From 5c51045d28eb1ad9465a51487d436133ce7b98d2 Mon Sep 17 00:00:00 2001
From: Andrey Konovalov <andreyknvl@google.com>
Date: Fri, 5 Apr 2019 18:44:53 +0200
Subject: all: add optional close_fds feature to reproducers

Instead of always closing open fds (number 3 to 30) after each program,
add an options called EnableCloseFds. It can be passed to syz-execprog,
syz-prog2c and syz-stress via the -enable and -disable flags. Set the
default value to true. Also minimize C repros over it, except for when
repeat is enabled.
---
 executor/common.h       | 14 ++++++++++++--
 executor/common_linux.h | 12 ++++++++++--
 executor/executor.cc    |  6 ++++++
 3 files changed, 28 insertions(+), 4 deletions(-)

(limited to 'executor')

diff --git a/executor/common.h b/executor/common.h
index 5f33d3bf5..10e5b960b 100644
--- a/executor/common.h
+++ b/executor/common.h
@@ -483,6 +483,9 @@ again:
 	}
 	for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++)
 		sleep_ms(1);
+#if SYZ_HAVE_CLOSE_FDS
+	close_fds();
+#endif
 #if SYZ_COLLIDE
 	if (!collide) {
 		collide = 1;
@@ -571,8 +574,8 @@ static void loop(void)
 			close(kOutPipeFd);
 #endif
 			execute_one();
-#if SYZ_HAVE_RESET_TEST
-			reset_test();
+#if SYZ_HAVE_CLOSE_FDS && !SYZ_THREADED
+			close_fds();
 #endif
 			doexit(0);
 #endif
@@ -659,6 +662,9 @@ void loop(void)
 #endif
 {
 	/*SYSCALLS*/
+#if SYZ_HAVE_CLOSE_FDS && !SYZ_THREADED && !SYZ_REPEAT
+	close_fds();
+#endif
 }
 #endif
 
@@ -690,6 +696,10 @@ int main(void)
 			use_temporary_dir();
 #endif
 			/*SANDBOX_FUNC*/
+#if SYZ_HAVE_CLOSE_FDS && !SYZ_THREADED && !SYZ_REPEAT && !SYZ_SANDBOX_NONE && \
+    !SYZ_SANDBOX_SETUID && !SYZ_SANDBOX_NAMESPACE && !SYZ_SANDBOX_ANDROID_UNTRUSTED_APP
+			close_fds();
+#endif
 #if SYZ_PROCS
 		}
 	}
diff --git a/executor/common_linux.h b/executor/common_linux.h
index b84955577..0fd7a1582 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -2612,12 +2612,20 @@ static void setup_test()
 	flush_tun();
 #endif
 }
+#endif
 
-#define SYZ_HAVE_RESET_TEST 1
-static void reset_test()
+#if SYZ_EXECUTOR || SYZ_ENABLE_CLOSE_FDS
+#define SYZ_HAVE_CLOSE_FDS 1
+static void close_fds()
 {
+#if SYZ_EXECUTOR
+	if (!flag_enable_close_fds)
+		return;
+#endif
 	// Keeping a 9p transport pipe open will hang the proccess dead,
 	// so close all opened file descriptors.
+	// Also close all USB emulation descriptors to trigger exit from USB
+	// event loop to collect coverage.
 	int fd;
 	for (fd = 3; fd < 30; fd++)
 		close(fd);
diff --git a/executor/executor.cc b/executor/executor.cc
index f1f6ba294..bbbb2da31 100644
--- a/executor/executor.cc
+++ b/executor/executor.cc
@@ -119,6 +119,7 @@ static bool flag_enable_net_dev;
 static bool flag_enable_net_reset;
 static bool flag_enable_cgroups;
 static bool flag_enable_binfmt_misc;
+static bool flag_enable_close_fds;
 
 static bool flag_collect_cover;
 static bool flag_dedup_cover;
@@ -454,6 +455,7 @@ void parse_env_flags(uint64 flags)
 	flag_enable_net_reset = flags & (1 << 9);
 	flag_enable_cgroups = flags & (1 << 10);
 	flag_enable_binfmt_misc = flags & (1 << 11);
+	flag_enable_close_fds = flags & (1 << 12);
 }
 
 #if SYZ_EXECUTOR_USES_FORK_SERVER
@@ -732,6 +734,10 @@ retry:
 		}
 	}
 
+#if SYZ_HAVE_CLOSE_FDS
+	close_fds();
+#endif
+
 	if (flag_collide && !flag_inject_fault && !colliding && !collide) {
 		debug("enabling collider\n");
 		collide = colliding = true;
-- 
cgit mrf-deployment