From 6434b83efb57ae49b335f69744651ff9846c29be Mon Sep 17 00:00:00 2001 From: Joey Jiao Date: Fri, 20 Dec 2019 15:15:36 +0800 Subject: [PATCH 1/3] Loop to next cpu core when set affinity failed In most Android devices, cpu#0 is small core while cpu#Max is big core --- afl-fuzz.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/afl-fuzz.c b/afl-fuzz.c index d356cc3ef..009f48954 100644 --- a/afl-fuzz.c +++ b/afl-fuzz.c @@ -488,9 +488,19 @@ static void bind_to_free_cpu(void) { closedir(d); - for (i = 0; i < cpu_core_count; i++) if (!cpu_used[i]) break; + + size_t cpu_start = 0; + +try: +#ifndef __ANDROID__ + for (i = cpu_start; i < cpu_core_count; i++) if (!cpu_used[i]) break; if (i == cpu_core_count) { +#else + for (i = cpu_core_count - cpu_start - 1; i > -1; i--) if (!cpu_used[i]) break; + + if (i == -1) { +#endif SAYF("\n" cLRD "[-] " cRST "Uh-oh, looks like all %u CPU cores on your system are allocated to\n" @@ -503,15 +513,20 @@ static void bind_to_free_cpu(void) { } - OKF("Found a free CPU core, binding to #%u.", i); + OKF("Found a free CPU core, try binding to #%u.", i); cpu_aff = i; CPU_ZERO(&c); CPU_SET(i, &c); - if (sched_setaffinity(0, sizeof(c), &c)) - PFATAL("sched_setaffinity failed"); + if (sched_setaffinity(0, sizeof(c), &c)) { + if (cpu_start == cpu_core_count) + PFATAL("sched_setaffinity failed to cpu %d, exit", i); + WARNF("sched_setaffinity failed to cpu %d, try next cpu", i); + cpu_start++; + goto try; + } } From f5731c75275c05f2d494cdecb22dce29b1efd199 Mon Sep 17 00:00:00 2001 From: Joey Jiao Date: Sat, 21 Dec 2019 10:25:56 +0800 Subject: [PATCH 2/3] Add ndk support --- Android.bp | 1 + 1 file changed, 1 insertion(+) diff --git a/Android.bp b/Android.bp index 9fdf6f044..e59129dbe 100755 --- a/Android.bp +++ b/Android.bp @@ -129,6 +129,7 @@ cc_library_static { vendor_available: true, host_supported: true, recovery_available: true, + sdk_version: "9", defaults: [ "afl-defaults", From c2793fd4beb1cf7d96beb476aea7046419b12402 Mon Sep 17 00:00:00 2001 From: Joey Jiao Date: Sun, 2 Feb 2020 09:59:38 +0800 Subject: [PATCH 3/3] Move setaffinity block into function --- afl-fuzz.c | 111 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 69 insertions(+), 42 deletions(-) diff --git a/afl-fuzz.c b/afl-fuzz.c index 009f48954..735ef1c5e 100644 --- a/afl-fuzz.c +++ b/afl-fuzz.c @@ -402,6 +402,74 @@ static void shuffle_ptrs(void** ptrs, u32 cnt) { #ifdef HAVE_AFFINITY +static void set_affinity_to_next_available_cpu(u8 *cpu_used) { + cpu_set_t c; + + u32 i; + size_t cpu_start = 0; + +#ifndef __ANDROID__ + for (i = cpu_start; i < cpu_core_count; i++) { + if (cpu_used[i]) continue; + + if (i == cpu_core_count) { + + SAYF("\n" cLRD "[-] " cRST + "Uh-oh, looks like all %u CPU cores on your system are allocated to\n" + " other instances of afl-fuzz (or similar CPU-locked tasks). Starting\n" + " another fuzzer on this machine is probably a bad plan, but if you are\n" + " absolutely sure, you can set AFL_NO_AFFINITY and try again.\n", + cpu_core_count); + + FATAL("No more free CPU cores"); + + } else { + OKF("Found a free CPU core, try binding to #%u.", i); + + cpu_aff = i; + + CPU_ZERO(&c); + CPU_SET(i, &c); + + if (sched_setaffinity(0, sizeof(c), &c)) { + WARNF("sched_setaffinity failed to cpu %d, try next cpu", i); + continue; + } + break; + } + } +#else + for (i = cpu_core_count - cpu_start - 1; i > -1; i--) { + if (cpu_used[i]) continue; + + if (i == -1) { + + SAYF("\n" cLRD "[-] " cRST + "Uh-oh, looks like all %u CPU cores on your system are allocated to\n" + " other instances of afl-fuzz (or similar CPU-locked tasks). Starting\n" + " another fuzzer on this machine is probably a bad plan, but if you are\n" + " absolutely sure, you can set AFL_NO_AFFINITY and try again.\n", + cpu_core_count); + + FATAL("No more free CPU cores"); + + } else { + OKF("Found a free CPU core, try binding to #%u.", i); + + cpu_aff = i; + + CPU_ZERO(&c); + CPU_SET(i, &c); + + if (sched_setaffinity(0, sizeof(c), &c)) { + WARNF("sched_setaffinity failed to cpu %d, try next cpu", i); + continue; + } + break; + } + } +#endif +} /* Build a list of processes bound to specific cores. Returns -1 if nothing can be found. Assumes an upper bound of 4k CPUs. */ @@ -410,10 +478,8 @@ static void bind_to_free_cpu(void) { DIR* d; struct dirent* de; - cpu_set_t c; u8 cpu_used[4096] = { 0 }; - u32 i; if (cpu_core_count < 2) return; @@ -488,46 +554,7 @@ static void bind_to_free_cpu(void) { closedir(d); - - size_t cpu_start = 0; - -try: -#ifndef __ANDROID__ - for (i = cpu_start; i < cpu_core_count; i++) if (!cpu_used[i]) break; - - if (i == cpu_core_count) { -#else - for (i = cpu_core_count - cpu_start - 1; i > -1; i--) if (!cpu_used[i]) break; - - if (i == -1) { -#endif - - SAYF("\n" cLRD "[-] " cRST - "Uh-oh, looks like all %u CPU cores on your system are allocated to\n" - " other instances of afl-fuzz (or similar CPU-locked tasks). Starting\n" - " another fuzzer on this machine is probably a bad plan, but if you are\n" - " absolutely sure, you can set AFL_NO_AFFINITY and try again.\n", - cpu_core_count); - - FATAL("No more free CPU cores"); - - } - - OKF("Found a free CPU core, try binding to #%u.", i); - - cpu_aff = i; - - CPU_ZERO(&c); - CPU_SET(i, &c); - - if (sched_setaffinity(0, sizeof(c), &c)) { - if (cpu_start == cpu_core_count) - PFATAL("sched_setaffinity failed to cpu %d, exit", i); - WARNF("sched_setaffinity failed to cpu %d, try next cpu", i); - cpu_start++; - goto try; - } - + set_affinity_to_next_available_cpu(cpu_used); } #endif /* HAVE_AFFINITY */