Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fa8bf5be authored by Yifan Hong's avatar Yifan Hong Committed by Gerrit Code Review
Browse files

Merge changes from topic "snapshot_fuzz" 

* changes:
  libsnapshot_fuzzer: Add tests
  libsnapshot_fuzzer: add initial corpus
  libsnapshot_fuzzer: Attempt to cleanup env before and after
  libsnapshot_fuzzer: add new test directive to switch slot
  libsnapshot_fuzzer: mount data image
  libsnapshot_fuzzer: also create snapshots dir
  libsnapshot_fuzzer: Add ZERO to operation types
parents 7c1c1673 51bfe08d

fs_mgr/TEST_MAPPING

+3 −0
Original line number Diff line number Diff line
@@ -14,6 +14,9 @@ 
    },

    {

      "name": "vts_libsnapshot_test"

    },

    {

      "name": "libsnapshot_fuzzer_test"

    }

  ]

}

fs_mgr/libsnapshot/Android.bp

+18 −2
Original line number Diff line number Diff line
@@ -246,8 +246,8 @@ cc_test { 
    gtest: false,

}



cc_fuzz {

    name: "libsnapshot_fuzzer",

cc_defaults {

    name: "libsnapshot_fuzzer_defaults",



    // TODO(b/154633114): make host supported.

    // host_supported: true,
@@ -289,7 +289,12 @@ cc_fuzz { 
        canonical_path_from_root: false,

        local_include_dirs: ["."],

    },

}



cc_fuzz {

    name: "libsnapshot_fuzzer",

    defaults: ["libsnapshot_fuzzer_defaults"],

    corpus: ["corpus/*"],

    fuzz_config: {

        cc: ["android-virtual-ab+bugs@google.com"],

        componentid: 30545,
@@ -298,3 +303,14 @@ cc_fuzz { 
        fuzz_on_haiku_device: true,

    },

}



cc_test {

    name: "libsnapshot_fuzzer_test",

    defaults: ["libsnapshot_fuzzer_defaults"],

    data: ["corpus/*"],

    test_suites: [

        "device-tests",

    ],

    auto_gen_config: true,

    require_root: true,

}

fs_mgr/libsnapshot/android/snapshot/snapshot_fuzz.proto

+8 −1
Original line number Diff line number Diff line
@@ -64,6 +64,7 @@ message SnapshotManagerActionProto { 
        bool has_metadata_device_object = 1;

        bool metadata_mounted = 2;

    }

    reserved 18 to 9999;

    oneof value {

        NoArgs begin_update = 1;

        NoArgs cancel_update = 2;
@@ -82,6 +83,9 @@ message SnapshotManagerActionProto { 
        NoArgs dump = 15;

        NoArgs ensure_metadata_mounted = 16;

        NoArgs get_snapshot_merge_stats_instance = 17;



        // Test directives that has nothing to do with ISnapshotManager API surface.

        NoArgs switch_slot = 10000;

    }

}
@@ -97,7 +101,10 @@ message SnapshotFuzzData { 
    bool is_super_metadata_valid = 3;

    chromeos_update_engine.DeltaArchiveManifest super_data = 4;



    // Whether the directory that mocks /metadata/ota/snapshot is created.

    bool has_metadata_snapshots_dir = 5;



    // More data used to prep the test before running actions.

    reserved 5 to 9999;

    reserved 6 to 9999;

    repeated SnapshotManagerActionProto actions = 10000;

}

fs_mgr/libsnapshot/corpus/launch_device.txt

0 → 100644
+161 −0
Original line number Diff line number Diff line 
device_info_data {

  slot_suffix_is_a: true

  is_overlayfs_setup: false

  allow_set_boot_control_merge_status: true

  allow_set_slot_as_unbootable: true

  is_recovery: false

}

manager_data {

  is_local_image_manager: false

}

is_super_metadata_valid: true

super_data {

  partitions {

    partition_name: "sys_a"

    new_partition_info {

      size: 3145728

    }

  }

  partitions {

    partition_name: "vnd_a"

    new_partition_info {

      size: 3145728

    }

  }

  partitions {

    partition_name: "prd_a"

    new_partition_info {

      size: 3145728

    }

  }

  dynamic_partition_metadata {

    groups {

      name: "group_google_dp_a"

      size: 15728640

      partition_names: "sys_a"

      partition_names: "vnd_a"

      partition_names: "prd_a"

    }

  }

}

has_metadata_snapshots_dir: true

actions {

  begin_update {

  }

}

actions {

  create_update_snapshots {

    partitions {

      partition_name: "sys"

      new_partition_info {

        size: 3878912

      }

      operations {

        type: ZERO,

        dst_extents {

          start_block: 0

          num_blocks: 947

        }

      }

    }

    partitions {

      partition_name: "vnd"

      new_partition_info {

        size: 3878912

      }

      operations {

        type: ZERO,

        dst_extents {

          start_block: 0

          num_blocks: 947

        }

      }

    }

    partitions {

      partition_name: "prd"

      new_partition_info {

        size: 3878912

      }

      operations {

        type: ZERO,

        dst_extents {

          start_block: 0

          num_blocks: 947

        }

      }

    }

    dynamic_partition_metadata {

      groups {

        name: "group_google_dp"

        size: 15728640

        partition_names: "sys"

        partition_names: "vnd"

        partition_names: "prd"

      }

    }

  }

}

actions {

  map_update_snapshot {

    use_correct_super: true

    has_metadata_slot: true

    metadata_slot: 1

    partition_name: "sys_b"

    force_writable: true

    timeout_millis: 3000

  }

}

actions {

  map_update_snapshot {

    use_correct_super: true

    has_metadata_slot: true

    metadata_slot: 1

    partition_name: "vnd_b"

    force_writable: true

    timeout_millis: 3000

  }

}

actions {

  map_update_snapshot {

    use_correct_super: true

    has_metadata_slot: true

    metadata_slot: 1

    partition_name: "prd_b"

    force_writable: true

    timeout_millis: 3000

  }

}

actions {

  finished_snapshot_writes: false

}

actions {

  unmap_update_snapshot: "sys_b"

}

actions {

  unmap_update_snapshot: "vnd_b"

}

actions {

  unmap_update_snapshot: "prd_b"

}

actions {

  switch_slot {

  }

}

actions {

  need_snapshots_in_first_stage_mount {

  }

}

actions {

  create_logical_and_snapshot_partitions {

    use_correct_super: true

    timeout_millis: 5000

  }

}

actions {

  initiate_merge {

  }

}

actions {

  process_update_state {

  }

}

fs_mgr/libsnapshot/fuzz.sh

+8 −6
Original line number Diff line number Diff line
@@ -3,7 +3,8 @@ PROJECT_PATH=system/core/fs_mgr/libsnapshot 
FUZZ_TARGET=libsnapshot_fuzzer

TARGET_ARCH=$(get_build_var TARGET_ARCH)

FUZZ_BINARY=/data/fuzz/${TARGET_ARCH}/${FUZZ_TARGET}/${FUZZ_TARGET}

DEVICE_CORPSE_DIR=/data/local/tmp/${FUZZ_TARGET}

DEVICE_INIT_CORPUS_DIR=/data/fuzz/${TARGET_ARCH}/${FUZZ_TARGET}/corpus

DEVICE_GENERATED_CORPUS_DIR=/data/local/tmp/${FUZZ_TARGET}/corpus

DEVICE_GCOV_DIR=/data/local/tmp/${FUZZ_TARGET}/gcov

HOST_SCRATCH_DIR=/tmp/${FUZZ_TARGET}

GCOV_TOOL=${HOST_SCRATCH_DIR}/llvm-gcov
@@ -26,13 +27,14 @@ build_cov() { 


prepare_device() {

    adb root && adb remount &&

    adb shell mkdir -p ${DEVICE_CORPSE_DIR} &&

    adb shell mkdir -p ${DEVICE_GENERATED_CORPUS_DIR} &&

    adb shell rm -rf ${DEVICE_GCOV_DIR} &&

    adb shell mkdir -p ${DEVICE_GCOV_DIR}

}



push_binary() {

    adb push ${ANDROID_PRODUCT_OUT}/${FUZZ_BINARY} ${FUZZ_BINARY}

    adb push ${ANDROID_PRODUCT_OUT}/${FUZZ_BINARY} ${FUZZ_BINARY} &&

    adb push ${ANDROID_PRODUCT_OUT}/${DEVICE_INIT_CORPUS_DIR} $(dirname ${FUZZ_BINARY})

}



prepare_host() {
@@ -52,7 +54,7 @@ generate_corpus() { 
    prepare_device &&

    build_normal &&

    push_binary &&

    adb shell ${FUZZ_BINARY} "$@" ${DEVICE_CORPSE_DIR}

    adb shell ${FUZZ_BINARY} "$@" ${DEVICE_INIT_CORPUS_DIR} ${DEVICE_GENERATED_CORPUS_DIR}

}



run_snapshot_fuzz() {
@@ -62,7 +64,7 @@ run_snapshot_fuzz() { 
    adb shell GCOV_PREFIX=${DEVICE_GCOV_DIR} GCOV_PREFIX_STRIP=3 \

        ${FUZZ_BINARY} \

        -runs=0 \

        ${DEVICE_CORPSE_DIR}

        ${DEVICE_INIT_CORPUS_DIR} ${DEVICE_GENERATED_CORPUS_DIR}

}



show_fuzz_result() {
@@ -82,7 +84,7 @@ exec llvm-cov gcov "$@" 


# run_snapshot_fuzz -runs=10000

run_snapshot_fuzz_all() {

    generate_corpse "$@" &&

    generate_corpus "$@" &&

    run_snapshot_fuzz &&

    show_fuzz_result

}