Hello community, here is the log from the commit of package trinity for openSUSE:Factory checked in at 2016-11-05 21:26:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trinity (Old) and /work/SRC/openSUSE:Factory/.trinity.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trinity" Changes: -------- --- /work/SRC/openSUSE:Factory/trinity/trinity.changes 2016-10-20 23:10:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.trinity.new/trinity.changes 2016-11-05 21:26:05.000000000 +0100 @@ -1,0 +2,15 @@ +Wed Nov 02 16:54:45 UTC 2016 - [email protected] + +- Update to version 1.7+git.20161028: + * disable the mremap page-dirtying for now + * pick read/write dirtying based on PROT settings of mapping + * for now disable periodic dirtying of mappings. + * Sanity checks in pid_alive + * update find.sh to a more interesting example. + * kill_pid debugging + * consolidate the seed initialization into init_seed + * Add FALLOC_FL_UNSHARE_RANGE flag to fallocate + * 1.7 release. + * Move version back to devel + +------------------------------------------------------------------- Old: ---- trinity-1.6+git.20161018.tar.xz New: ---- trinity-1.7+git.20161028.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trinity.spec ++++++ --- /var/tmp/diff_new_pack.7vJh31/_old 2016-11-05 21:26:06.000000000 +0100 +++ /var/tmp/diff_new_pack.7vJh31/_new 2016-11-05 21:26:06.000000000 +0100 @@ -16,9 +16,9 @@ # -%define version_unconverted 1.6+git.20161018 +%define version_unconverted 1.7+git.20161028 Name: trinity -Version: 1.6+git.20161018 +Version: 1.7+git.20161028 Release: 0 Summary: A Linux System call fuzz tester License: GPL-2.0 @@ -28,6 +28,7 @@ BuildRequires: gcc # needed for btrfs/ioctl.h BuildRequires: libbtrfs-devel +BuildRequires: linux-glibc-devel BuildRequires: make BuildRequires: xz BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ _service ++++++ --- /var/tmp/diff_new_pack.7vJh31/_old 2016-11-05 21:26:06.000000000 +0100 +++ /var/tmp/diff_new_pack.7vJh31/_new 2016-11-05 21:26:06.000000000 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="changesgenerate">enable</param> <param name="filename">trinity</param> - <param name="versionformat">1.6+git.%cd</param> + <param name="versionformat">1.7+git.%cd</param> </service> <service mode="disabled" name="recompress"> <param name="file">*.tar</param> ++++++ trinity-1.6+git.20161018.tar.xz -> trinity-1.7+git.20161028.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/Makefile new/trinity-1.7+git.20161028/Makefile --- old/trinity-1.6+git.20161018/Makefile 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/Makefile 2016-10-28 19:56:34.000000000 +0200 @@ -1,4 +1,4 @@ -VERSION="1.7pre" +VERSION="1.8pre" INSTALL_PREFIX ?= $(DESTDIR) INSTALL_PREFIX ?= $(HOME) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/child.c new/trinity-1.7+git.20161028/child.c --- old/trinity-1.6+git.20161018/child.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/child.c 2016-10-28 19:56:34.000000000 +0200 @@ -357,8 +357,8 @@ check_parent_pid(); /* Every 100 iterations. */ - if (!(periodic_counter % 100)) - dirty_random_mapping(); +// if (!(periodic_counter % 100)) +// dirty_random_mapping(); if (periodic_counter == 1000) periodic_counter = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/fds/bpf.c new/trinity-1.7+git.20161028/fds/bpf.c --- old/trinity-1.6+git.20161018/fds/bpf.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/fds/bpf.c 2016-10-28 19:56:34.000000000 +0200 @@ -14,6 +14,7 @@ #include <linux/unistd.h> #include <linux/perf_event.h> +#include "bpf.h" #include "fd.h" #include "log.h" #include "objects.h" @@ -99,7 +100,7 @@ return TRUE; } -static int get_rand_bpf_fd(void) +int get_rand_bpf_fd(void) { struct object *obj; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/include/bpf.h new/trinity-1.7+git.20161028/include/bpf.h --- old/trinity-1.6+git.20161018/include/bpf.h 1970-01-01 01:00:00.000000000 +0100 +++ new/trinity-1.7+git.20161028/include/bpf.h 2016-10-28 19:56:34.000000000 +0200 @@ -0,0 +1,3 @@ +#pragma once + +int get_rand_bpf_fd(void); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/mm/fault-read.c new/trinity-1.7+git.20161028/mm/fault-read.c --- old/trinity-1.6+git.20161018/mm/fault-read.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/mm/fault-read.c 2016-10-28 19:56:34.000000000 +0200 @@ -15,7 +15,7 @@ static void read_one_page(struct map *map) { char *p = map->ptr; - unsigned long offset = (rnd() % (map->size - 1)) & PAGE_MASK; + unsigned long offset = (rnd() % map->size) & PAGE_MASK; char buf[page_size]; p += offset; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/mm/fault-write.c new/trinity-1.7+git.20161028/mm/fault-write.c --- old/trinity-1.6+git.20161018/mm/fault-write.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/mm/fault-write.c 2016-10-28 19:56:34.000000000 +0200 @@ -9,6 +9,12 @@ #include "sanitise.h" // get_address #include "utils.h" +static void mark_page_rw(struct map *map, void *page) +{ + mprotect(page, page_size, PROT_READ|PROT_WRITE); + map->prot = PROT_READ|PROT_WRITE; +} + static unsigned int nr_pages(struct map *map) { return map->size / page_size; @@ -17,9 +23,9 @@ static void dirty_one_page(struct map *map) { char *p = map->ptr; - unsigned long offset = (rnd() % (map->size - 1)) & PAGE_MASK; + unsigned long offset = (rnd() % map->size) & PAGE_MASK; - mprotect((void *) (p + offset), page_size, PROT_READ|PROT_WRITE); + mark_page_rw(map, p + offset); p[offset] = rnd(); } @@ -31,7 +37,7 @@ for (i = 0; i < nr; i++) { char *p = map->ptr + (i * page_size); - mprotect((void *) p, page_size, PROT_READ|PROT_WRITE); + mark_page_rw(map, p); *p = rnd(); } } @@ -46,7 +52,7 @@ for (i = first; i < nr; i+=2) { char *p = map->ptr + (i * page_size); - mprotect((void *) p, page_size, PROT_READ|PROT_WRITE); + mark_page_rw(map, p); *p = rnd(); } } @@ -59,7 +65,7 @@ for (i = nr; i > 0; i--) { char *p = map->ptr + (i * page_size); - mprotect((void *) p, page_size, PROT_READ|PROT_WRITE); + mark_page_rw(map, p); *p = rnd(); } } @@ -74,7 +80,7 @@ for (i = 0; i < nr; i++) { off_t offset = (rnd() % nr) * page_size; char *p = map->ptr + offset; - mprotect((void *) p, page_size, PROT_READ|PROT_WRITE); + mark_page_rw(map, p); *p = rnd(); } } @@ -85,7 +91,7 @@ { char *p = map->ptr; - mprotect(map->ptr, page_size, PROT_READ|PROT_WRITE); + mark_page_rw(map, map->ptr); generate_random_page(p); } @@ -96,7 +102,7 @@ { char *p = map->ptr + map->size - page_size; - mprotect((void *) p, page_size, PROT_READ|PROT_WRITE); + mark_page_rw(map, p); memset((void *) p, 'A', page_size); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/mm/maps.c new/trinity-1.7+git.20161028/mm/maps.c --- old/trinity-1.6+git.20161018/mm/maps.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/mm/maps.c 2016-10-28 19:56:34.000000000 +0200 @@ -1,6 +1,7 @@ #include <stdlib.h> #include <string.h> #include <sys/mman.h> +#include <asm/mman.h> #include <sys/types.h> #include <sys/stat.h> #include "arch.h" @@ -125,23 +126,18 @@ */ void dirty_mapping(struct map *map) { - bool rw = RAND_BOOL(); - - if (rw == TRUE) { - /* Check mapping is writable, or we'll segv. - * TODO: Perhaps we should do that, and trap it, mark it writable, - * then reprotect after we dirtied it ? */ - if (map->prot & ~PROT_WRITE) - return; - + switch (map->prot) { + case PROT_WRITE: + case PROT_WRITE|PROT_READ: random_map_writefn(map); - return; - - } else { - if (map->prot & ~PROT_READ) - return; - + break; + case PROT_READ: random_map_readfn(map); + break; + case PROT_SEM: + case PROT_NONE: + default: + break; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/net/bpf.c new/trinity-1.7+git.20161028/net/bpf.c --- old/trinity-1.6+git.20161018/net/bpf.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/net/bpf.c 2016-10-28 19:56:34.000000000 +0200 @@ -7,6 +7,7 @@ #include <stdio.h> #include <string.h> +#include "bpf.h" #include "debug.h" #include "log.h" #include "net.h" @@ -845,7 +846,13 @@ bpf->filter[i].jf |= (uint8_t) rnd(); /* Not always fill out k */ - bpf->filter[i].k = ((ONE_IN(10)) ? 0 : (uint32_t) rand32()); + switch (rnd() % 3) { + case 0: bpf->filter[i].k = (uint32_t) rand32(); + break; + case 1: bpf->filter[i].k = (uint32_t) get_rand_bpf_fd(); + break; + case 2: break; + } /* Also try to jump into BPF extensions by chance */ if (BPF_CLASS(bpf->filter[i].code) == BPF_LD || diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/pids.c new/trinity-1.7+git.20161028/pids.c --- old/trinity-1.6+git.20161018/pids.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/pids.c 2016-10-28 19:56:34.000000000 +0200 @@ -9,10 +9,28 @@ #include "sanitise.h" #include "shm.h" +#include <debug.h> + pid_t *pids; bool pid_alive(pid_t pid) { + if (pid < -1) { + syslogf("kill_pid tried to kill %d!\n", pid); + show_backtrace(); + return TRUE; + } + if (pid == -1) { + syslogf("kill_pid tried to kill -1!\n"); + show_backtrace(); + return TRUE; + } + if (pid == 0) { + syslogf("tried to kill_pid 0!\n"); + show_backtrace(); + return TRUE; + } + if (kill(pid, 0) == 0) return TRUE; return FALSE; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/rand/seed.c new/trinity-1.7+git.20161028/rand/seed.c --- old/trinity-1.6+git.20161018/rand/seed.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/rand/seed.c 2016-10-28 19:56:34.000000000 +0200 @@ -68,14 +68,24 @@ unsigned int new_seed(void) { - unsigned int r; + unsigned int r = 0; + + /* If we passed in an initial seed, all subsequent seeds have to + * be based off of it. */ + if (user_set_seed == TRUE) { + r = rnd(); + goto out; + } - if (urandomfd == -1) - return fallbackseed(); + if (urandomfd == -1) { + r = fallbackseed(); + goto out; + } if (read(urandomfd, &r, sizeof(r)) != sizeof(r)) - return fallbackseed(); + r = fallbackseed(); +out: //printf("new seed:%u\n", r); return r; } @@ -86,7 +96,6 @@ // If we have sys_getrandom, use that instead of urandom if (do_getrandom(&r) == TRUE) { - printf("Using getrandom() for seeds\n"); urandomfd = -1; return TRUE; } @@ -105,8 +114,13 @@ unsigned int init_seed(unsigned int seedparam) { if (user_set_seed == TRUE) - output(0, "Using user passed random seed: %u\n", seedparam); + output(0, "Using user passed random seed: %u.\n", seedparam); else { + if (urandomfd == -1) + output(0, "Using getrandom() for seeds.\n"); + else + output(0, "Using /dev/urandom for seeds.\n"); + seedparam = new_seed(); output(0, "Initial random seed: %u\n", seedparam); @@ -142,8 +156,6 @@ * Called when a new child starts, so we don't repeat runs across different pids. * We only reseed in the main pid, all the children are expected to periodically * check if the seed changed, and reseed accordingly. - * - * Caveat: Not used if we passed in our own seed with -s */ void reseed(void) { @@ -152,10 +164,6 @@ exit(EXIT_FAILURE); } - /* don't change the seed if we passed -s */ - if (user_set_seed == TRUE) - return; - /* We are reseeding. */ shm->seed = new_seed(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/scripts/find.sh new/trinity-1.7+git.20161028/scripts/find.sh --- old/trinity-1.6+git.20161018/scripts/find.sh 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/scripts/find.sh 2016-10-28 19:56:34.000000000 +0200 @@ -2,37 +2,23 @@ # # This is an example of how to search for an interaction between # two syscalls. In the example below I was chasing an oops involving -# futex and another unknown syscall. +# ftruncate and another unknown syscall. # -# I wanted to avoid execve, because it just slowed things down, and had -# already been ruled out. +# I wanted to avoid execve, and the sync syscalls because they just slowed +# things down, and had already been ruled out. # -OLDPATH=$(pwd) -TRINITY_PATH=${TRINITY_PATH:-$OLDPATH} -TRINITY_TMP=$(mktemp -d /tmp/trinity.XXXXXX) - -check_tainted() -{ - if [ "$(cat /proc/sys/kernel/tainted)" != $TAINT ]; then - echo ERROR: Taint flag changed $(cat /proc/sys/kernel/tainted) - exit - fi -} +. scripts/paths.sh +. scripts/privs.sh +. scripts/taint.sh chmod 755 $TRINITY_TMP cd $TRINITY_TMP -TAINT=$(cat /proc/sys/kernel/tainted) - NR_CPUS=$(nproc) while [ 1 ]; do - - -for sc in $($TRINITY_PATH/trinity -L | grep entrypoint | grep -v AVOID | awk '{ print $3 }' | sort -u) -do mkdir -p tmp.$i pushd tmp.$i @@ -42,7 +28,7 @@ exit fi - $TRINITY_PATH/trinity -q -l off -c futex -c $sc -x execve -C64 -N 1000000 + $TRINITY_PATH/trinity $DROPPRIVS -q -l off -a64 -c ftruncate -r20 -x execve -x execveat -x syncfs -x sync -x fsync -x fdatasync -C64 -N 1000000 --enable-fds=pseudo,testfile popd @@ -51,5 +37,3 @@ chmod 755 $TRINITY_TMP done - -done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/shm.c new/trinity-1.7+git.20161028/shm.c --- old/trinity-1.6+git.20161018/shm.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/shm.c 2016-10-28 19:56:34.000000000 +0200 @@ -50,10 +50,8 @@ shm->stats.op_count = 1; - if (user_set_seed == TRUE) - shm->seed = init_seed(seed); - else - shm->seed = new_seed(); + shm->seed = init_seed(seed); + /* Set seed in main process. */ set_seed(NULL); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/syscalls/fallocate.c new/trinity-1.7+git.20161028/syscalls/fallocate.c --- old/trinity-1.6+git.20161018/syscalls/fallocate.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/syscalls/fallocate.c 2016-10-28 19:56:34.000000000 +0200 @@ -11,11 +11,13 @@ #define FALLOC_FL_COLLAPSE_RANGE 0x08 #define FALLOC_FL_ZERO_RANGE 0x10 #define FALLOC_FL_INSERT_RANGE 0x20 +#define FALLOC_FL_UNSHARE_RANGE 0x40 static unsigned long fallocate_modes[] = { FALLOC_FL_KEEP_SIZE, FALLOC_FL_PUNCH_HOLE, FALLOC_FL_NO_HIDE_STALE, FALLOC_FL_COLLAPSE_RANGE, FALLOC_FL_ZERO_RANGE, FALLOC_FL_INSERT_RANGE, + FALLOC_FL_UNSHARE_RANGE, }; struct syscallentry syscall_fallocate = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/syscalls/mremap.c new/trinity-1.7+git.20161028/syscalls/mremap.c --- old/trinity-1.6+git.20161018/syscalls/mremap.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/syscalls/mremap.c 2016-10-28 19:56:34.000000000 +0200 @@ -58,8 +58,8 @@ map->ptr = ptr; /* Sometimes dirty the mapping first. */ - if (RAND_BOOL()) - dirty_mapping(map); +// if (RAND_BOOL()) +// dirty_mapping(map); } static unsigned long mremap_flags[] = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20161018/utils.c new/trinity-1.7+git.20161028/utils.c --- old/trinity-1.6+git.20161018/utils.c 2016-10-19 01:17:03.000000000 +0200 +++ new/trinity-1.7+git.20161028/utils.c 2016-10-28 19:56:34.000000000 +0200 @@ -4,6 +4,7 @@ #include <stdlib.h> #include <stdio.h> #include <string.h> +#include "debug.h" #include "log.h" #include "pids.h" #include "random.h" @@ -76,6 +77,17 @@ int ret; int childno; + if (pid == -1) { + show_backtrace(); + syslogf("kill_pid tried to kill -1!\n"); + return; + } + if (pid == 0) { + show_backtrace(); + syslogf("tried to kill_pid 0!\n"); + return; + } + childno = find_childno(pid); if (childno != CHILD_NOT_FOUND) { if (shm->children[childno]->dontkillme == TRUE)
