From b318694d0fc0781d0bc1e3aebfb916aa36731024 Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Thu, 26 Aug 2021 14:34:47 +0000 Subject: executor: fix remote coverage collection Currently the data_offset field of cover_t is only initialized for per-syscall coverage collection. As a result, remote coverage is read from an invalid location, fails to pass sanity checks and is not returned to syzkaller. Fix the initialization of cover_t fields. --- executor/executor.cc | 2 -- executor/executor_bsd.h | 2 ++ executor/executor_linux.h | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) (limited to 'executor') diff --git a/executor/executor.cc b/executor/executor.cc index 254a5d74a..e35e48189 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -1113,8 +1113,6 @@ void thread_create(thread_t* th, int id) th->created = true; th->id = id; th->executing = false; - th->cov.data_offset = is_kernel_64_bit ? sizeof(uint64_t) : sizeof(uint32_t); - th->cov.pc_offset = 0; event_init(&th->ready); event_init(&th->done); event_set(&th->done); diff --git a/executor/executor_bsd.h b/executor/executor_bsd.h index 2750fe3b7..873d6c906 100644 --- a/executor/executor_bsd.h +++ b/executor/executor_bsd.h @@ -99,6 +99,8 @@ static void cover_open(cover_t* cov, bool extra) fail("cover mmap failed"); cov->data = (char*)mmap_ptr; cov->data_end = cov->data + mmap_alloc_size; + cov->data_offset = is_kernel_64_bit ? sizeof(uint64_t) : sizeof(uint32_t); + cov->pc_offset = 0; } static void cover_protect(cover_t* cov) diff --git a/executor/executor_linux.h b/executor/executor_linux.h index 3a0620fcd..ed3cbafb3 100644 --- a/executor/executor_linux.h +++ b/executor/executor_linux.h @@ -91,6 +91,8 @@ static void cover_open(cover_t* cov, bool extra) if (cov->data == MAP_FAILED) fail("cover mmap failed"); cov->data_end = cov->data + mmap_alloc_size; + cov->data_offset = is_kernel_64_bit ? sizeof(uint64_t) : sizeof(uint32_t); + cov->pc_offset = 0; } static void cover_protect(cover_t* cov) -- cgit mrf-deployment