Hello community, here is the log from the commit of package trinity for openSUSE:Factory checked in at 2016-10-10 16:21:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trinity (Old) and /work/SRC/openSUSE:Factory/.trinity.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trinity" Changes: -------- --- /work/SRC/openSUSE:Factory/trinity/trinity.changes 2016-09-25 14:45:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.trinity.new/trinity.changes 2016-10-10 16:21:31.000000000 +0200 @@ -1,0 +2,15 @@ +Thu Oct 06 12:18:43 UTC 2016 - nmou...@suse.com + +- Update to version 1.6+git.20161005: + * add missing locking around state modification + * skip the sleep if the grandchild has already exited. + * reduce the amount of time we wait for the grandchild a little + * make enable_random_syscalls static + * annotate fadvise flags + * fix up some segfaults when --disable-fds=sockets is passed. + * move the reading of MemFree out to its own function for other uses. + * create a bpf fd of each type. + * add the newer bpf map types + * correct the params for BPF_MAP_TYPE_STACK_TRACE creation + +------------------------------------------------------------------- Old: ---- trinity-1.6+git.20160913.tar.xz New: ---- trinity-1.6+git.20161005.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trinity.spec ++++++ --- /var/tmp/diff_new_pack.Xl0yrP/_old 2016-10-10 16:21:32.000000000 +0200 +++ /var/tmp/diff_new_pack.Xl0yrP/_new 2016-10-10 16:21:32.000000000 +0200 @@ -16,9 +16,9 @@ # -%define version_unconverted 1.6+git.20160913 +%define version_unconverted 1.6+git.20161005 Name: trinity -Version: 1.6+git.20160913 +Version: 1.6+git.20161005 Release: 0 Summary: A Linux System call fuzz tester License: GPL-2.0 ++++++ trinity-1.6+git.20160913.tar.xz -> trinity-1.6+git.20161005.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20160913/fds/bpf.c new/trinity-1.6+git.20161005/fds/bpf.c --- old/trinity-1.6+git.20160913/fds/bpf.c 2016-09-13 17:18:12.000000000 +0200 +++ new/trinity-1.6+git.20161005/fds/bpf.c 2016-10-05 20:09:56.000000000 +0200 @@ -9,6 +9,10 @@ #include <string.h> #include <unistd.h> #include <linux/bpf.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <linux/unistd.h> +#include <linux/perf_event.h> #include "fd.h" #include "log.h" @@ -19,23 +23,20 @@ #include "compat.h" #include "trinity.h" -static int bpf(__unused__ int cmd, __unused__ union bpf_attr *attr, __unused__ unsigned int size) +static int bpf(int cmd, union bpf_attr *attr, unsigned int size) { -#ifdef SYS_bpf - return syscall(SYS_bpf, cmd, attr, size); -#else - return -ENOSYS; -#endif + return syscall(__NR_bpf, cmd, attr, size); } static int bpf_create_map(enum bpf_map_type map_type, unsigned int key_size, - unsigned int value_size, unsigned int max_entries) + unsigned int value_size, unsigned int max_entries, int map_flags) { union bpf_attr attr = { .map_type = map_type, .key_size = key_size, .value_size = value_size, - .max_entries = max_entries + .max_entries = max_entries, + .map_flags = map_flags, }; return bpf(BPF_MAP_CREATE, &attr, sizeof(attr)); @@ -53,21 +54,76 @@ int fd, key; long long value = 0; struct object *obj; + struct rlimit r = {1 << 20, 1 << 20}; + + setrlimit(RLIMIT_MEMLOCK, &r); head = get_objhead(OBJ_GLOBAL, OBJ_FD_BPF_MAP); head->destroy = &bpf_destructor; - fd = bpf_create_map(BPF_MAP_TYPE_ARRAY,sizeof(key), sizeof(value), 256); + fd = bpf_create_map(BPF_MAP_TYPE_HASH, sizeof(long long), sizeof(long long), 1024, 0); if (fd < 0) - goto out; + goto fail_hash; + obj = alloc_object(); + obj->bpf_map_fd = fd; + add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP); + output(2, "fd[%d] = bpf hash\n", fd); +fail_hash: + fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(key), sizeof(value), 256, 0); + if (fd < 0) + goto fail_array; + obj = alloc_object(); + obj->bpf_map_fd = fd; + add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP); + output(2, "fd[%d] = bpf array\n", fd); +fail_array: + + fd = bpf_create_map(BPF_MAP_TYPE_PROG_ARRAY, sizeof(int), sizeof(int), 4, 0); + if (fd < 0) + goto fail_progarray; + obj = alloc_object(); + obj->bpf_map_fd = fd; + add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP); + output(2, "fd[%d] = bpf progarray\n", fd); +fail_progarray: + + fd = bpf_create_map(BPF_MAP_TYPE_PERF_EVENT_ARRAY, sizeof(int), sizeof(u32), 32, 0); + if (fd < 0) + goto fail_perf_event_array; obj = alloc_object(); obj->bpf_map_fd = fd; add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP); - output(2, "fd[%d] = bpf\n", fd); + output(2, "fd[%d] = bpf perf event array\n", fd); +fail_perf_event_array: + fd = bpf_create_map(BPF_MAP_TYPE_PERCPU_HASH, sizeof(u32), sizeof(u64) * PERF_MAX_STACK_DEPTH, 10000, 0); + if (fd < 0) + goto fail_percpu_hash; + obj = alloc_object(); + obj->bpf_map_fd = fd; + add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP); + output(2, "fd[%d] = bpf percpu hash\n", fd); +fail_percpu_hash: + + fd = bpf_create_map(BPF_MAP_TYPE_PERCPU_ARRAY, sizeof(u32), sizeof(u64), 100, 0); + if (fd < 0) + goto fail_percpu_array; + obj = alloc_object(); + obj->bpf_map_fd = fd; + add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP); + output(2, "fd[%d] = bpf percpu array\n", fd); +fail_percpu_array: + + fd = bpf_create_map(BPF_MAP_TYPE_STACK_TRACE, sizeof(u32), sizeof(u64), 100, 0); + if (fd < 0) + goto fail_stacktrace; + obj = alloc_object(); + obj->bpf_map_fd = fd; + add_object(obj, OBJ_GLOBAL, OBJ_FD_BPF_MAP); + output(2, "fd[%d] = bpf stack trace\n", fd); +fail_stacktrace: -out: //FIXME: right now, returning FALSE means "abort everything", not // "skip this provider", so on -ENOSYS, we have to still register. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20160913/mm/maps-initial.c new/trinity-1.6+git.20161005/mm/maps-initial.c --- old/trinity-1.6+git.20160913/mm/maps-initial.c 2016-09-13 17:18:12.000000000 +0200 +++ new/trinity-1.6+git.20161005/mm/maps-initial.c 2016-10-05 20:09:56.000000000 +0200 @@ -58,53 +58,68 @@ GB(1), }; -static void setup_mapping_sizes(void) +static unsigned long long get_free_mem(void) { FILE *fp; char *buffer; size_t n = 0; - - mapping_sizes[0] = page_size; - - /* Using 1GB mappings ends up oom'ing a lot, so we don't - * want to do it every single run. It's worth doing it - * occasionally though, to stress the oom paths. - */ - if (!(ONE_IN(100))) { - mapping_sizes[3] = page_size; - return; - } + unsigned long long memfree = 0; fp = fopen("/proc/meminfo", "r"); if (!fp) - return; + return 0; buffer = malloc(4096); if (!buffer) goto out_close; while (getline(&buffer, &n, fp) >= 0) { - unsigned long long free; - - if (sscanf(buffer, "MemFree: %llu", &free) == 1) { - if ((free * 1024) < GB(8ULL)) { - printf("Free memory: %.2fGB\n", (double) free / 1024 / 1024); - printf("Low on memory, disabling mmaping of 1GB pages\n"); - mapping_sizes[3] = page_size; - goto out_free; - } + if (sscanf(buffer, "MemFree: %llu", &memfree) == 1) { + goto done; } } +done: + free(buffer); +out_close: + fclose(fp); + + return memfree; +} + +static void setup_mapping_sizes(void) +{ + unsigned long long memfree; + + mapping_sizes[0] = page_size; + + /* Using 1GB mappings ends up oom'ing a lot, so we don't + * want to do it every single run. It's worth doing it + * occasionally though, to stress the oom paths. + */ + if (!(ONE_IN(100))) + goto disable_1gb_mappings; + + memfree = get_free_mem(); + if (memfree == 0) { + // Something is really fucked. Let's not try big mappings just in case. + goto disable_1gb_mappings; + } + + if ((memfree * 1024) < GB(8ULL)) { + printf("Free memory: %.2fGB\n", (double) memfree / 1024 / 1024); + printf("Low on memory, disabling mmaping of 1GB pages\n"); + goto disable_1gb_mappings; + } + // Because of increased mem usage, don't do nr_cpus * 4 printf("Limiting children from %u to %u\n", max_children, max_children / 4); max_children /= 4; + return; -out_free: - free(buffer); -out_close: - fclose(fp); +disable_1gb_mappings: + mapping_sizes[3] = page_size; } void setup_initial_mappings(void) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20160913/syscalls/fadvise64.c new/trinity-1.6+git.20161005/syscalls/fadvise64.c --- old/trinity-1.6+git.20160913/syscalls/fadvise64.c 2016-09-13 17:18:12.000000000 +0200 +++ new/trinity-1.6+git.20161005/syscalls/fadvise64.c 2016-10-05 20:09:56.000000000 +0200 @@ -4,8 +4,18 @@ * On success, zero is returned. * On error, an error number is returned. */ +#include <fcntl.h> #include "sanitise.h" +static unsigned long fadvise_flags[] = { + POSIX_FADV_NORMAL, + POSIX_FADV_SEQUENTIAL, + POSIX_FADV_RANDOM, + POSIX_FADV_NOREUSE, + POSIX_FADV_WILLNEED, + POSIX_FADV_DONTNEED, +}; + struct syscallentry syscall_fadvise64 = { .name = "fadvise64", .num_args = 4, @@ -15,6 +25,8 @@ .arg3name = "len", .arg3type = ARG_LEN, .arg4name = "advice", + .arg4type = ARG_OP, + .arg4list = ARGLIST(fadvise_flags), .rettype = RET_ZERO_SUCCESS, .flags = NEED_ALARM, .group = GROUP_VFS, @@ -37,6 +49,8 @@ .arg3name = "len", .arg3type = ARG_LEN, .arg4name = "advice", + .arg4type = ARG_OP, + .arg4list = ARGLIST(fadvise_flags), .rettype = RET_ZERO_SUCCESS, .flags = NEED_ALARM, .group = GROUP_VFS, @@ -54,6 +68,8 @@ .arg1name = "fd", .arg1type = ARG_FD, .arg2name = "advice", + .arg2type = ARG_OP, + .arg2list = ARGLIST(fadvise_flags), .arg3name = "offset", .arg4name = "len", .arg4type = ARG_LEN, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-1.6+git.20160913/syscalls/send.c new/trinity-1.6+git.20161005/syscalls/send.c --- old/trinity-1.6+git.20160913/syscalls/send.c 2016-09-13 17:18:12.000000000 +0200 +++ new/trinity-1.6+git.20161005/syscalls/send.c 2016-10-05 20:09:56.000000000 +0200 @@ -23,6 +23,9 @@ rec->a1 = fd_from_socketinfo(si); + if (si == NULL) // handle --disable-fds=sockets + goto skip_si; + proto = net_protocols[si->triplet.family].proto; if (proto != NULL) { if (proto->gen_packet != NULL) { @@ -34,6 +37,8 @@ } } +skip_si: + /* The rest of this function is only used as a fallback, if the per-proto * send()'s aren't implemented. */ @@ -117,10 +122,14 @@ struct sockaddr *sa = NULL; socklen_t salen; + if (si == NULL) // handle --disable-fds=sockets + goto skip_si; + rec->a1 = fd_from_socketinfo((struct socketinfo *) rec->a1); generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, si->triplet.family); +skip_si: msg = zmalloc(sizeof(struct msghdr)); msg->msg_name = sa; msg->msg_namelen = salen;