commit trinity for openSUSE:Factory
Hello community,
here is the log from the commit of package trinity for openSUSE:Factory checked in at 2015-01-15 15:58:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/trinity (Old)
and /work/SRC/openSUSE:Factory/.trinity.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trinity"
Changes:
--------
--- /work/SRC/openSUSE:Factory/trinity/trinity.changes 2014-12-22 12:52:56.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.trinity.new/trinity.changes 2015-01-15 15:59:08.000000000 +0100
@@ -1,0 +2,5 @@
+Wed Jan 14 15:13:16 UTC 2015 - jslaby@suse.com
+
+- update to 20150107
+
+-------------------------------------------------------------------
Old:
----
trinity-20141206.tar.xz
New:
----
trinity-20150107.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ trinity.spec ++++++
--- /var/tmp/diff_new_pack.R3BNE7/_old 2015-01-15 15:59:09.000000000 +0100
+++ /var/tmp/diff_new_pack.R3BNE7/_new 2015-01-15 15:59:09.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package trinity
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: trinity
-Version: 20141206
+Version: 20150107
Release: 0
Summary: A Linux System call fuzz tester
License: GPL-2.0
++++++ trinity-20141206.tar.xz -> trinity-20150107.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/Documentation/Known-bugs.txt new/trinity-20150107/Documentation/Known-bugs.txt
--- old/trinity-20141206/Documentation/Known-bugs.txt 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/Documentation/Known-bugs.txt 2015-01-14 16:12:54.000000000 +0100
@@ -1,3 +1,11 @@
+- render_arg occasionally scribbles past the end of the postbuffer.
+ This becomes more obvious when trinity is run with MALLOC_PERTURB_ set.
+
+- getrandom syscall can block, and the watchdog can't kill it.
+ Might need a ->sanitise routine to prevent blocking ops.
+
+- -c execve seems to always pass the same junk as args.
+
- -r and -c don't seem to work together
- when we randomly call personality, the child stops logging.
@@ -21,4 +29,3 @@
- occasionally trinity fails to startup because we've leaked so much ipc stuff.
cleanup on startup. (scripts/clean-ipc.sh in the meantime)
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/Documentation/TODO new/trinity-20150107/Documentation/TODO
--- old/trinity-20141206/Documentation/TODO 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/Documentation/TODO 2015-01-14 16:12:54.000000000 +0100
@@ -4,30 +4,39 @@
- do file ops on a bunch of trinity test files
- open->read->close
- open->mmap->access mem->close
- - sysctl flipper.
+ - sysctl writes. (blacklist sysrq-trigger etc)
- pick random elevator alg for all queues
- - fork-and-dirty mappings
+ - fork-and-dirty mappings
+ - send fd's over unix sockets to other children
+ - open/read all /proc/$$/* files
+ - tuned random syscalls. (open -> read -> close). tree of possibilities.
- Ability to mark some ops as 'NEEDS_ROOT'.
- Move the drop privs code from main to just before we start a new child.
-* maps.c improvements:
- - Sometimes generate overlapping addresses/lengths when we have ARG_ADDRESS/ARG_ADDRESS2 pairs
- - make sure ARG_ADDRESS only uses addresses from this list, and audit all other mmap/malloc uses
- in sanitise routines.
- - munge lengths when handing them out.
- - mmap files
- (we do this already, but don't track it properly)
- - get_map_fragment()
- - mprotect parts of a map
- will need to somehow track what pages are RO/RW etc
- - keep track of holes when munmap'd
- split maps in two ?
- (store original len, and current len)
+* vm related improvements:
+ - mmapping:
+ - Sometimes generate overlapping addresses/lengths when we have ARG_ADDRESS/ARG_ADDRESS2 pairs
+ - munge lengths when handing out maps.
+ - mmap files
+ (we do this already, but don't track it properly)
+ - get_map_fragment()
+ - keep track of holes when mprotect/munmap'd
+ split maps in two ?
+ (store original len, and current len)
+ note: initial maps are MAP_SHARED. What to do?
+ - mapping transaction log for dumping in post-mortem
+ - huge pages
+ - hugetlbfs mappings
+ - crib from hugetlbfs tests examples for more ideas.
+ - /dev/shm mappings
+ - pass memfd's in mmap sanitise
+ - sysv shm handling could be improved.
* munge_process() on child startup
- replace fork() with random clone()
- run children in different namespaces, personalities.
- unshare
+ - do some random fcntls to all fd's on child spawn
* ioctl improvements
- needs filename globbing for some ioctls
@@ -39,33 +48,41 @@
- Make -D use a separate debug log file
- if we have a large number of children, we use up a lot of fd's for
the log files. Instead of keeping them all open, reopen them as needed.
+ - mprotect the child struct around write accesses
+ - improve debugf re: http://c-faq.com/varargs/handoff.html
+ - Activate the function tracer before each syscall. Flush before calling.
* postmortem improvements
- change child->syscall / ->previous to be a ringbuffer of syscallrecord structs.
- Compare timestamp that taint was noticed at, ignore all later.
-
-* Do taint watching in the child loop too.
+ - log 'unfinished' if state isn't complete.
+ - is post mortem code generating ESC0m ?
+ - function that takes a void * and outputs what it is (mapping, page_* etc)
+ (searches various lists etc)
* --dry-run mode.
need to work around segv's when we do things like mmap->post and register null maps.
-* Rewrite the fd code.
+* fd handling improvements.
- kill off NR_FILE_FDS
- open some files in the child too after forking.
- this requires a child-local fd mapping table.
Maybe we can then reduce the size of the shared shm->file_fds
- When requesting an fd, occasionally generate a new one.
- - Could we do the nftw walks in parallel ?
- That would speed up startup a lot. Though would need to pass list back up to main thread somehow.
+ - parallelize nftw walks on startup using threads.
- support for multiple victim file parameters
- - When picking a random path, instead of treating the pool of paths as one thing,
+ - nftw of /lib/modules ? (for passing to init_module)
+ (if run as root)
+ - separate lists for dev sysfs etc
+ When picking a random path, instead of treating the pool of paths as one thing,
treat it as multiple (/dev, /sys, /proc). And then do a 1-in-3 chance
of getting one of those. Right now, because there are 5-6 digits worth of /proc & /sys,
they dominate over the /dev entries.
- more fd 'types' (fanotify_init)
-
-* Change regeneration code.
- - Instead of every n syscalls, make it happen after 15 minutes (but with a minimum of n syscalls)
+ - need a way to go from fd to string describing what it is. for post-mortem
+ - Attach an operation history to each fd for post-mortem.
+ Maybe we need an fd container struct ?
+ - deregister fd providers if init of one fails
* Pretty-print improvements.
- decode fd number -> filename in output
@@ -76,6 +93,7 @@
* Watchdog improvements
- in main loop, check watchdog is still alive
- RT watchdog task ?
+ - check if HI > total
* filename related issues.
- filename cache.
@@ -93,16 +111,34 @@
- also need to watch /proc/$$/exe, look up using shm->pids.
- file list struct extensions
- use count
+ - create N testfiles for each -V
* Networking improvements.
+ - More focus on non-ipv4 protocols.
+ - igmp
+ - ipv6 / 6to4
+ - sctp
+ - ipip
+ - tun (vxlan / gre)
+ - ppp
+ - pppoe
+ - tipc
+ - rds
+ - nfc
+ - nft
+ - iscsi
- Rewrite socket generation.
Organise into (sorted) per-protocol buckets of linked-lists..
- Search buckets for dupes before adding.
- for syscalls that take a fd and a sockaddr, look up the triplet and match.
- Flesh out sockaddr/socket gen for all remaining protocols.
- - setsockopt on network sockets when we regenerate
- Disabled right now, because it causes some socket types to hang.
+ - setsockopt coverage is still lacking for some protocols.
+ - improve netlink fuzzing
- specify an ip of a victim machine (Maybe also config file)
+ - --proto-exclude
+ - better spread of net protocols on startup
+ - check EAFNOSUPPORT if -P
+ - speed up PF_CAN creation
* Improve the ->post routine to walk a list of objects that we allocated during a
syscalls ->sanitise in a ->post method.
@@ -128,7 +164,9 @@
* if a read() blocks and we get a kill from the watchdog, blacklist (close?) that fd/filename.
-* Some of the syscalls marked AVOID are done so for good reason.
+* Various syscall improvements.
+ - Create futexes on startup and make syscalls/futex.c use them.
+ - brk could be smarter about existing brk
- Revisit fuzzing ptrace.
- It's disabled currently because of situations like..
child a traces child b
@@ -136,7 +174,7 @@
child b never proceeds, and doesn't get untraced.
* Further syscall annotation improvements
- - Finish annotating syscall return types
+ - Finish annotating syscall return types & error codes.
* structured logging.
- To begin with, in parallel with existing text based logging.
@@ -159,17 +197,52 @@
- To begin with, just allow replay/bisect using one child process.
Synchronising threads across different runs may be complicated.
+* Misc improvements.
+ - implement _lock->queue so waiters get the lock on a FIFO basis.
+ - Add a NEEDS_ROOT flag for syscalls that are expected to fail.
+ (and then if !root, deactivate them on startup)
+ - --stats
+ - count segv's.
+ - avoid BORING syscalls. geteuid etc is kinda pointless.
+ (maybe an override param to call them)
+ - unix socket for comms between children/parent.
+ also other apps so we can do stats gathering, debug, config changes etc
+
* Misc cleanups
- Move arch specific syscalls into syscalls/arch/
- Move addresses in get_interesting_value() to a function in per-arch headers.
+ - audit all uses of rand64 for 32bit builds
+ - possible helpers
+ - zfree (free & null)
+ - check_errno(EINVAL)
+ (checks if -1, and checks errno, returns bool)
+ - set_random_bits()
+ - fix up -q. trinity -h needs to be more silent
+ - add a kernel rodata addr to trinity (sys_call_table for eg)
* watch dmesg buffer for interesting kernel messages and halt if necessary. Lockdep for eg.
- Pause on oops.
Sometimes we might want to read trinity state when we trigger a bad event.
* Blocked child improvements.
- - if we find a blocking fd, check if it's a socket, and shutdown() it.
+ - if we find a blocking fd, check if it's a socket, and shutdown() it.
(tricky: we need to do the shutdown in the main process, and then tell other children)
* make -p take an arg for seconds
+* things to check.
+ - execve occasionally returns -ESRCH. Why ?
+ - disappearing processes. 'oom killed maybe' when no oom.
+
+* pthreads. (Real long term, lots of work).
+ - allocate separate childdata for each thread, and pass into pthread_create
+ - allocate child->syscall.pre/post buffers too
+ (maybe just use reinit_child?)
+ - child_process takes ptr to childdata struct (just shm addr for processes)
+ - set_seed needs to factor in pthread number.
+ - locking needs to be pthread aware
+ put mutex in lock_t ?
+ - logging for threads?
+ will need a pthread watchdog in same process group
+ - send pthread_kill
+ - propagate progress up to main watchdog
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/fault-write.c new/trinity-20150107/fault-write.c
--- old/trinity-20141206/fault-write.c 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/fault-write.c 2015-01-14 16:12:54.000000000 +0100
@@ -103,9 +103,13 @@
switch (rand() % 3) {
case 0:
switch (rand() % 3) {
- case 0: p = sprintf(page, "%lu", (unsigned long) rand64());
- break;
- case 1: p = sprintf(page, "%ld", (unsigned long) rand64());
+ case 0: p = sprintf(page, "%s%lu",
+ rand_bool() ? "-" : "",
+ (unsigned long) rand64());
+ break;
+ case 1: p = sprintf(page, "%s%ld",
+ rand_bool() ? "-" : "",
+ (unsigned long) rand64());
break;
case 2: p = sprintf(page, "%lx", (unsigned long) rand64());
break;
@@ -114,9 +118,13 @@
case 1:
switch (rand() % 3) {
- case 0: p = sprintf(page, "%u", (unsigned int) rand32());
- break;
- case 1: p = sprintf(page, "%d", (int) rand32());
+ case 0: p = sprintf(page, "%s%u",
+ rand_bool() ? "-" : "",
+ (unsigned int) rand32());
+ break;
+ case 1: p = sprintf(page, "%s%d",
+ rand_bool() ? "-" : "",
+ (int) rand32());
break;
case 2: p = sprintf(page, "%x", (int) rand32());
break;
@@ -125,9 +133,13 @@
case 2:
switch (rand() % 3) {
- case 0: p = sprintf(page, "%u", (unsigned char) rand());
- break;
- case 1: p = sprintf(page, "%d", (char) rand());
+ case 0: p = sprintf(page, "%s%u",
+ rand_bool() ? "-" : "",
+ (unsigned char) rand());
+ break;
+ case 1: p = sprintf(page, "%s%d",
+ rand_bool() ? "-" : "",
+ (char) rand());
break;
case 2: p = sprintf(page, "%x", (char) rand());
break;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/generate-args.c new/trinity-20150107/generate-args.c
--- old/trinity-20141206/generate-args.c 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/generate-args.c 2015-01-14 16:12:54.000000000 +0100
@@ -10,7 +10,6 @@
#include "maps.h"
#include "net.h"
#include "random.h"
-#include "random.h"
#include "sanitise.h"
#include "shm.h"
#include "syscall.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/include/compat.h new/trinity-20150107/include/compat.h
--- old/trinity-20141206/include/compat.h 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/include/compat.h 2015-01-14 16:12:54.000000000 +0100
@@ -15,6 +15,9 @@
#ifndef AT_EMPTY_PATH
#define AT_EMPTY_PATH 0x1000
#endif
+#ifndef AT_SYMLINK_NOFOLLOW
+#define AT_SYMLINK_NOFOLLOW 0x100
+#endif
#ifndef O_PATH
#define O_PATH 010000000 /* Resolve pathname but do not open file. */
@@ -397,6 +400,10 @@
#define SO_BPF_EXTENSIONS 48
#endif
+#ifndef SO_INCOMING_CPU
+#define SO_INCOMING_CPU 49
+#endif
+
/* linux/tcp.h */
#ifndef TCP_COOKIE_TRANSACTIONS
#define TCP_COOKIE_TRANSACTIONS 15
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/include/syscalls-i386.h new/trinity-20150107/include/syscalls-i386.h
--- old/trinity-20141206/include/syscalls-i386.h 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/include/syscalls-i386.h 2015-01-14 16:12:54.000000000 +0100
@@ -1,6 +1,6 @@
#pragma once
-/* Syscalls from arch/x86/syscalls/syscall_32.tbl as of 3.17+ */
+/* Syscalls from arch/x86/syscalls/syscall_32.tbl */
#include "sanitise.h"
#include "syscall.h"
@@ -365,4 +365,5 @@
{ .entry = &syscall_getrandom },
{ .entry = &syscall_memfd_create },
{ .entry = &syscall_bpf },
+ { .entry = &syscall_execveat },
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/include/syscalls-ia64.h new/trinity-20150107/include/syscalls-ia64.h
--- old/trinity-20141206/include/syscalls-ia64.h 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/include/syscalls-ia64.h 2015-01-14 16:12:54.000000000 +0100
@@ -1,6 +1,6 @@
#pragma once
-/* Syscalls from arch/ia64/kernel/entry.S as of 3.17+ */
+/* Syscalls from arch/ia64/kernel/entry.S */
#include "sanitise.h"
#include "syscall.h"
@@ -325,4 +325,5 @@
{ .entry = &syscall_getrandom },
{ .entry = &syscall_memfd_create },
{ .entry = &syscall_bpf },
+ { .entry = &syscall_execveat },
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/include/syscalls-s390.h new/trinity-20150107/include/syscalls-s390.h
--- old/trinity-20141206/include/syscalls-s390.h 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/include/syscalls-s390.h 2015-01-14 16:12:54.000000000 +0100
@@ -359,4 +359,6 @@
{ .entry = &syscall_getrandom },
{ .entry = &syscall_memfd_create },
{ .entry = &syscall_bpf },
+ { .entry = &syscall_ni_syscall }, // TODO: syscall_s390_pci_mmio_write
+ { .entry = &syscall_ni_syscall }, // TODO: syscall_s390_pci_mmio_read
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/include/syscalls-s390x.h new/trinity-20150107/include/syscalls-s390x.h
--- old/trinity-20141206/include/syscalls-s390x.h 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/include/syscalls-s390x.h 2015-01-14 16:12:54.000000000 +0100
@@ -359,4 +359,6 @@
{ .entry = &syscall_getrandom },
{ .entry = &syscall_memfd_create },
{ .entry = &syscall_bpf },
+ { .entry = &syscall_ni_syscall }, // TODO: syscall_s390_pci_mmio_write
+ { .entry = &syscall_ni_syscall }, // TODO: syscall_s390_pci_mmio_read
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/include/syscalls-sparc.h new/trinity-20150107/include/syscalls-sparc.h
--- old/trinity-20141206/include/syscalls-sparc.h 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/include/syscalls-sparc.h 2015-01-14 16:12:54.000000000 +0100
@@ -357,4 +357,5 @@
{ .entry = &syscall_getrandom },
{ .entry = &syscall_memfd_create },
{ .entry = &syscall_bpf },
+ { .entry = &syscall_execveat },
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/include/syscalls-x86_64.h new/trinity-20150107/include/syscalls-x86_64.h
--- old/trinity-20141206/include/syscalls-x86_64.h 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/include/syscalls-x86_64.h 2015-01-14 16:12:54.000000000 +0100
@@ -1,6 +1,6 @@
#pragma once
-/* Syscalls from arch/x86/syscalls/syscall_64.tbl as of 3.17+ */
+/* Syscalls from arch/x86/syscalls/syscall_64.tbl */
#include "sanitise.h"
#include "syscall.h"
@@ -329,4 +329,5 @@
{ .entry = &syscall_memfd_create },
{ .entry = &syscall_kexec_file_load },
{ .entry = &syscall_bpf },
+ { .entry = &syscall_execveat },
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/net/proto-socket.c new/trinity-20150107/net/proto-socket.c
--- old/trinity-20141206/net/proto-socket.c 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/net/proto-socket.c 2015-01-14 16:12:54.000000000 +0100
@@ -16,7 +16,7 @@
SO_PASSSEC, SO_TIMESTAMPNS, SO_MARK, SO_TIMESTAMPING,
SO_PROTOCOL, SO_DOMAIN, SO_RXQ_OVFL, SO_WIFI_STATUS,
SO_PEEK_OFF, SO_NOFCS, SO_LOCK_FILTER, SO_SELECT_ERR_QUEUE,
- SO_BUSY_POLL, SO_MAX_PACING_RATE, SO_BPF_EXTENSIONS };
+ SO_BUSY_POLL, SO_MAX_PACING_RATE, SO_BPF_EXTENSIONS, SO_INCOMING_CPU };
void socket_setsockopt(struct sockopt *so)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/params.c new/trinity-20150107/params.c
--- old/trinity-20141206/params.c 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/params.c 2015-01-14 16:12:54.000000000 +0100
@@ -140,19 +140,6 @@
outputstd("opt:%c\n", opt);
return;
- case 'b':
- init_bdev_list();
- process_bdev_param(optarg);
- dump_bdev_list();
- outputstd("--bdev doesn't do anything useful yet.\n");
- exit(EXIT_SUCCESS);
-
- case 'c':
- /* syscalls are all disabled at this point. enable the syscall we care about. */
- do_specific_syscall = TRUE;
- toggle_syscall(optarg, TRUE);
- break;
-
case 'a':
/* One of the architectures selected*/
do_32_arch = FALSE;
@@ -169,6 +156,19 @@
}
break;
+ case 'b':
+ init_bdev_list();
+ process_bdev_param(optarg);
+ dump_bdev_list();
+ outputstd("--bdev doesn't do anything useful yet.\n");
+ exit(EXIT_SUCCESS);
+
+ case 'c':
+ /* syscalls are all disabled at this point. enable the syscall we care about. */
+ do_specific_syscall = TRUE;
+ toggle_syscall(optarg, TRUE);
+ break;
+
case 'C':
user_specified_children = strtoll(optarg, NULL, 10);
max_children = user_specified_children;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trinity-20141206/patches/silence-fuzz-testing-noise.patch new/trinity-20150107/patches/silence-fuzz-testing-noise.patch
--- old/trinity-20141206/patches/silence-fuzz-testing-noise.patch 2014-12-13 14:38:01.000000000 +0100
+++ new/trinity-20150107/patches/silence-fuzz-testing-noise.patch 2015-01-14 16:12:54.000000000 +0100
@@ -1,23 +1,7 @@
-From 0267f449b83ad4a85acd3ca4d5386080dfc79c35 Mon Sep 17 00:00:00 2001
+From 2683419e05ab227cd24a5859db044fe3941d6574 Mon Sep 17 00:00:00 2001
From: Dave Jones
participants (1)
-
root@hilbert.suse.de