Skip to content

Commit 5a7ebe5

Browse files
committed
Introduce service for NSS testing with TSan
1 parent 58d7469 commit 5a7ebe5

File tree

4 files changed

+186
-0
lines changed

4 files changed

+186
-0
lines changed

services/nss-tsan-fuzz/Dockerfile

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
# This Source Code Form is subject to the terms of the Mozilla Public
2+
# License, v. 2.0. If a copy of the MPL was not distributed with this
3+
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
4+
5+
FROM ubuntu:24.04
6+
7+
LABEL maintainer="Maurice Dauer <[email protected]>"
8+
9+
ENV LOGNAME=worker
10+
ENV HOSTNAME=taskcluster-worker
11+
ARG DEBIAN_FRONTEND=noninteractive
12+
13+
RUN useradd -d /home/worker -s /bin/bash -m worker
14+
15+
COPY recipes/linux/ /src/recipes/
16+
COPY services/nss-tsan-fuzz/setup.sh /src/recipes/setup-nss-tsan-fuzz.sh
17+
COPY services/nss-tsan-fuzz/launch.sh /home/worker/
18+
19+
RUN /src/recipes/setup-nss-tsan-fuzz.sh
20+
21+
ENV LANG=en_US.UTF-8
22+
ENV LC_ALL=en_US.UTF-8
23+
24+
USER worker
25+
WORKDIR /home/worker
26+
27+
ENTRYPOINT ["/usr/local/bin/fuzzing-pool-launch"]
28+
CMD ["/home/worker/launch.sh"]

services/nss-tsan-fuzz/launch.sh

Lines changed: 91 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,91 @@
1+
#!/usr/bin/env bash
2+
# This Source Code Form is subject to the terms of the Mozilla Public
3+
# License, v. 2.0. If a copy of the MPL was not distributed with this
4+
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
5+
6+
set -e
7+
set -x
8+
set -o pipefail
9+
10+
# shellcheck source=recipes/linux/common.sh
11+
source .local/bin/common.sh
12+
13+
# Clone nss/nspr
14+
retry hg clone https://hg.mozilla.org/projects/nspr
15+
retry hg clone https://hg.mozilla.org/projects/nss
16+
17+
# Build nss with --fuzz=tsan
18+
pushd nss
19+
./build.sh -c -v --fuzz=tsan --disable-tests
20+
popd
21+
22+
# Setup fuzzmanger
23+
get-tc-secret fuzzmanagerconf "$HOME/.fuzzmanagerconf"
24+
25+
# Setup gcloud
26+
mkdir -p ~/.config/gcloud
27+
get-tc-secret ossfuzz-gutils ~/.config/gcloud/application_default_credentials.json raw
28+
echo -e "[Credentials]\ngs_service_key_file = /home/worker/.config/gcloud/application_default_credentials.json" > .boto
29+
30+
# Clone corpora
31+
mkdir -p ./corpus/nss_tls-client-no_fuzzer_mode
32+
mkdir -p ./corpus/nss_dtls-client-no_fuzzer_mode
33+
34+
pushd corpus/nss_tls-client-no_fuzzer_mode
35+
gsutil cp "gs://nss-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/nss_tls-client-no_fuzzer_mode/latest.zip" .
36+
unzip latest.zip
37+
rm -f latest.zip
38+
popd
39+
40+
pushd corpus/nss_dtls-client-no_fuzzer_mode
41+
gsutil cp "gs://nss-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/nss_dtls-client-no_fuzzer_mode/latest.zip" .
42+
unzip latest.zip
43+
rm -f latest.zip
44+
popd
45+
46+
# TSan setup
47+
export TSAN_OPTIONS="halt_on_error=1 suppressions=$PWD/nss/fuzz/config/tsan.suppressions"
48+
49+
function check-for-crash() {
50+
local binary=$1
51+
52+
if [ -f crash-* ]; then
53+
zip -r testcase.zip crash-*
54+
collector --submit --stdout stdout.log --crashdata stderr.log \
55+
--binary $binary --tool nss-tsan-fuzz \
56+
--testcase testcase.zip
57+
rm -rf crash-* testcase.zip
58+
fi
59+
}
60+
61+
# Run tls client target
62+
BINARY="dist/Debug/bin/nsstsan-tls-client"
63+
THREADS=$((2 + RANDOM % 25))
64+
MAX_TIME=$((60 * 60 * 5))
65+
66+
timeout -k $((MAX_TIME + 300)) $((MAX_TIME + 300)) \
67+
$BINARY run ./corpus/nss_tls-client-no_fuzzer_mode $THREADS $MAX_TIME \
68+
> stdout.log 2> stderr.log || true
69+
check-for-crash $BINARY
70+
71+
# Run dtls client target
72+
BINARY="dist/Debug/bin/nsstsan-dtls-client"
73+
THREADS=$((2 + RANDOM % 25))
74+
MAX_TIME=$((60 * 60 * 5))
75+
76+
timeout -k $((MAX_TIME + 300)) $((MAX_TIME + 300)) \
77+
$BINARY run ./corpus/nss_dtls-client-no_fuzzer_mode $THREADS $MAX_TIME \
78+
> stdout.log 2> stderr.log || true
79+
check-for-crash $BINARY
80+
81+
# Run database target
82+
BINARY="dist/Debug/bin/nsstsan-database"
83+
THREADS=$((2 + RANDOM % 25))
84+
MAX_TIME=$((60 * 60 * 2))
85+
86+
mkdir nsstsandb && \
87+
certutil -N -d sql:nsstsandb --empty-password
88+
89+
timeout -k $((MAX_TIME + 300)) $((MAX_TIME + 300)) \
90+
$BINARY run $THREADS $MAX_TIME > stdout.log 2> stderr.log || true
91+
check-for-crash $BINARY

services/nss-tsan-fuzz/service.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
name: nss-tsan-fuzz

services/nss-tsan-fuzz/setup.sh

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
#!/bin/bash
2+
# This Source Code Form is subject to the terms of the Mozilla Public
3+
# License, v. 2.0. If a copy of the MPL was not distributed with this
4+
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
5+
6+
set -e
7+
set -x
8+
set -o pipefail
9+
10+
# shellcheck source=recipes/linux/common.sh
11+
source "${0%/*}/common.sh"
12+
13+
#### Bootstrap Packages
14+
15+
sys-update
16+
17+
#### Install recipes
18+
19+
cd "${0%/*}"
20+
./fuzzmanager.sh
21+
./gsutil.sh
22+
./taskcluster.sh
23+
24+
packages=(
25+
binutils
26+
clang
27+
curl
28+
git
29+
gyp
30+
jshon
31+
libclang-rt-dev
32+
libssl-dev
33+
locales
34+
make
35+
mercurial
36+
ninja-build
37+
openssh-client
38+
python-is-python3
39+
python3
40+
strace
41+
unzip
42+
zlib1g-dev
43+
)
44+
45+
sys-embed "${packages[@]}"
46+
47+
#### Base System Configuration
48+
49+
# Generate locales
50+
locale-gen en_US.utf8
51+
52+
#### Base Environment Configuration
53+
54+
mkdir -p /home/worker/.local/bin
55+
56+
# Add `cleanup.sh` to let images perform standard cleanup operations.
57+
cp "${0%/*}/cleanup.sh" /home/worker/.local/bin/cleanup.sh
58+
59+
# Add shared `common.sh` to Bash
60+
cp "${0%/*}/common.sh" /home/worker/.local/bin/common.sh
61+
printf "source ~/.local/bin/common.sh\n" >> /home/worker/.bashrc
62+
63+
/home/worker/.local/bin/cleanup.sh
64+
65+
chown -R worker:worker /home/worker
66+
chmod 0777 /src

0 commit comments

Comments
 (0)