]>
git.proxmox.com Git - mirror_lxc.git/log
Christian Brauner [Mon, 29 Mar 2021 15:15:32 +0000 (17:15 +0200)]
autotools: remove --enable-{asan,ubsan} in favor of --enable-sanitizers
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 29 Mar 2021 14:45:46 +0000 (10:45 -0400)]
Merge pull request #3749 from brauner/2021-03-29/fixes
compiler: fix thread_local detection
Christian Brauner [Mon, 29 Mar 2021 14:06:16 +0000 (16:06 +0200)]
Merge pull request #3746 from evverx/CIFuzz-unblock-msan
CIFuzz: turn on MSan
Christian Brauner [Mon, 29 Mar 2021 13:42:54 +0000 (15:42 +0200)]
compiler: fix thread_local detection
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 29 Mar 2021 12:13:08 +0000 (08:13 -0400)]
Merge pull request #3748 from brauner/2021-03-29/fixes
fixes & config key validation
Christian Brauner [Mon, 29 Mar 2021 11:28:56 +0000 (13:28 +0200)]
lxccontainer: ensure second parameter to bsearch is never NULL
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 29 Mar 2021 10:49:51 +0000 (12:49 +0200)]
conf: fix thread_local support detection
Our detection for TLS wasn't working. Fix it.
Fixes: https://github.com/lxc/lxd/issues/8327
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 29 Mar 2021 10:34:33 +0000 (12:34 +0200)]
tests: add another test for garbage config key
where a valid key has trailing garbage at the end before the "=".
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 29 Mar 2021 10:33:33 +0000 (12:33 +0200)]
tests: fix two false negatives in parse_config_file()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 29 Mar 2021 10:16:23 +0000 (12:16 +0200)]
confile: cleanup set_config_net_script_down()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 29 Mar 2021 10:15:58 +0000 (12:15 +0200)]
confile: cleanup set_config_net_script_up()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 29 Mar 2021 10:15:43 +0000 (12:15 +0200)]
confile: cleanup set_config_net_mtu()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 29 Mar 2021 10:13:43 +0000 (12:13 +0200)]
confile: cleanup set_config_net_hwaddr()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 29 Mar 2021 10:01:49 +0000 (12:01 +0200)]
confile: clear netdev on network type change
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32584
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 29 Mar 2021 08:19:30 +0000 (10:19 +0200)]
confile: vet keys more aggressively
Enforce an exact match for all keys where we now the subkeys must match
exactly.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 28 Mar 2021 15:58:18 +0000 (17:58 +0200)]
confile: safely clean previous value in set_config_net_ipv4_gateway()
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32586
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 28 Mar 2021 15:54:26 +0000 (17:54 +0200)]
confile: safely clean previous value in set_config_net_ipv6_gateway()
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32610
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 28 Mar 2021 21:16:45 +0000 (23:16 +0200)]
Merge pull request #3745 from evverx/ubsan-msan-support
oss-fuzz/cifuzz: a couple of follow-up commits
Christian Brauner [Sun, 28 Mar 2021 17:20:49 +0000 (19:20 +0200)]
Merge pull request #3744 from evverx/oss-fuzz-32596
confile_utils: fix a signed integer overflow
Stéphane Graber [Sun, 28 Mar 2021 16:35:16 +0000 (12:35 -0400)]
Merge pull request #3743 from brauner/2021-03-27/fixes_3
oss-fuzz: fixes
Evgeny Vereshchagin [Sun, 28 Mar 2021 08:54:17 +0000 (08:54 +0000)]
string_utils: work around an MSan false positive
MSan doesn't instrument stpncpy (https://github.com/google/sanitizers/issues/926),
which causes the fuzzer to fail with:
```
$ cat ../minimized-from-
740f56329efc60eab59b8194132b712a873e88a3
lxc.console.size=123
$ ./out/fuzz-lxc-config-read ../minimized-from-
740f56329efc60eab59b8194132b712a873e88a3
INFO: Seed:
3561494591
INFO: Loaded 1 modules (18795 inline 8-bit counters): 18795 [0x866b98, 0x86b503),
INFO: Loaded 1 PC tables (18795 PCs): 18795 [0x86b508,0x8b4bb8),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: ../minimized-from-
740f56329efc60eab59b8194132b712a873e88a3
==850885==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x6b3e7f in parse_byte_size_string /home/vagrant/lxc/src/lxc/string_utils.c:912:6
#1 0x550991 in set_config_console_size /home/vagrant/lxc/src/lxc/confile.c:2483:8
#2 0x5346e2 in parse_line /home/vagrant/lxc/src/lxc/confile.c:2962:9
#3 0x64b3cd in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9
#4 0x53340c in lxc_config_read /home/vagrant/lxc/src/lxc/confile.c:3039:9
#5 0x4e7ec2 in LLVMFuzzerTestOneInput /home/vagrant/lxc/src/tests/fuzz-lxc-config-read.c:23:2
#6 0x44ad2c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x44ad2c)
#7 0x42ca4d in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42ca4d)
#8 0x433af0 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x433af0)
#9 0x423ff6 in main (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x423ff6)
#10 0x7f79bdc89081 in __libc_start_main (/lib64/libc.so.6+0x27081)
#11 0x42402d in _start (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42402d)
Uninitialized value was created by an allocation of 'dup' in the stack frame of function 'parse_byte_size_string'
#0 0x6b3330 in parse_byte_size_string /home/vagrant/lxc/src/lxc/string_utils.c:901
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/vagrant/lxc/src/lxc/string_utils.c:912:6 in parse_byte_size_string
Exiting
```
Closes https://oss-fuzz.com/testcase-detail/
5829890470445056
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Evgeny Vereshchagin [Sun, 28 Mar 2021 16:01:00 +0000 (16:01 +0000)]
cifuzz: turn on MSan
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Christian Brauner [Sat, 27 Mar 2021 20:14:02 +0000 (21:14 +0100)]
string_utils: handle overflow correct in parse_byte_size_string()
This takes the overflow handling code from the kernel.
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32549
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Evgeny Vereshchagin [Sun, 28 Mar 2021 06:53:44 +0000 (06:53 +0000)]
cifuzz: turn on UBsan
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Evgeny Vereshchagin [Sun, 28 Mar 2021 06:42:54 +0000 (06:42 +0000)]
oss-fuzz.sh: take SANITIZER into account
to make it possible to build the fuzzer with UBSan and MSan locally
```
$ SANITIZER=undefined ./src/tests/oss-fuzz.sh
$ printf 'lxc.signal.stop=sigrtmax-
020000000020 ' >oss-fuzz-32596
$ UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 ./out/fuzz-lxc-config-read oss-fuzz-32596
INFO: Seed:
595864277
INFO: Loaded 1 modules (61553 inline 8-bit counters): 61553 [0x80a1b0, 0x819221),
INFO: Loaded 1 PC tables (61553 PCs): 61553 [0x819228,0x909938),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: oss-fuzz-32596
confile_utils.c:1051:20: runtime error: signed integer overflow: 64 - -
2147483632 cannot be represented in type 'int'
#0 0x51799a in rt_sig_num /home/vagrant/lxc/src/lxc/confile_utils.c:1051:20
#1 0x517268 in sig_parse /home/vagrant/lxc/src/lxc/confile_utils.c:1069:11
#2 0x500ca4 in set_config_signal_stop /home/vagrant/lxc/src/lxc/confile.c:1738:10
#3 0x4b8c7c in parse_line /home/vagrant/lxc/src/lxc/confile.c:2962:9
#4 0x5a5eb0 in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9
```
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Evgeny Vereshchagin [Sun, 28 Mar 2021 05:29:43 +0000 (05:29 +0000)]
confile_utils: fix a signed integer overflow
This was triggered by the following chain of conversions:
lxc_safe_uint("
020000000020 ") ->
2147483664 (uint)
sig_num(
2147483664 (uint)) -> -
2147483632 (int)
64 - -
2147483632 cannot be represented in type 'int'
Closes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32596
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Christian Brauner [Sat, 27 Mar 2021 19:59:15 +0000 (20:59 +0100)]
confile: don't leak memory in case multiple shmounts are set
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32503
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 27 Mar 2021 19:49:19 +0000 (20:49 +0100)]
confile: add missing prefix validation
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32488
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 27 Mar 2021 18:32:51 +0000 (14:32 -0400)]
Merge pull request #3741 from brauner/2021-03-27/fixes_2
confile_utils: free list during lxc_remove_nic_by_idx()
Christian Brauner [Sat, 27 Mar 2021 17:42:24 +0000 (18:42 +0100)]
confile_utils: free list during lxc_remove_nic_by_idx()
Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 27 Mar 2021 15:48:18 +0000 (11:48 -0400)]
Merge pull request #3739 from brauner/2021-03-27/fixes
oss-fuzz: fixes
Evgeny Vereshchagin [Sat, 27 Mar 2021 11:25:10 +0000 (11:25 +0000)]
ci: turn on ASan on CIFuzz
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Christian Brauner [Sat, 27 Mar 2021 13:31:50 +0000 (14:31 +0100)]
confile: prevent recursion when parsing networks
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Evgeny Vereshchagin [Sat, 27 Mar 2021 10:58:29 +0000 (10:58 +0000)]
confile: fix a memory leak in set_config_net_hwaddr
It was found by ClusterFuzz in https://oss-fuzz.com/testcase-detail/
4747480244813824
but hasn't been reported on Monorail
(https://bugs.chromium.org/p/oss-fuzz/) yet
```
$ cat minimized-from-
1a18983c13ce64e8a3bd0f699a97d25beb21481e
lxc.net.0.hwaddr=0
lxc.net.0.hwaddr=4
./out/fuzz-lxc-config-read minimized-from-
1a18983c13ce64e8a3bd0f699a97d25beb21481e
INFO: Seed:
1473396311
INFO: Loaded 1 modules (18821 inline 8-bit counters): 18821 [0x885fa0, 0x88a925),
INFO: Loaded 1 PC tables (18821 PCs): 18821 [0x88a928,0x8d4178),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: minimized-from-
1a18983c13ce64e8a3bd0f699a97d25beb21481e
=================================================================
==226185==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4d25d7 in strdup (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x4d25d7)
#1 0x58e48f in set_config_net_hwaddr /home/vagrant/lxc/src/lxc/confile.c:654:14
#2 0x59af3b in set_config_net_nic /home/vagrant/lxc/src/lxc/confile.c:5276:9
#3 0x571c29 in parse_line /home/vagrant/lxc/src/lxc/confile.c:2958:9
#4 0x61b0b2 in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9
#5 0x5710ed in lxc_config_read /home/vagrant/lxc/src/lxc/confile.c:3035:9
#6 0x542cd6 in LLVMFuzzerTestOneInput /home/vagrant/lxc/src/tests/fuzz-lxc-config-read.c:23:2
#7 0x449e8c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x449e8c)
#8 0x42bbad in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42bbad)
#9 0x432c50 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x432c50)
#10 0x423136 in main (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x423136)
#11 0x7f2cbb992081 in __libc_start_main (/lib64/libc.so.6+0x27081)
SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).
```
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Christian Brauner [Sat, 27 Mar 2021 10:37:26 +0000 (11:37 +0100)]
confile: improve network vetting
Move all input sanity checks up and add two missing checks for the
correct network type when using veth-vlan and vlan network types.
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32513
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 27 Mar 2021 07:09:56 +0000 (08:09 +0100)]
confile: use correct check for too large network lists
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 27 Mar 2021 07:09:09 +0000 (08:09 +0100)]
confile: make string calculations in get_network_config_ops() more obvious
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 27 Mar 2021 06:56:22 +0000 (07:56 +0100)]
conf: coding style cleanups
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 27 Mar 2021 06:52:33 +0000 (07:52 +0100)]
confile_utils: free network list items
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 27 Mar 2021 06:51:01 +0000 (07:51 +0100)]
conf: reinitialize lists
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 27 Mar 2021 06:14:56 +0000 (07:14 +0100)]
string_utils: always memset buf in lxc_safe_int64_residual()
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32482
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 26 Mar 2021 22:22:30 +0000 (18:22 -0400)]
Merge pull request #3738 from brauner/2021-03-26/fixes_3
oss-fuzz: fixes
Christian Brauner [Fri, 26 Mar 2021 22:02:59 +0000 (23:02 +0100)]
confile: fix returns in set_config_net_veth_vlan_tagged_id()
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32494
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 21:47:55 +0000 (22:47 +0100)]
confile: fix setting prlimits
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 21:42:28 +0000 (22:42 +0100)]
conf: don't leak list
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 26 Mar 2021 21:52:57 +0000 (17:52 -0400)]
Merge pull request #3736 from brauner/2021-03-26/fixes_3
oss-fuzz: fixes
Christian Brauner [Fri, 26 Mar 2021 21:32:18 +0000 (22:32 +0100)]
log: avoid regressions for relative log paths
We need to allow relative log paths.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 19:21:53 +0000 (20:21 +0100)]
string_utils: fix parse_byte_size_string()
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32475
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 18:37:52 +0000 (19:37 +0100)]
confile_utils: improve network parser
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 19:45:39 +0000 (20:45 +0100)]
Merge pull request #3737 from evverx/oss-fuzz-fixes
oss-fuzz: a few follow-up commits
Christian Brauner [Fri, 26 Mar 2021 16:18:08 +0000 (17:18 +0100)]
Merge pull request #3731 from samboyles1/master
network: handle name collisions when returning interfaces to host
Stéphane Graber [Fri, 26 Mar 2021 16:00:04 +0000 (12:00 -0400)]
Merge pull request #3735 from brauner/2021-03-26/fixes_2
oss-fuzz: fixes
Christian Brauner [Fri, 26 Mar 2021 15:42:57 +0000 (16:42 +0100)]
conf: prevent UAF in lxc_clear_limits()
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 15:38:49 +0000 (16:38 +0100)]
confile_utils: fix real-time signal parsing
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32521
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 15:02:04 +0000 (16:02 +0100)]
confile: don't leak memory when overwriting lxc.rootfs.options
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32473
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 14:35:37 +0000 (15:35 +0100)]
Merge pull request #3733 from evverx/move-from-oss-fuzz
oss-fuzz: make it possible to build the fuzzer without docker
Stéphane Graber [Fri, 26 Mar 2021 14:30:47 +0000 (10:30 -0400)]
Merge pull request #3734 from brauner/2021-03-26/fixes_2
confile: be stricter in config helpers
Christian Brauner [Fri, 26 Mar 2021 14:08:03 +0000 (15:08 +0100)]
confile: be stricter in config helpers
We never call these helper without an initialized config afaict but
since we're now exposing these two functions to oss-fuzz directly in a
way we never do to users so let's be stricter about it.
Inspired-by: #3733
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 26 Mar 2021 12:26:41 +0000 (08:26 -0400)]
Merge pull request #3732 from brauner/2021-03-26/fixes
log: dont create log file for fuzz builds
Christian Brauner [Fri, 26 Mar 2021 11:10:02 +0000 (12:10 +0100)]
log: handle empty log name
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32491
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 10:34:21 +0000 (11:34 +0100)]
log: don't create directories for fuzz builds
Fixes: #3730
Fixes: https://github.com/google/oss-fuzz/issues/5509
Suggested-by: Evgeny Vereshchagin <evvers@ya.ru>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 26 Mar 2021 08:03:46 +0000 (09:03 +0100)]
log: dont create log file for fuzz builds
Fixes: #3730
Fixes: https://github.com/google/oss-fuzz/issues/5509
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Evgeny Vereshchagin [Fri, 26 Mar 2021 05:40:36 +0000 (05:40 +0000)]
fuzz: generate all the config keys and add them to the seed corpus
It should help to cover more code faster
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Evgeny Vereshchagin [Fri, 26 Mar 2021 05:20:51 +0000 (05:20 +0000)]
README: add OSS-Fuzz/CIFuzz badges
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Evgeny Vereshchagin [Fri, 26 Mar 2021 05:03:06 +0000 (05:03 +0000)]
fuzz: create tmpfiles in /tmp
It's mostly a cosmetic change that should prevent the fuzzer
from cluttering the "$OUT" directory (which OSS-Fuzz uses to
build docker images):
```
Step #44: Already have image: gcr.io/oss-fuzz/lxc
Step #44: adding: fuzz-lxc-config-read (deflated 67%)
Step #44: adding: fuzz-lxc-config-read-WBWKxN (deflated 32%)
Step #44: adding: fuzz-lxc-config-read_seed_corpus.zip (stored 0%)
Step #44: adding: honggfuzz (deflated 66%)
Step #44: adding: llvm-symbolizer (deflated 65%)
```
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Sam Boyles [Fri, 26 Mar 2021 02:00:18 +0000 (15:00 +1300)]
network: handle name collisions when returning physical interfaces to host
Reviewed-by: Blair Steven <blair.steven@alliedtelesis.co.nz>
Signed-off-by: Sam Boyles <sam.boyles@alliedtelesis.co.nz>
Evgeny Vereshchagin [Thu, 25 Mar 2021 22:00:36 +0000 (22:00 +0000)]
oss-fuzz: make it possible to build the fuzzer without docker
With this patch applied the fuzz target can be built (with ASan)
and run with
```
./src/tests/oss-fuzz.sh
./out/fuzz-lxc-config-read doc/examples/
```
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32475 can be
reproduced by running
```
$ echo "lxc.console.buffer.size=d" >oss-fuzz-32475
$ ./out/fuzz-lxc-config-read ./oss-fuzz-32475
INFO: Seed:
1044753468
INFO: Loaded 1 modules (18770 inline 8-bit counters): 18770 [0x883cc0, 0x888612),
INFO: Loaded 1 PC tables (18770 PCs): 18770 [0x888618,0x8d1b38),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: oss-fuzz-32475
=================================================================
==
2052097 ==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcca063e7f at pc 0x000000659e0d bp 0x7ffcca063e30 sp 0x7ffcca063e28
READ of size 1 at 0x7ffcca063e7f thread T0
...
```
I'll point OSS-Fuzz to the build script once this patch is merged.
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Stéphane Graber [Thu, 25 Mar 2021 23:17:37 +0000 (19:17 -0400)]
Merge pull request #3729 from brauner/2021-03-25/fixes_3
oss-fuzz: fixes
Christian Brauner [Thu, 25 Mar 2021 22:47:18 +0000 (23:47 +0100)]
conf: use lxc_list_new() everywhere
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 25 Mar 2021 22:38:24 +0000 (23:38 +0100)]
confile: use lxc_list_new() everywhere
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 25 Mar 2021 22:32:35 +0000 (23:32 +0100)]
list: add lxc_list_new() helper
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 25 Mar 2021 22:22:53 +0000 (23:22 +0100)]
confile_utils: delete netdev from list
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32478
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 25 Mar 2021 22:10:57 +0000 (23:10 +0100)]
conf: reinitialize sysctl list after clearing it
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32474
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 25 Mar 2021 22:01:09 +0000 (23:01 +0100)]
confile: fix set_config_sysctl()
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32487
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 25 Mar 2021 15:45:02 +0000 (16:45 +0100)]
Merge pull request #3726 from evverx/cifuzz
ci: turn on CIFuzz
Christian Brauner [Thu, 25 Mar 2021 14:51:19 +0000 (15:51 +0100)]
Merge pull request #3725 from evverx/se_keyring_context_memory_leak
conf: fix a memory leak
Stéphane Graber [Thu, 25 Mar 2021 12:26:55 +0000 (08:26 -0400)]
Merge pull request #3724 from brauner/2021-03-25/fixes
confile_utils: don't free netdev twice
Evgeny Vereshchagin [Thu, 25 Mar 2021 09:40:51 +0000 (09:40 +0000)]
ci: turn on CIFuzz
Now that lxc has been integrated into OSS-Fuzz it should be
possible to start using https://google.github.io/oss-fuzz/getting-started/continuous-integration/
(mostly to make sure that the project is buildable there).
It should help to keep the integration in more or less good shape.
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Evgeny Vereshchagin [Thu, 25 Mar 2021 09:03:21 +0000 (09:03 +0000)]
conf: fix a memory leak
It was triggered by passing "lxc.selinux.context.keyring=xroot" to the
fuzz target introduced in https://github.com/google/oss-fuzz/pull/5498
```
=================================================================
==22==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x538ca4 in __strdup /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3
#1 0x5c40e8 in set_config_string_item /src/lxc/src/lxc/confile_utils.c:635:14
#2 0x44394e in set_config_selinux_context_keyring /src/lxc/src/lxc/confile.c:1596:9
#3 0x5af955 in parse_line /src/lxc/src/lxc/confile.c:2953:9
#4 0x4475cd in lxc_file_for_each_line_mmap /src/lxc/src/lxc/parse.c:125:9
#5 0x5af24f in lxc_config_read /src/lxc/src/lxc/confile.c:3024:9
#6 0x580b04 in LLVMFuzzerTestOneInput /src/fuzz-lxc-config-read.c:36:2
#7 0x483643 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
#8 0x46d4a2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#9 0x4732ea in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
#10 0x49f022 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7f16d09b883f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
```
This is a follow-up to https://github.com/lxc/lxc/commit/
4fef78bc332a2d186dca6f
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Christian Brauner [Thu, 25 Mar 2021 07:23:25 +0000 (08:23 +0100)]
confile_utils: don't free netdev twice
lxc_free_netdev() will already free the list element.
Fixes: https://github.com/google/oss-fuzz/pull/5498
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 23 Mar 2021 12:53:36 +0000 (08:53 -0400)]
Merge pull request #3720 from brauner/2021-03-23/fixes
strchrnul: fix copy-paste braino
Christian Brauner [Tue, 23 Mar 2021 10:34:57 +0000 (11:34 +0100)]
strchrnul: fix copy-paste braino
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Mon, 22 Mar 2021 12:53:52 +0000 (08:53 -0400)]
Merge pull request #3719 from brauner/2021-03-22/fixes
strchrnul: ignore increased required alignment warning
Christian Brauner [Mon, 22 Mar 2021 09:10:36 +0000 (10:10 +0100)]
strchrnul: ignore increased required alignment warning
Fixes: https://jenkins.linuxcontainers.org/view/LXC/job/lxc-build-android/7949/console
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 21 Mar 2021 15:22:17 +0000 (11:22 -0400)]
Merge pull request #3718 from brauner/2021-03-21/fixes_2
configure: fix strchrnul conditiona compilation
Christian Brauner [Sun, 21 Mar 2021 15:02:40 +0000 (16:02 +0100)]
configure: fix strchrnul conditiona compilation
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sun, 21 Mar 2021 12:48:50 +0000 (08:48 -0400)]
Merge pull request #3717 from brauner/2021-03-21/fixes
include: fix typo
Christian Brauner [Sun, 21 Mar 2021 09:08:15 +0000 (10:08 +0100)]
include: fix typo
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Sat, 20 Mar 2021 18:56:27 +0000 (14:56 -0400)]
Merge pull request #3716 from brauner/2021-03-19/fixes
string_utils: provide a version of strchrnul() in case it's not avail…
Christian Brauner [Fri, 19 Mar 2021 14:19:07 +0000 (15:19 +0100)]
string_utils: provide a version of strchrnul() in case it's not available
This should only happen on Android.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Thu, 18 Mar 2021 12:43:28 +0000 (08:43 -0400)]
Merge pull request #3715 from brauner/2021-03-18/fixes
rexec: don't close stderr
Christian Brauner [Thu, 18 Mar 2021 11:11:32 +0000 (12:11 +0100)]
rexec: don't close stderr
Otherwise we'll fail to attach to containers later on.
Fixes: https://discuss.linuxcontainers.org/t/error-failed-to-retrieve-pid-of-executing-child-process
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 17 Mar 2021 20:19:48 +0000 (21:19 +0100)]
Merge pull request #3712 from stgraber/master
github: Fix invalid syntax for coverity
Stéphane Graber [Wed, 17 Mar 2021 20:18:07 +0000 (16:18 -0400)]
github: Fix invalid syntax for coverity
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Wed, 17 Mar 2021 19:58:05 +0000 (20:58 +0100)]
Merge pull request #3711 from stgraber/master
Switch to Github actions
Stéphane Graber [Wed, 17 Mar 2021 18:09:57 +0000 (14:09 -0400)]
Switch to Github actions
Travis-CI has been a disaster lately with us running out of credits or
their system thinking we're out of credit anyway...
So with Jenkins now covering arm64, let's move the rest of the CI to
Github Actions instead.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Wed, 17 Mar 2021 18:52:11 +0000 (14:52 -0400)]
Merge pull request #3710 from brauner/2021-03-17/fixes
macro: define __aligned_u64 to handle kernels without such support
Christian Brauner [Wed, 17 Mar 2021 18:28:26 +0000 (19:28 +0100)]
macro: define __aligned_u64 to handle kernels without such support
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 17 Mar 2021 12:40:27 +0000 (08:40 -0400)]
Merge pull request #3708 from brauner/2021-03-17/fixes
cgroups: ignore unused controllers
Christian Brauner [Wed, 17 Mar 2021 08:24:56 +0000 (09:24 +0100)]
cgroups: ignore unused controllers
Someone might have created a name=<controller> controller after the
container has started and so the container doesn't make use of this
controller.
Link: https://github.com/lxc/lxd/issues/8577
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>