From d819d4df2ae41917fefc7f25a0bcb8a7d3573c25 Mon Sep 17 00:00:00 2001 From: Joey Jiao Date: Mon, 1 Jul 2024 10:45:10 +0800 Subject: all: calc kaslr offset and remove kaslr_offset from module addr --- pkg/cover/backend/modules.go | 41 +++++++++++++++++++++++++++++++++++++++++ pkg/cover/report_test.go | 6 +++++- pkg/rpcserver/rpcserver.go | 12 ++++++++++-- 3 files changed, 56 insertions(+), 3 deletions(-) (limited to 'pkg') diff --git a/pkg/cover/backend/modules.go b/pkg/cover/backend/modules.go index c9501d34c..c96d4bd05 100644 --- a/pkg/cover/backend/modules.go +++ b/pkg/cover/backend/modules.go @@ -148,3 +148,44 @@ func searchModuleName(data []byte) string { } return string(data[pos+len(key) : end]) } + +func getKaslrOffset(modules []*KernelModule, pcBase uint64) uint64 { + for _, mod := range modules { + if mod.Name == "" { + return mod.Addr - pcBase + } + } + return 0 +} + +// when CONFIG_RANDOMIZE_BASE=y, pc from kcov already removed kaslr_offset. +func FixModules(localModules, modules []*KernelModule, pcBase uint64) []*KernelModule { + kaslrOffset := getKaslrOffset(modules, pcBase) + var modules1 []*KernelModule + for _, mod := range modules { + size := uint64(0) + path := "" + for _, modA := range localModules { + if modA.Name == mod.Name { + size = modA.Size + path = modA.Path + break + } + } + if path == "" { + continue + } + addr := mod.Addr - kaslrOffset + if mod.Name == "" { + // mod.Addr for core kernel from target is _stext addr + addr = 0 + } + modules1 = append(modules1, &KernelModule{ + Name: mod.Name, + Size: size, + Addr: addr, + Path: path, + }) + } + return modules1 +} diff --git a/pkg/cover/report_test.go b/pkg/cover/report_test.go index 5fad4ebfc..ac0afd6c7 100644 --- a/pkg/cover/report_test.go +++ b/pkg/cover/report_test.go @@ -318,6 +318,10 @@ func generateReport(t *testing.T, target *targets.Target, test *Test) (*reports, }, }, } + modules, err := backend.DiscoverModules(cfg.SysTarget, cfg.KernelObj, cfg.ModuleObj) + if err != nil { + return nil, err + } // Deep copy, as we are going to modify progs. Our test generate multiple reports from the same // test object in parallel. Without copying we have a datarace here. @@ -326,7 +330,7 @@ func generateReport(t *testing.T, target *targets.Target, test *Test) (*reports, progs = append(progs, Prog{Sig: p.Sig, Data: p.Data, PCs: append([]uint64{}, p.PCs...)}) } - rg, err := MakeReportGenerator(cfg, subsystem, nil, false) + rg, err := MakeReportGenerator(cfg, subsystem, modules, false) if err != nil { return nil, err } diff --git a/pkg/rpcserver/rpcserver.go b/pkg/rpcserver/rpcserver.go index 0cb1e05a9..b6b660e6a 100644 --- a/pkg/rpcserver/rpcserver.go +++ b/pkg/rpcserver/rpcserver.go @@ -17,6 +17,7 @@ import ( "time" "github.com/google/syzkaller/pkg/cover" + "github.com/google/syzkaller/pkg/cover/backend" "github.com/google/syzkaller/pkg/flatrpc" "github.com/google/syzkaller/pkg/fuzzer/queue" "github.com/google/syzkaller/pkg/log" @@ -41,7 +42,8 @@ type Config struct { PrintMachineCheck bool Procs int Slowdown int - PCBase uint64 + pcBase uint64 + localModules []*cover.KernelModule } type Manager interface { @@ -86,6 +88,10 @@ func New(cfg *mgrconfig.Config, mgr Manager, debug bool) (*Server, error) { if err != nil { return nil, err } + modules, err := backend.DiscoverModules(cfg.SysTarget, cfg.KernelObj, cfg.ModuleObj) + if err != nil { + return nil, err + } sandbox, err := flatrpc.SandboxToFlags(cfg.Sandbox) if err != nil { return nil, err @@ -114,7 +120,8 @@ func New(cfg *mgrconfig.Config, mgr Manager, debug bool) (*Server, error) { PrintMachineCheck: true, Procs: cfg.Procs, Slowdown: cfg.Timeouts.Slowdown, - PCBase: pcBase, + pcBase: pcBase, + localModules: modules, }, mgr) } @@ -302,6 +309,7 @@ func (serv *Server) handshake(conn *flatrpc.Conn) (string, []byte, *cover.Canoni infoReq.Error = err.Error() } } + modules = backend.FixModules(serv.cfg.localModules, modules, serv.cfg.pcBase) if infoReq.Error != "" { log.Logf(0, "machine check failed: %v", infoReq.Error) serv.checkFailures++ -- cgit mrf-deployment