From a3ce1723b2f8f690652d181a96344ab9b1c438a4 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Thu, 2 May 2024 08:12:10 +0200 Subject: pkg/flatrpc: add schema Add schema for manager<->fuzzer communication. We may need to change things when we start to use this, but this serves as a proof of concept that we can express things that we need in flatbuffers. --- pkg/flatrpc/flatrpc.fbs | 208 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 208 insertions(+) create mode 100644 pkg/flatrpc/flatrpc.fbs (limited to 'pkg/flatrpc/flatrpc.fbs') diff --git a/pkg/flatrpc/flatrpc.fbs b/pkg/flatrpc/flatrpc.fbs new file mode 100644 index 000000000..ac57f7425 --- /dev/null +++ b/pkg/flatrpc/flatrpc.fbs @@ -0,0 +1,208 @@ +// Copyright 2024 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +namespace rpc; + +enum Feature : uint64 (bit_flags) { + Coverage, + Comparisons, + ExtraCoverage, + DelayKcovMmap, + SandboxSetuid, + SandboxNamespace, + SandboxAndroid, + Fault, + Leak, + NetInjection, + NetDevices, + KCSAN, + DevlinkPCI, + NicVF, + USBEmulation, + VhciInjection, + WifiEmulation, + LRWPANEmulation, // 802.15.4 standard + BinFmtMisc, + Swap, +} + +table ConnectRequest { + name :string; + arch :string; + git_revision :string; + syz_revision :string; +} + +table ConnectReply { + leak_frames :[string]; + race_frames :[string]; + // Features are forwarded from CheckArgs, if checking was already done. + features :Feature; + // Fuzzer reads these files inside of the VM and returns contents in CheckArgs.Files. + files :[string]; + globs :[string]; +} + +table InfoRequest { + error :string; + features :Feature; + globs :[GlobInfo]; + files :[FileInfo]; +} + +table InfoReply { + cover_filter :[uint32]; +} + +table FileInfo { + name :string; + exists :bool; + error :string; + data :[uint8]; +} + +table GlobInfo { + name :string; + files :[string]; +} + +// Messages sent from the host to the executor. +union HostMessages { + ExecRequest :ExecRequest, + SignalUpdate :SignalUpdate, +} + +table HostMessage { + msg :HostMessages; +} + +// Messages sent from the executor to the host. +union ExecutorMessages { + ExecResult :ExecResult, + Executing :ExecutingMessage, + Stats :StatsMessage, +} + +table ExecutorMessage { + msg :ExecutorMessages; +} + +enum RequestFlag : uint64 (bit_flags) { + // If set, prog_data contains compiled executable binary + // that needs to be written to disk and executed. + IsBinary, + // Return only new signal rather than all signal. + NewSignal, + // If set, fully reset executor state befor executing the test. + ResetState, + // If set, collect program output and return in output field. + ReturnOutput, + // If set, don't fail on program failures, instead return the error in error field. + ReturnError, +} + +// Note: New / changed flags should be added to parse_env_flags in executor.cc. +enum ExecEnv : uint64 (bit_flags) { + Debug, // debug output from executor + Signal, // collect feedback signals (coverage) + SandboxSetuid, // impersonate nobody user + SandboxNamespace, // use namespaces for sandboxing + SandboxAndroid, // use Android sandboxing for the untrusted_app domain + ExtraCover, // collect extra coverage + EnableTun, // setup and use /dev/tun for packet injection + EnableNetDev, // setup more network devices for testing + EnableNetReset, // reset network namespace between programs + EnableCgroups, // setup cgroups for testing + EnableCloseFds, // close fds after each program + EnableDevlinkPCI, // setup devlink PCI device + EnableVhciInjection, // setup and use /dev/vhci for hci packet injection + EnableWifi, // setup and use mac80211_hwsim for wifi emulation + DelayKcovMmap, // manage kcov memory in an optimized way + EnableNicVF, // setup NIC VF device +} + +enum ExecFlag : uint64 (bit_flags) { + CollectSignal, // collect feedback signals + CollectCover, // collect coverage + DedupCover, // deduplicate coverage in executor + CollectComps, // collect KCOV comparisons + Threaded, // use multiple threads to mitigate blocked syscalls + CoverFilter, // setup and use bitmap to do coverage filter +} + +// Request to execute a test program. +table ExecRequest { + id :int64; + prog_data :[uint8]; + flags :RequestFlag; + exec_env :ExecEnv; + exec_flags :ExecFlag; + sandbox_arg :int64; + signal_filter :[uint32]; + signal_filter_call :int32; + // Repeat the program that many times (0 means 1). + repeat :int32; +} + +table SignalUpdate { + new_max :[uint32]; + drop_max :[uint32]; +} + +// Notification from the executor that it started executing the program 'id'. +// We want this request to be as small and as fast as possible b/c we need it +// to reach the host (or at least leave the VM) before the VM crashes +// executing this program. +table ExecutingMessage { + id :int64; + proc_id :int32; + try :int32; +} + +table StatsMessage { + noexec_count :int64; + noexec_duration :int64; +} + +enum CallFlag : uint8 (bit_flags) { + Executed, // was started at all + Finished, // finished executing (rather than blocked forever) + Blocked, // finished but blocked during execution + FaultInjected, // fault was injected into this call +} + +table CallInfo { + flags :CallFlag; + // Call errno (0 if the call was successful). + error :int32; + // Feedback signal, filled if ExecFlag.CollectSignal is set. + signal :[uint32]; + // Code coverage, filled if ExecFlag.CollectCover is set. + // If ExecFlag.DedupCover is set, then duplicates are removed, otherwise it contains a trace. + cover :[uint32]; + // Comparison operands. + comps :[Comparison]; +} + +struct Comparison { + op1 :uint64; + op2 :uint64; +} + +table ProgInfo { + calls :[CallInfo]; + // Contains signal and cover collected from background threads. + extra :CallInfo; + // Total execution time of the program in nanoseconds. + elapsed :uint64; + // Number of programs executed in the same process before this one. + freshness :uint64; +} + +// Result of executing a test program. +table ExecResult { + executing :ExecutingMessage; + output :[uint8]; + error :string; + info :ProgInfo; +} -- cgit mrf-deployment