From 220dc49106d66ff912db835004c88f8c9e2d1707 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Thu, 25 May 2017 16:07:10 +0200 Subject: csource: reproduce crashes with fault injection --- executor/common.h | 33 ++++++++++++++++++++++++++------- executor/executor.cc | 9 +-------- 2 files changed, 27 insertions(+), 15 deletions(-) (limited to 'executor') diff --git a/executor/common.h b/executor/common.h index c32341f57..73a528471 100644 --- a/executor/common.h +++ b/executor/common.h @@ -699,13 +699,7 @@ static int do_sandbox_setuid(int executor_pid, bool enable_tun) } #endif -#if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NAMESPACE) -static int real_uid; -static int real_gid; -static int epid; -static bool etun; -__attribute__((aligned(64 << 10))) static char sandbox_stack[1 << 20]; - +#if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NAMESPACE) || defined(SYZ_FAULT_INJECTION) static bool write_file(const char* file, const char* what, ...) { char buf[1024]; @@ -726,6 +720,14 @@ static bool write_file(const char* file, const char* what, ...) close(fd); return true; } +#endif + +#if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NAMESPACE) +static int real_uid; +static int real_gid; +static int epid; +static bool etun; +__attribute__((aligned(64 << 10))) static char sandbox_stack[1 << 20]; static int namespace_sandbox_proc(void* arg) { @@ -897,6 +899,23 @@ static uint64_t current_time_ms() } #endif +#if defined(SYZ_EXECUTOR) || defined(SYZ_FAULT_INJECTION) +static int inject_fault(int nth) +{ + int fd; + char buf[128]; + + sprintf(buf, "/proc/self/task/%d/fail-nth", (int)syscall(SYS_gettid)); + fd = open(buf, O_RDWR); + if (fd == -1) + fail("failed to open /proc/self/task/tid/fail-nth"); + sprintf(buf, "%d", nth + 1); + if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) + fail("failed to write /proc/self/task/tid/fail-nth"); + return fd; +} +#endif + #if defined(SYZ_REPEAT) static void test(); diff --git a/executor/executor.cc b/executor/executor.cc index bdda612ca..cb31e0697 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -668,14 +668,7 @@ void execute_call(thread_t* th) if (collide) fail("both collide and fault injection are enabled"); debug("injecting fault into %d-th operation\n", flag_fault_nth); - char buf[128]; - sprintf(buf, "/proc/self/task/%d/fail-nth", (int)syscall(SYS_gettid)); - fail_fd = open(buf, O_RDWR); - if (fail_fd == -1) - fail("failed to open /proc/self/task/tid/fail-nth"); - sprintf(buf, "%d", flag_fault_nth + 1); - if (write(fail_fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) - fail("failed to write /proc/self/task/tid/fail-nth"); + fail_fd = inject_fault(flag_fault_nth); } cover_reset(th); -- cgit mrf-deployment