From df655b64ffc2879b80e652329fb7a11508e50310 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Mon, 1 Jul 2024 14:26:07 +0200 Subject: prog: restricts hints to at most 10 attempts per single kernel PC We are getting too many generated candidates, the fuzzer may not keep up with them at all (hints jobs keep growing infinitely). If a hint indeed came from the input w/o transformation, then we should guess it on the first attempt (or at least after few attempts). If it did not come from the input, or came with a non-trivial transformation, then any number of attempts won't help. So limit the total number of attempts (until the next restart). --- pkg/rpcserver/runner.go | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'pkg/rpcserver') diff --git a/pkg/rpcserver/runner.go b/pkg/rpcserver/runner.go index 691a5b5d5..21b270421 100644 --- a/pkg/rpcserver/runner.go +++ b/pkg/rpcserver/runner.go @@ -420,6 +420,15 @@ func (runner *Runner) convertCallInfo(call *flatrpc.CallInfo) { call.Cover = runner.canonicalizer.Canonicalize(call.Cover) call.Signal = runner.canonicalizer.Canonicalize(call.Signal) + call.Comps = slices.DeleteFunc(call.Comps, func(cmp *flatrpc.Comparison) bool { + converted := runner.canonicalizer.Canonicalize([]uint64{cmp.Pc}) + if len(converted) == 0 { + return true + } + cmp.Pc = converted[0] + return false + }) + // Check signal belongs to kernel addresses. // Mismatching addresses can mean either corrupted VM memory, or that the fuzzer somehow // managed to inject output signal. If we see any bogus signal, drop whole signal -- cgit mrf-deployment