Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e3a3ce0 authored by Stephen Crane's avatar Stephen Crane
Browse files

trusty: fuzz: dump trusty kernel logs on crash 

Adds an Abort() function to the fuzzer utils library that grabs and
prints the relevant trusty kernel logs before exiting the fuzzer.

Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: I7741c7e5e0ffdc402e3d3dd9a7e5856e2a640dd2
parent 6c0fb906

trusty/fuzz/include/trusty/fuzz/utils.h

+2 −0
Original line number Diff line number Diff line
@@ -43,6 +43,8 @@ class TrustyApp { 
    android::base::unique_fd ta_fd_;

};



void Abort();



}  // namespace fuzz

}  // namespace trusty

}  // namespace android

trusty/fuzz/utils.cpp

+44 −1
Original line number Diff line number Diff line
@@ -23,6 +23,9 @@ 
#include <linux/ioctl.h>

#include <linux/types.h>

#include <linux/uio.h>

#include <log/log_read.h>

#include <time.h>

#include <iostream>



using android::base::ErrnoError;

using android::base::Error;
@@ -32,7 +35,42 @@ using android::base::unique_fd; 
#define TIPC_IOC_MAGIC 'r'

#define TIPC_IOC_CONNECT _IOW(TIPC_IOC_MAGIC, 0x80, char*)



static const size_t kTimeoutSeconds = 5;

namespace {



const size_t kTimeoutSeconds = 5;

const std::string kTrustyLogTag = "trusty-log";



const time_t kInitialTime = time(nullptr);



void PrintTrustyLog() {

    auto logger_list = android_logger_list_open(LOG_ID_KERNEL, ANDROID_LOG_NONBLOCK, 1000, 0);

    if (logger_list == nullptr) {

        std::cerr << "Could not open android kernel log\n";

        return;

    }



    while (true) {

        log_msg log_msg;

        int rc = android_logger_list_read(logger_list, &log_msg);

        if (rc < 0) {

            break;

        }

        if (log_msg.entry.sec < kInitialTime) {

            continue;

        }

        char* msg = log_msg.msg();

        if (msg) {

            std::string line(msg, log_msg.entry.len);

            if (line.find(kTrustyLogTag) != std::string::npos) {

                std::cerr << line.substr(kTrustyLogTag.length() + 2) << std::endl;

            }

        }

    }



    android_logger_list_free(logger_list);

}



}  // namespace



namespace android {

namespace trusty {
@@ -104,6 +142,11 @@ Result<int> TrustyApp::GetRawFd() { 
    return ta_fd_;

}



void Abort() {

    PrintTrustyLog();

    exit(-1);

}



}  // namespace fuzz

}  // namespace trusty

}  // namespace android

trusty/gatekeeper/fuzz/fuzz.cpp

+3 −1
Original line number Diff line number Diff line
@@ -35,7 +35,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 
     * If we can't connect, then assume TA crashed.

     * TODO: Get some more info, e.g. stacks, to help Haiku dedup crashes.

     */

    assert(ret.ok());

    if (!ret.ok()) {

        android::trusty::fuzz::Abort();

    }



    /* Send message to test server */

    ret = ta.Write(data, size);