From f2774a04cabc28a851bfd8ca389acf61c6206fe2 Mon Sep 17 00:00:00 2001 From: Tom Cherry Date: Fri, 19 Jun 2020 14:01:16 -0700 Subject: [PATCH] logd: add fuzzer for SerializedLogBuffer and other improvements 1) Add fuzzer for SerializedLogBuffer 2) Enable fuzzing on host 3) Read logs after writing them 4) Silence log tags error on host Test: run these fuzzers Change-Id: Id5f0394546ecbccf5281e3d8855853be90dee3f0 --- logd/LogTags.cpp | 2 + logd/fuzz/Android.bp | 28 +++++++--- logd/fuzz/log_buffer_log_fuzzer.cpp | 59 +++++++++++++++++++--- logd/fuzz/serialized_log_buffer_fuzzer.cpp | 19 +++++++ 4 files changed, 94 insertions(+), 14 deletions(-) create mode 100644 logd/fuzz/serialized_log_buffer_fuzzer.cpp diff --git a/logd/LogTags.cpp b/logd/LogTags.cpp index 8e18f9d46..1b7107f8a 100644 --- a/logd/LogTags.cpp +++ b/logd/LogTags.cpp @@ -276,7 +276,9 @@ void LogTags::ReadFileEventLogTags(const char* filename, bool warn) { cp++; } } else if (warn) { +#ifdef __ANDROID__ LOG(ERROR) << "Cannot read " << filename; +#endif } } diff --git a/logd/fuzz/Android.bp b/logd/fuzz/Android.bp index 9834ff058..587eedca1 100644 --- a/logd/fuzz/Android.bp +++ b/logd/fuzz/Android.bp @@ -13,11 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -cc_fuzz { - name: "log_buffer_log_fuzzer", - srcs: [ - "log_buffer_log_fuzzer.cpp", - ], + +cc_defaults { + name: "log_fuzzer_defaults", static_libs: [ "libbase", "libcutils", @@ -25,9 +23,25 @@ cc_fuzz { "liblog", "liblogd", "libcutils", - "libsysutils", "libz", "libzstd", ], - cflags: ["-Werror"], + cflags: ["-Wextra"], + host_supported: true, +} + +cc_fuzz { + name: "log_buffer_log_fuzzer", + defaults: ["log_fuzzer_defaults"], + srcs: [ + "log_buffer_log_fuzzer.cpp", + ], +} + +cc_fuzz { + name: "serialized_log_buffer_fuzzer", + defaults: ["log_fuzzer_defaults"], + srcs: [ + "serialized_log_buffer_fuzzer.cpp", + ], } diff --git a/logd/fuzz/log_buffer_log_fuzzer.cpp b/logd/fuzz/log_buffer_log_fuzzer.cpp index a7a17921a..1dc996c12 100644 --- a/logd/fuzz/log_buffer_log_fuzzer.cpp +++ b/logd/fuzz/log_buffer_log_fuzzer.cpp @@ -15,10 +15,13 @@ */ #include +#include + #include "../ChattyLogBuffer.h" #include "../LogReaderList.h" #include "../LogReaderThread.h" #include "../LogStatistics.h" +#include "../SerializedLogBuffer.h" // We don't want to waste a lot of entropy on messages #define MAX_MSG_LENGTH 5 @@ -27,7 +30,20 @@ #define MIN_TAG_ID 1000 #define TAG_MOD 10 -namespace android { +#ifndef __ANDROID__ +unsigned long __android_logger_get_buffer_size(log_id_t) { + return 1024 * 1024; +} + +bool __android_logger_valid_buffer_size(unsigned long) { + return true; +} +#endif + +char* android::uidToName(uid_t) { + return strdup("fake"); +} + struct LogInput { public: log_id_t log_id; @@ -79,9 +95,13 @@ int write_log_messages(const uint8_t** pdata, size_t* data_left, LogBuffer* log_ return 1; } -char* uidToName(uid_t) { - return strdup("fake"); -} +class NoopWriter : public LogWriter { + public: + NoopWriter() : LogWriter(0, true) {} + bool Write(const logger_entry&, const char*) override { return true; } + + std::string name() const override { return "noop_writer"; } +}; extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // We want a random tag length and a random remaining message length @@ -89,11 +109,18 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return 0; } + android::base::SetMinimumLogSeverity(android::base::ERROR); + LogReaderList reader_list; LogTags tags; PruneList prune_list; LogStatistics stats(true); - LogBuffer* log_buffer = new ChattyLogBuffer(&reader_list, &tags, &prune_list, &stats); + std::unique_ptr log_buffer; +#ifdef FUZZ_SERIALIZED + log_buffer.reset(new SerializedLogBuffer(&reader_list, &tags, &stats)); +#else + log_buffer.reset(new ChattyLogBuffer(&reader_list, &tags, &prune_list, &stats)); +#endif size_t data_left = size; const uint8_t** pdata = &data; @@ -102,12 +129,30 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { log_id_for_each(i) { log_buffer->SetSize(i, 10000); } while (data_left >= sizeof(LogInput) + 2 * sizeof(uint8_t)) { - if (!write_log_messages(pdata, &data_left, log_buffer, &stats)) { + if (!write_log_messages(pdata, &data_left, log_buffer.get(), &stats)) { return 0; } } + // Read out all of the logs. + { + auto lock = std::unique_lock{reader_list.reader_threads_lock()}; + std::unique_ptr test_writer(new NoopWriter()); + std::unique_ptr log_reader( + new LogReaderThread(log_buffer.get(), &reader_list, std::move(test_writer), true, 0, + kLogMaskAll, 0, {}, 1, {})); + reader_list.reader_threads().emplace_back(std::move(log_reader)); + } + + // Wait until the reader has finished. + while (true) { + usleep(50); + auto lock = std::unique_lock{reader_list.reader_threads_lock()}; + if (reader_list.reader_threads().size() == 0) { + break; + } + } + log_id_for_each(i) { log_buffer->Clear(i, 0); } return 0; } -} // namespace android diff --git a/logd/fuzz/serialized_log_buffer_fuzzer.cpp b/logd/fuzz/serialized_log_buffer_fuzzer.cpp new file mode 100644 index 000000000..d4795b07d --- /dev/null +++ b/logd/fuzz/serialized_log_buffer_fuzzer.cpp @@ -0,0 +1,19 @@ +/* + * Copyright 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define FUZZ_SERIALIZED + +#include "log_buffer_log_fuzzer.cpp"