Hello community, here is the log from the commit of package trinity for openSUSE:Factory checked in at 2017-06-23 09:17:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trinity (Old) and /work/SRC/openSUSE:Factory/.trinity.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trinity" Fri Jun 23 09:17:45 2017 rev:40 rq:504038 version:1.7+git.20170612 Changes: -------- --- /work/SRC/openSUSE:Factory/trinity/trinity.changes 2017-05-20 10:13:42.715470746 +0200 +++ /work/SRC/openSUSE:Factory/.trinity.new/trinity.changes 2017-06-23 09:17:47.459300048 +0200 @@ -1,0 +2,23 @@ +Fri Jun 16 09:17:12 UTC 2017 - mplus...@suse.com + +- Update to version 1.7+git.20170612: + * mark the sync syscalls as expensive + * reduce the likelyhood that we call expensive syscalls. + +------------------------------------------------------------------- +Sun May 28 11:43:25 UTC 2017 - opensuse-packag...@opensuse.org + +- Update to version 1.7+git.20170525: + * add incoming packets to the correct place in the list. + * add the last op_nr to the childexited message + * add a flag to mark when we're expecting a spawn message. + * only process CHILD_EXITED messages if the opnr is current + * maintain a count of packets processed each scan of the child list. + * childhdr is already set at this point. + * use a single thread to process all child packets + * optimize packet rx list walk + * drop duplicate packets instead of adding them to the list. + * fix up cppcheck signedness warnings + * replace state machine with simpler drain logic + +------------------------------------------------------------------- Old: ---- trinity-1.7+git.20170512.tar.xz New: ---- trinity-1.7+git.20170612.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trinity.spec ++++++ --- /var/tmp/diff_new_pack.dgfJiU/_old 2017-06-23 09:17:48.751117514 +0200 +++ /var/tmp/diff_new_pack.dgfJiU/_new 2017-06-23 09:17:48.755116949 +0200 @@ -16,9 +16,9 @@ # -%define version_unconverted 1.7+git.20170512 +%define version_unconverted 1.7+git.20170612 Name: trinity -Version: 1.7+git.20170512 +Version: 1.7+git.20170612 Release: 0 Summary: A Linux System call fuzz tester License: GPL-2.0 ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.dgfJiU/_old 2017-06-23 09:17:48.807109602 +0200 +++ /var/tmp/diff_new_pack.dgfJiU/_new 2017-06-23 09:17:48.807109602 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">git://github.com/kernelslacker/trinity</param> - <param name="changesrevision">a81fba1701ad9250f91f87c7748940525eaaffa4</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">f21c0a62f708688f3df574911525e2b14be01d5e</param></service></servicedata> \ No newline at end of file ++++++ trinity-1.7+git.20170512.tar.xz -> trinity-1.7+git.20170612.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/childops/random-syscall.c new/trinity-1.7+git.20170612/childops/random-syscall.c --- old/trinity-1.7+git.20170512/childops/random-syscall.c 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/childops/random-syscall.c 2017-06-12 21:21:10.000000000 +0200 @@ -71,6 +71,7 @@ static bool set_syscall_nr(struct syscallrecord *rec) { + struct syscallentry *entry; unsigned int syscallnr; bool do32; @@ -97,6 +98,12 @@ goto retry; } + entry = get_syscall_entry(syscallnr, do32); + if (entry->flags & EXPENSIVE) { + if (!ONE_IN(1000)) + goto retry; + } + /* critical section for shm updates. */ lock(&rec->lock); rec->do32bit = do32; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/include/syscall.h new/trinity-1.7+git.20170612/include/syscall.h --- old/trinity-1.7+git.20170512/include/syscall.h 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/include/syscall.h 2017-06-12 21:21:10.000000000 +0200 @@ -171,6 +171,7 @@ #define NEED_ALARM (1<<5) #define EXTRA_FORK (1<<6) #define IGNORE_ENOSYS (1<<7) +#define EXPENSIVE (1<<8) void do_syscall(struct syscallrecord *rec); void handle_syscall_ret(struct syscallrecord *rec); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/include/udp.h new/trinity-1.7+git.20170612/include/udp.h --- old/trinity-1.7+git.20170512/include/udp.h 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/include/udp.h 2017-06-12 21:21:10.000000000 +0200 @@ -96,6 +96,7 @@ struct msg_childexited { struct trinity_msgchildhdr hdr; + unsigned long op_nr; }; struct msg_childsignalled { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/main.c new/trinity-1.7+git.20170612/main.c --- old/trinity-1.7+git.20170512/main.c 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/main.c 2017-06-12 21:21:10.000000000 +0200 @@ -577,11 +577,13 @@ } } -static void log_child_exited(pid_t pid, int childno) +static void log_child_exited(struct childdata *child) { struct msg_childexited childmsg; - init_msgchildhdr(&childmsg.hdr, CHILD_EXITED, pid, childno); + init_msgchildhdr(&childmsg.hdr, CHILD_EXITED, + pids[child->num], child->num); + childmsg.op_nr = child->op_nr; sendudp((char *) &childmsg, sizeof(childmsg)); } @@ -599,7 +601,7 @@ if (WIFEXITED(childstatus)) { struct childdata *child = shm->children[childno]; - log_child_exited(childpid, childno); + log_child_exited(child); debugf("Child %d (pid:%u type:%u) exited after %ld operations.\n", childno, childpid, child->type, child->op_nr); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/server/child.c new/trinity-1.7+git.20170612/server/child.c --- old/trinity-1.7+git.20170512/server/child.c 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/server/child.c 2017-06-12 21:21:10.000000000 +0200 @@ -30,8 +30,6 @@ child = &session.children[childmsg->hdr.childno]; child->childpid = childmsg->hdr.pid; - child->expected_seq = 0; - child->expecting_result = FALSE; return p; } @@ -43,9 +41,9 @@ childmsg = (struct msg_childexited *) buf; ts = &childmsg->hdr.tp; - sprintf(p, "%d.%d Child exited. id:%d pid:%d\n", + sprintf(p, "%d.%d Child exited. id:%d pid:%d lastop:%lu\n", (int) ts->tv_sec, (int) ts->tv_nsec, - childmsg->hdr.childno, childmsg->hdr.pid); + childmsg->hdr.childno, childmsg->hdr.pid, childmsg->op_nr); return p; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/server/child.h new/trinity-1.7+git.20170612/server/child.h --- old/trinity-1.7+git.20170512/server/child.h 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/server/child.h 2017-06-12 21:21:10.000000000 +0200 @@ -6,8 +6,7 @@ pid_t childpid; struct packet packets; unsigned int packetcount; + pthread_mutex_t drainmutex; pthread_mutex_t packetmutex; int logfile; - unsigned long expected_seq; - bool expecting_result; }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/server/session.h new/trinity-1.7+git.20170612/server/session.h --- old/trinity-1.7+git.20170512/server/session.h 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/server/session.h 2017-06-12 21:21:10.000000000 +0200 @@ -7,9 +7,9 @@ struct fuzzsession { pid_t mainpid; - int num_children; + unsigned int num_children; struct childdata children[MAX_CHILDREN]; - pthread_t childthreads[MAX_CHILDREN]; + pthread_t decodethread; pthread_mutex_t packetmutex; struct packet mainpackets; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/server/trinityserver.c new/trinity-1.7+git.20170612/server/trinityserver.c --- old/trinity-1.7+git.20170512/server/trinityserver.c 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/server/trinityserver.c 2017-06-12 21:21:10.000000000 +0200 @@ -4,6 +4,7 @@ #include <errno.h> #include <netdb.h> #include <pthread.h> +#include <signal.h> #include <string.h> #include <stdio.h> #include <stdlib.h> @@ -59,86 +60,43 @@ child->packetcount--; } -static void * decoder_child_func(void *data) +static void decode_one_child(struct childdata *child) { - struct childdata *child = (struct childdata *) data; struct list_head *node = NULL, *tmp; - while (1) { - pthread_mutex_lock(&child->packetmutex); - if (list_empty(&child->packets.list)) - goto done; - - list_for_each_safe(node, tmp, &child->packets.list) { - struct packet *currpkt; - struct trinity_msgchildhdr *childhdr; - enum logmsgtypes type; - - currpkt = (struct packet *) node; - type = get_packet_type(currpkt); - - // The non syscall related messages have no ordering on each other asides from timestamp - switch (type) { - case CHILD_SPAWNED: - case CHILD_EXITED: - // TODO: put lastop in the exit msg and wait until that op before processing this. - // TODO: check signalled->op_nr == expected-1 - decode_this_packet(child, currpkt); - child->expecting_result = FALSE; - continue; - - case CHILD_SIGNALLED: - // TODO: check signalled->op_nr == expected-1 - decode_this_packet(child, currpkt); - child->expecting_result = FALSE; - // TODO: only if SIGALRM - child->expected_seq++; - continue; - default: - break; - } + pthread_mutex_lock(&child->packetmutex); + if (list_empty(&child->packets.list)) + goto done; - /* From here on, type can only be SYSCALL_PREP or SYSCALL_RESULT */ + list_for_each_safe(node, tmp, &child->packets.list) { + struct packet *currpkt; - /* if the pid changed, before we gto a CHILD_SPAWNED, skip */ - childhdr = (struct trinity_msgchildhdr *) currpkt->data; - if (child->childpid != childhdr->pid) - continue; - - if (type == SYSCALL_PREP) { - struct msg_syscallprep *scmsg; - if (child->expecting_result == TRUE) - continue; - - scmsg = (struct msg_syscallprep *) currpkt->data; - if (scmsg->sequence_nr != child->expected_seq) - continue; - - decode_this_packet(child, currpkt); - child->expecting_result = TRUE; - continue; - } + currpkt = (struct packet *) node; - if (type == SYSCALL_RESULT) { - struct msg_syscallresult *srmsg; - if (child->expecting_result == FALSE) - continue; - - srmsg = (struct msg_syscallresult *) currpkt->data; - if (srmsg->sequence_nr != child->expected_seq) - continue; - - decode_this_packet(child, currpkt); - child->expecting_result = FALSE; - child->expected_seq++; - continue; - } - } + decode_this_packet(child, currpkt); + } done: - pthread_mutex_unlock(&child->packetmutex); + pthread_mutex_unlock(&child->packetmutex); +} + +static void * decoder_func(void *data) +{ + struct fuzzsession *fs = (struct fuzzsession *) data; + + while (1) { + unsigned int i; + for (i = 0; i < fs->num_children; i++) { + struct childdata *child = &fs->children[i]; + + if (pthread_mutex_trylock(&child->drainmutex) == 0) { + decode_one_child(child); + pthread_mutex_unlock(&child->drainmutex); + } + } pthread_yield(); } + //TODO: if main session exits, we should exit this thread. return NULL; } @@ -165,6 +123,7 @@ } } pthread_mutex_unlock(&fs->packetmutex); + pthread_yield(); //TODO: if main session exits, we should exit this thread. } return NULL; @@ -175,6 +134,7 @@ { struct hellostruct *hs = (struct hellostruct *) buf; int i; + int ret; /* if we got here, we know we got a correct size message, but the contents * need to match also for it to be a handshake. @@ -196,18 +156,17 @@ for (i = 0; i < hs->num_children; i++) { struct childdata *child = &session.children[i]; - int ret; child->logfile = open_child_logfile(i); - child->expected_seq = 0; - child->expecting_result = FALSE; INIT_LIST_HEAD(&child->packets.list); child->packetcount = 0; pthread_mutex_init(&child->packetmutex, NULL); - ret = pthread_create(&session.childthreads[i], NULL, decoder_child_func, child); - assert(!ret); + pthread_mutex_init(&child->drainmutex, NULL); } + ret = pthread_create(&session.decodethread, NULL, decoder_func, &session); + assert(!ret); + printf("Received handshake from %s:%d\n", inet_ntoa(udpclient.sin_addr), ntohs(udpclient.sin_port)); sendudp(serverreply, strlen(serverreply)); @@ -260,7 +219,8 @@ struct fuzzsession *fs = &session; struct trinity_msgchildhdr *childhdr; struct childdata *child; - struct list_head *node, *tmp; + struct list_head *node, *tmp, *tail; + struct packet *listpkt; pkt->data = malloc(len); if (pkt->data == NULL) { @@ -281,15 +241,34 @@ if (list_empty(&child->packets.list)) goto tail_add; + /* Can we just go at the end ? */ + tail = child->packets.list.prev; + listpkt = (struct packet *) tail; + + if (childhdr->tp.tv_sec > listpkt->tp.tv_sec) + goto tail_add; + + if (childhdr->tp.tv_sec == listpkt->tp.tv_sec) { + if (childhdr->tp.tv_nsec > listpkt->tp.tv_nsec) + goto tail_add; + if (childhdr->tp.tv_nsec == listpkt->tp.tv_nsec) + goto drop_dupe; + } + + /* crap, we've got something out of order, scan the list for the right place + * to insert it. TODO: Might be quicker to search backwards from the tail + */ list_for_each_safe(node, tmp, &child->packets.list) { - struct packet *listpkt = (struct packet *) node; + listpkt = (struct packet *) node; if (childhdr->tp.tv_sec > listpkt->tp.tv_sec) continue; if (childhdr->tp.tv_nsec > listpkt->tp.tv_nsec) continue; + if (childhdr->tp.tv_nsec == listpkt->tp.tv_nsec) + goto drop_dupe; - list_add(&pkt->list, node); + list_add(&pkt->list, node->prev); goto done; } @@ -299,6 +278,21 @@ done: child->packetcount++; pthread_mutex_unlock(&child->packetmutex); + return; + +drop_dupe: + free(pkt->data); + free(pkt); + pthread_mutex_unlock(&child->packetmutex); +} + +static struct childdata * get_child_from_pkt(void *data) +{ + struct fuzzsession *fs = &session; + struct trinity_msgchildhdr *childhdr; + + childhdr = (struct trinity_msgchildhdr *) data; + return &fs->children[childhdr->childno]; } static void queue_object_msg(struct trinity_msgobjhdr *obj, int len) @@ -316,7 +310,9 @@ enum logmsgtypes type; while (1) { + struct childdata *child; int ret = readudp(); + if (ret <= 0) continue; @@ -349,8 +345,24 @@ break; case CHILD_SPAWNED: + child = get_child_from_pkt(buf); + pthread_mutex_lock(&child->drainmutex); + add_to_child_queue(buf, len); + break; + case CHILD_EXITED: + add_to_child_queue(buf, len); + child = get_child_from_pkt(buf); + pthread_mutex_unlock(&child->drainmutex); + break; + case CHILD_SIGNALLED: + add_to_child_queue(buf, len); + //child = get_child_from_pkt(buf); + //FIXME: only if signal = child exits. + //pthread_mutex_unlock(&child->drainmutex); + break; + case SYSCALL_PREP: case SYSCALL_RESULT: add_to_child_queue(buf, len); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/syscalls/fdatasync.c new/trinity-1.7+git.20170612/syscalls/fdatasync.c --- old/trinity-1.7+git.20170512/syscalls/fdatasync.c 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/syscalls/fdatasync.c 2017-06-12 21:21:10.000000000 +0200 @@ -12,6 +12,6 @@ .arg1name = "fd", .arg1type = ARG_FD, .rettype = RET_ZERO_SUCCESS, - .flags = NEED_ALARM, + .flags = NEED_ALARM | EXPENSIVE, .group = GROUP_VFS, }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/syscalls/fsync.c new/trinity-1.7+git.20170612/syscalls/fsync.c --- old/trinity-1.7+git.20170512/syscalls/fsync.c 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/syscalls/fsync.c 2017-06-12 21:21:10.000000000 +0200 @@ -12,6 +12,6 @@ .arg1name = "fd", .arg1type = ARG_FD, .rettype = RET_ZERO_SUCCESS, - .flags = NEED_ALARM, + .flags = NEED_ALARM | EXPENSIVE, .group = GROUP_VFS, }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/syscalls/sync.c new/trinity-1.7+git.20170612/syscalls/sync.c --- old/trinity-1.7+git.20170512/syscalls/sync.c 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/syscalls/sync.c 2017-06-12 21:21:10.000000000 +0200 @@ -7,4 +7,5 @@ .name = "sync", .num_args = 0, .group = GROUP_VFS, + .flags = EXPENSIVE, }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.7+git.20170512/syscalls/syncfs.c new/trinity-1.7+git.20170612/syscalls/syncfs.c --- old/trinity-1.7+git.20170512/syscalls/syncfs.c 2017-05-12 20:11:06.000000000 +0200 +++ new/trinity-1.7+git.20170612/syscalls/syncfs.c 2017-06-12 21:21:10.000000000 +0200 @@ -8,6 +8,6 @@ .num_args = 1, .arg1name = "fd", .arg1type = ARG_FD, - .flags = NEED_ALARM, + .flags = NEED_ALARM | EXPENSIVE, .group = GROUP_VFS, };