From 25e10a043498087f9427f0698b341d051c310fc4 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Thu, 31 Jan 2019 10:57:46 +0100 Subject: executor: remove ability to detect kernel bugs This ability was never used but we maintain a bunch of code for it. syzkaller also recently learned to spoof this error code with some ptrace magic (probably intercepted control flow again and exploited executor binary). Drop all of it. --- executor/common.h | 4 +--- executor/executor.cc | 17 +---------------- 2 files changed, 2 insertions(+), 19 deletions(-) (limited to 'executor') diff --git a/executor/common.h b/executor/common.h index dc1276cf9..cf4a204fc 100644 --- a/executor/common.h +++ b/executor/common.h @@ -7,7 +7,7 @@ // - includes are hoisted to the top and deduplicated // - comments and empty lines are stripped // - NORETURN/PRINTF/debug are removed -// - exitf/failf/fail are replaced with exit +// - exitf/fail are replaced with exit // - uintN types are replaced with uintN_t // - [[FOO]] placeholders are replaced by actual values @@ -614,8 +614,6 @@ static void loop(void) status = WEXITSTATUS(status); if (status == kFailStatus) fail("child failed"); - if (status == kErrorStatus) - error("child errored"); reply_execute(0); #endif #if SYZ_EXECUTOR || SYZ_USE_TMP_DIR diff --git a/executor/executor.cc b/executor/executor.cc index d1d1f2694..798cae71e 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -60,12 +60,9 @@ const int kMaxArgs = 9; const int kCoverSize = 256 << 10; const int kFailStatus = 67; const int kRetryStatus = 69; -const int kErrorStatus = 68; // Logical error (e.g. invalid input program), use as an assert() alternative. static NORETURN PRINTF(1, 2) void fail(const char* msg, ...); -// Kernel error (e.g. wrong syscall return value). -NORETURN PRINTF(1, 2) void error(const char* msg, ...); // Just exit (e.g. due to temporal ENOMEM error). static NORETURN PRINTF(1, 2) void exitf(const char* msg, ...); static NORETURN void doexit(int status); @@ -404,7 +401,7 @@ int main(int argc, char** argv) } #if SYZ_EXECUTOR_USES_FORK_SERVER // Other statuses happen when fuzzer processes manages to kill loop. - if (status != kFailStatus && status != kErrorStatus) + if (status != kFailStatus) status = kRetryStatus; // If an external sandbox process wraps executor, the out pipe will be closed // before the sandbox process exits this will make ipc package kill the sandbox. @@ -415,8 +412,6 @@ int main(int argc, char** argv) errno = 0; if (status == kFailStatus) fail("loop failed"); - if (status == kErrorStatus) - error("loop errored"); // Loop can be killed by a test process with e.g.: // ptrace(PTRACE_SEIZE, 1, 0, 0x100040) // This is unfortunate, but I don't have a better solution than ignoring it for now. @@ -1353,16 +1348,6 @@ void fail(const char* msg, ...) doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } -void error(const char* msg, ...) -{ - va_list args; - va_start(args, msg); - vfprintf(stderr, msg, args); - va_end(args); - fprintf(stderr, "\n"); - doexit(kErrorStatus); -} - void exitf(const char* msg, ...) { int e = errno; -- cgit mrf-deployment