pkg/aflow/action/crash/test: implement patch testing

Author: FlorentRevest

pkg/aflow/action/crash/reproduce.go

@@ -42,6 +42,50 @@ type reproduceResult struct {
 	CrashReport string
 }
 
+func ReproduceCrash(syzkaller, kernelObj, kernelSrc, image, Type, reproC, workdir string, vm []byte) (string, string, error) {
+	var vmConfig map[string]any
+	if err := json.Unmarshal(vm, &vmConfig); err != nil {
+		return "", "", fmt.Errorf("failed to parse VM config: %w", err)
+	}
+	vmConfig["kernel"] = filepath.Join(kernelObj, filepath.FromSlash(build.LinuxKernelImage(targets.AMD64)))
+	vmCfg, err := json.Marshal(vmConfig)
+	if err != nil {
+		return "", "", fmt.Errorf("failed to serialize VM config: %w", err)
+	}
+
+	cfg := mgrconfig.DefaultValues()
+	cfg.RawTarget = "linux/amd64"
+	cfg.Workdir = workdir
+	cfg.Syzkaller = syzkaller
+	cfg.KernelObj = kernelObj
+	cfg.KernelSrc = kernelSrc
+	cfg.Image = image
+	cfg.Type = Type
+	cfg.VM = vmCfg
+	if err := mgrconfig.SetTargets(cfg); err != nil {
+		return "", "", err
+	}
+	if err := mgrconfig.Complete(cfg); err != nil {
+		return "", "", err
+	}
+	env, err := instance.NewEnv(cfg, nil, nil)
+	if err != nil {
+		return "", "", err
+	}
+	results, err := env.Test(1, nil, nil, []byte(reproC))
+	if err != nil {
+		return "", "", err
+	}
+	if results[0].Error != nil {
+		if crashErr := new(instance.CrashError); errors.As(results[0].Error, &crashErr) {
+			return string(crashErr.Report.Report), "", nil
+		} else {
+			return "", results[0].Error.Error(), nil
+		}
+	}
+	return "", "", nil
+}
+
 func reproduce(ctx *aflow.Context, args reproduceArgs) (reproduceResult, error) {
 	if args.Type != "qemu" {
 		// Since we use injected kernel boot, and don't build full disk image.
@@ -61,50 +105,12 @@ func reproduce(ctx *aflow.Context, args reproduceArgs) (reproduceResult, error)
 	}
 	cached, err := aflow.CacheObject(ctx, "repro", desc, func() (Cached, error) {
 		var res Cached
-		var vmConfig map[string]any
-		if err := json.Unmarshal(args.VM, &vmConfig); err != nil {
-			return res, fmt.Errorf("failed to parse VM config: %w", err)
-		}
-		vmConfig["kernel"] = filepath.Join(args.KernelObj, filepath.FromSlash(build.LinuxKernelImage(targets.AMD64)))
-		vmCfg, err := json.Marshal(vmConfig)
-		if err != nil {
-			return res, fmt.Errorf("failed to serialize VM config: %w", err)
-		}
 		workdir, err := ctx.TempDir()
 		if err != nil {
 			return res, err
 		}
-		cfg := mgrconfig.DefaultValues()
-		cfg.RawTarget = "linux/amd64"
-		cfg.Workdir = workdir
-		cfg.Syzkaller = args.Syzkaller
-		cfg.KernelObj = args.KernelObj
-		cfg.KernelSrc = args.KernelSrc
-		cfg.Image = args.Image
-		cfg.Type = args.Type
-		cfg.VM = vmCfg
-		if err := mgrconfig.SetTargets(cfg); err != nil {
-			return res, err
-		}
-		if err := mgrconfig.Complete(cfg); err != nil {
-			return res, err
-		}
-		env, err := instance.NewEnv(cfg, nil, nil)
-		if err != nil {
-			return res, err
-		}
-		results, err := env.Test(1, nil, nil, []byte(args.ReproC))
-		if err != nil {
-			return res, err
-		}
-		if results[0].Error != nil {
-			if crashErr := new(instance.CrashError); errors.As(results[0].Error, &crashErr) {
-				res.Report = string(crashErr.Report.Report)
-			} else {
-				res.Error = results[0].Error.Error()
-			}
-		}
-		return res, nil
+		res.Error, res.Report, err = ReproduceCrash(args.Syzkaller, args.KernelObj, args.KernelSrc, args.Image, args.Type, args.ReproC, workdir, args.VM)
+		return res, err
 	})
 	if err != nil {
 		return reproduceResult{}, err

pkg/aflow/action/crash/test.go

@@ -5,8 +5,13 @@ package crash
 
 import (
 	"encoding/json"
+	"errors"
+	"fmt"
+	"time"
 
 	"github.com/google/syzkaller/pkg/aflow"
+	"github.com/google/syzkaller/pkg/aflow/action/kernel"
+	"github.com/google/syzkaller/pkg/osutil"
 )
 
 // TestPatch action does an in-tree kernel build in KernelScratchSrc dir,
@@ -35,6 +40,57 @@ type testResult struct {
 	TestError string
 }
 
+func undoChanges(repo string) error {
+	_, err := osutil.RunCmd(time.Minute, repo, "git", "checkout", "--", ".")
+	if err != nil {
+		return err
+	}
+	// We do not use -fdx to keep object files around and make the next tool call faster
+	_, err = osutil.RunCmd(time.Minute, repo, "git", "clean", "-fd")
+	return err
+}
+
+func currentDiff(repo string) (byte[], error) {
+	// Mark the "intent to add" on all files so git diff also shows currently untracked files
+	_, err := osutil.RunCmd(time.Minute, repo, "git", "add", "-N", ".")
+	if err != nil {
+		return "", err
+	}
+	diff, err := osutil.RunCmd(time.Minute, repo, "git", "diff")
+	if err != nil {
+		return "", aflow.FlowError(fmt.Errorf("capturing diff failed: %w\n%s", err, diff))
+	}
+	return diff, nil
+}
+
 func testPatch(ctx *aflow.Context, args testArgs) (testResult, error) {
-	return testResult{}, nil
+	res := testResult{}
+	defer undoChanges(args.KernelScratchSrc)
+
+	diff, err := currentDiff(args.KernelScratchSrc)
+	if err != nil {
+		return res, err
+	}
+	res.PatchDiff = diff
+
+	if args.Type != "qemu" {
+		return res, errors.New("only qemu VM type is supported")
+	}
+
+	if err := kernel.BuildKernel(args.KernelScratchSrc, args.KernelScratchSrc, args.KernelConfig, false); err != nil {
+		res.TestError = fmt.Sprintf("Building the kernel failed with %v", err)
+		return res, nil
+	}
+
+	workdir, err := ctx.TempDir()
+	if err != nil {
+		return res, err
+	}
+	errorLog, reportLog, err := ReproduceCrash(args.Syzkaller, args.KernelScratchSrc, args.KernelScratchSrc, args.Image, args.Type, args.ReproC, workdir, args.VM)
+	if errorLog != "" {
+		res.TestError = errorLog
+	} else {
+		res.TestError = reportLog
+	}
+	return res, err
 }

pkg/aflow/action/kernel/build.go

@@ -34,42 +34,49 @@ type buildResult struct {
 	KernelObj string // Directory with build artifacts.
 }
 
-func buildKernel(ctx *aflow.Context, args buildArgs) (buildResult, error) {
-	desc := fmt.Sprintf("kernel commit %v, kernel config hash %v",
-		args.KernelCommit, hash.String(args.KernelConfig))
-	dir, err := ctx.Cache("build", desc, func(dir string) error {
-		if err := osutil.WriteFile(filepath.Join(dir, ".config"), []byte(args.KernelConfig)); err != nil {
+func BuildKernel(buildDir, srcDir, cfg string, cleanup bool) error {
+	if err := osutil.WriteFile(filepath.Join(buildDir, ".config"), []byte(cfg)); err != nil {
+		return err
+	}
+	target := targets.List[targets.Linux][targets.AMD64]
+	image := filepath.FromSlash(build.LinuxKernelImage(targets.AMD64))
+	makeArgs := build.LinuxMakeArgs(target, targets.DefaultLLVMCompiler, targets.DefaultLLVMLinker,
+		"ccache", buildDir, runtime.NumCPU())
+	const compileCommands = "compile_commands.json"
+	makeArgs = append(makeArgs, "-s", path.Base(image), compileCommands)
+	if out, err := osutil.RunCmd(time.Hour, srcDir, "make", makeArgs...); err != nil {
+		return aflow.FlowError(fmt.Errorf("make failed: %w\n%s", err, out))
+	}
+	if !cleanup {
+		return nil
+	}
+	// Remove main intermediate build files, we don't need them anymore
+	// and they take lots of space. But keep generated source files.
+	keepFiles := map[string]bool{
+		image:               true,
+		target.KernelObject: true,
+		compileCommands:     true,
+	}
+	return filepath.WalkDir(buildDir, func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
 			return err
 		}
-		target := targets.List[targets.Linux][targets.AMD64]
-		image := filepath.FromSlash(build.LinuxKernelImage(targets.AMD64))
-		makeArgs := build.LinuxMakeArgs(target, targets.DefaultLLVMCompiler, targets.DefaultLLVMLinker,
-			"ccache", dir, runtime.NumCPU())
-		const compileCommands = "compile_commands.json"
-		makeArgs = append(makeArgs, "-s", path.Base(image), compileCommands)
-		if out, err := osutil.RunCmd(time.Hour, args.KernelSrc, "make", makeArgs...); err != nil {
-			return aflow.FlowError(fmt.Errorf("make failed: %w\n%s", err, out))
+		relative, err := filepath.Rel(buildDir, path)
+		if err != nil {
+			return err
 		}
-		// Remove main intermediate build files, we don't need them anymore
-		// and they take lots of space. But keep generated source files.
-		keepFiles := map[string]bool{
-			image:               true,
-			target.KernelObject: true,
-			compileCommands:     true,
+		if d.IsDir() || keepFiles[relative] || codesearch.IsSourceFile(relative) {
+			return nil
 		}
-		return filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
-			if err != nil {
-				return err
-			}
-			relative, err := filepath.Rel(dir, path)
-			if err != nil {
-				return err
-			}
-			if d.IsDir() || keepFiles[relative] || codesearch.IsSourceFile(relative) {
-				return nil
-			}
-			return os.Remove(path)
-		})
+		return os.Remove(path)
+	})
+}
+
+func buildKernel(ctx *aflow.Context, args buildArgs) (buildResult, error) {
+	desc := fmt.Sprintf("kernel commit %v, kernel config hash %v",
+		args.KernelCommit, hash.String(args.KernelConfig))
+	dir, err := ctx.Cache("build", desc, func(dir string) error {
+		return BuildKernel(dir, args.KernelSrc, args.KernelConfig, true)
 	})
 	return buildResult{KernelObj: dir}, err
 }