diff options
| author | Kamil Rytarowski <n54@gmx.com> | 2018-08-17 04:26:51 +0200 |
|---|---|---|
| committer | Kamil Rytarowski <n54@gmx.com> | 2018-08-17 04:26:51 +0200 |
| commit | e84db360078e51b093baf8ebb2d4747b674a7f34 (patch) | |
| tree | 9a47a3baa7b50c6622f5adcb6742c519c592f71c /netbsd | |
| parent | 81c94ed874f679c4f58ded5f756769d4659881ad (diff) | |
| download | honggfuzz-e84db360078e51b093baf8ebb2d4747b674a7f34.tar.gz | |
Fixes for fuzzing on NetBSD with concurrent fuzzer-threads
Do not support fuzzing forkees and vforkees. Doing so is non-trivial
in the current design of the fuzzer, as there is need to call wait(2)
function dedicated for every forkee and vforkee in a thread. In the
context of fuzzing in multiple instances of multiple processes this
means that there is need a redesign of the threading/process model
and wait(2)ing every tracee with a dedicated thread or iteration step
in a loop (perhaps try kqueue(2)/kevent(2)?).
A wait(2)-like function called for WAIT_ANY caused gathering reports
from other fuzzer-threads and in the result abnormal hangs.
While there, do not discard SIGTRAP that is emitted by user, and pass
this signal to the tracee.
Diffstat (limited to 'netbsd')
| -rw-r--r-- | netbsd/arch.c | 2 | ||||
| -rw-r--r-- | netbsd/trace.c | 12 |
2 files changed, 9 insertions, 5 deletions
diff --git a/netbsd/arch.c b/netbsd/arch.c index f65d005d..81d41b0f 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -202,7 +202,7 @@ static bool arch_checkWait(run_t* run) { /* All queued wait events must be tested when SIGCHLD was delivered */ for (;;) { int status; - pid_t pid = TEMP_FAILURE_RETRY(waitpid(WAIT_ANY, &status, WALLSIG | WNOHANG)); + pid_t pid = TEMP_FAILURE_RETRY(waitpid(ptracePid, &status, WALLSIG | WNOHANG)); if (pid == 0) { return false; } diff --git a/netbsd/trace.c b/netbsd/trace.c index 3ba47709..3fba2122 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -855,10 +855,12 @@ static void arch_traceEvent(run_t* run HF_ATTR_UNUSED, pid_t pid) { if (ptrace(PT_GET_PROCESS_STATE, pid, &state, sizeof(state)) != -1) { switch (state.pe_report_event) { case PTRACE_FORK: - LOG_D("PID: %d child trap (TRAP_CHLD) : fork (PTRACE_FORK)", pid); - break; case PTRACE_VFORK: - LOG_D("PID: %d child trap (TRAP_CHLD) : vfork (PTRACE_VFORK)", pid); + LOG_D("PID: %d child trap (TRAP_CHLD) : fork (%s)", pid, state.pe_report_event == PTRACE_FORK ? "PTRACE_FORK" : "PTRACE_VFORK"); + /* Do not support fuzzing (v)forkees */ + int status; + waitpid(state.pe_other_pid, &status, 0); + ptrace(PT_DETACH, state.pe_other_pid, (void *)1, 0); break; case PTRACE_VFORK_DONE: LOG_D("PID: %d child trap (TRAP_CHLD) : vfork (PTRACE_VFORK_DONE)", pid); @@ -888,7 +890,9 @@ static void arch_traceEvent(run_t* run HF_ATTR_UNUSED, pid_t pid) { LOG_E("PID: %d unexpected syscall exit trap (TRAP_SCX)", pid); break; default: - LOG_D("PID: %d unknown trap si_code=%d", pid, info.psi_siginfo.si_code); + /* Other trap, pass it over to tracee */ + sig = SIGTRAP; + LOG_D("PID: %d other trap si_code=%d", pid, info.psi_siginfo.si_code); break; } |