Hello community,
here is the log from the commit of package trinity for openSUSE:Factory checked
in at 2016-10-10 16:21:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/trinity (Old)
and /work/SRC/openSUSE:Factory/.trinity.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trinity"
Changes:
--------
--- /work/SRC/openSUSE:Factory/trinity/trinity.changes 2016-09-25
14:45:16.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.trinity.new/trinity.changes 2016-10-10
16:21:31.000000000 +0200
@@ -1,0 +2,15 @@
+Thu Oct 06 12:18:43 UTC 2016 - nmou...@suse.com
+
+- Update to version 1.6+git.20161005:
+ * add missing locking around state modification
+ * skip the sleep if the grandchild has already exited.
+ * reduce the amount of time we wait for the grandchild a little
+ * make enable_random_syscalls static
+ * annotate fadvise flags
+ * fix up some segfaults when --disable-fds=sockets is passed.
+ * move the reading of MemFree out to its own function for other uses.
+ * create a bpf fd of each type.
+ * add the newer bpf map types
+ * correct the params for BPF_MAP_TYPE_STACK_TRACE creation
+
+-------------------------------------------------------------------
Old:
----
trinity-1.6+git.20160913.tar.xz
New:
----
trinity-1.6+git.20161005.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ trinity.spec ++++++
--- /var/tmp/diff_new_pack.Xl0yrP/_old 2016-10-10 16:21:32.000000000 +0200
+++ /var/tmp/diff_new_pack.Xl0yrP/_new 2016-10-10 16:21:32.000000000 +0200
@@ -16,9 +16,9 @@
#
-%define version_unconverted 1.6+git.20160913
+%define version_unconverted 1.6+git.20161005
Name: trinity
-Version: 1.6+git.20160913
+Version: 1.6+git.20161005
Release: 0
Summary: A Linux System call fuzz tester
License: GPL-2.0
++++++ trinity-1.6+git.20160913.tar.xz -> trinity-1.6+git.20161005.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.6+git.20160913/fds/bpf.c
new/trinity-1.6+git.20161005/fds/bpf.c
--- old/trinity-1.6+git.20160913/fds/bpf.c 2016-09-13 17:18:12.000000000
+0200
+++ new/trinity-1.6+git.20161005/fds/bpf.c 2016-10-05 20:09:56.000000000
+0200
@@ -9,6 +9,10 @@
#include <string.h>
#include <unistd.h>
#include <linux/bpf.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <linux/unistd.h>
+#include <linux/perf_event.h>
#include "fd.h"
#include "log.h"
@@ -19,23 +23,20 @@
#include "compat.h"
#include "trinity.h"
-static int bpf(__unused__ int cmd, __unused__ union bpf_attr *attr, __unused__
unsigned int size)
+static int bpf(int cmd, union bpf_attr *attr, unsigned int size)
{
-#ifdef SYS_bpf
- return syscall(SYS_bpf, cmd, attr, size);
-#else
- return -ENOSYS;
-#endif
+ return syscall(__NR_bpf, cmd, attr, size);
}
static int bpf_create_map(enum bpf_map_type map_type, unsigned int key_size,
- unsigned int value_size, unsigned int max_entries)
+ unsigned int value_size, unsigned int max_entries, int
map_flags)
{
union bpf_attr attr = {
.map_type = map_type,
.key_size = key_size,
.value_size = value_size,
- .max_entries = max_entries
+ .max_entries = max_entries,
+ .map_flags = map_flags,
};
return bpf(BPF_MAP_CREATE, &attr, sizeof(attr));
@@ -53,21 +54,76 @@
int fd, key;
long long value = 0;
struct object *obj;
+ struct rlimit r = {1 << 20, 1 << 20};
+
+ setrlimit(RLIMIT_MEMLOCK, &r);
head = get_objhead(OBJ_GLOBAL, OBJ_FD_BPF_MAP);
head->destroy = &bpf_destructor;
- fd = bpf_create_map(BPF_MAP_TYPE_ARRAY,sizeof(key), sizeof(value), 256);
+ fd = bpf_create_map(BPF_MAP_TYPE_HASH, sizeof(long long), sizeof(long
long), 1024, 0);
if (fd < 0)
- goto out;
+ goto fail_hash;
+ obj = alloc_object();
+ obj->bpf_map_fd = fd;
+ add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP);
+ output(2, "fd[%d] = bpf hash\n", fd);
+fail_hash:
+ fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(key), sizeof(value),
256, 0);
+ if (fd < 0)
+ goto fail_array;
+ obj = alloc_object();
+ obj->bpf_map_fd = fd;
+ add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP);
+ output(2, "fd[%d] = bpf array\n", fd);
+fail_array:
+
+ fd = bpf_create_map(BPF_MAP_TYPE_PROG_ARRAY, sizeof(int), sizeof(int),
4, 0);
+ if (fd < 0)
+ goto fail_progarray;
+ obj = alloc_object();
+ obj->bpf_map_fd = fd;
+ add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP);
+ output(2, "fd[%d] = bpf progarray\n", fd);
+fail_progarray:
+
+ fd = bpf_create_map(BPF_MAP_TYPE_PERF_EVENT_ARRAY, sizeof(int),
sizeof(u32), 32, 0);
+ if (fd < 0)
+ goto fail_perf_event_array;
obj = alloc_object();
obj->bpf_map_fd = fd;
add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP);
- output(2, "fd[%d] = bpf\n", fd);
+ output(2, "fd[%d] = bpf perf event array\n", fd);
+fail_perf_event_array:
+ fd = bpf_create_map(BPF_MAP_TYPE_PERCPU_HASH, sizeof(u32), sizeof(u64)
* PERF_MAX_STACK_DEPTH, 10000, 0);
+ if (fd < 0)
+ goto fail_percpu_hash;
+ obj = alloc_object();
+ obj->bpf_map_fd = fd;
+ add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP);
+ output(2, "fd[%d] = bpf percpu hash\n", fd);
+fail_percpu_hash:
+
+ fd = bpf_create_map(BPF_MAP_TYPE_PERCPU_ARRAY, sizeof(u32),
sizeof(u64), 100, 0);
+ if (fd < 0)
+ goto fail_percpu_array;
+ obj = alloc_object();
+ obj->bpf_map_fd = fd;
+ add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP);
+ output(2, "fd[%d] = bpf percpu array\n", fd);
+fail_percpu_array:
+
+ fd = bpf_create_map(BPF_MAP_TYPE_STACK_TRACE, sizeof(u32), sizeof(u64),
100, 0);
+ if (fd < 0)
+ goto fail_stacktrace;
+ obj = alloc_object();
+ obj->bpf_map_fd = fd;
+ add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP);
+ output(2, "fd[%d] = bpf stack trace\n", fd);
+fail_stacktrace:
-out:
//FIXME: right now, returning FALSE means "abort everything", not
// "skip this provider", so on -ENOSYS, we have to still register.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.6+git.20160913/mm/maps-initial.c
new/trinity-1.6+git.20161005/mm/maps-initial.c
--- old/trinity-1.6+git.20160913/mm/maps-initial.c 2016-09-13
17:18:12.000000000 +0200
+++ new/trinity-1.6+git.20161005/mm/maps-initial.c 2016-10-05
20:09:56.000000000 +0200
@@ -58,53 +58,68 @@
GB(1),
};
-static void setup_mapping_sizes(void)
+static unsigned long long get_free_mem(void)
{
FILE *fp;
char *buffer;
size_t n = 0;
-
- mapping_sizes[0] = page_size;
-
- /* Using 1GB mappings ends up oom'ing a lot, so we don't
- * want to do it every single run. It's worth doing it
- * occasionally though, to stress the oom paths.
- */
- if (!(ONE_IN(100))) {
- mapping_sizes[3] = page_size;
- return;
- }
+ unsigned long long memfree = 0;
fp = fopen("/proc/meminfo", "r");
if (!fp)
- return;
+ return 0;
buffer = malloc(4096);
if (!buffer)
goto out_close;
while (getline(&buffer, &n, fp) >= 0) {
- unsigned long long free;
-
- if (sscanf(buffer, "MemFree: %llu", &free) == 1) {
- if ((free * 1024) < GB(8ULL)) {
- printf("Free memory: %.2fGB\n", (double) free /
1024 / 1024);
- printf("Low on memory, disabling mmaping of 1GB
pages\n");
- mapping_sizes[3] = page_size;
- goto out_free;
- }
+ if (sscanf(buffer, "MemFree: %llu", &memfree) == 1) {
+ goto done;
}
}
+done:
+ free(buffer);
+out_close:
+ fclose(fp);
+
+ return memfree;
+}
+
+static void setup_mapping_sizes(void)
+{
+ unsigned long long memfree;
+
+ mapping_sizes[0] = page_size;
+
+ /* Using 1GB mappings ends up oom'ing a lot, so we don't
+ * want to do it every single run. It's worth doing it
+ * occasionally though, to stress the oom paths.
+ */
+ if (!(ONE_IN(100)))
+ goto disable_1gb_mappings;
+
+ memfree = get_free_mem();
+ if (memfree == 0) {
+ // Something is really fucked. Let's not try big mappings just
in case.
+ goto disable_1gb_mappings;
+ }
+
+ if ((memfree * 1024) < GB(8ULL)) {
+ printf("Free memory: %.2fGB\n", (double) memfree / 1024 / 1024);
+ printf("Low on memory, disabling mmaping of 1GB pages\n");
+ goto disable_1gb_mappings;
+ }
+
// Because of increased mem usage, don't do nr_cpus * 4
printf("Limiting children from %u to %u\n",
max_children, max_children / 4);
max_children /= 4;
+ return;
-out_free:
- free(buffer);
-out_close:
- fclose(fp);
+disable_1gb_mappings:
+ mapping_sizes[3] = page_size;
}
void setup_initial_mappings(void)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.6+git.20160913/syscalls/fadvise64.c
new/trinity-1.6+git.20161005/syscalls/fadvise64.c
--- old/trinity-1.6+git.20160913/syscalls/fadvise64.c 2016-09-13
17:18:12.000000000 +0200
+++ new/trinity-1.6+git.20161005/syscalls/fadvise64.c 2016-10-05
20:09:56.000000000 +0200
@@ -4,8 +4,18 @@
* On success, zero is returned.
* On error, an error number is returned.
*/
+#include <fcntl.h>
#include "sanitise.h"
+static unsigned long fadvise_flags[] = {
+ POSIX_FADV_NORMAL,
+ POSIX_FADV_SEQUENTIAL,
+ POSIX_FADV_RANDOM,
+ POSIX_FADV_NOREUSE,
+ POSIX_FADV_WILLNEED,
+ POSIX_FADV_DONTNEED,
+};
+
struct syscallentry syscall_fadvise64 = {
.name = "fadvise64",
.num_args = 4,
@@ -15,6 +25,8 @@
.arg3name = "len",
.arg3type = ARG_LEN,
.arg4name = "advice",
+ .arg4type = ARG_OP,
+ .arg4list = ARGLIST(fadvise_flags),
.rettype = RET_ZERO_SUCCESS,
.flags = NEED_ALARM,
.group = GROUP_VFS,
@@ -37,6 +49,8 @@
.arg3name = "len",
.arg3type = ARG_LEN,
.arg4name = "advice",
+ .arg4type = ARG_OP,
+ .arg4list = ARGLIST(fadvise_flags),
.rettype = RET_ZERO_SUCCESS,
.flags = NEED_ALARM,
.group = GROUP_VFS,
@@ -54,6 +68,8 @@
.arg1name = "fd",
.arg1type = ARG_FD,
.arg2name = "advice",
+ .arg2type = ARG_OP,
+ .arg2list = ARGLIST(fadvise_flags),
.arg3name = "offset",
.arg4name = "len",
.arg4type = ARG_LEN,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.6+git.20160913/syscalls/send.c
new/trinity-1.6+git.20161005/syscalls/send.c
--- old/trinity-1.6+git.20160913/syscalls/send.c 2016-09-13
17:18:12.000000000 +0200
+++ new/trinity-1.6+git.20161005/syscalls/send.c 2016-10-05
20:09:56.000000000 +0200
@@ -23,6 +23,9 @@
rec->a1 = fd_from_socketinfo(si);
+ if (si == NULL) // handle --disable-fds=sockets
+ goto skip_si;
+
proto = net_protocols[si->triplet.family].proto;
if (proto != NULL) {
if (proto->gen_packet != NULL) {
@@ -34,6 +37,8 @@
}
}
+skip_si:
+
/* The rest of this function is only used as a fallback, if the
per-proto
* send()'s aren't implemented.
*/
@@ -117,10 +122,14 @@
struct sockaddr *sa = NULL;
socklen_t salen;
+ if (si == NULL) // handle --disable-fds=sockets
+ goto skip_si;
+
rec->a1 = fd_from_socketinfo((struct socketinfo *) rec->a1);
generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen,
si->triplet.family);
+skip_si:
msg = zmalloc(sizeof(struct msghdr));
msg->msg_name = sa;
msg->msg_namelen = salen;
