Skip to content

Commit

Permalink
executor: adjust waiting time for all usb syzcalls
Browse files Browse the repository at this point in the history 
Allow 2000 ms of waiting time for syz_usb_connect and and the same time for
the whole program is this syzkall is present. Allow 200 ms of waiting time
for syz_usb_disconnect. Remove sleep from syz_usb_control_io.
  • Loading branch information
@xairy @dvyukov
xairy authored and dvyukov committed Apr 23, 2019
1 parent deda7c3 commit 4d3d6a5
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 12 deletions.
2 changes: 0 additions & 2 deletions executor/common_usb.h
View file
Expand Up @@ -411,8 +411,6 @@ static volatile long syz_usb_control_io(volatile long a0, volatile long a1, vola
debug("syz_usb_control_io: reply length = %d\n", response.inner.length);
usb_fuzzer_ep0_write(fd, (struct usb_fuzzer_ep_io*)&response);

sleep_ms(200);

return 0;
}
#endif
Expand Down
22 changes: 14 additions & 8 deletions executor/executor.cc
View file
Expand Up @@ -572,15 +572,20 @@ void execute_one()
}

int call_index = 0;
bool usb_prog = false;
bool collect_extra_cover = false;
int prog_extra_timeout = 0;
for (;;) {
uint64 call_num = read_input(&input_pos);
if (call_num == instr_eof)
break;
bool usb_call = false;
int call_extra_timeout = 0;
if (strcmp(syscalls[call_num].name, "syz_usb_connect") == 0) {
usb_prog = true;
usb_call = true;
collect_extra_cover = true;
prog_extra_timeout = 2000;
call_extra_timeout = 2000;
}
if (strcmp(syscalls[call_num].name, "syz_usb_disconnect") == 0) {
call_extra_timeout = 200;
}
if (call_num == instr_copyin) {
char* addr = (char*)read_input(&input_pos);
Expand Down Expand Up @@ -690,7 +695,9 @@ void execute_one()
} else if (flag_threaded) {
// Wait for call completion.
// Note: sys knows about this 25ms timeout when it generates timespec/timeval values.
const uint64 timeout_ms = usb_call ? 2000 : (flag_debug ? 1000 : 45);
uint64 timeout_ms = 45 + call_extra_timeout;
if (flag_debug && timeout_ms < 1000)
timeout_ms = 1000;
if (event_timedwait(&th->done, timeout_ms))
handle_completion(th);
// Check if any of previous calls have completed.
Expand Down Expand Up @@ -718,8 +725,7 @@ void execute_one()
uint64 wait_end = wait_start + wait;
if (wait_end < start + 800)
wait_end = start + 800;
if (usb_prog)
wait_end += 2000;
wait_end += prog_extra_timeout;
while (running > 0 && current_time_ms() <= wait_end) {
sleep_ms(1);
for (int i = 0; i < kMaxThreads; i++) {
Expand All @@ -746,7 +752,7 @@ void execute_one()
close_fds();
#endif

if (!colliding && !collide && usb_prog) {
if (!colliding && !collide && collect_extra_cover) {
sleep_ms(500);
write_extra_output();
}
Expand Down
2 changes: 0 additions & 2 deletions pkg/csource/generated.go
View file
Expand Up @@ -2121,8 +2121,6 @@ reply:
debug("syz_usb_control_io: reply length = %d\n", response.inner.length);
usb_fuzzer_ep0_write(fd, (struct usb_fuzzer_ep_io*)&response);
sleep_ms(200);
return 0;
}
#endif
Expand Down

0 comments on commit 4d3d6a5

Please sign in to comment.