_tun() { char data[SYZ_TUN_MAX_PACKET_SIZE]; @@ -406,7 +406,7 @@ void flush_tun() } #endif -#if defined(__NR_syz_extract_tcp_res) && defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || (defined(__NR_syz_extract_tcp_res) && defined(SYZ_TUN_ENABLE)) // Can't include , since it causes // conflicts due to some structs redefinition. struct ipv6hdr { @@ -618,20 +618,20 @@ static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a #endif #if defined(__NR_syz_emit_ethernet) case __NR_syz_emit_ethernet: -#if defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) return syz_emit_ethernet(a0, a1); #else return 0; -#endif // defined(SYZ_TUN_ENABLE) -#endif // defined(__NR_syz_emit_ethernet) +#endif +#endif #if defined(__NR_syz_extract_tcp_res) case __NR_syz_extract_tcp_res: -#if defined(SYZ_TUN_ENABLE) +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) return syz_extract_tcp_res(a0, a1, a2); #else return 0; -#endif // defined(SYZ_TUN_ENABLE) -#endif // defined(__NR_syz_extract_tcp_res) +#endif +#endif #ifdef __NR_syz_kvm_setup_cpu case __NR_syz_kvm_setup_cpu: return syz_kvm_setup_cpu(a0, a1, a2, a3, a4, a5, a6, a7); @@ -671,7 +671,7 @@ static int do_sandbox_none(int executor_pid, bool enable_tun) return pid; sandbox_common(); -#ifdef SYZ_TUN_ENABLE +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) setup_tun(executor_pid, enable_tun); #endif @@ -688,7 +688,7 @@ static int do_sandbox_setuid(int executor_pid, bool enable_tun) return pid; sandbox_common(); -#ifdef SYZ_TUN_ENABLE +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) setup_tun(executor_pid, enable_tun); #endif @@ -751,7 +751,7 @@ static int namespace_sandbox_proc(void* arg) if (!write_file("/proc/self/gid_map", "0 %d 1\n", real_gid)) fail("write of /proc/self/gid_map failed"); -#ifdef SYZ_TUN_ENABLE +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) // For sandbox namespace we setup tun after initializing uid mapping, // otherwise ip commands fail. setup_tun(epid, etun); @@ -946,7 +946,7 @@ void loop() setpgrp(); if (chdir(cwdbuf)) fail("failed to chdir"); -#if defined(SYZ_TUN_ENABLE) +#ifdef SYZ_TUN_ENABLE flush_tun(); #endif test(); diff --git a/executor/executor.cc b/executor/executor.cc index 04624cdc8..e0280054c 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -31,7 +31,6 @@ #include "syscalls.h" #define SYZ_EXECUTOR -#define SYZ_TUN_ENABLE #include "common.h" #define KCOV_INIT_TRACE _IOR('c', 1, unsigned long long) -- cgit mrf-deployment