From b3feda052d36aacd657b394169b90f05afdbbbde Mon Sep 17 00:00:00 2001 From: David Carlier Date: Wed, 10 Jun 2020 16:16:47 +0100 Subject: start of illumos cpu binding implementation. The current user needs the proc_owner permission, not something doable via the settings script. --- src/afl-fuzz-init.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 79 insertions(+), 9 deletions(-) (limited to 'src/afl-fuzz-init.c') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 4184fa6b..16980681 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -37,6 +37,8 @@ void bind_to_free_cpu(afl_state_t *afl) { cpu_set_t c; #elif defined(__NetBSD__) cpuset_t * c; + #elif defined(__sun) + psetid_t c; #endif u8 cpu_used[4096] = {0}; @@ -181,6 +183,58 @@ void bind_to_free_cpu(afl_state_t *afl) { } ck_free(procs); + #elif defined(__sun) + kstat_named_t *n; + kstat_ctl_t *m; + kstat_t *k; + cpu_stat_t cs; + u32 ncpus; + + m = kstat_open(); + + if (!m) FATAL("kstat_open failed"); + + k = kstat_lookup(m, "unix", 0, "system_misc"); + + if (!k) { + + kstat_close(m); + return; + + } + + if (kstat_read(m, k, NULL)) { + + kstat_close(m); + return; + + } + + n = kstat_data_lookup(k, "ncpus"); + ncpus = n->value.i32; + + if (ncpus > sizeof(cpu_used)) + ncpus = sizeof(cpu_used); + + for (i = 0; i < ncpus; i ++) { + + k = kstat_lookup(m, "cpu_stat", i, NULL); + if (kstat_read(m, k, &cs)) { + + kstat_close(m); + return; + + } + + if (cs.cpu_sysinfo.cpu[CPU_IDLE] > 0) + continue; + + if (cs.cpu_sysinfo.cpu[CPU_USER] > 0 || cs.cpu_sysinfo.cpu[CPU_KERNEL] > 0) + cpu_used[i] = 1; + + } + + kstat_close(m); #else #warning \ "For this platform we do not have free CPU binding code yet. If possible, please supply a PR to https://github.com/AFLplusplus/AFLplusplus" @@ -189,7 +243,7 @@ void bind_to_free_cpu(afl_state_t *afl) { size_t cpu_start = 0; try: - #ifndef __ANDROID__ + #if !defined(__ANDROID__) for (i = cpu_start; i < afl->cpu_core_count; i++) { if (!cpu_used[i]) { break; } @@ -228,6 +282,9 @@ void bind_to_free_cpu(afl_state_t *afl) { c = cpuset_create(); if (c == NULL) PFATAL("cpuset_create failed"); cpuset_set(i, c); + #elif defined(__sun) + pset_create(&c); + if (pset_assign(c, i, NULL)) PFATAL("pset_assign failed"); #endif #if defined(__linux__) @@ -259,18 +316,31 @@ void bind_to_free_cpu(afl_state_t *afl) { } #elif defined(__NetBSD__) -if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) { + if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) { - if (cpu_start == afl->cpu_core_count) - PFATAL("pthread_setaffinity failed for cpu %d, exit", i); - WARNF("pthread_setaffinity failed to CPU %d, trying next CPU", i); - cpu_start++; - goto try + if (cpu_start == afl->cpu_core_count) + PFATAL("pthread_setaffinity failed for cpu %d, exit", i); + WARNF("pthread_setaffinity failed to CPU %d, trying next CPU", i); + cpu_start++; + goto try ; -} + } + + cpuset_destroy(c); + #elif defined(__sun) + if (pset_bind(c, P_PID, getpid(), NULL)) { + + if (cpu_start == afl->cpu_core_count) + PFATAL("pset_bind failed for cpu %d, exit", i); + WARNF("pthread_setaffinity failed to CPU %d, trying next CPU", i); + cpu_start++; + goto try + ; + + } -cpuset_destroy(c); + pset_destroy(c); #else // this will need something for other platforms // TODO: Solaris/Illumos has processor_bind ... might worth a try -- cgit 1.4.1 From e8da5f9e2894a89e36f899719e442a897a189f1f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 11 Jun 2020 19:30:28 +0200 Subject: code format and debug --- examples/aflpp_driver/GNUmakefile | 2 +- examples/aflpp_driver/aflpp_driver.cpp | 6 +++- src/afl-forkserver.c | 4 +-- src/afl-fuzz-init.c | 56 ++++++++++++++++------------------ src/afl-fuzz-stats.c | 2 +- src/afl-gotcpu.c | 3 +- 6 files changed, 37 insertions(+), 36 deletions(-) (limited to 'src/afl-fuzz-init.c') diff --git a/examples/aflpp_driver/GNUmakefile b/examples/aflpp_driver/GNUmakefile index 7ddfc485..90844a4a 100644 --- a/examples/aflpp_driver/GNUmakefile +++ b/examples/aflpp_driver/GNUmakefile @@ -18,7 +18,7 @@ libAFLDriver.a: aflpp_driver.o ar ru libAFLDriver.a aflpp_driver.o debug: - $(LLVM_BINDIR)clang++ -D_DEBUG=\"1\" $(FLAGS) -stdlib=libc++ -funroll-loops -std=c++11 -c aflpp_driver.cpp + $(LLVM_BINDIR)clang++ -I../../include -D_DEBUG=\"1\" $(FLAGS) -stdlib=libc++ -funroll-loops -std=c++11 -c aflpp_driver.cpp ar ru libAFLDriver.a aflpp_driver.o diff --git a/examples/aflpp_driver/aflpp_driver.cpp b/examples/aflpp_driver/aflpp_driver.cpp index a60eb264..88354912 100644 --- a/examples/aflpp_driver/aflpp_driver.cpp +++ b/examples/aflpp_driver/aflpp_driver.cpp @@ -54,6 +54,10 @@ If 1, close stdout at startup. If 2 close stderr; if 3 close both. #include #include +#ifdef _DEBUG +#include "hash.h" +#endif + // Platform detection. Copied from FuzzerInternal.h #ifdef __linux__ #define LIBFUZZER_LINUX 1 @@ -273,7 +277,7 @@ int main(int argc, char **argv) { int num_runs = 0; while (__afl_persistent_loop(N)) { #ifdef _DEBUG - fprintf(stderr, "len: %u\n", *__afl_fuzz_len); + fprintf(stderr, "CLIENT crc: %08x len: %u\n", hash32(__afl_fuzz_ptr, *__afl_fuzz_len, 0xa5b35705), *__afl_fuzz_len); #endif if (*__afl_fuzz_len) { num_runs++; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index a549e471..330fb1de 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -837,8 +837,8 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { *fsrv->shmem_fuzz_len = len; memcpy(fsrv->shmem_fuzz, buf, len); - // printf("test case len: %u [0]:0x%02x\n", *fsrv->shmem_fuzz_len, buf[0]); - // fflush(stdout); + // fprintf(stderr, "FS crc: %08x len: %u\n", hash32(fsrv->shmem_fuzz, + // *fsrv->shmem_fuzz_len, 0xa5b35705), *fsrv->shmem_fuzz_len); } else { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 16980681..1245d94b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -38,7 +38,7 @@ void bind_to_free_cpu(afl_state_t *afl) { #elif defined(__NetBSD__) cpuset_t * c; #elif defined(__sun) - psetid_t c; + psetid_t c; #endif u8 cpu_used[4096] = {0}; @@ -185,10 +185,10 @@ void bind_to_free_cpu(afl_state_t *afl) { ck_free(procs); #elif defined(__sun) kstat_named_t *n; - kstat_ctl_t *m; - kstat_t *k; - cpu_stat_t cs; - u32 ncpus; + kstat_ctl_t * m; + kstat_t * k; + cpu_stat_t cs; + u32 ncpus; m = kstat_open(); @@ -213,10 +213,9 @@ void bind_to_free_cpu(afl_state_t *afl) { n = kstat_data_lookup(k, "ncpus"); ncpus = n->value.i32; - if (ncpus > sizeof(cpu_used)) - ncpus = sizeof(cpu_used); + if (ncpus > sizeof(cpu_used)) ncpus = sizeof(cpu_used); - for (i = 0; i < ncpus; i ++) { + for (i = 0; i < ncpus; i++) { k = kstat_lookup(m, "cpu_stat", i, NULL); if (kstat_read(m, k, &cs)) { @@ -226,8 +225,7 @@ void bind_to_free_cpu(afl_state_t *afl) { } - if (cs.cpu_sysinfo.cpu[CPU_IDLE] > 0) - continue; + if (cs.cpu_sysinfo.cpu[CPU_IDLE] > 0) continue; if (cs.cpu_sysinfo.cpu[CPU_USER] > 0 || cs.cpu_sysinfo.cpu[CPU_KERNEL] > 0) cpu_used[i] = 1; @@ -283,8 +281,8 @@ void bind_to_free_cpu(afl_state_t *afl) { if (c == NULL) PFATAL("cpuset_create failed"); cpuset_set(i, c); #elif defined(__sun) - pset_create(&c); - if (pset_assign(c, i, NULL)) PFATAL("pset_assign failed"); +pset_create(&c); +if (pset_assign(c, i, NULL)) PFATAL("pset_assign failed"); #endif #if defined(__linux__) @@ -316,31 +314,31 @@ void bind_to_free_cpu(afl_state_t *afl) { } #elif defined(__NetBSD__) - if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) { +if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) { - if (cpu_start == afl->cpu_core_count) - PFATAL("pthread_setaffinity failed for cpu %d, exit", i); - WARNF("pthread_setaffinity failed to CPU %d, trying next CPU", i); - cpu_start++; - goto try + if (cpu_start == afl->cpu_core_count) + PFATAL("pthread_setaffinity failed for cpu %d, exit", i); + WARNF("pthread_setaffinity failed to CPU %d, trying next CPU", i); + cpu_start++; + goto try ; - } +} - cpuset_destroy(c); +cpuset_destroy(c); #elif defined(__sun) - if (pset_bind(c, P_PID, getpid(), NULL)) { +if (pset_bind(c, P_PID, getpid(), NULL)) { - if (cpu_start == afl->cpu_core_count) - PFATAL("pset_bind failed for cpu %d, exit", i); - WARNF("pthread_setaffinity failed to CPU %d, trying next CPU", i); - cpu_start++; - goto try - ; + if (cpu_start == afl->cpu_core_count) + PFATAL("pset_bind failed for cpu %d, exit", i); + WARNF("pthread_setaffinity failed to CPU %d, trying next CPU", i); + cpu_start++; + goto try + ; - } +} - pset_destroy(c); +pset_destroy(c); #else // this will need something for other platforms // TODO: Solaris/Illumos has processor_bind ... might worth a try diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 4493f34d..5d2e5358 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -125,7 +125,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability, (unsigned long int)(rus.ru_maxrss >> 10), #endif #ifdef HAVE_AFFINITY - afl->cpu_aff, + afl->cpu_aff, #else -1, #endif diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index bdf63e8f..bd0f7de6 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -204,8 +204,7 @@ int main(int argc, char **argv) { #endif #if defined(__sun) - if (pset_bind(c, P_PID, getpid(), NULL)) - PFATAL("pset_bind failed"); + if (pset_bind(c, P_PID, getpid(), NULL)) PFATAL("pset_bind failed"); pset_destroy(c); #endif -- cgit 1.4.1 From bac2da866912d69eb89207757375f0753be2cae2 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 16 Jun 2020 01:29:07 +0200 Subject: fix for *BSD: remove all HAVE_ARC4RANDOM dependencies --- include/afl-fuzz.h | 9 --------- include/config.h | 6 ------ include/forkserver.h | 3 +-- src/afl-forkserver.c | 8 ++------ src/afl-fuzz-init.c | 2 -- src/afl-fuzz-state.c | 2 -- 6 files changed, 3 insertions(+), 27 deletions(-) (limited to 'src/afl-fuzz-init.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index e86bc0ff..e7b52d56 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -524,9 +524,7 @@ typedef struct afl_state { u64 stage_finds[32], /* Patterns found per fuzz stage */ stage_cycles[32]; /* Execs per fuzz stage */ - //#ifndef HAVE_ARC4RANDOM u32 rand_cnt; /* Random number counter */ - //#endif u64 rand_seed[4]; s64 init_seed; @@ -958,13 +956,8 @@ uint64_t rand_next(afl_state_t *afl); static inline u32 rand_below(afl_state_t *afl, u32 limit) { - //#ifdef HAVE_ARC4RANDOM - // if (unlikely(afl->fixed_seed)) { return random() % limit; } - /* The boundary not being necessarily a power of 2, we need to ensure the result uniformity. */ - // return arc4random_uniform(limit); - //#else if (unlikely(!afl->rand_cnt--) && likely(!afl->fixed_seed)) { ck_read(afl->fsrv.dev_urandom_fd, &afl->rand_seed, sizeof(afl->rand_seed), @@ -974,9 +967,7 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) { } - // return random() % limit; return rand_next(afl) % limit; - //#endif } diff --git a/include/config.h b/include/config.h index b93a9f9e..711d0b77 100644 --- a/include/config.h +++ b/include/config.h @@ -397,12 +397,6 @@ // #define IGNORE_FINDS -/* for *BSD: use ARC4RANDOM and save a file descriptor */ -#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) - #ifndef HAVE_ARC4RANDOM - #define HAVE_ARC4RANDOM 1 - #endif -#endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */ #endif /* ! _HAVE_CONFIG_H */ diff --git a/include/forkserver.h b/include/forkserver.h index 87a59eaa..717493db 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -47,9 +47,8 @@ typedef struct afl_forkserver { out_dir_fd; /* FD of the lock file */ s32 out_fd, /* Persistent fd for fsrv->out_file */ -#ifndef HAVE_ARC4RANDOM dev_urandom_fd, /* Persistent fd for /dev/urandom */ -#endif + dev_null_fd, /* Persistent fd for /dev/null */ fsrv_ctl_fd, /* Fork server control pipe (write) */ fsrv_st_fd; /* Fork server status pipe (read) */ diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 1f61871a..b2734335 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -71,9 +71,8 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { fsrv->out_fd = -1; fsrv->out_dir_fd = -1; fsrv->dev_null_fd = -1; -#ifndef HAVE_ARC4RANDOM fsrv->dev_urandom_fd = -1; -#endif + /* Settings */ fsrv->use_stdin = 1; fsrv->no_unlink = 0; @@ -104,9 +103,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { fsrv_to->map_size = from->map_size; fsrv_to->support_shmem_fuzz = from->support_shmem_fuzz; -#ifndef HAVE_ARC4RANDOM fsrv_to->dev_urandom_fd = from->dev_urandom_fd; -#endif // These are forkserver specific. fsrv_to->out_dir_fd = -1; @@ -421,9 +418,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, close(fsrv->out_dir_fd); close(fsrv->dev_null_fd); -#ifndef HAVE_ARC4RANDOM close(fsrv->dev_urandom_fd); -#endif + if (fsrv->plot_file != NULL) { fclose(fsrv->plot_file); } /* This should improve performance a bit, since it stops the linker from diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 1245d94b..ee96c73c 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1541,10 +1541,8 @@ void setup_dirs_fds(afl_state_t *afl) { afl->fsrv.dev_null_fd = open("/dev/null", O_RDWR); if (afl->fsrv.dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } -#ifndef HAVE_ARC4RANDOM afl->fsrv.dev_urandom_fd = open("/dev/urandom", O_RDONLY); if (afl->fsrv.dev_urandom_fd < 0) { PFATAL("Unable to open /dev/urandom"); } -#endif /* Gnuplot output file. */ diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 99863103..f1474f33 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -124,9 +124,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->stats_update_freq = 1; -#ifndef HAVE_ARC4RANDOM afl->fsrv.dev_urandom_fd = -1; -#endif afl->fsrv.dev_null_fd = -1; afl->fsrv.child_pid = -1; -- cgit 1.4.1