1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
// Copyright 2023 syzkaller project authors. All rights reserved.
// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
package cover
import (
"fmt"
"sort"
"github.com/google/syzkaller/pkg/log"
"github.com/google/syzkaller/pkg/vminfo"
)
type Canonicalizer struct {
// Map of modules stored as module name:kernel module.
modules map[string]*vminfo.KernelModule
// Contains a sorted list of the canonical module addresses.
moduleKeys []uint64
}
type CanonicalizerInstance struct {
canonical Canonicalizer
// Contains the canonicalize and decanonicalize conversion maps.
canonicalize *Convert
decanonicalize *Convert
}
// Contains the current conversion maps used.
type Convert struct {
conversionHash map[uint64]*canonicalizerModule
moduleKeys []uint64
}
type convertContext struct {
errCount int
errPC uint64
convert *Convert
}
// Contains the offset and final address of each module.
type canonicalizerModule struct {
offset int64
name string
endAddr uint64
// Discard coverage from current module.
// Set to true if module is not present in canonical.
discard bool
}
func NewCanonicalizer(modules []*vminfo.KernelModule, flagSignal bool) *Canonicalizer {
// Return if not using canonicalization.
if len(modules) == 0 || !flagSignal {
return &Canonicalizer{}
}
// Create a map of canonical module offsets by name.
canonicalModules := make(map[string]*vminfo.KernelModule)
for _, module := range modules {
canonicalModules[module.Name] = module
}
// Store sorted canonical address keys.
canonicalModuleKeys := make([]uint64, len(modules))
setModuleKeys(canonicalModuleKeys, modules)
return &Canonicalizer{
modules: canonicalModules,
moduleKeys: canonicalModuleKeys,
}
}
func (can *Canonicalizer) NewInstance(modules []*vminfo.KernelModule) *CanonicalizerInstance {
if can.moduleKeys == nil {
return &CanonicalizerInstance{}
}
// Save sorted list of module offsets.
moduleKeys := make([]uint64, len(modules))
setModuleKeys(moduleKeys, modules)
// Create a hash between the "canonical" module addresses and each VM instance.
instToCanonicalMap := make(map[uint64]*canonicalizerModule)
canonicalToInstMap := make(map[uint64]*canonicalizerModule)
for _, module := range modules {
discard := false
canonicalAddr := uint64(0)
canonicalModule, found := can.modules[module.Name]
if !found || canonicalModule.Size != module.Size {
log.Errorf("kernel build has changed; instance module %v differs from canonical", module.Name)
discard = true
}
if found {
canonicalAddr = canonicalModule.Addr
}
instAddr := module.Addr
canonicalToInstMap[canonicalAddr] = &canonicalizerModule{
offset: int64(instAddr - canonicalAddr),
name: module.Name,
endAddr: module.Size + canonicalAddr,
discard: discard,
}
instToCanonicalMap[instAddr] = &canonicalizerModule{
offset: int64(canonicalAddr - instAddr),
name: module.Name,
endAddr: module.Size + instAddr,
discard: discard,
}
}
return &CanonicalizerInstance{
canonical: *can,
canonicalize: &Convert{
conversionHash: instToCanonicalMap,
moduleKeys: moduleKeys,
},
decanonicalize: &Convert{
conversionHash: canonicalToInstMap,
moduleKeys: can.moduleKeys,
},
}
}
func (ci *CanonicalizerInstance) Canonicalize(elems []uint64) []uint64 {
return ci.canonicalize.convertPCs(elems)
}
func (ci *CanonicalizerInstance) Decanonicalize(elems []uint64) []uint64 {
return ci.decanonicalize.convertPCs(elems)
}
// Store sorted list of addresses. Used to binary search when converting PCs.
func setModuleKeys(moduleKeys []uint64, modules []*vminfo.KernelModule) {
for idx, module := range modules {
moduleKeys[idx] = module.Addr
}
// Sort modules by address.
sort.Slice(moduleKeys, func(i, j int) bool { return moduleKeys[i] < moduleKeys[j] })
}
func findModule(pc uint64, moduleKeys []uint64) (moduleIdx int) {
moduleIdx, _ = sort.Find(len(moduleKeys), func(moduleIdx int) int {
if pc < moduleKeys[moduleIdx] {
return -1
}
return +1
})
// Sort.Find returns the index above the correct module.
return moduleIdx - 1
}
func (convert *Convert) convertPCs(pcs []uint64) []uint64 {
if convert == nil {
return pcs
}
var ret []uint64
convCtx := &convertContext{convert: convert}
for _, pc := range pcs {
if newPC, ok := convert.convertPC(pc); ok {
ret = append(ret, newPC)
} else {
convCtx.discard(pc)
}
}
if msg := convCtx.discarded(); msg != "" {
log.Logf(4, "error in PC/signal conversion: %v", msg)
}
return ret
}
func (convert *Convert) convertPC(pc uint64) (uint64, bool) {
moduleIdx := findModule(pc, convert.moduleKeys)
// Check if address is above the first module offset.
if moduleIdx >= 0 {
module, found := convert.conversionHash[convert.moduleKeys[moduleIdx]]
if !found {
return pc, false
}
// If the address is within the found module add the offset.
if pc < module.endAddr {
if module.discard {
return pc, false
}
if module.name != "" {
pc = uint64(int64(pc) + module.offset)
}
}
}
return pc, true
}
func (cc *convertContext) discarded() string {
if cc.errCount == 0 {
return ""
}
errMsg := fmt.Sprintf("discarded 0x%x (and %v other PCs) during conversion", cc.errPC, cc.errCount)
return fmt.Sprintf("%v; not found in module map", errMsg)
}
func (cc *convertContext) discard(pc uint64) {
cc.errCount += 1
if cc.errPC == 0 {
cc.errPC = pc
}
}
|
