forked from google/syzkaller
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsyz-ci.go
361 lines (338 loc) · 12.1 KB
/
syz-ci.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
// Copyright 2017 syzkaller project authors. All rights reserved.
// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
// syz-ci is a continuous fuzzing system for syzkaller.
// It runs several syz-manager's, polls and rebuilds images for managers
// and polls and rebuilds syzkaller binaries.
// For usage instructions see: docs/ci.md.
package main
// Implementation details:
//
// 2 main components:
// - SyzUpdater: handles syzkaller updates
// - Manager: handles kernel build and syz-manager process (one per manager)
// Both operate in a similar way and keep 2 builds:
// - latest: latest known good build (i.e. we tested it)
// preserved across restarts/reboots, i.e. we can start fuzzing even when
// current syzkaller/kernel git head is broken, or git is down, or anything else
// - current: currently used build (a copy of one of the latest builds)
// Other important points:
// - syz-ci is always built on the same revision as the rest of syzkaller binaries,
// this allows us to handle e.g. changes in manager config format.
// - consequently, syzkaller binaries are never updated on-the-fly,
// instead we re-exec and then update
// - we understand when the latest build is fresh even after reboot,
// i.e. we store enough information to identify it (git hash, compiler identity, etc),
// so we don't rebuild unnecessary (kernel builds take time)
// - we generally avoid crashing the process and handle all errors gracefully
// (this is a continuous system), except for some severe/user errors during start
// (e.g. bad config file, or can't create necessary dirs)
//
// Directory/file structure:
// syz-ci : current executable
// syzkaller/
// latest/ : latest good syzkaller build
// current/ : syzkaller build currently in use
// managers/
// manager1/ : one dir per manager
// kernel/ : kernel checkout
// workdir/ : manager workdir (never deleted)
// latest/ : latest good kernel image build
// current/ : kernel image currently in use
// jobs/
// linux/ : one dir per target OS
// kernel/ : kernel checkout
// image/ : currently used image
// workdir/ : some temp files
//
// Current executable, syzkaller and kernel builds are marked with tag files.
// Tag files uniquely identify the build (git hash, compiler identity, kernel config, etc).
// For tag files both contents and modification time are important,
// modification time allows us to understand if we need to rebuild after a restart.
import (
"encoding/json"
"flag"
"fmt"
"net"
"net/http"
_ "net/http/pprof"
"os"
"path/filepath"
"regexp"
"sync"
"github.com/google/syzkaller/pkg/config"
"github.com/google/syzkaller/pkg/log"
"github.com/google/syzkaller/pkg/mgrconfig"
"github.com/google/syzkaller/pkg/osutil"
)
var (
flagConfig = flag.String("config", "", "config file")
flagAutoUpdate = flag.Bool("autoupdate", true, "auto-update the binary (for testing)")
flagManagers = flag.Bool("managers", true, "start managers (for testing)")
flagDebug = flag.Bool("debug", false, "debug mode (for testing)")
)
type Config struct {
Name string `json:"name"`
HTTP string `json:"http"`
// If manager http address is not specified, give it an address starting from this port. Optional.
ManagerPort int `json:"manager_port_start"`
DashboardAddr string `json:"dashboard_addr"` // Optional.
DashboardClient string `json:"dashboard_client"` // Optional.
DashboardKey string `json:"dashboard_key"` // Optional.
HubAddr string `json:"hub_addr"` // Optional.
HubKey string `json:"hub_key"` // Optional.
Goroot string `json:"goroot"` // Go 1.8+ toolchain dir.
SyzkallerRepo string `json:"syzkaller_repo"`
SyzkallerBranch string `json:"syzkaller_branch"` // Defaults to "master".
// Dir with additional syscall descriptions (.txt and .const files).
SyzkallerDescriptions string `json:"syzkaller_descriptions"`
// Protocol-specific path to upload coverage reports from managers (optional).
// Supported protocols: GCS (gs://) and HTTP PUT (http:// or https://).
CoverUploadPath string `json:"cover_upload_path"`
BisectBinDir string `json:"bisect_bin_dir"`
Ccache string `json:"ccache"`
Managers []*ManagerConfig `json:"managers"`
// Poll period for jobs in seconds (optional, defaults to 10 seconds)
JobPollPeriod int `json:"job_poll_period"`
// Poll period for commits in seconds (optional, defaults to 3600 seconds)
CommitPollPeriod int `json:"commit_poll_period"`
}
type ManagerConfig struct {
// If Name is specified, syz-manager name is set to Config.Name-ManagerConfig.Name.
// This is old naming scheme, it does not allow to move managers between ci instances.
// For new naming scheme set ManagerConfig.ManagerConfig.Name instead and leave this field empty.
// This allows to move managers as their name does not depend on cfg.Name.
// Generally, if you have:
// {
// "name": "ci",
// "managers": [
// {
// "name": "foo",
// ...
// }
// ]
// }
// you want to change it to:
// {
// "name": "ci",
// "managers": [
// {
// ...
// "manager_config": {
// "name": "ci-foo"
// }
// }
// ]
// }
// and rename managers/foo to managers/ci-foo. Then this instance can be moved
// to another ci along with managers/ci-foo dir.
Name string `json:"name"`
Disabled string `json:"disabled"` // If not empty, don't build/start this manager.
DashboardClient string `json:"dashboard_client"`
DashboardKey string `json:"dashboard_key"`
Repo string `json:"repo"`
// Short name of the repo (e.g. "linux-next"), used only for reporting.
RepoAlias string `json:"repo_alias"`
Branch string `json:"branch"` // Defaults to "master".
Compiler string `json:"compiler"`
Ccache string `json:"ccache"`
Userspace string `json:"userspace"`
KernelConfig string `json:"kernel_config"`
// Baseline config for bisection, see pkg/bisect.KernelConfig.BaselineConfig.
KernelBaselineConfig string `json:"kernel_baseline_config"`
// File with kernel cmdline values (optional).
KernelCmdline string `json:"kernel_cmdline"`
// File with sysctl values (e.g. output of sysctl -a, optional).
KernelSysctl string `json:"kernel_sysctl"`
Jobs ManagerJobs `json:"jobs"`
ManagerConfig json.RawMessage `json:"manager_config"`
managercfg *mgrconfig.Config
}
type ManagerJobs struct {
TestPatches bool `json:"test_patches"` // enable patch testing jobs
PollCommits bool `json:"poll_commits"` // poll info about fix commits
BisectCause bool `json:"bisect_cause"` // do cause bisection
BisectFix bool `json:"bisect_fix"` // do fix bisection
}
func main() {
flag.Parse()
log.EnableLogCaching(1000, 1<<20)
cfg, err := loadConfig(*flagConfig)
if err != nil {
log.Fatalf("failed to load config: %v", err)
}
shutdownPending := make(chan struct{})
osutil.HandleInterrupts(shutdownPending)
serveHTTP(cfg)
os.Unsetenv("GOPATH")
if cfg.Goroot != "" {
os.Setenv("GOROOT", cfg.Goroot)
os.Setenv("PATH", filepath.Join(cfg.Goroot, "bin")+
string(filepath.ListSeparator)+os.Getenv("PATH"))
}
updatePending := make(chan struct{})
updater := NewSyzUpdater(cfg)
updater.UpdateOnStart(*flagAutoUpdate, shutdownPending)
if *flagAutoUpdate {
go func() {
updater.WaitForUpdate()
close(updatePending)
}()
}
var wg sync.WaitGroup
wg.Add(1)
stop := make(chan struct{})
go func() {
select {
case <-shutdownPending:
case <-updatePending:
}
kernelBuildSem <- struct{}{} // wait for all current builds
close(stop)
wg.Done()
}()
var managers []*Manager
for _, mgrcfg := range cfg.Managers {
mgr, err := createManager(cfg, mgrcfg, stop, *flagDebug)
if err != nil {
log.Logf(0, "failed to create manager %v: %v", mgrcfg.Name, err)
continue
}
managers = append(managers, mgr)
}
if len(managers) == 0 {
log.Fatalf("failed to create all managers")
}
if *flagManagers {
for _, mgr := range managers {
mgr := mgr
wg.Add(1)
go func() {
defer wg.Done()
mgr.loop()
}()
}
}
jp, err := newJobProcessor(cfg, managers, stop, shutdownPending)
if err != nil {
log.Fatalf("failed to create dashapi connection %v", err)
}
wg.Add(1)
go func() {
defer wg.Done()
jp.loop()
}()
// For testing. Racy. Use with care.
http.HandleFunc("/upload_cover", func(w http.ResponseWriter, r *http.Request) {
for _, mgr := range managers {
if err := mgr.uploadCoverReport(); err != nil {
w.Write([]byte(fmt.Sprintf("failed for %v: %v <br>\n", mgr.name, err)))
return
}
w.Write([]byte(fmt.Sprintf("upload cover for %v <br>\n", mgr.name)))
}
})
wg.Wait()
select {
case <-shutdownPending:
case <-updatePending:
updater.UpdateAndRestart()
}
}
func serveHTTP(cfg *Config) {
ln, err := net.Listen("tcp4", cfg.HTTP)
if err != nil {
log.Fatalf("failed to listen on %v: %v", cfg.HTTP, err)
}
log.Logf(0, "serving http on http://%v", ln.Addr())
go func() {
err := http.Serve(ln, nil)
log.Fatalf("failed to serve http: %v", err)
}()
}
func loadConfig(filename string) (*Config, error) {
cfg := &Config{
SyzkallerRepo: "https://github.com/google/syzkaller.git",
SyzkallerBranch: "master",
ManagerPort: 10000,
Goroot: os.Getenv("GOROOT"),
JobPollPeriod: 10,
CommitPollPeriod: 3600,
}
if err := config.LoadFile(filename, cfg); err != nil {
return nil, err
}
if cfg.Name == "" {
return nil, fmt.Errorf("param 'name' is empty")
}
if cfg.HTTP == "" {
return nil, fmt.Errorf("param 'http' is empty")
}
cfg.Goroot = osutil.Abs(cfg.Goroot)
cfg.SyzkallerDescriptions = osutil.Abs(cfg.SyzkallerDescriptions)
cfg.BisectBinDir = osutil.Abs(cfg.BisectBinDir)
cfg.Ccache = osutil.Abs(cfg.Ccache)
var managers []*ManagerConfig
for _, mgr := range cfg.Managers {
if mgr.Disabled == "" {
managers = append(managers, mgr)
}
if err := loadManagerConfig(cfg, mgr); err != nil {
return nil, err
}
}
cfg.Managers = managers
if len(cfg.Managers) == 0 {
return nil, fmt.Errorf("no managers specified")
}
return cfg, nil
}
func loadManagerConfig(cfg *Config, mgr *ManagerConfig) error {
managercfg, err := mgrconfig.LoadPartialData(mgr.ManagerConfig)
if err != nil {
return fmt.Errorf("manager config: %v", err)
}
if managercfg.Name != "" && mgr.Name != "" {
return fmt.Errorf("both managercfg.Name=%q and mgr.Name=%q are specified", managercfg.Name, mgr.Name)
}
if managercfg.Name == "" && mgr.Name == "" {
return fmt.Errorf("no managercfg.Name nor mgr.Name are specified")
}
if managercfg.Name != "" {
mgr.Name = managercfg.Name
} else {
managercfg.Name = cfg.Name + "-" + mgr.Name
}
// Manager name must not contain dots because it is used as GCE image name prefix.
managerNameRe := regexp.MustCompile("^[a-zA-Z0-9-_]{3,64}$")
if !managerNameRe.MatchString(mgr.Name) {
return fmt.Errorf("param 'managers.name' has bad value: %q", mgr.Name)
}
if mgr.Branch == "" {
mgr.Branch = "master"
}
if (mgr.Jobs.TestPatches || mgr.Jobs.PollCommits ||
mgr.Jobs.BisectCause || mgr.Jobs.BisectFix) &&
(cfg.DashboardAddr == "" || cfg.DashboardClient == "") {
return fmt.Errorf("manager %v: has jobs but no dashboard info", mgr.Name)
}
if mgr.Jobs.PollCommits && (cfg.DashboardAddr == "" || mgr.DashboardClient == "") {
return fmt.Errorf("manager %v: commit_poll is set but no dashboard info", mgr.Name)
}
if (mgr.Jobs.BisectCause || mgr.Jobs.BisectFix) && cfg.BisectBinDir == "" {
return fmt.Errorf("manager %v: enabled bisection but no bisect_bin_dir", mgr.Name)
}
mgr.managercfg = managercfg
managercfg.Syzkaller = filepath.FromSlash("syzkaller/current")
if managercfg.HTTP == "" {
managercfg.HTTP = fmt.Sprintf(":%v", cfg.ManagerPort)
cfg.ManagerPort++
}
// Note: we don't change Compiler/Ccache because it may be just "gcc" referring
// to the system binary, or pkg/build/netbsd.go uses "g++" and "clang++" as special marks.
mgr.Userspace = osutil.Abs(mgr.Userspace)
mgr.KernelConfig = osutil.Abs(mgr.KernelConfig)
mgr.KernelBaselineConfig = osutil.Abs(mgr.KernelBaselineConfig)
mgr.KernelCmdline = osutil.Abs(mgr.KernelCmdline)
mgr.KernelSysctl = osutil.Abs(mgr.KernelSysctl)
return nil
}