From 4d70baf4d529f2084bac2a4f698a0bd6e9f700a0 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 18 Oct 2022 21:04:02 +0200 Subject: [PATCH] needed rebase --- infra/experimental/SystemSan/SystemSan.cpp | 21 ------------------- .../experimental/SystemSan/inspect_utils.cpp | 16 ++++++++++++-- infra/experimental/SystemSan/inspect_utils.h | 2 +- 3 files changed, 15 insertions(+), 24 deletions(-) diff --git a/infra/experimental/SystemSan/SystemSan.cpp b/infra/experimental/SystemSan/SystemSan.cpp index 74763cadbf64..5eb5d72404da 100644 --- a/infra/experimental/SystemSan/SystemSan.cpp +++ b/infra/experimental/SystemSan/SystemSan.cpp @@ -177,27 +177,6 @@ std::string read_string(pid_t pid, unsigned long reg, unsigned long length) { return content; } -void report_bug(std::string bug_type, pid_t tid) { - // Report the bug found based on the bug code. - std::cerr << "===BUG DETECTED: " << bug_type.c_str() << "===\n"; - // Rely on sanitizers/libFuzzer to produce a stacktrace by sending SIGABRT - // to the root process. - // Note: this may not be reliable or consistent if shell injection happens - // in an async way. - // Find the thread group id, that is the pid. - pid_t pid = tid; - auto parent = root_pids[tid]; - while (!parent.ran_exec) { - // Find the first parent which ran exec syscall. - if (parent.parent_tid == g_root_pid) { - break; - } - pid = parent.parent_tid; - parent = root_pids[parent.parent_tid]; - } - tgkill(pid, tid, SIGABRT); -} - void inspect_for_injection(pid_t pid, const user_regs_struct ®s) { // Inspect a PID's registers for the sign of shell injection. std::string path = read_string(pid, regs.rdi, kTripWire.length()); diff --git a/infra/experimental/SystemSan/inspect_utils.cpp b/infra/experimental/SystemSan/inspect_utils.cpp index 04c976ffab4c..e7dd294884e2 100644 --- a/infra/experimental/SystemSan/inspect_utils.cpp +++ b/infra/experimental/SystemSan/inspect_utils.cpp @@ -29,6 +29,7 @@ #include extern pid_t g_root_pid; +extern std::map root_pids; std::vector read_memory(pid_t pid, unsigned long long address, size_t size) { @@ -47,12 +48,23 @@ std::vector read_memory(pid_t pid, unsigned long long address, return memory; } -void report_bug(std::string bug_type) { +void report_bug(std::string bug_type, pid_t tid) { // Report the bug found based on the bug code. std::cerr << "===BUG DETECTED: " << bug_type.c_str() << "===\n"; // Rely on sanitizers/libFuzzer to produce a stacktrace by sending SIGABRT // to the root process. // Note: this may not be reliable or consistent if shell injection happens // in an async way. - tgkill(g_root_pid, g_root_pid, SIGABRT); + // Find the thread group id, that is the pid. + pid_t pid = tid; + auto parent = root_pids[tid]; + while (!parent.ran_exec) { + // Find the first parent which ran exec syscall. + if (parent.parent_tid == g_root_pid) { + break; + } + pid = parent.parent_tid; + parent = root_pids[parent.parent_tid]; + } + tgkill(pid, tid, SIGABRT); } diff --git a/infra/experimental/SystemSan/inspect_utils.h b/infra/experimental/SystemSan/inspect_utils.h index c27dbfb846d7..ccd8e61d8a29 100644 --- a/infra/experimental/SystemSan/inspect_utils.h +++ b/infra/experimental/SystemSan/inspect_utils.h @@ -25,4 +25,4 @@ std::vector read_memory(pid_t pid, unsigned long long address, size_t size); -void report_bug(std::string bug_type); +void report_bug(std::string bug_type, pid_t tid);