From d3f75397b75a3bfed0cbb0f54b1c6c584b37c4c2 Mon Sep 17 00:00:00 2001 From: Hrutvik Kanabar Date: Thu, 27 Oct 2022 13:54:17 +0000 Subject: sys/linux: update asset storage for new `syz_mount_image` Asset storage is now significantly simpler: we just take the Base64-encoded, compressed image and output it to a file. There is a slight overhead in that we decompress from the `zlib` format and re-compress to the `gzip` format. This commit removes most of the logic from `init_images.go`, and therefore most of the tests from `init_images_test.go`. We could instead keep this logic around and use it to adapt old-style `syz_mount_image` calls in existing corpuses to match the new format. --- sys/linux/init_images_test.go | 62 ++++++++----------------------------------- 1 file changed, 11 insertions(+), 51 deletions(-) (limited to 'sys/linux/init_images_test.go') diff --git a/sys/linux/init_images_test.go b/sys/linux/init_images_test.go index 1da41276e..c5b93c4be 100644 --- a/sys/linux/init_images_test.go +++ b/sys/linux/init_images_test.go @@ -7,14 +7,12 @@ import ( "flag" "fmt" "io" - "math/rand" "os" "path/filepath" "reflect" "sort" "strings" "testing" - "time" "github.com/google/syzkaller/pkg/osutil" "github.com/google/syzkaller/prog" @@ -22,30 +20,24 @@ import ( ) // nolint: lll + func TestSyzMountImageNeutralize(t *testing.T) { prog.TestDeserializeHelper(t, targets.Linux, targets.AMD64, nil, []prog.DeserializeTest{ { // A valid call, nothing should change. - In: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file0\x00', 0x2220, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="cefaad1bc0210000ff0f0000ffffffffffffffffffffffffffffffff73797a6b616c73797a6b616c00"/64, 0x40, 0x0}, {&(0x7f0000010040)="0200000011000000140000001f22000002000000ed4100000000000001000000020000005ffb19635ffb19635ffb196300"/64, 0x40, 0x200}], 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0)`, + In: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file0\x00', ` + + `0xdeadbeef, 0x15, 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0, ` + + `&(0x7f0000000200)="$eJwqrqzKTszJSS0CBAAA//8TyQPi")`, }, { - // Invalid total size. - In: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file1\x00', 0x20, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="cefaad1bc0210000ff0f0000ffffffffffffffffffffffffffffffff73797a6b616c73797a6b616c00"/64, 0x40, 0x0}, {&(0x7f0000010040)="0200000011000000140000001f22000002000000ed4100000000000001000000020000005ffb19635ffb19635ffb196300"/64, 0x40, 0x200}], 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0)`, + // Invalid compressed size. + In: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file0\x00', ` + + `0xdeadbeef, 0xdeadbeef, 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0, ` + + `&(0x7f0000000200)="$eJwqrqzKTszJSS0CBAAA//8TyQPi")`, // It should be able to fix up the size. - Out: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file1\x00', 0x240, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="cefaad1bc0210000ff0f0000ffffffffffffffffffffffffffffffff73797a6b616c73797a6b616c00"/64, 0x40, 0x0}, {&(0x7f0000010040)="0200000011000000140000001f22000002000000ed4100000000000001000000020000005ffb19635ffb19635ffb196300"/64, 0x40, 0x200}], 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0)`, - }, - { - // Invalid offset. - In: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file1\x00', 0x20, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="cefaad1bc0210000ff0f0000ffffffffffffffffffffffffffffffff73797a6b616c73797a6b616c00"/64, 0x40, 0x0}, {&(0x7f0000010040)="0200000011000000140000001f22000002000000ed4100000000000001000000020000005ffb19635ffb19635ffb196300"/64, 0x40, 0x9100000}], 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0)`, - // The segment is deleted. - Out: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file1\x00', 0x40, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="cefaad1bc0210000ff0f0000ffffffffffffffffffffffffffffffff73797a6b616c73797a6b616c00"/64, 0x40, 0x0}], 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0)`, - StrictErr: `got filtered out`, - }, - { - // Overlapping and unsorted segments. - In: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file0\x00', 0x2220, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="cafef00d"/64, 0x50, 0x20}, {&(0x7f0000010040)="deadbeef"/64, 0x30, 0x10}, {&(0x7f0000010080)="abcdef"/64, 0x40, 0x20}], 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0)`, - Out: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file0\x00', 0x2220, 0x2, &(0x7f0000000200)=[{&(0x7f0000010040)="deadbeef00"/16, 0x10, 0x10}, {&(0x7f0000010000)="cafef00d00"/64, 0x40, 0x20}], 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0)`, - StrictErr: `segments are not sorted`, + Out: `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file0\x00', ` + + `0xdeadbeef, 0x15, 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0, ` + + `&(0x7f0000000200)="$eJwqrqzKTszJSS0CBAAA//8TyQPi")`, }, }) } @@ -120,35 +112,3 @@ func TestExtractSyzMountImage(t *testing.T) { t.Fatalf("all out files: %v\ntested files: %v", allOutFiles, testedOutFiles) } } - -// nolint: lll -func TestSyzMountImageMutation(t *testing.T) { - // We cannot unfortunately just import InitTest from prog. - rs := rand.NewSource(time.Now().UnixNano()) - iters := 100 - target, err := prog.GetTarget("linux", "amd64") - if err != nil { - t.Fatal(err) - } - - var p *prog.Prog - var ct *prog.ChoiceTable - - const mutateCount = 1000 - const baseProg = `syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000100)='./file0\x00', 0x2220, 0x2, &(0x7f0000000200)=[{&(0x7f0000010040)="deadbeef00"/16, 0x10, 0x10}, {&(0x7f0000010000)="cafef00d00"/64, 0x40, 0x20}], 0x0, &(0x7f00000100a0)={[], [], 0x0}, 0x0)` - - for i := 0; i < iters; i++ { - if i%mutateCount == 0 { - var err error - p, err = target.Deserialize([]byte(baseProg), prog.NonStrict) - if err != nil { - t.Fatal(err) - } - ct = target.DefaultChoiceTable() - } - p.Mutate(rs, 1, ct, nil, nil) - // We only call the extraction code and do mutations to catch possible panics. - // It is absolutely normal for syzkaller to mutate the call to the level when the image can no longer be extracted. - p.Target.ExtractMountedImage(p.Calls[0]) - } -} -- cgit mrf-deployment