From 25e10a043498087f9427f0698b341d051c310fc4 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 31 Jan 2019 10:57:46 +0100
Subject: executor: remove ability to detect kernel bugs

This ability was never used but we maintain a bunch of code for it.
syzkaller also recently learned to spoof this error code
with some ptrace magic (probably intercepted control flow again
and exploited executor binary).
Drop all of it.
---
 pkg/csource/csource.go               |  1 -
 pkg/csource/generated.go             |  2 --
 pkg/ipc/ipc.go                       | 14 ++++----------
 pkg/ipc/ipc_test.go                  | 11 ++---------
 pkg/report/linux.go                  |  5 -----
 pkg/report/testdata/linux/report/128 |  3 ---
 pkg/runtest/run.go                   |  7 +------
 7 files changed, 7 insertions(+), 36 deletions(-)
 delete mode 100644 pkg/report/testdata/linux/report/128

(limited to 'pkg')

diff --git a/pkg/csource/csource.go b/pkg/csource/csource.go
index c9ebce62f..bcb40472a 100644
--- a/pkg/csource/csource.go
+++ b/pkg/csource/csource.go
@@ -422,7 +422,6 @@ func (ctx *context) postProcess(result []byte) []byte {
 	result = regexp.MustCompile(`\t*debug_dump_data\((.*\n)*?.*\);\n`).ReplaceAll(result, nil)
 	result = regexp.MustCompile(`\t*exitf\((.*\n)*?.*\);\n`).ReplaceAll(result, []byte("\texit(1);\n"))
 	result = regexp.MustCompile(`\t*fail\((.*\n)*?.*\);\n`).ReplaceAll(result, []byte("\texit(1);\n"))
-	result = regexp.MustCompile(`\t*error\((.*\n)*?.*\);\n`).ReplaceAll(result, []byte("\texit(1);\n"))
 
 	result = ctx.hoistIncludes(result)
 	result = ctx.removeEmptyLines(result)
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index b8ba20bc2..5a402b66f 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -4666,8 +4666,6 @@ static void loop(void)
 		status = WEXITSTATUS(status);
 		if (status == kFailStatus)
 			fail("child failed");
-		if (status == kErrorStatus)
-			error("child errored");
 		reply_execute(0);
 #endif
 #if SYZ_EXECUTOR || SYZ_USE_TMP_DIR
diff --git a/pkg/ipc/ipc.go b/pkg/ipc/ipc.go
index ca0f5ac32..877fe5c06 100644
--- a/pkg/ipc/ipc.go
+++ b/pkg/ipc/ipc.go
@@ -121,7 +121,6 @@ const (
 	outputSize = 16 << 20
 
 	statusFail  = 67
-	statusError = 68
 	statusRetry = 69
 
 	// Comparison types masks taken from KCOV headers.
@@ -248,10 +247,9 @@ var rateLimit = time.NewTicker(1 * time.Second)
 // Exec starts executor binary to execute program p and returns information about the execution:
 // output: process output
 // info: per-call info
-// failed: true if executor has detected a kernel bug
 // hanged: program hanged and was killed
-// err0: failed to start process, or executor has detected a logical error
-func (env *Env) Exec(opts *ExecOpts, p *prog.Prog) (output []byte, info *ProgInfo, failed, hanged bool, err0 error) {
+// err0: failed to start the process or bug in executor itself
+func (env *Env) Exec(opts *ExecOpts, p *prog.Prog) (output []byte, info *ProgInfo, hanged bool, err0 error) {
 	// Copy-in serialized program.
 	progSize, err := p.SerializeForExec(env.in)
 	if err != nil {
@@ -282,7 +280,7 @@ func (env *Env) Exec(opts *ExecOpts, p *prog.Prog) (output []byte, info *ProgInf
 		}
 	}
 	var restart bool
-	output, failed, hanged, restart, err0 = env.cmd.exec(opts, progData)
+	output, hanged, restart, err0 = env.cmd.exec(opts, progData)
 	if err0 != nil {
 		env.cmd.close()
 		env.cmd = nil
@@ -717,8 +715,7 @@ func (c *command) wait() error {
 	return err
 }
 
-func (c *command) exec(opts *ExecOpts, progData []byte) (output []byte, failed, hanged,
-	restart bool, err0 error) {
+func (c *command) exec(opts *ExecOpts, progData []byte) (output []byte, hanged, restart bool, err0 error) {
 	req := &executeReq{
 		magic:     inMagic,
 		envFlags:  uint64(c.config.Flags),
@@ -812,9 +809,6 @@ func (c *command) exec(opts *ExecOpts, progData []byte) (output []byte, failed,
 	switch exitStatus {
 	case statusFail:
 		err0 = ExecutorFailure(fmt.Sprintf("executor %v: failed: %s", c.pid, output))
-	case statusError:
-		err0 = fmt.Errorf("executor %v: detected kernel bug", c.pid)
-		failed = true
 	case statusRetry:
 		// This is a temporal error (ENOMEM) or an unfortunate
 		// program that messes with testing setup (e.g. kills executor
diff --git a/pkg/ipc/ipc_test.go b/pkg/ipc/ipc_test.go
index d168a2535..8d0ca7ff5 100644
--- a/pkg/ipc/ipc_test.go
+++ b/pkg/ipc/ipc_test.go
@@ -96,16 +96,13 @@ func TestExecute(t *testing.T) {
 			opts := &ExecOpts{
 				Flags: flag,
 			}
-			output, info, failed, hanged, err := env.Exec(opts, p)
+			output, info, hanged, err := env.Exec(opts, p)
 			if err != nil {
 				t.Fatalf("failed to run executor: %v", err)
 			}
 			if hanged {
 				t.Fatalf("program hanged:\n%s", output)
 			}
-			if failed {
-				t.Fatalf("program failed:\n%s", output)
-			}
 			if len(info.Calls) == 0 {
 				t.Fatalf("no calls executed:\n%s", output)
 			}
@@ -142,7 +139,7 @@ func TestParallel(t *testing.T) {
 			}()
 			p := target.GenerateSimpleProg()
 			opts := &ExecOpts{}
-			output, info, failed, hanged, err := env.Exec(opts, p)
+			output, info, hanged, err := env.Exec(opts, p)
 			if err != nil {
 				err = fmt.Errorf("failed to run executor: %v", err)
 				return
@@ -151,10 +148,6 @@ func TestParallel(t *testing.T) {
 				err = fmt.Errorf("program hanged:\n%s", output)
 				return
 			}
-			if failed {
-				err = fmt.Errorf("program failed:\n%s", output)
-				return
-			}
 			if len(info.Calls) == 0 {
 				err = fmt.Errorf("no calls executed:\n%s", output)
 				return
diff --git a/pkg/report/linux.go b/pkg/report/linux.go
index c35f689bf..fcf75d488 100644
--- a/pkg/report/linux.go
+++ b/pkg/report/linux.go
@@ -943,11 +943,6 @@ var linuxOopses = []*oops{
 				fmt:          "BUG: workqueue leaked lock or atomic in %[1]v",
 				noStackTrace: true,
 			},
-			{
-				title:        compile("BUG: executor-detected bug"),
-				fmt:          "BUG: executor-detected bug",
-				noStackTrace: true,
-			},
 			{
 				title: compile("BUG: memory leak"),
 				fmt:   MemoryLeakPrefix + "%[1]v",
diff --git a/pkg/report/testdata/linux/report/128 b/pkg/report/testdata/linux/report/128
deleted file mode 100644
index bc9f2c9b6..000000000
--- a/pkg/report/testdata/linux/report/128
+++ /dev/null
@@ -1,3 +0,0 @@
-TITLE: BUG: executor-detected bug
-
-BUG: executor-detected bug
\ No newline at end of file
diff --git a/pkg/runtest/run.go b/pkg/runtest/run.go
index 043019d81..de5061539 100644
--- a/pkg/runtest/run.go
+++ b/pkg/runtest/run.go
@@ -511,17 +511,12 @@ func RunTest(req *RunRequest, executor string) {
 	}
 	defer env.Close()
 	for run := 0; run < req.Repeat; run++ {
-		output, info, failed, hanged, err := env.Exec(req.Opts, req.P)
+		output, info, hanged, err := env.Exec(req.Opts, req.P)
 		req.Output = append(req.Output, output...)
 		if err != nil {
 			req.Err = fmt.Errorf("run %v: failed to run: %v", run, err)
 			return
 		}
-		if failed {
-			req.Err = fmt.Errorf("run %v: failed", run)
-			return
-		}
-
 		if hanged {
 			req.Err = fmt.Errorf("run %v: hanged", run)
 			return
-- 
cgit mrf-deployment