github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/syz-cluster/pkg/fuzzconfig/generate.go (about) 1 // Copyright 2025 syzkaller project authors. All rights reserved. 2 // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 package fuzzconfig 5 6 import ( 7 _ "embed" 8 "encoding/json" 9 "fmt" 10 11 "github.com/google/syzkaller/pkg/config" 12 "github.com/google/syzkaller/pkg/mgrconfig" 13 "github.com/google/syzkaller/syz-cluster/pkg/api" 14 ) 15 16 //go:embed base.cfg 17 var baseConfigJSON []byte 18 19 //go:embed patched.cfg 20 var patchedConfigJSON []byte 21 22 // GenerateBase produces a syz-manager config for the base kernel. 23 // The caller must still invoke mgrconfig.Complete. 24 func GenerateBase(cfg *api.FuzzConfig) (*mgrconfig.Config, error) { 25 var baseRaw json.RawMessage 26 err := config.LoadData(baseConfigJSON, &baseRaw) 27 if err != nil { 28 return nil, fmt.Errorf("failed to read the base config: %w", err) 29 } 30 base, err := mgrconfig.LoadPartialData(baseRaw) 31 if err != nil { 32 return nil, fmt.Errorf("failed to load the config: %w", err) 33 } 34 err = applyFuzzConfig(base, cfg) 35 if err != nil { 36 return nil, err 37 } 38 return base, nil 39 } 40 41 // GeneratePatched produces a syz-manager config for the base kernel. 42 // The caller must still invoke mgrconfig.Complete. 43 func GeneratePatched(cfg *api.FuzzConfig) (*mgrconfig.Config, error) { 44 var baseRaw, deltaRaw json.RawMessage 45 err := config.LoadData(baseConfigJSON, &baseRaw) 46 if err != nil { 47 return nil, fmt.Errorf("failed to read the base config: %w", err) 48 } 49 err = config.LoadData(patchedConfigJSON, &deltaRaw) 50 if err != nil { 51 return nil, fmt.Errorf("failed to read the patched config: %w", err) 52 } 53 patchedRaw, err := config.MergeJSONs(baseRaw, deltaRaw) 54 if err != nil { 55 return nil, fmt.Errorf("failed to merge the configs: %w", err) 56 } 57 patched, err := mgrconfig.LoadPartialData(patchedRaw) 58 if err != nil { 59 return nil, fmt.Errorf("failed to load the config: %w", err) 60 } 61 err = applyFuzzConfig(patched, cfg) 62 if err != nil { 63 return nil, err 64 } 65 return patched, nil 66 } 67 68 func applyFuzzConfig(mgrCfg *mgrconfig.Config, cfg *api.FuzzConfig) error { 69 if len(cfg.Focus) == 0 { 70 noFocus(mgrCfg) 71 return nil 72 } 73 for _, focus := range cfg.Focus { 74 cb := setFocus[focus] 75 if cb == nil { 76 return fmt.Errorf("unknown focus: %s", focus) 77 } 78 err := cb(mgrCfg) 79 if err != nil { 80 return fmt.Errorf("failed to apply focus %s: %w", focus, err) 81 } 82 } 83 return nil 84 } 85 86 // nolint: lll 87 var setFocus = map[string]func(*mgrconfig.Config) error{ 88 api.FocusKVM: func(mgrCfg *mgrconfig.Config) error { 89 mgrCfg.EnabledSyscalls = append(mgrCfg.EnabledSyscalls, 90 "openat$kvm", 91 "openat$sev", 92 "close", 93 "ioctl$KVM*", 94 "syz_kvm*", 95 "mmap$KVM_VCPU", 96 "munmap", 97 "syz_memcpy_off$KVM_EXIT_MMIO", 98 "syz_memcpy_off$KVM_EXIT_HYPERCALL", 99 "eventfd2", 100 "write$eventfd", 101 ) 102 var err error 103 mgrCfg.VM, err = config.MergeJSONs(mgrCfg.VM, []byte( 104 `{"qemu_args": "-machine q35,nvdimm=on,accel=kvm,kernel-irqchip=split -cpu max,migratable=off -enable-kvm -smp 2,sockets=2,cores=1"}`)) 105 return err 106 }, 107 api.FocusNet: func(mgrCfg *mgrconfig.Config) error { 108 mgrCfg.EnabledSyscalls = append(mgrCfg.EnabledSyscalls, 109 "accept", "accept4", "bind", "close", "connect", "epoll_create", 110 "epoll_create1", "epoll_ctl", "epoll_pwait", "epoll_wait", 111 "getpeername", "getsockname", "getsockopt", "ioctl", "listen", 112 "mmap", "poll", "ppoll", "pread64", "preadv", "pselect6", 113 "pwrite64", "pwritev", "read", "readv", "recvfrom", "recvmmsg", 114 "recvmsg", "select", "sendfile", "sendmmsg", "sendmsg", "sendto", 115 "setsockopt", "shutdown", "socket", "socketpair", "splice", 116 "vmsplice", "write", "writev", "tee", "bpf", "getpid", 117 "getgid", "getuid", "gettid", "unshare", "pipe", 118 "syz_emit_ethernet", "syz_extract_tcp_res", 119 "syz_genetlink_get_family_id", "syz_init_net_socket", 120 "mkdirat$cgroup*", "openat$cgroup*", "write$cgroup*", 121 "clock_gettime", "bpf", "openat$tun", "openat$ppp", 122 "syz_open_procfs$namespace", "syz_80211_*", "nanosleep", 123 "openat$nci", "ioctl$IOCTL_GET_NCIDEV_IDX", "openat$rfkill", 124 "openat$6lowpan*", "openat$pidfd", "openat$tcp*", "openat$vhost_vsock", 125 "openat$ptp*", "ioctl$PTP*", 126 ) 127 return nil 128 }, 129 api.FocusFS: func(mgrCfg *mgrconfig.Config) error { 130 mgrCfg.EnabledSyscalls = append(mgrCfg.EnabledSyscalls, 131 "syz_mount_image", "open", "openat", "creat", "close", "read", 132 "pread64", "readv", "preadv", "preadv2", "write", "pwrite64", 133 "writev", "pwritev", "pwritev2", "lseek", "copy_file_range", "dup", 134 "dup2", "dup3", "tee", "splice", "vmsplice", "sendfile", "stat", 135 "lstat", "fstat", "newfstatat", "statx", "poll", "clock_gettime", 136 "ppoll", "select", "pselect6", "epoll_create", "epoll_create1", 137 "epoll_ctl", "epoll_wait", "epoll_pwait", "epoll_pwait2", "mmap", 138 "munmap", "mremap", "msync", "readahead", "fcntl", "mknod", "mknodat", 139 "chmod", "fchmod", "fchmodat", "chown", "lchown", "fchown", 140 "fchownat", "fallocate", "faccessat", "faccessat2", "utime", "utimes", 141 "futimesat", "utimensat", "link", "linkat", "symlinkat", "symlink", 142 "unlink", "unlinkat", "readlink", "readlinkat", "rename", "renameat", 143 "renameat2", "mkdir", "mkdirat", "rmdir", "truncate", "ftruncate", 144 "flock", "fsync", "fdatasync", "sync", "syncfs", "sync_file_range", 145 "getdents", "getdents64", "name_to_handle_at", "open_by_handle_at", 146 "chroot", "getcwd", "chdir", "fchdir", "quotactl", "pivot_root", 147 "statfs", "fstatfs", "syz_open_procfs", "syz_read_part_table", 148 "mount", "fsopen", "fspick", "fsconfig", "fsmount", "move_mount", 149 "open_tree", "mount_setattr", "ioctl$FS_*", "ioctl$BTRFS*", 150 "ioctl$AUTOFS*", "ioctl$EXT4*", "ioctl$F2FS*", "ioctl$FAT*", 151 "ioctl$VFAT*", "ioctl$FI*", 152 ) 153 mgrCfg.NoMutateSyscalls = append(mgrCfg.NoMutateSyscalls, 154 "syz_mount_image$btrfs", 155 "syz_mount_image$ext4", 156 "syz_mount_image$f2fs", 157 "syz_mount_image$ntfs", 158 "syz_mount_image$ocfs2", 159 "syz_mount_image$xfs", 160 ) 161 return nil 162 }, 163 api.FocusIoUring: func(mgrCfg *mgrconfig.Config) error { 164 mgrCfg.EnabledSyscalls = append(mgrCfg.EnabledSyscalls, 165 "io_uring_*", "syz_io_uring_*", "syz_memcpy_off", "mmap", "madvise", 166 "mprotect", "eventfd", "socket", "setsockopt", "accept", "open", "close", 167 "clock_gettime", "ioctl$sock_SIOCGIFINDEX", "ioctl$IOCTL_GET_NCIDEV_IDX", 168 "openat", "epoll_create", 169 ) 170 return nil 171 }, 172 api.FocusBPF: func(mgrCfg *mgrconfig.Config) error { 173 mgrCfg.EnabledSyscalls = append(mgrCfg.EnabledSyscalls, 174 "bpf", "mkdir", "mount$bpf", "unlink", "close", 175 "perf_event_open*", "ioctl$PERF*", "getpid", "gettid", 176 "socketpair", "sendmsg", "recvmsg", "setsockopt$sock_attach_bpf", 177 "socket", "ioctl$sock_kcm*", "syz_clone", 178 "mkdirat$cgroup*", "openat$cgroup*", "write$cgroup*", 179 "openat$tun", "write$tun", "ioctl$TUN*", "ioctl$SIOCSIFHWADDR", 180 "openat$ppp", "syz_open_procfs$namespace", "openat$pidfd", "fstat", 181 ) 182 return nil 183 }, 184 } 185 186 func noFocus(mgrCfg *mgrconfig.Config) { 187 mgrCfg.DisabledSyscalls = []string{"perf_event_open*", "syz_mount_image$hfs", "syz_mount_image$gfs*"} 188 }