Skip to content

Commit

Permalink
feat(fuzzing): Add syscall monitoring to canister sandbox (#3420)
Browse files Browse the repository at this point in the history 
In #2513, we introduced the target
`//rs/execution_environment/fuzz:fuzzer_sandbox` that allows fuzzers to
use cansiter sandbox. In this PR, we improve the library to add syscall
monitoring over the sandbox to mimic a pseudo SELinux setting in a test
environment.

The current approach is simple as in the sandbox panics if it performs a
syscall not present in a static list. But the functionality can be
further improved in future PRs.

---------

Co-authored-by: IDX GitHub Automation <[email protected]>
  • Loading branch information
@venkkatesh-sekar
venkkatesh-sekar and IDX GitHub Automation authored Jan 17, 2025
1 parent 28e7b48 commit 02bf8de
Show file tree
Hide file tree
Showing 11 changed files with 397 additions and 10 deletions.
96 changes: 95 additions & 1 deletion Cargo.Bazel.Fuzzing.json.lock
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"checksum": "d14334a6540146e857234f0c2d53dfa2a79f782c6d482bbed88e84b89205e3b5",
"checksum": "47779dd70947956334194045d833b520303bd12424c6ae738db137a5ede73532",
"crates": {
"abnf 0.12.0": {
"name": "abnf",
Expand Down Expand Up @@ -19421,6 +19421,10 @@
"id": "syn 1.0.109",
"target": "syn"
},
{
"id": "syscalls 0.6.18",
"target": "syscalls"
},
{
"id": "tar 0.4.39",
"target": "tar"
Expand Down Expand Up @@ -69730,6 +69734,95 @@
],
"license_file": "LICENSE"
},
"syscalls 0.6.18": {
"name": "syscalls",
"version": "0.6.18",
"package_url": "https://github.com/jasonwhite/syscalls",
"repository": {
"Http": {
"url": "https://static.crates.io/crates/syscalls/0.6.18/download",
"sha256": "43d0e35dc7d73976a53c7e6d7d177ef804a0c0ee774ec77bcc520c2216fd7cbe"
}
},
"targets": [
{
"Library": {
"crate_name": "syscalls",
"crate_root": "src/lib.rs",
"srcs": {
"allow_empty": true,
"include": [
"**/*.rs"
]
}
}
},
{
"BuildScript": {
"crate_name": "build_script_build",
"crate_root": "build.rs",
"srcs": {
"allow_empty": true,
"include": [
"**/*.rs"
]
}
}
}
],
"library_target_name": "syscalls",
"common_attrs": {
"compile_data_glob": [
"**"
],
"crate_features": {
"common": [
"default",
"serde",
"serde_repr",
"std"
],
"selects": {}
},
"deps": {
"common": [
{
"id": "serde 1.0.217",
"target": "serde"
},
{
"id": "syscalls 0.6.18",
"target": "build_script_build"
}
],
"selects": {}
},
"edition": "2021",
"proc_macro_deps": {
"common": [
{
"id": "serde_repr 0.1.19",
"target": "serde_repr"
}
],
"selects": {}
},
"version": "0.6.18"
},
"build_script_attrs": {
"compile_data_glob": [
"**"
],
"data_glob": [
"**"
]
},
"license": "BSD-2-Clause",
"license_ids": [
"BSD-2-Clause"
],
"license_file": "LICENSE"
},
"system-configuration 0.5.1": {
"name": "system-configuration",
"version": "0.5.1",
Expand Down Expand Up @@ -87602,6 +87695,7 @@
"stubborn-io 0.3.2",
"subtle 2.6.1",
"syn 1.0.109",
"syscalls 0.6.18",
"tar 0.4.39",
"tarpc 0.34.0",
"tempfile 3.12.0",
Expand Down
11 changes: 11 additions & 0 deletions Cargo.Bazel.Fuzzing.toml.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3245,6 +3245,7 @@ dependencies = [
"stubborn-io",
"subtle",
"syn 1.0.109",
"syscalls",
"tar",
"tarpc",
"tempfile",
Expand Down Expand Up @@ -10893,6 +10894,16 @@ dependencies = [
"syn 2.0.87",
]

[[package]]
name = "syscalls"
version = "0.6.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "43d0e35dc7d73976a53c7e6d7d177ef804a0c0ee774ec77bcc520c2216fd7cbe"
dependencies = [
"serde",
"serde_repr",
]

[[package]]
name = "system-configuration"
version = "0.5.1"
Expand Down
96 changes: 95 additions & 1 deletion Cargo.Bazel.json.lock
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"checksum": "f9106b21c4c605032607acabc6e6c407a33a1457ae8fd8acc1b003ba2c0b58b2",
"checksum": "78e6ae0a6f656c3bc2e62f91681c90f7088a556e20471251f4b378d2f917e8f0",
"crates": {
"abnf 0.12.0": {
"name": "abnf",
Expand Down Expand Up @@ -19249,6 +19249,10 @@
"id": "syn 1.0.109",
"target": "syn"
},
{
"id": "syscalls 0.6.18",
"target": "syscalls"
},
{
"id": "tar 0.4.39",
"target": "tar"
Expand Down Expand Up @@ -69576,6 +69580,95 @@
],
"license_file": "LICENSE"
},
"syscalls 0.6.18": {
"name": "syscalls",
"version": "0.6.18",
"package_url": "https://github.com/jasonwhite/syscalls",
"repository": {
"Http": {
"url": "https://static.crates.io/crates/syscalls/0.6.18/download",
"sha256": "43d0e35dc7d73976a53c7e6d7d177ef804a0c0ee774ec77bcc520c2216fd7cbe"
}
},
"targets": [
{
"Library": {
"crate_name": "syscalls",
"crate_root": "src/lib.rs",
"srcs": {
"allow_empty": true,
"include": [
"**/*.rs"
]
}
}
},
{
"BuildScript": {
"crate_name": "build_script_build",
"crate_root": "build.rs",
"srcs": {
"allow_empty": true,
"include": [
"**/*.rs"
]
}
}
}
],
"library_target_name": "syscalls",
"common_attrs": {
"compile_data_glob": [
"**"
],
"crate_features": {
"common": [
"default",
"serde",
"serde_repr",
"std"
],
"selects": {}
},
"deps": {
"common": [
{
"id": "serde 1.0.217",
"target": "serde"
},
{
"id": "syscalls 0.6.18",
"target": "build_script_build"
}
],
"selects": {}
},
"edition": "2021",
"proc_macro_deps": {
"common": [
{
"id": "serde_repr 0.1.19",
"target": "serde_repr"
}
],
"selects": {}
},
"version": "0.6.18"
},
"build_script_attrs": {
"compile_data_glob": [
"**"
],
"data_glob": [
"**"
]
},
"license": "BSD-2-Clause",
"license_ids": [
"BSD-2-Clause"
],
"license_file": "LICENSE"
},
"system-configuration 0.5.1": {
"name": "system-configuration",
"version": "0.5.1",
Expand Down Expand Up @@ -87481,6 +87574,7 @@
"stubborn-io 0.3.2",
"subtle 2.6.1",
"syn 1.0.109",
"syscalls 0.6.18",
"tar 0.4.39",
"tarpc 0.34.0",
"tempfile 3.12.0",
Expand Down
11 changes: 11 additions & 0 deletions Cargo.Bazel.toml.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3234,6 +3234,7 @@ dependencies = [
"stubborn-io",
"subtle",
"syn 1.0.109",
"syscalls",
"tar",
"tarpc",
"tempfile",
Expand Down Expand Up @@ -10889,6 +10890,16 @@ dependencies = [
"syn 2.0.87",
]

[[package]]
name = "syscalls"
version = "0.6.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "43d0e35dc7d73976a53c7e6d7d177ef804a0c0ee774ec77bcc520c2216fd7cbe"
dependencies = [
"serde",
"serde_repr",
]

[[package]]
name = "system-configuration"
version = "0.5.1"
Expand Down
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -611,7 +611,7 @@ minicbor-derive = "0.13.0"
mockall = "0.13.0"
mockito = "1.2.0"
nftables = "0.4"
nix = "0.24.3"
nix = { version = "0.24.3", features = ["ptrace"] }
num_cpus = "1.16.0"
num-bigint = "0.4.6"
num-traits = { version = "0.2.12", features = ["libm"] }
Expand Down
6 changes: 6 additions & 0 deletions bazel/external_crates.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -819,6 +819,9 @@ def external_crates_repository(name, cargo_lockfile, lockfile, sanitizers_enable
),
"nix": crate.spec(
version = "^0.24.3",
features = [
"ptrace",
],
),
"num-bigint": crate.spec(
version = "^0.4.6",
Expand Down Expand Up @@ -1234,6 +1237,9 @@ def external_crates_repository(name, cargo_lockfile, lockfile, sanitizers_enable
"full",
],
),
"syscalls": crate.spec(
version = "^0.6.18",
),
"tar": crate.spec(
version = "^0.4.38",
),
Expand Down
5 changes: 2 additions & 3 deletions rs/embedders/fuzz/src/ic_wasm.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,8 @@ pub fn ic_wasm_config(embedder_config: EmbeddersConfig) -> Config {
max_funcs: embedder_config.max_functions,
max_instructions: WASM_FUNCTION_SIZE_LIMIT,

// TODO: Ignore data segments for now
min_data_segments: 0,
max_data_segments: 0,
min_data_segments: 2,
max_data_segments: 10,

allow_start_export: true,
export_everything: true,
Expand Down
9 changes: 8 additions & 1 deletion rs/execution_environment/fuzz/BUILD.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,14 @@ rust_library(
deps = [
"//rs/canister_sandbox:backend_lib",
"@crate_index//:libfuzzer-sys",
],
"@crate_index//:nix",
] + select({
"@rules_rust//rust/platform:linux": [
"@crate_index//:procfs",
"@crate_index//:syscalls",
],
"//conditions:default": [],
}),
)

rust_fuzz_test_binary(
Expand Down
5 changes: 4 additions & 1 deletion rs/execution_environment/fuzz/fuzz_targets/execute_subnet_message_update_settings.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@ use libfuzzer_sys::{fuzz_target, Corpus};
// bazel run --config=sandbox_fuzzing //rs/execution_environment/fuzz:execute_subnet_message_update_settings

fn main() {
fuzzer_sandbox::fuzzer_main();
let features = fuzzer_sandbox::SandboxFeatures {
syscall_tracing: false,
};
fuzzer_sandbox::fuzzer_main(features);
}

fuzz_target!(|args: UpdateSettingsArgs| -> Corpus {
Expand Down
5 changes: 4 additions & 1 deletion rs/execution_environment/fuzz/fuzz_targets/execute_system_api_call.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,10 @@ const HELLO_WORLD_WAT: &str = r#"
// bazel run --config=sandbox_fuzzing //rs/execution_environment/fuzz:execute_with_wasm_executor_system_api_call

fn main() {
fuzzer_sandbox::fuzzer_main();
let features = fuzzer_sandbox::SandboxFeatures {
syscall_tracing: true,
};
fuzzer_sandbox::fuzzer_main(features);
}

fuzz_target!(|data: ICWasmModule| {
Expand Down
Loading

0 comments on commit 02bf8de

Please sign in to comment.