executor: remap cover fd's to higher values

Remap cover fd's to 24x range to prevent interference with fd's used during fuzzing and also to make fd number consistent with/without cover enabled.
google · Aug 8, 2018 · 9a791c3 · 9a791c3
1 parent ddeb9f8
commit 9a791c3
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 8 deletions.
diff --git a/executor/executor.cc b/executor/executor.cc
@@ -52,8 +52,10 @@ typedef unsigned char uint8;
 // Note: zircon max fd is 256.
 // Some common_OS.h files know about this constant for RLIMIT_NOFILE.
 const int kMaxFd = 250;
+const int kMaxThreads = 16;
 const int kInPipeFd = kMaxFd - 1; // remapped from stdin
 const int kOutPipeFd = kMaxFd - 2; // remapped from stdout
+const int kCoverFd = kOutPipeFd - kMaxThreads;
 const int kMaxArgs = 9;
 const int kCoverSize = 256 << 10;
 const int kFailStatus = 67;
@@ -127,7 +129,6 @@ int flag_fault_nth;
 
 const int kMaxCommands = 1000;
 const int kMaxInput = 2 << 20;
-const int kMaxThreads = 16;
 
 const uint64 instr_eof = -1;
 const uint64 instr_copyin = -2;
@@ -351,8 +352,10 @@ int main(int argc, char** argv)
 	receive_execute();
 #endif
 	if (flag_cover) {
-		for (int i = 0; i < kMaxThreads; i++)
+		for (int i = 0; i < kMaxThreads; i++) {
+			threads[i].cov.fd = kCoverFd + i;
 			cover_open(&threads[i].cov);
+		}
 	}
 
 	int status = 0;
@@ -679,11 +682,12 @@ void execute_one()
 			}
 		}
 		// Write output coverage for unfinished calls.
-		if (flag_cover && running > 0) {
+		if (running > 0) {
 			for (int i = 0; i < kMaxThreads; i++) {
 				thread_t* th = &threads[i];
 				if (th->executing) {
-					cover_collect(&th->cov);
+					if (flag_cover)
+						cover_collect(&th->cov);
 					write_call_output(th, false);
 				}
 			}

diff --git a/executor/executor_bsd.h b/executor/executor_bsd.h
@@ -58,9 +58,12 @@ static long execute_syscall(const call_t* c, long a[kMaxArgs])
 
 static void cover_open(cover_t* cov)
 {
-	cov->fd = open("/dev/kcov", O_RDWR);
-	if (cov->fd == -1)
+	int fd = open("/dev/kcov", O_RDWR);
+	if (fd == -1)
 		fail("open of /dev/kcov failed");
+	if (dup2(fd, cov->fd) < 0)
+		fail("filed to dup2(%d, %d) cover fd", fd, cov->fd);
+	close(fd);
 	if (ioctl(cov->fd, KIOSETBUFSIZE, &kCoverSize))
 		fail("ioctl init trace write failed");
 	size_t mmap_alloc_size = kCoverSize * (is_kernel_64_bit ? 8 : 4);

diff --git a/executor/executor_linux.h b/executor/executor_linux.h
@@ -40,9 +40,12 @@ static long execute_syscall(const call_t* c, long a[kMaxArgs])
 
 static void cover_open(cover_t* cov)
 {
-	cov->fd = open("/sys/kernel/debug/kcov", O_RDWR);
-	if (cov->fd == -1)
+	int fd = open("/sys/kernel/debug/kcov", O_RDWR);
+	if (fd == -1)
 		fail("open of /sys/kernel/debug/kcov failed");
+	if (dup2(fd, cov->fd) < 0)
+		fail("filed to dup2(%d, %d) cover fd", fd, cov->fd);
+	close(fd);
 	const int kcov_init_trace = is_kernel_64_bit ? KCOV_INIT_TRACE64 : KCOV_INIT_TRACE32;
 	if (ioctl(cov->fd, kcov_init_trace, kCoverSize))
 		fail("cover init trace write failed");