From baa5c8e247d411a8546a0a89733e0823aae5e47f Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Fri, 4 Jan 2019 19:56:16 +0100 Subject: fuzzer: speed up syscall support detection Right now syz-fuzzer does a search through /proc/kallsyms for each syscall to check whether it's supported. Do one search instead and save the results to a map. This speeds up syscall detection ~60 times when testing arm64 kernel on x86. Also add another search pattern for arm64 and add some logging. --- pkg/host/host_linux.go | 43 +++++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 12 deletions(-) (limited to 'pkg/host/host_linux.go') diff --git a/pkg/host/host_linux.go b/pkg/host/host_linux.go index 3523605c7..eb792a70b 100644 --- a/pkg/host/host_linux.go +++ b/pkg/host/host_linux.go @@ -9,6 +9,7 @@ import ( "io/ioutil" "os" "os/exec" + "regexp" "runtime" "strconv" "strings" @@ -17,12 +18,14 @@ import ( "time" "unsafe" + "github.com/google/syzkaller/pkg/log" "github.com/google/syzkaller/pkg/osutil" "github.com/google/syzkaller/prog" "github.com/google/syzkaller/sys/linux" ) -func isSupported(c *prog.Syscall, sandbox string) (bool, string) { +func isSupported(c *prog.Syscall, target *prog.Target, sandbox string) (bool, string) { + log.Logf(2, "checking support for %v", c.Name) if strings.HasPrefix(c.CallName, "syz_") { return isSupportedSyzkall(sandbox, c) } @@ -52,23 +55,39 @@ func isSupported(c *prog.Syscall, sandbox string) (bool, string) { // Kallsyms seems to be the most reliable and fast. That's what we use first. // If kallsyms is not present, we fallback to execution of syscalls. kallsymsOnce.Do(func() { - kallsyms, _ = ioutil.ReadFile("/proc/kallsyms") + kallsyms, _ := ioutil.ReadFile("/proc/kallsyms") + if len(kallsyms) == 0 { + return + } + var re *regexp.Regexp + switch target.Arch { + case "386", "amd64": + re = regexp.MustCompile(` T (sys|ksys|__ia32|__x64)_([^\n]+)\n`) + case "arm64": + re = regexp.MustCompile(` T (sys|ksys|__arm64)_([^\n]+)\n`) + default: + panic("unsupported arch for kallsyms parsing") + } + matches := re.FindAllSubmatch(kallsyms, -1) + for _, m := range matches { + name := string(m[2]) + log.Logf(2, "found in kallsyms: %v", name) + kallsymsSyscallSet[name] = true + } }) - if !testFallback && len(kallsyms) != 0 { - return isSupportedKallsyms(c) + if !testFallback && len(kallsymsSyscallSet) != 0 { + r, v := isSupportedKallsyms(c) + return r, v } return isSupportedTrial(c) } func isSupportedKallsyms(c *prog.Syscall) (bool, string) { name := c.CallName - if newname := kallsymsMap[name]; newname != "" { + if newname := kallsymsRenameMap[name]; newname != "" { name = newname } - if !bytes.Contains(kallsyms, []byte(" T sys_"+name+"\n")) && - !bytes.Contains(kallsyms, []byte(" T ksys_"+name+"\n")) && - !bytes.Contains(kallsyms, []byte(" T __ia32_sys_"+name+"\n")) && - !bytes.Contains(kallsyms, []byte(" T __x64_sys_"+name+"\n")) { + if !kallsymsSyscallSet[name] { return false, fmt.Sprintf("sys_%v is not present in /proc/kallsyms", name) } return true, "" @@ -114,9 +133,9 @@ func init() { // umount2 is renamed to umount in arch/x86/entry/syscalls/syscall_64.tbl. // Where umount is renamed to oldumount is unclear. var ( - kallsyms []byte - kallsymsOnce sync.Once - kallsymsMap = map[string]string{ + kallsymsOnce sync.Once + kallsymsSyscallSet = make(map[string]bool) + kallsymsRenameMap = map[string]string{ "umount": "oldumount", "umount2": "umount", } -- cgit mrf-deployment