fuzz: Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing ("syscall sanitizer") #21538

pull practicalswift wants to merge 2 commits into bitcoin:master from practicalswift:seccomp-bpf-fuzzing changing 33 files +763 −3
  1. practicalswift commented at 10:29 AM on March 28, 2021: contributor

    Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing.

    This PR is based on #20487. Only the last commit is new to this PR.

    Example use:

    $ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=fuzzer --with-syscall-sandbox
$ make
$ FUZZ=example_fuzzing_harness src/test/fuzz/fuzz
…
ERROR: The syscall "socket" (syscall number 41) is not allowed by the syscall sandbox in thread "*unnamed*". Please report. Exiting.
terminate called without an active exception
==27953== ERROR: libFuzzer: deadly signal
…
    [#11](/github-metadata-backup-bitcoin-bitcoin/11/) 0x7f11a5dd0b20 in std::terminate() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x92b20)
    [#12](/github-metadata-backup-bitcoin-bitcoin/12/) 0x56445a4b8cb7 in (anonymous namespace)::SyscallSandboxDebugSignalHandler(int, siginfo_t*, void*) src/util/syscall_sandbox.cpp:71:5
…
artifact_prefix='./'; Test unit written to ./crash-78657a4e3dda0e9557c5a4f56dd9d19763459865

    In this example use of an unexpected networking syscall (socket) was detected when running the example harness example_fuzzing_harness.

  2. DrahtBot commented at 11:08 AM on March 28, 2021: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #22159 (build: Add --enable-trivial-auto-var-init-pattern option by MarcoFalke)
    • #22144 (Randomize message processing peer order by sipa)
    • #21789 (refactor: Remove ::Params() global from CChainState by MarcoFalke)
    • #21763 (test: Run AppInitSanityChecks before all tests by MarcoFalke)
    • #20744 ([POC] Use std::filesystem. Remove Boost Filesystem & System by fanquake)
    • #20487 (Add syscall sandboxing using seccomp-bpf (Linux secure computing mode) by practicalswift)
    • #16365 (Log RPC parameters (arguments) if -debug=rpcparams by LarryRuane)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  3. DrahtBot cross-referenced this on Mar 28, 2021 from issue net_processing: lock clean up by ajtowns
  4. DrahtBot added the label Build system on Mar 28, 2021
  5. DrahtBot added the label GUI on Mar 28, 2021
  6. DrahtBot added the label P2P on Mar 28, 2021
  7. DrahtBot added the label RPC/REST/ZMQ on Mar 28, 2021
  8. DrahtBot added the label Utils/log/libs on Mar 28, 2021
  9. DrahtBot added the label UTXO Db and Indexes on Mar 28, 2021
  10. DrahtBot added the label Validation on Mar 28, 2021
  11. DrahtBot cross-referenced this on Mar 28, 2021 from issue fuzz: execute each file in dir without fuzz engine by ghost
  12. DrahtBot cross-referenced this on Mar 28, 2021 from issue Move external signer out of wallet module by Sjors
  13. DrahtBot cross-referenced this on Mar 28, 2021 from issue tests: Run both descriptor and legacy tests within a single test invocation by achow101
  14. DrahtBot cross-referenced this on Mar 28, 2021 from issue Use std::filesystem. Remove Boost Filesystem & System by fanquake
  15. DrahtBot cross-referenced this on Mar 28, 2021 from issue multiprocess: Add bitcoin-wallet -ipcconnect option by ryanofsky
  16. DrahtBot cross-referenced this on Mar 28, 2021 from issue multiprocess: Add basic spawn and IPC support by ryanofsky
  17. DrahtBot cross-referenced this on Mar 28, 2021 from issue Log RPC parameters (arguments) if -debug=rpcparams by LarryRuane
  18. DrahtBot cross-referenced this on Mar 28, 2021 from issue Multiprocess bitcoin by ryanofsky
  19. practicalswift renamed this:
    fuzz: Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing
    fuzz: Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing ("syscall sanitizer")
    on Mar 28, 2021
  20. Umarovm approved
  21. practicalswift force-pushed on Mar 29, 2021
  22. practicalswift cross-referenced this on Mar 30, 2021 from issue Avoid use of "socket" syscall when formatting IP addresses in CNetAddr::ToString by practicalswift
  23. DrahtBot cross-referenced this on Apr 3, 2021 from issue rpc, gui: bumpfee signer support by Sjors
  24. DrahtBot cross-referenced this on Apr 3, 2021 from issue refactor: Create blockstorage module by MarcoFalke
  25. DrahtBot cross-referenced this on Apr 12, 2021 from issue multiprocess: Add bitcoin-gui -ipcconnect option by ryanofsky
  26. DrahtBot added the label Needs rebase on Apr 13, 2021
  27. practicalswift force-pushed on Apr 27, 2021
  28. DrahtBot removed the label Needs rebase on Apr 27, 2021
  29. DrahtBot cross-referenced this on Apr 28, 2021 from issue refactor: Remove ::Params() global from CChainState by MarcoFalke
  30. DrahtBot cross-referenced this on Apr 28, 2021 from issue test: Run AppInitSanityChecks before all tests by MarcoFalke
  31. DrahtBot cross-referenced this on Apr 28, 2021 from issue refactor: Move more stuff to blockstorage by MarcoFalke
  32. practicalswift force-pushed on Apr 28, 2021
  33. DrahtBot cross-referenced this on Apr 28, 2021 from issue Add syscall sandboxing using seccomp-bpf (Linux secure computing mode) by practicalswift
  34. DrahtBot cross-referenced this on Apr 28, 2021 from issue refactor: Cleanup thread ctor calls by hebasto
  35. DrahtBot commented at 9:32 AM on May 3, 2021: contributor

    <!--4a62be1de6b64f3ed646cdc7932c8cf5-->

    🕵️ @jonatack @sipa have been requested to review this pull request as specified in the REVIEWERS file.

  36. laanwj removed the label Build system on May 4, 2021
  37. laanwj removed the label GUI on May 4, 2021
  38. laanwj removed the label P2P on May 4, 2021
  39. laanwj removed the label RPC/REST/ZMQ on May 4, 2021
  40. laanwj removed the label UTXO Db and Indexes on May 4, 2021
  41. laanwj removed the label Utils/log/libs on May 4, 2021
  42. laanwj removed the label Validation on May 4, 2021
  43. laanwj added the label Tests on May 4, 2021
  44. DrahtBot added the label Needs rebase on May 5, 2021
  45. practicalswift force-pushed on May 12, 2021
  46. DrahtBot removed the label Needs rebase on May 12, 2021
  47. DrahtBot cross-referenced this on May 13, 2021 from issue fuzz: Terminate immediately if a fuzzing harness tries to create a TCP socket (belt and suspenders) by practicalswift
  48. DrahtBot cross-referenced this on May 14, 2021 from issue test: Fix off-by-one in mockscheduler test RPC by MarcoFalke
  49. DrahtBot added the label Needs rebase on May 15, 2021
  50. practicalswift force-pushed on May 15, 2021
  51. DrahtBot removed the label Needs rebase on May 15, 2021
  52. DrahtBot cross-referenced this on May 20, 2021 from issue fuzz: Terminate immediately if a fuzzing harness tries to perform a DNS lookup (belt and suspenders) by practicalswift
  53. DrahtBot added the label Needs rebase on May 21, 2021
  54. Add syscall sandboxing (seccomp-bpf) 0ea0870e2e
  55. Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing 333374a754
  56. practicalswift force-pushed on May 23, 2021
  57. DrahtBot removed the label Needs rebase on May 23, 2021
  58. DrahtBot cross-referenced this on Jun 4, 2021 from issue Randomize message processing peer order by sipa
  59. DrahtBot cross-referenced this on Jun 5, 2021 from issue build: Add --with-append-cxxflags option by MarcoFalke
  60. practicalswift closed this on Jun 7, 2021
  61. bitcoin locked this on Aug 18, 2022
Contributors
practicalswiftDrahtBotUmarovm
Labels
Tests
Linked (view graph)
#11 Nolisten patch#12 Monitor transactions and/or blocks#20487 Add syscall sandboxing using seccomp-bpf (Linux secure computing mode)#21466 Avoid use of "socket" syscall when formatting IP addresses in CNetAddr::ToString
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:54 UTC