Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support CONFIG_RANDOMIZE_BASE=y #4828

Merged
merged 7 commits into from
Jul 3, 2024
Merged

support CONFIG_RANDOMIZE_BASE=y #4828

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d9b0e51
all: get pcBase from elf first which can be used for kaslr offset calc
jiangenj Jul 1, 2024
d916f06
pkg/vminfo: parse linux core kernel to get Addr and .text Size
jiangenj May 14, 2024
d31c29c
pkg/cover: support read elf section range
jiangenj May 14, 2024
733f8a9
all: fix larger module size in /proc/modules
jiangenj May 14, 2024
319da9f
pkg/vminfo: add /proc/kallsyms to required files
jiangenj May 17, 2024
377a191
pkg/cover: remove unused hostModules
jiangenj Jul 1, 2024
90fdc9c
all: calc kaslr offset and remove kaslr_offset from module addr
jiangenj Jul 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions pkg/cover/backend/modules.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,3 +148,44 @@ func searchModuleName(data []byte) string {
}
return string(data[pos+len(key) : end])
}

func getKaslrOffset(modules []*KernelModule, pcBase uint64) uint64 {
for _, mod := range modules {
if mod.Name == "" {
return mod.Addr - pcBase
}
}
return 0
}

// when CONFIG_RANDOMIZE_BASE=y, pc from kcov already removed kaslr_offset.
func FixModules(localModules, modules []*KernelModule, pcBase uint64) []*KernelModule {
kaslrOffset := getKaslrOffset(modules, pcBase)
var modules1 []*KernelModule
for _, mod := range modules {
size := uint64(0)
path := ""
for _, modA := range localModules {
if modA.Name == mod.Name {
size = modA.Size
path = modA.Path
break
}
}
if path == "" {
continue
}
addr := mod.Addr - kaslrOffset
if mod.Name == "" {
// mod.Addr for core kernel from target is _stext addr
addr = 0
}
modules1 = append(modules1, &KernelModule{
Name: mod.Name,
Size: size,
Addr: addr,
Path: path,
})
}
return modules1
}
6 changes: 5 additions & 1 deletion pkg/cover/report_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,10 @@ func generateReport(t *testing.T, target *targets.Target, test *Test) (*reports,
},
},
}
modules, err := backend.DiscoverModules(cfg.SysTarget, cfg.KernelObj, cfg.ModuleObj)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change broke syzkaller for gVisor:
2024/07/03 22:52:34 serving http on http://:8888
2024/07/03 22:52:34 [FATAL] failed to create rpc server: open vmlinux: no such file or directory

if err != nil {
return nil, err
}

// Deep copy, as we are going to modify progs. Our test generate multiple reports from the same
// test object in parallel. Without copying we have a datarace here.
Expand All @@ -326,7 +330,7 @@ func generateReport(t *testing.T, target *targets.Target, test *Test) (*reports,
progs = append(progs, Prog{Sig: p.Sig, Data: p.Data, PCs: append([]uint64{}, p.PCs...)})
}

rg, err := MakeReportGenerator(cfg, subsystem, nil, false)
rg, err := MakeReportGenerator(cfg, subsystem, modules, false)
if err != nil {
return nil, err
}
Expand Down
12 changes: 10 additions & 2 deletions pkg/rpcserver/rpcserver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"time"

"github.com/google/syzkaller/pkg/cover"
"github.com/google/syzkaller/pkg/cover/backend"
"github.com/google/syzkaller/pkg/flatrpc"
"github.com/google/syzkaller/pkg/fuzzer/queue"
"github.com/google/syzkaller/pkg/log"
Expand All @@ -41,7 +42,8 @@ type Config struct {
PrintMachineCheck bool
Procs int
Slowdown int
PCBase uint64
pcBase uint64
localModules []*cover.KernelModule
}

type Manager interface {
Expand Down Expand Up @@ -86,6 +88,10 @@ func New(cfg *mgrconfig.Config, mgr Manager, debug bool) (*Server, error) {
if err != nil {
return nil, err
}
modules, err := backend.DiscoverModules(cfg.SysTarget, cfg.KernelObj, cfg.ModuleObj)
if err != nil {
return nil, err
}
sandbox, err := flatrpc.SandboxToFlags(cfg.Sandbox)
if err != nil {
return nil, err
Expand Down Expand Up @@ -114,7 +120,8 @@ func New(cfg *mgrconfig.Config, mgr Manager, debug bool) (*Server, error) {
PrintMachineCheck: true,
Procs: cfg.Procs,
Slowdown: cfg.Timeouts.Slowdown,
PCBase: pcBase,
pcBase: pcBase,
localModules: modules,
}, mgr)
}

Expand Down Expand Up @@ -302,6 +309,7 @@ func (serv *Server) handshake(conn *flatrpc.Conn) (string, []byte, *cover.Canoni
infoReq.Error = err.Error()
}
}
modules = backend.FixModules(serv.cfg.localModules, modules, serv.cfg.pcBase)
if infoReq.Error != "" {
log.Logf(0, "machine check failed: %v", infoReq.Error)
serv.checkFailures++
Expand Down
Loading