From c54464115dac09556f7ab250c676a02ca598ede1 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Mon, 29 Jul 2019 20:22:25 +0100 Subject: [PATCH 1/2] FreeBSD, implementing binding to free cpu. going through processes and finding the first potential free cpu. --- Makefile | 4 ++++ afl-fuzz.c | 40 +++++++++++++++++++++++++++++++++++----- 2 files changed, 39 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 0b2c92b0e..800b8823d 100644 --- a/Makefile +++ b/Makefile @@ -36,6 +36,10 @@ ifneq "$(filter Linux GNU%,$(shell uname))" "" LDFLAGS += -ldl endif +ifneq "$(filter FreeBSD GNU%,$(shell uname))" "" + LDFLAGS += -pthread +endif + ifeq "$(findstring clang, $(shell $(CC) --version 2>/dev/null))" "" TEST_CC = afl-gcc else diff --git a/afl-fuzz.c b/afl-fuzz.c index 962bbf0b9..9cc3e5f9a 100644 --- a/afl-fuzz.c +++ b/afl-fuzz.c @@ -68,12 +68,18 @@ #if defined(__APPLE__) || defined(__FreeBSD__) || defined (__OpenBSD__) # include +# ifdef __FreeBSD__ +# include +# include +# include +# include +# endif #endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */ /* For systems that have sched_setaffinity; right now just Linux, but one can hope... */ -#ifdef __linux__ +#if defined(__linux__) || defined(__FreeBSD__) # define HAVE_AFFINITY 1 #endif /* __linux__ */ @@ -405,14 +411,13 @@ static void shuffle_ptrs(void** ptrs, u32 cnt) { can be found. Assumes an upper bound of 4k CPUs. */ static void bind_to_free_cpu(void) { - + u8 cpu_used[4096] = { 0 }; + u32 i; +#ifdef __linux__ DIR* d; struct dirent* de; cpu_set_t c; - u8 cpu_used[4096] = { 0 }; - u32 i; - if (cpu_core_count < 2) return; if (getenv("AFL_NO_AFFINITY")) { @@ -485,6 +490,26 @@ static void bind_to_free_cpu(void) { } closedir(d); +#else + struct kinfo_proc *procs; + size_t nprocs; + size_t proccount; + cpuset_t c; + int s_name[3] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL}; + if (sysctl(s_name, 3, NULL, &nprocs, NULL, 0) < 0) return; + proccount = nprocs / sizeof(*procs); + procs = ck_alloc(nprocs); + if (sysctl(s_name, 3, NULL, &nprocs, NULL, 0) < 0) goto procs_free; + + for (i = 0; i < proccount; i ++) { + if (procs[i].ki_oncpu < sizeof(cpu_used)) + cpu_used[procs[i].ki_oncpu] = 1; + } + +procs_free: + ck_free(procs); + +#endif for (i = 0; i < cpu_core_count; i++) if (!cpu_used[i]) break; @@ -508,8 +533,13 @@ static void bind_to_free_cpu(void) { CPU_ZERO(&c); CPU_SET(i, &c); +#ifdef __linux__ if (sched_setaffinity(0, sizeof(c), &c)) PFATAL("sched_setaffinity failed"); +#else + if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) + PFATAL("pthread_setaffinity failed"); +#endif } From f5e17564313a28ba648f341e264ee00f26159cec Mon Sep 17 00:00:00 2001 From: David Carlier Date: Mon, 29 Jul 2019 22:22:20 +0100 Subject: [PATCH 2/2] Little tweaks and testing afl-fuzz output --- Makefile | 5 ++++- afl-fuzz.c | 24 +++++++++++++----------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 800b8823d..35245a4e1 100644 --- a/Makefile +++ b/Makefile @@ -90,11 +90,14 @@ afl-gotcpu: afl-gotcpu.c $(COMM_HDR) | test_x86 ifndef AFL_NO_X86 -test_build: afl-gcc afl-as afl-showmap +test_build: afl-gcc afl-as afl-showmap afl-fuzz @echo "[*] Testing the CC wrapper and instrumentation output..." unset AFL_USE_ASAN AFL_USE_MSAN; AFL_QUIET=1 AFL_INST_RATIO=100 AFL_PATH=. ./$(TEST_CC) $(CFLAGS) test-instr.c -o test-instr $(LDFLAGS) echo 0 | ./afl-showmap -m none -q -o .test-instr0 ./test-instr echo 1 | ./afl-showmap -m none -q -o .test-instr1 ./test-instr + mkdir -p .out + ./afl-fuzz -i testcases/others/elf -o .out -- /dev/null | grep 'Found a free CPU core' + @rm -rf .out @rm -f test-instr @cmp -s .test-instr0 .test-instr1; DR="$$?"; rm -f .test-instr0 .test-instr1; if [ "$$DR" = "0" ]; then echo; echo "Oops, the instrumentation does not seem to be behaving correctly!"; echo; echo "Please ping to troubleshoot the issue."; echo; exit 1; fi @echo "[+] All right, the instrumentation seems to be working!" diff --git a/afl-fuzz.c b/afl-fuzz.c index 9cc3e5f9a..ecbebc90b 100644 --- a/afl-fuzz.c +++ b/afl-fuzz.c @@ -83,6 +83,8 @@ # define HAVE_AFFINITY 1 #endif /* __linux__ */ +#define __arraysize(arr) (sizeof(arr)/sizeof(arr[0])) + /* A toggle to export some variables when building as a library. Not very useful for the general public. */ @@ -490,25 +492,25 @@ static void bind_to_free_cpu(void) { } closedir(d); -#else +#elif defined(__FreeBSD__) struct kinfo_proc *procs; size_t nprocs; size_t proccount; cpuset_t c; - int s_name[3] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL}; - if (sysctl(s_name, 3, NULL, &nprocs, NULL, 0) < 0) return; + int s_name[] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL}; + if (sysctl(s_name, __arraysize(s_name), NULL, &nprocs, NULL, 0) < 0) return; proccount = nprocs / sizeof(*procs); procs = ck_alloc(nprocs); - if (sysctl(s_name, 3, NULL, &nprocs, NULL, 0) < 0) goto procs_free; + if (sysctl(s_name, __arraysize(s_name), NULL, &nprocs, NULL, 0) < 0) { + ck_free(procs); + return; + } - for (i = 0; i < proccount; i ++) { + for (i = 0; i < proccount; i++) { if (procs[i].ki_oncpu < sizeof(cpu_used)) cpu_used[procs[i].ki_oncpu] = 1; } -procs_free: - ck_free(procs); - #endif for (i = 0; i < cpu_core_count; i++) if (!cpu_used[i]) break; @@ -536,7 +538,7 @@ static void bind_to_free_cpu(void) { #ifdef __linux__ if (sched_setaffinity(0, sizeof(c), &c)) PFATAL("sched_setaffinity failed"); -#else +#elif defined(__FreeBSD__) if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) PFATAL("pthread_setaffinity failed"); #endif @@ -7398,9 +7400,9 @@ static void get_core_count(void) { #else - int s_name[2] = { CTL_HW, HW_NCPU }; + int s_name[] = { CTL_HW, HW_NCPU }; - if (sysctl(s_name, 2, &cpu_core_count, &s, NULL, 0) < 0) return; + if (sysctl(s_name, __arraysize(s_name), &cpu_core_count, &s, NULL, 0) < 0) return; #endif /* ^__APPLE__ */