Hello community,
here is the log from the commit of package trinity for openSUSE:Factory checked
in at 2017-06-23 09:17:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/trinity (Old)
and /work/SRC/openSUSE:Factory/.trinity.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trinity"
Fri Jun 23 09:17:45 2017 rev:40 rq:504038 version:1.7+git.20170612
Changes:
--------
--- /work/SRC/openSUSE:Factory/trinity/trinity.changes 2017-05-20
10:13:42.715470746 +0200
+++ /work/SRC/openSUSE:Factory/.trinity.new/trinity.changes 2017-06-23
09:17:47.459300048 +0200
@@ -1,0 +2,23 @@
+Fri Jun 16 09:17:12 UTC 2017 - mplus...@suse.com
+
+- Update to version 1.7+git.20170612:
+ * mark the sync syscalls as expensive
+ * reduce the likelyhood that we call expensive syscalls.
+
+-------------------------------------------------------------------
+Sun May 28 11:43:25 UTC 2017 - opensuse-packag...@opensuse.org
+
+- Update to version 1.7+git.20170525:
+ * add incoming packets to the correct place in the list.
+ * add the last op_nr to the childexited message
+ * add a flag to mark when we're expecting a spawn message.
+ * only process CHILD_EXITED messages if the opnr is current
+ * maintain a count of packets processed each scan of the child list.
+ * childhdr is already set at this point.
+ * use a single thread to process all child packets
+ * optimize packet rx list walk
+ * drop duplicate packets instead of adding them to the list.
+ * fix up cppcheck signedness warnings
+ * replace state machine with simpler drain logic
+
+-------------------------------------------------------------------
Old:
----
trinity-1.7+git.20170512.tar.xz
New:
----
trinity-1.7+git.20170612.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ trinity.spec ++++++
--- /var/tmp/diff_new_pack.dgfJiU/_old 2017-06-23 09:17:48.751117514 +0200
+++ /var/tmp/diff_new_pack.dgfJiU/_new 2017-06-23 09:17:48.755116949 +0200
@@ -16,9 +16,9 @@
#
-%define version_unconverted 1.7+git.20170512
+%define version_unconverted 1.7+git.20170612
Name: trinity
-Version: 1.7+git.20170512
+Version: 1.7+git.20170612
Release: 0
Summary: A Linux System call fuzz tester
License: GPL-2.0
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.dgfJiU/_old 2017-06-23 09:17:48.807109602 +0200
+++ /var/tmp/diff_new_pack.dgfJiU/_new 2017-06-23 09:17:48.807109602 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">git://github.com/kernelslacker/trinity</param>
- <param
name="changesrevision">a81fba1701ad9250f91f87c7748940525eaaffa4</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">f21c0a62f708688f3df574911525e2b14be01d5e</param></service></servicedata>
\ No newline at end of file
++++++ trinity-1.7+git.20170512.tar.xz -> trinity-1.7+git.20170612.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/childops/random-syscall.c
new/trinity-1.7+git.20170612/childops/random-syscall.c
--- old/trinity-1.7+git.20170512/childops/random-syscall.c 2017-05-12
20:11:06.000000000 +0200
+++ new/trinity-1.7+git.20170612/childops/random-syscall.c 2017-06-12
21:21:10.000000000 +0200
@@ -71,6 +71,7 @@
static bool set_syscall_nr(struct syscallrecord *rec)
{
+ struct syscallentry *entry;
unsigned int syscallnr;
bool do32;
@@ -97,6 +98,12 @@
goto retry;
}
+ entry = get_syscall_entry(syscallnr, do32);
+ if (entry->flags & EXPENSIVE) {
+ if (!ONE_IN(1000))
+ goto retry;
+ }
+
/* critical section for shm updates. */
lock(&rec->lock);
rec->do32bit = do32;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/include/syscall.h
new/trinity-1.7+git.20170612/include/syscall.h
--- old/trinity-1.7+git.20170512/include/syscall.h 2017-05-12
20:11:06.000000000 +0200
+++ new/trinity-1.7+git.20170612/include/syscall.h 2017-06-12
21:21:10.000000000 +0200
@@ -171,6 +171,7 @@
#define NEED_ALARM (1<<5)
#define EXTRA_FORK (1<<6)
#define IGNORE_ENOSYS (1<<7)
+#define EXPENSIVE (1<<8)
void do_syscall(struct syscallrecord *rec);
void handle_syscall_ret(struct syscallrecord *rec);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/include/udp.h
new/trinity-1.7+git.20170612/include/udp.h
--- old/trinity-1.7+git.20170512/include/udp.h 2017-05-12 20:11:06.000000000
+0200
+++ new/trinity-1.7+git.20170612/include/udp.h 2017-06-12 21:21:10.000000000
+0200
@@ -96,6 +96,7 @@
struct msg_childexited {
struct trinity_msgchildhdr hdr;
+ unsigned long op_nr;
};
struct msg_childsignalled {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/main.c
new/trinity-1.7+git.20170612/main.c
--- old/trinity-1.7+git.20170512/main.c 2017-05-12 20:11:06.000000000 +0200
+++ new/trinity-1.7+git.20170612/main.c 2017-06-12 21:21:10.000000000 +0200
@@ -577,11 +577,13 @@
}
}
-static void log_child_exited(pid_t pid, int childno)
+static void log_child_exited(struct childdata *child)
{
struct msg_childexited childmsg;
- init_msgchildhdr(&childmsg.hdr, CHILD_EXITED, pid, childno);
+ init_msgchildhdr(&childmsg.hdr, CHILD_EXITED,
+ pids[child->num], child->num);
+ childmsg.op_nr = child->op_nr;
sendudp((char *) &childmsg, sizeof(childmsg));
}
@@ -599,7 +601,7 @@
if (WIFEXITED(childstatus)) {
struct childdata *child = shm->children[childno];
- log_child_exited(childpid, childno);
+ log_child_exited(child);
debugf("Child %d (pid:%u type:%u) exited after %ld
operations.\n",
childno, childpid, child->type, child->op_nr);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/server/child.c
new/trinity-1.7+git.20170612/server/child.c
--- old/trinity-1.7+git.20170512/server/child.c 2017-05-12 20:11:06.000000000
+0200
+++ new/trinity-1.7+git.20170612/server/child.c 2017-06-12 21:21:10.000000000
+0200
@@ -30,8 +30,6 @@
child = &session.children[childmsg->hdr.childno];
child->childpid = childmsg->hdr.pid;
- child->expected_seq = 0;
- child->expecting_result = FALSE;
return p;
}
@@ -43,9 +41,9 @@
childmsg = (struct msg_childexited *) buf;
ts = &childmsg->hdr.tp;
- sprintf(p, "%d.%d Child exited. id:%d pid:%d\n",
+ sprintf(p, "%d.%d Child exited. id:%d pid:%d lastop:%lu\n",
(int) ts->tv_sec, (int) ts->tv_nsec,
- childmsg->hdr.childno, childmsg->hdr.pid);
+ childmsg->hdr.childno, childmsg->hdr.pid, childmsg->op_nr);
return p;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/server/child.h
new/trinity-1.7+git.20170612/server/child.h
--- old/trinity-1.7+git.20170512/server/child.h 2017-05-12 20:11:06.000000000
+0200
+++ new/trinity-1.7+git.20170612/server/child.h 2017-06-12 21:21:10.000000000
+0200
@@ -6,8 +6,7 @@
pid_t childpid;
struct packet packets;
unsigned int packetcount;
+ pthread_mutex_t drainmutex;
pthread_mutex_t packetmutex;
int logfile;
- unsigned long expected_seq;
- bool expecting_result;
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/server/session.h
new/trinity-1.7+git.20170612/server/session.h
--- old/trinity-1.7+git.20170512/server/session.h 2017-05-12
20:11:06.000000000 +0200
+++ new/trinity-1.7+git.20170612/server/session.h 2017-06-12
21:21:10.000000000 +0200
@@ -7,9 +7,9 @@
struct fuzzsession {
pid_t mainpid;
- int num_children;
+ unsigned int num_children;
struct childdata children[MAX_CHILDREN];
- pthread_t childthreads[MAX_CHILDREN];
+ pthread_t decodethread;
pthread_mutex_t packetmutex;
struct packet mainpackets;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/server/trinityserver.c
new/trinity-1.7+git.20170612/server/trinityserver.c
--- old/trinity-1.7+git.20170512/server/trinityserver.c 2017-05-12
20:11:06.000000000 +0200
+++ new/trinity-1.7+git.20170612/server/trinityserver.c 2017-06-12
21:21:10.000000000 +0200
@@ -4,6 +4,7 @@
#include <errno.h>
#include <netdb.h>
#include <pthread.h>
+#include <signal.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
@@ -59,86 +60,43 @@
child->packetcount--;
}
-static void * decoder_child_func(void *data)
+static void decode_one_child(struct childdata *child)
{
- struct childdata *child = (struct childdata *) data;
struct list_head *node = NULL, *tmp;
- while (1) {
- pthread_mutex_lock(&child->packetmutex);
- if (list_empty(&child->packets.list))
- goto done;
-
- list_for_each_safe(node, tmp, &child->packets.list) {
- struct packet *currpkt;
- struct trinity_msgchildhdr *childhdr;
- enum logmsgtypes type;
-
- currpkt = (struct packet *) node;
- type = get_packet_type(currpkt);
-
- // The non syscall related messages have no ordering on
each other asides from timestamp
- switch (type) {
- case CHILD_SPAWNED:
- case CHILD_EXITED:
- // TODO: put lastop in the exit msg and wait
until that op before processing this.
- // TODO: check signalled->op_nr == expected-1
- decode_this_packet(child, currpkt);
- child->expecting_result = FALSE;
- continue;
-
- case CHILD_SIGNALLED:
- // TODO: check signalled->op_nr == expected-1
- decode_this_packet(child, currpkt);
- child->expecting_result = FALSE;
- // TODO: only if SIGALRM
- child->expected_seq++;
- continue;
- default:
- break;
- }
+ pthread_mutex_lock(&child->packetmutex);
+ if (list_empty(&child->packets.list))
+ goto done;
- /* From here on, type can only be SYSCALL_PREP or
SYSCALL_RESULT */
+ list_for_each_safe(node, tmp, &child->packets.list) {
+ struct packet *currpkt;
- /* if the pid changed, before we gto a CHILD_SPAWNED,
skip */
- childhdr = (struct trinity_msgchildhdr *) currpkt->data;
- if (child->childpid != childhdr->pid)
- continue;
-
- if (type == SYSCALL_PREP) {
- struct msg_syscallprep *scmsg;
- if (child->expecting_result == TRUE)
- continue;
-
- scmsg = (struct msg_syscallprep *)
currpkt->data;
- if (scmsg->sequence_nr != child->expected_seq)
- continue;
-
- decode_this_packet(child, currpkt);
- child->expecting_result = TRUE;
- continue;
- }
+ currpkt = (struct packet *) node;
- if (type == SYSCALL_RESULT) {
- struct msg_syscallresult *srmsg;
- if (child->expecting_result == FALSE)
- continue;
-
- srmsg = (struct msg_syscallresult *)
currpkt->data;
- if (srmsg->sequence_nr != child->expected_seq)
- continue;
-
- decode_this_packet(child, currpkt);
- child->expecting_result = FALSE;
- child->expected_seq++;
- continue;
- }
- }
+ decode_this_packet(child, currpkt);
+ }
done:
- pthread_mutex_unlock(&child->packetmutex);
+ pthread_mutex_unlock(&child->packetmutex);
+}
+
+static void * decoder_func(void *data)
+{
+ struct fuzzsession *fs = (struct fuzzsession *) data;
+
+ while (1) {
+ unsigned int i;
+ for (i = 0; i < fs->num_children; i++) {
+ struct childdata *child = &fs->children[i];
+
+ if (pthread_mutex_trylock(&child->drainmutex) == 0) {
+ decode_one_child(child);
+ pthread_mutex_unlock(&child->drainmutex);
+ }
+ }
pthread_yield();
}
+
//TODO: if main session exits, we should exit this thread.
return NULL;
}
@@ -165,6 +123,7 @@
}
}
pthread_mutex_unlock(&fs->packetmutex);
+ pthread_yield();
//TODO: if main session exits, we should exit this thread.
}
return NULL;
@@ -175,6 +134,7 @@
{
struct hellostruct *hs = (struct hellostruct *) buf;
int i;
+ int ret;
/* if we got here, we know we got a correct size message, but the
contents
* need to match also for it to be a handshake.
@@ -196,18 +156,17 @@
for (i = 0; i < hs->num_children; i++) {
struct childdata *child = &session.children[i];
- int ret;
child->logfile = open_child_logfile(i);
- child->expected_seq = 0;
- child->expecting_result = FALSE;
INIT_LIST_HEAD(&child->packets.list);
child->packetcount = 0;
pthread_mutex_init(&child->packetmutex, NULL);
- ret = pthread_create(&session.childthreads[i], NULL,
decoder_child_func, child);
- assert(!ret);
+ pthread_mutex_init(&child->drainmutex, NULL);
}
+ ret = pthread_create(&session.decodethread, NULL, decoder_func,
&session);
+ assert(!ret);
+
printf("Received handshake from %s:%d\n",
inet_ntoa(udpclient.sin_addr), ntohs(udpclient.sin_port));
sendudp(serverreply, strlen(serverreply));
@@ -260,7 +219,8 @@
struct fuzzsession *fs = &session;
struct trinity_msgchildhdr *childhdr;
struct childdata *child;
- struct list_head *node, *tmp;
+ struct list_head *node, *tmp, *tail;
+ struct packet *listpkt;
pkt->data = malloc(len);
if (pkt->data == NULL) {
@@ -281,15 +241,34 @@
if (list_empty(&child->packets.list))
goto tail_add;
+ /* Can we just go at the end ? */
+ tail = child->packets.list.prev;
+ listpkt = (struct packet *) tail;
+
+ if (childhdr->tp.tv_sec > listpkt->tp.tv_sec)
+ goto tail_add;
+
+ if (childhdr->tp.tv_sec == listpkt->tp.tv_sec) {
+ if (childhdr->tp.tv_nsec > listpkt->tp.tv_nsec)
+ goto tail_add;
+ if (childhdr->tp.tv_nsec == listpkt->tp.tv_nsec)
+ goto drop_dupe;
+ }
+
+ /* crap, we've got something out of order, scan the list for the right
place
+ * to insert it. TODO: Might be quicker to search backwards from the
tail
+ */
list_for_each_safe(node, tmp, &child->packets.list) {
- struct packet *listpkt = (struct packet *) node;
+ listpkt = (struct packet *) node;
if (childhdr->tp.tv_sec > listpkt->tp.tv_sec)
continue;
if (childhdr->tp.tv_nsec > listpkt->tp.tv_nsec)
continue;
+ if (childhdr->tp.tv_nsec == listpkt->tp.tv_nsec)
+ goto drop_dupe;
- list_add(&pkt->list, node);
+ list_add(&pkt->list, node->prev);
goto done;
}
@@ -299,6 +278,21 @@
done:
child->packetcount++;
pthread_mutex_unlock(&child->packetmutex);
+ return;
+
+drop_dupe:
+ free(pkt->data);
+ free(pkt);
+ pthread_mutex_unlock(&child->packetmutex);
+}
+
+static struct childdata * get_child_from_pkt(void *data)
+{
+ struct fuzzsession *fs = &session;
+ struct trinity_msgchildhdr *childhdr;
+
+ childhdr = (struct trinity_msgchildhdr *) data;
+ return &fs->children[childhdr->childno];
}
static void queue_object_msg(struct trinity_msgobjhdr *obj, int len)
@@ -316,7 +310,9 @@
enum logmsgtypes type;
while (1) {
+ struct childdata *child;
int ret = readudp();
+
if (ret <= 0)
continue;
@@ -349,8 +345,24 @@
break;
case CHILD_SPAWNED:
+ child = get_child_from_pkt(buf);
+ pthread_mutex_lock(&child->drainmutex);
+ add_to_child_queue(buf, len);
+ break;
+
case CHILD_EXITED:
+ add_to_child_queue(buf, len);
+ child = get_child_from_pkt(buf);
+ pthread_mutex_unlock(&child->drainmutex);
+ break;
+
case CHILD_SIGNALLED:
+ add_to_child_queue(buf, len);
+ //child = get_child_from_pkt(buf);
+ //FIXME: only if signal = child exits.
+ //pthread_mutex_unlock(&child->drainmutex);
+ break;
+
case SYSCALL_PREP:
case SYSCALL_RESULT:
add_to_child_queue(buf, len);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/syscalls/fdatasync.c
new/trinity-1.7+git.20170612/syscalls/fdatasync.c
--- old/trinity-1.7+git.20170512/syscalls/fdatasync.c 2017-05-12
20:11:06.000000000 +0200
+++ new/trinity-1.7+git.20170612/syscalls/fdatasync.c 2017-06-12
21:21:10.000000000 +0200
@@ -12,6 +12,6 @@
.arg1name = "fd",
.arg1type = ARG_FD,
.rettype = RET_ZERO_SUCCESS,
- .flags = NEED_ALARM,
+ .flags = NEED_ALARM | EXPENSIVE,
.group = GROUP_VFS,
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/syscalls/fsync.c
new/trinity-1.7+git.20170612/syscalls/fsync.c
--- old/trinity-1.7+git.20170512/syscalls/fsync.c 2017-05-12
20:11:06.000000000 +0200
+++ new/trinity-1.7+git.20170612/syscalls/fsync.c 2017-06-12
21:21:10.000000000 +0200
@@ -12,6 +12,6 @@
.arg1name = "fd",
.arg1type = ARG_FD,
.rettype = RET_ZERO_SUCCESS,
- .flags = NEED_ALARM,
+ .flags = NEED_ALARM | EXPENSIVE,
.group = GROUP_VFS,
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/syscalls/sync.c
new/trinity-1.7+git.20170612/syscalls/sync.c
--- old/trinity-1.7+git.20170512/syscalls/sync.c 2017-05-12
20:11:06.000000000 +0200
+++ new/trinity-1.7+git.20170612/syscalls/sync.c 2017-06-12
21:21:10.000000000 +0200
@@ -7,4 +7,5 @@
.name = "sync",
.num_args = 0,
.group = GROUP_VFS,
+ .flags = EXPENSIVE,
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/trinity-1.7+git.20170512/syscalls/syncfs.c
new/trinity-1.7+git.20170612/syscalls/syncfs.c
--- old/trinity-1.7+git.20170512/syscalls/syncfs.c 2017-05-12
20:11:06.000000000 +0200
+++ new/trinity-1.7+git.20170612/syscalls/syncfs.c 2017-06-12
21:21:10.000000000 +0200
@@ -8,6 +8,6 @@
.num_args = 1,
.arg1name = "fd",
.arg1type = ARG_FD,
- .flags = NEED_ALARM,
+ .flags = NEED_ALARM | EXPENSIVE,
.group = GROUP_VFS,
};
