From dfd6d26bd3a8046c9be10383cc0d7c83adca05d5 Mon Sep 17 00:00:00 2001 From: Ethan Graham Date: Mon, 15 Sep 2025 13:11:44 +0000 Subject: syz-manager: enable KFuzzTest target discovery Add logic for dynamic KFuzzTest target discovery in syz-manager. By default, all KFuzzTest targets are enabled when the enable_kfuzztest config option is set to true. --- syz-manager/manager.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'syz-manager') diff --git a/syz-manager/manager.go b/syz-manager/manager.go index 3f94bd23a..4fa8b2658 100644 --- a/syz-manager/manager.go +++ b/syz-manager/manager.go @@ -15,6 +15,7 @@ import ( "net" "os" "os/exec" + "path" "path/filepath" "sort" "sync" @@ -31,6 +32,7 @@ import ( "github.com/google/syzkaller/pkg/gce" "github.com/google/syzkaller/pkg/ifaceprobe" "github.com/google/syzkaller/pkg/image" + "github.com/google/syzkaller/pkg/kfuzztest" "github.com/google/syzkaller/pkg/log" "github.com/google/syzkaller/pkg/manager" "github.com/google/syzkaller/pkg/mgrconfig" @@ -241,6 +243,14 @@ func main() { cfg.DashboardClient = "" cfg.HubClient = "" } + if cfg.Experimental.EnableKFuzzTest { + vmLinuxPath := path.Join(cfg.KernelObj, cfg.SysTarget.KernelObject) + log.Log(0, "enabling KFuzzTest targets") + _, err := kfuzztest.ActivateKFuzzTargets(cfg.Target, vmLinuxPath) + if err != nil { + log.Fatalf("failed to enable KFuzzTest targets: %v", err) + } + } RunManager(mode, cfg) } @@ -1113,6 +1123,22 @@ func (mgr *Manager) MachineChecked(features flatrpc.Feature, mgr.exit(mgr.mode.Name) } + // If KFuzzTest is enabled, we exclusively fuzz KFuzzTest targets - so + // delete any existing entries in enabled syscalls, and enable all + // discovered KFuzzTest targets explicitly. + if mgr.cfg.Experimental.EnableKFuzzTest { + for call := range enabledSyscalls { + delete(enabledSyscalls, call) + } + data, err := kfuzztest.ExtractData(path.Join(mgr.cfg.KernelObj, "vmlinux")) + if err != nil { + return nil, err + } + for _, call := range data.Calls { + enabledSyscalls[call] = true + } + } + mgr.mu.Lock() defer mgr.mu.Unlock() if mgr.phase != phaseInit { -- cgit mrf-deployment