Documentation
¶
Index ¶
Constants ¶
View Source
const ( FreeBSD = "freebsd" Darwin = "darwin" Fuchsia = "fuchsia" Linux = "linux" NetBSD = "netbsd" OpenBSD = "openbsd" TestOS = "test" Trusty = "trusty" Windows = "windows" // These are VM types, but we put them here to prevent string duplication. GVisor = "gvisor" Starnix = "starnix" AMD64 = "amd64" ARM64 = "arm64" ARM = "arm" I386 = "386" MIPS64LE = "mips64le" PPC64LE = "ppc64le" S390x = "s390x" RiscV64 = "riscv64" TestArch64 = "64" TestArch64Fuzz = "64_fuzz" TestArch64Fork = "64_fork" TestArch32 = "32" TestArch32Fork = "32_fork" )
Variables ¶
View Source
var List = map[string]map[string]*Target{ TestOS: { TestArch64: { PtrSize: 8, PageSize: 4 << 10, CFlags: []string{ "-fsanitize=address", "-no-pie", "-fno-exceptions", }, // contains filtered or unexported fields }, TestArch64Fuzz: { PtrSize: 8, PageSize: 8 << 10, CFlags: []string{"-no-pie"}, // contains filtered or unexported fields }, TestArch64Fork: { PtrSize: 8, PageSize: 8 << 10, CFlags: []string{ "-fsanitize=address", "-no-pie", "-fno-exceptions", }, // contains filtered or unexported fields }, TestArch32: { PtrSize: 4, PageSize: 8 << 10, Int64Alignment: 4, CFlags: []string{"-m32", "-static"}, // contains filtered or unexported fields }, TestArch32Fork: { PtrSize: 4, PageSize: 4 << 10, CFlags: []string{"-m32", "-static-pie"}, // contains filtered or unexported fields }, }, Linux: { AMD64: { PtrSize: 8, PageSize: 4 << 10, CFlags: []string{"-m64"}, Triple: "x86_64-linux-gnu", KernelArch: "x86_64", KernelHeaderArch: "x86", NeedSyscallDefine: func(nr uint64) bool { return nr >= 313 }, KernelAddresses: KernelAddresses{ TextStart: 0xffffffff80000000, TextEnd: 0xffffffffff000000, DataStart: 0xffff880000000000, DataEnd: 0xffff890000000000, }, }, I386: { VMArch: AMD64, PtrSize: 4, PageSize: 4 << 10, Int64Alignment: 4, CFlags: []string{"-m32"}, Triple: "x86_64-linux-gnu", KernelArch: "i386", KernelHeaderArch: "x86", }, ARM64: { PtrSize: 8, PageSize: 4 << 10, Triple: "aarch64-linux-gnu", KernelArch: "arm64", KernelHeaderArch: "arm64", }, ARM: { VMArch: ARM64, PtrSize: 4, PageSize: 4 << 10, CFlags: []string{"-D__LINUX_ARM_ARCH__=6", "-march=armv6"}, Triple: "arm-linux-gnueabi", KernelArch: "arm", KernelHeaderArch: "arm", }, MIPS64LE: { PtrSize: 8, PageSize: 4 << 10, CFlags: []string{"-march=mips64r2", "-mabi=64", "-EL"}, Triple: "mips64el-linux-gnuabi64", KernelArch: "mips", KernelHeaderArch: "mips", }, PPC64LE: { PtrSize: 8, PageSize: 64 << 10, CFlags: []string{"-D__powerpc64__"}, Triple: "powerpc64le-linux-gnu", KernelArch: "powerpc", KernelHeaderArch: "powerpc", }, S390x: { PtrSize: 8, PageSize: 4 << 10, DataOffset: 0xfffff000, CFlags: []string{"-fPIE"}, BigEndian: true, Triple: "s390x-linux-gnu", KernelArch: "s390", KernelHeaderArch: "s390", SyscallTrampolines: map[string]string{ "mmap": "mmap", }, }, RiscV64: { PtrSize: 8, PageSize: 4 << 10, Triple: "riscv64-linux-gnu", KernelArch: "riscv", KernelHeaderArch: "riscv", }, }, FreeBSD: { AMD64: { PtrSize: 8, PageSize: 4 << 10, CCompiler: "clang", CFlags: []string{"-m64", "--target=x86_64-unknown-freebsd14.0"}, NeedSyscallDefine: func(nr uint64) bool { return nr == 482 || nr >= 569 }, }, ARM64: { PtrSize: 8, PageSize: 4 << 10, CCompiler: "clang", CFlags: []string{"-m64", "--target=aarch64-unknown-freebsd14.0"}, NeedSyscallDefine: func(nr uint64) bool { return nr == 482 || nr >= 569 }, }, I386: { VMArch: AMD64, PtrSize: 4, PageSize: 4 << 10, DataOffset: 256 << 20, Int64Alignment: 4, CCompiler: "clang", CFlags: []string{"-m32", "--target=i386-unknown-freebsd14.0"}, NeedSyscallDefine: func(nr uint64) bool { return nr == 482 || nr >= 569 }, }, RiscV64: { PtrSize: 8, PageSize: 4 << 10, CCompiler: "clang", CFlags: []string{"-m64", "--target=riscv64-unknown-freebsd14.0"}, NeedSyscallDefine: func(nr uint64) bool { return nr == 482 || nr >= 569 }, }, }, Darwin: { AMD64: { PtrSize: 8, PageSize: 4 << 10, DataOffset: 512 << 24, CCompiler: "clang", CFlags: []string{ "-m64", "-I", sourceDirVar + "/san", "-Wno-deprecated-declarations", }, NeedSyscallDefine: dontNeedSyscallDefine, }, }, NetBSD: { AMD64: { PtrSize: 8, PageSize: 4 << 10, CFlags: []string{ "-m64", "-static-pie", "--sysroot", sourceDirVar + "/dest/", }, CCompiler: sourceDirVar + "/tools/bin/x86_64--netbsd-g++", }, }, OpenBSD: { AMD64: { PtrSize: 8, PageSize: 4 << 10, CCompiler: "c++", CFlags: []string{"-m64", "-static", "-lutil"}, NeedSyscallDefine: func(nr uint64) bool { switch nr { case 8: return true case 94: return true case 198: return true case 295: return true case 301: return true case 302: return true case 303: return true case 304: return true case 329: return true case 330: return true } return false }, }, }, Fuchsia: { AMD64: { PtrSize: 8, PageSize: 4 << 10, KernelHeaderArch: "x64", CCompiler: sourceDirVar + "/prebuilt/third_party/clang/linux-x64/bin/clang", Objdump: sourceDirVar + "/prebuilt/third_party/clang/linux-x64/bin/llvm-objdump", CFlags: fuchsiaCFlags("x64", "x86_64"), }, ARM64: { PtrSize: 8, PageSize: 4 << 10, KernelHeaderArch: ARM64, CCompiler: sourceDirVar + "/prebuilt/third_party/clang/linux-x64/bin/clang", Objdump: sourceDirVar + "/prebuilt/third_party/clang/linux-x64/bin/llvm-objdump", CFlags: fuchsiaCFlags(ARM64, "aarch64"), }, }, Windows: { AMD64: { PtrSize: 8, PageSize: 4 << 10, }, }, Trusty: { ARM: { PtrSize: 4, PageSize: 4 << 10, NeedSyscallDefine: dontNeedSyscallDefine, }, }, }
nolint: lll
Functions ¶
func MakePosixMmap ¶
MakePosixMmap creates a "normal" posix mmap call that maps the target data range. If exec is set, the mapping is mapped as PROT_EXEC. If contain is set, the mapping is surrounded by PROT_NONE pages. These flags should be in sync with what executor.
Types ¶
type KernelAddresses ¶
KernelAddresses contain approximate rounded up kernel text/data ranges that are used to filter signal and comparisons for bogus/unuseful entries. Zero values mean no filtering.
type Target ¶
type Target struct {
OS string
Arch string
VMArch string // e.g. amd64 for 386, or arm64 for arm
PtrSize uint64
PageSize uint64
NumPages uint64
DataOffset uint64
Int64Alignment uint64
BigEndian bool
CFlags []string
CxxFlags []string
Triple string
CCompiler string
CxxCompiler string
Objdump string // name of objdump executable
KernelCompiler string // override CC when running kernel make
KernelLinker string // override LD when running kernel make
KernelArch string
KernelHeaderArch string
BrokenCompiler string
// NeedSyscallDefine is used by csource package to decide when to emit __NR_* defines.
NeedSyscallDefine func(nr uint64) bool
HostEndian binary.ByteOrder
SyscallTrampolines map[string]string
Addr2Line func() (string, error)
KernelAddresses KernelAddresses
// contains filtered or unexported fields
}
func (*Target) HasCallNumber ¶
type Timeouts ¶
type Timeouts struct {
// Base scaling factor, used only for a single syscall timeout.
Slowdown int
// Capped scaling factor used for timeouts other than syscall timeout.
// It's already applied to all values in this struct, but can be used for one-off timeout values
// in the system. This should also be applied to syscall/program timeout attributes in syscall descriptions.
// Derived from Slowdown and should not be greater than Slowdown.
// The idea behind capping is that slowdown can be large (10-20) and most timeouts already
// include some safety margin. If we just multiply them we will get too large timeouts,
// e.g. program timeout can become 5s*20 = 100s, or "no output" timeout: 5m*20 = 100m.
Scale time.Duration
// Timeout for a single syscall, after this time the syscall is considered "blocked".
Syscall time.Duration
// Timeout for a single program execution.
Program time.Duration
// Timeout for "no output" detection.
NoOutput time.Duration
// Limit on a single VM running time, after this time a VM is restarted.
VMRunningTime time.Duration
// How long we should test to get "no output" error (derivative of NoOutput, here to avoid duplication).
NoOutputRunningTime time.Duration
}
Timeouts structure parametrizes timeouts throughout the system. It allows to support different operating system, architectures and execution environments (emulation, models, etc) without scattering and duplicating knowledge about their execution performance everywhere. Timeouts calculation consists of 2 parts: base values and scaling. Base timeout values consist of a single syscall timeout, program timeout and "no output" timeout and are specified by the target (OS/arch), or defaults are used. Scaling part is calculated from the execution environment in pkg/mgrconfig based on VM type, kernel build type, emulation, etc. Scaling is specifically converged to a single number so that it can be specified/overridden for command line tools (e.g. syz-execprog -slowdown=10).
type UnixNeutralizer ¶
type UnixNeutralizer struct {
MAP_FIXED uint64
S_IFREG uint64
S_IFCHR uint64
S_IFBLK uint64
S_IFIFO uint64
S_IFSOCK uint64
}
func MakeUnixNeutralizer ¶
func MakeUnixNeutralizer(target *prog.Target) *UnixNeutralizer
func (*UnixNeutralizer) Neutralize ¶
func (arch *UnixNeutralizer) Neutralize(c *prog.Call, fixStructure bool) error
Source Files
Click to show internal directories.
Click to hide internal directories.