From 2d9b793dbbe9288a1caa4459c280678179bb46c9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 4 Jun 2024 14:47:58 +0200 Subject: AFL_NO_SYNC --- src/afl-fuzz.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 70ab983c..0f6216c4 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -335,6 +335,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_STATSD_PORT: change default statsd port (default: 8125)\n" "AFL_STATSD_TAGS_FLAVOR: set statsd tags format (default: disable tags)\n" " suported formats: dogstatsd, librato, signalfx, influxdb\n" + "AFL_NO_SYNC: disables all syncing\n" "AFL_SYNC_TIME: sync time between fuzzing instances (in minutes)\n" "AFL_FINAL_SYNC: sync a final time when exiting (will delay the exit!)\n" "AFL_NO_CRASH_README: do not create a README in the crashes directory\n" -- cgit 1.4.1 From 2806d6be2f1d26eed7b42ae580f5bf7a29713a01 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 5 Jun 2024 09:20:30 +0200 Subject: optimize syncing --- include/config.h | 4 ++-- src/afl-fuzz.c | 25 ++++++++----------------- 2 files changed, 10 insertions(+), 19 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/include/config.h b/include/config.h index 3727dab1..ebe40022 100644 --- a/include/config.h +++ b/include/config.h @@ -324,9 +324,9 @@ #define SYNC_INTERVAL 8 /* Sync time (minimum time between syncing in ms, time is halfed for -M main - nodes) - default is 30 minutes: */ + nodes) - default is 20 minutes: */ -#define SYNC_TIME (30 * 60 * 1000) +#define SYNC_TIME (20 * 60 * 1000) /* Output directory reuse grace period (minutes): */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 0f6216c4..49d25d5a 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2943,35 +2943,26 @@ int main(int argc, char **argv_orig, char **envp) { if (likely(!afl->stop_soon && afl->sync_id)) { - if (likely(afl->skip_deterministic)) { + if (unlikely(afl->is_main_node)) { - if (unlikely(afl->is_main_node)) { + if (unlikely(cur_time > (afl->sync_time >> 1) + afl->last_sync_time)) { - if (unlikely(cur_time > - (afl->sync_time >> 1) + afl->last_sync_time)) { + if (!(sync_interval_cnt++ % (SYNC_INTERVAL / 3))) { - if (!(sync_interval_cnt++ % (SYNC_INTERVAL / 3))) { - - sync_fuzzers(afl); - - } + sync_fuzzers(afl); } - } else { + } - if (unlikely(cur_time > afl->sync_time + afl->last_sync_time)) { + } else { - if (!(sync_interval_cnt++ % SYNC_INTERVAL)) { sync_fuzzers(afl); } + if (unlikely(cur_time > afl->sync_time + afl->last_sync_time)) { - } + if (!(sync_interval_cnt++ % SYNC_INTERVAL)) { sync_fuzzers(afl); } } - } else { - - sync_fuzzers(afl); - } } -- cgit 1.4.1 From 12a87cfacbe2015e378ebae9cca0923a220d1605 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 5 Jun 2024 10:40:12 +0200 Subject: nits --- src/afl-fuzz.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 49d25d5a..bc564300 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2587,7 +2587,7 @@ int main(int argc, char **argv_orig, char **envp) { (!afl->queue_cycle && afl->afl_env.afl_import_first)) && afl->sync_id)) { - if (!afl->queue_cycle && afl->afl_env.afl_import_first) { + if (unlikely(!afl->queue_cycle && afl->afl_env.afl_import_first)) { OKF("Syncing queues from other fuzzer instances first ..."); @@ -2598,6 +2598,12 @@ int main(int argc, char **argv_orig, char **envp) { } ++afl->queue_cycle; + if (afl->afl_env.afl_no_ui) { + + ACTF("Entering queue cycle %llu\n", afl->queue_cycle); + + } + runs_in_current_cycle = (u32)-1; afl->cur_skipped_items = 0; @@ -2606,7 +2612,7 @@ int main(int argc, char **argv_orig, char **envp) { // queue is fully cycled. time_t cursec = time(NULL); struct tm *curdate = localtime(&cursec); - if (likely(!afl->afl_env.afl_pizza_mode)) { + if (unlikely(!afl->afl_env.afl_pizza_mode)) { if (unlikely(curdate->tm_mon == 3 && curdate->tm_mday == 1)) { @@ -2651,13 +2657,6 @@ int main(int argc, char **argv_orig, char **envp) { } - if (unlikely(afl->not_on_tty)) { - - ACTF("Entering queue cycle %llu.", afl->queue_cycle); - fflush(stdout); - - } - /* If we had a full queue cycle with no new finds, try recombination strategies next. */ -- cgit 1.4.1 From 5331eca5d935e9d5faef06fe6b5a38f411109fde Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 9 Jun 2024 12:02:59 +0200 Subject: allow multiple -m --- src/afl-fuzz.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index bc564300..9ebe0c76 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -915,8 +915,15 @@ int main(int argc, char **argv_orig, char **envp) { u8 suffix = 'M'; - if (mem_limit_given) { FATAL("Multiple -m options not supported"); } - mem_limit_given = 1; + if (mem_limit_given) { + + WARNF("Overriding previous -m option."); + + } else { + + mem_limit_given = 1; + + } if (!optarg) { FATAL("Wrong usage of -m"); } -- cgit 1.4.1 From 4bb4d4ad0060a16b08bb29533863e71f45bc3c97 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 9 Jun 2024 12:16:32 +0200 Subject: fix -n --- docs/Changelog.md | 1 + src/afl-fuzz-state.c | 3 ++- src/afl-fuzz.c | 15 ++++++++------- 3 files changed, 11 insertions(+), 8 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/docs/Changelog.md b/docs/Changelog.md index cf5d2500..0f4b2d8a 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -23,6 +23,7 @@ - -V timing is now accurately the fuzz time (without syncing), before long calibration times and syncing could result in now fuzzing being made when the time was already run out until then, thanks to @eqv! + - fix -n uninstrumented mode when ending fuzzing - make afl-fuzz use less memory with cmplog and fix a memleak * afl-cc: - re-enable i386 support that was accidently disabled diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index a1c1e30c..fbe6d32a 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -769,8 +769,9 @@ void afl_states_stop(void) { if (el->fsrv.fsrv_pid > 0) { kill(el->fsrv.fsrv_pid, el->fsrv.fsrv_kill_signal); + usleep(100); /* Make sure the forkserver does not end up as zombie. */ - waitpid(el->fsrv.fsrv_pid, NULL, 0); + waitpid(el->fsrv.fsrv_pid, NULL, WNOHANG); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9ebe0c76..fefab1c0 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1469,15 +1469,16 @@ int main(int argc, char **argv_orig, char **envp) { #endif - configure_afl_kill_signals(&afl->fsrv, afl->afl_env.afl_child_kill_signal, - afl->afl_env.afl_fsrv_kill_signal, - (afl->fsrv.qemu_mode || afl->unicorn_mode + configure_afl_kill_signals( + &afl->fsrv, afl->afl_env.afl_child_kill_signal, + afl->afl_env.afl_fsrv_kill_signal, + (afl->fsrv.qemu_mode || afl->unicorn_mode || afl->non_instrumented_mode #ifdef __linux__ - || afl->fsrv.nyx_mode + || afl->fsrv.nyx_mode #endif - ) - ? SIGKILL - : SIGTERM); + ) + ? SIGKILL + : SIGTERM); setup_signal_handlers(); check_asan_opts(afl); -- cgit 1.4.1 From 31652eeb2aad9dbab26d3e70699a932b57e9d80d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 9 Jun 2024 12:19:58 +0200 Subject: nit --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index fefab1c0..a7ddef6e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1472,7 +1472,7 @@ int main(int argc, char **argv_orig, char **envp) { configure_afl_kill_signals( &afl->fsrv, afl->afl_env.afl_child_kill_signal, afl->afl_env.afl_fsrv_kill_signal, - (afl->fsrv.qemu_mode || afl->unicorn_mode || afl->non_instrumented_mode + (afl->fsrv.qemu_mode || afl->unicorn_mode || afl->fsrv.use_fauxsrv #ifdef __linux__ || afl->fsrv.nyx_mode #endif -- cgit 1.4.1