diff --git a/contrib/fuzz/builtins.go b/contrib/fuzz/builtins.go new file mode 100644 index 000000000..175ebc791 --- /dev/null +++ b/contrib/fuzz/builtins.go @@ -0,0 +1,50 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package fuzz + +import ( + // base containerd imports + _ "github.com/containerd/containerd/diff/walking/plugin" + _ "github.com/containerd/containerd/events/plugin" + _ "github.com/containerd/containerd/gc/scheduler" + _ "github.com/containerd/containerd/leases/plugin" + _ "github.com/containerd/containerd/metadata/plugin" + _ "github.com/containerd/containerd/pkg/cri" + _ "github.com/containerd/containerd/pkg/nri/plugin" + _ "github.com/containerd/containerd/plugins/imageverifier" + _ "github.com/containerd/containerd/plugins/sandbox" + _ "github.com/containerd/containerd/plugins/streaming" + _ "github.com/containerd/containerd/plugins/transfer" + _ "github.com/containerd/containerd/runtime/restart/monitor" + _ "github.com/containerd/containerd/runtime/v2" + _ "github.com/containerd/containerd/services/containers" + _ "github.com/containerd/containerd/services/content" + _ "github.com/containerd/containerd/services/diff" + _ "github.com/containerd/containerd/services/events" + _ "github.com/containerd/containerd/services/healthcheck" + _ "github.com/containerd/containerd/services/images" + _ "github.com/containerd/containerd/services/introspection" + _ "github.com/containerd/containerd/services/leases" + _ "github.com/containerd/containerd/services/namespaces" + _ "github.com/containerd/containerd/services/opt" + _ "github.com/containerd/containerd/services/sandbox" + _ "github.com/containerd/containerd/services/snapshots" + _ "github.com/containerd/containerd/services/streaming" + _ "github.com/containerd/containerd/services/tasks" + _ "github.com/containerd/containerd/services/transfer" + _ "github.com/containerd/containerd/services/version" +) diff --git a/contrib/fuzz/builtins_linux.go b/contrib/fuzz/builtins_linux.go new file mode 100644 index 000000000..0be7b4929 --- /dev/null +++ b/contrib/fuzz/builtins_linux.go @@ -0,0 +1,27 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package fuzz + +import ( + // Linux specific imports + _ "github.com/containerd/containerd/metrics/cgroups" + _ "github.com/containerd/containerd/metrics/cgroups/v2" + _ "github.com/containerd/containerd/runtime/v2/runc/options" + _ "github.com/containerd/containerd/snapshots/blockfile/plugin" + _ "github.com/containerd/containerd/snapshots/native/plugin" + _ "github.com/containerd/containerd/snapshots/overlay/plugin" +) diff --git a/contrib/fuzz/builtins_unix.go b/contrib/fuzz/builtins_unix.go new file mode 100644 index 000000000..e7317c2f3 --- /dev/null +++ b/contrib/fuzz/builtins_unix.go @@ -0,0 +1,25 @@ +//go:build darwin || freebsd || solaris + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package fuzz + +import ( + // Unix specific imports + _ "github.com/containerd/containerd/snapshots/blockfile/plugin" + _ "github.com/containerd/containerd/snapshots/native/plugin" +) diff --git a/contrib/fuzz/builtins_windows.go b/contrib/fuzz/builtins_windows.go new file mode 100644 index 000000000..0501f8380 --- /dev/null +++ b/contrib/fuzz/builtins_windows.go @@ -0,0 +1,25 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package fuzz + +import ( + // Windows specific imports + _ "github.com/containerd/containerd/diff/lcow" + _ "github.com/containerd/containerd/diff/windows" + _ "github.com/containerd/containerd/snapshots/lcow" + _ "github.com/containerd/containerd/snapshots/windows" +) diff --git a/contrib/fuzz/containerd_import_fuzzer.go b/contrib/fuzz/containerd_import_fuzzer.go index 9b5154fdb..83164a0cc 100644 --- a/contrib/fuzz/containerd_import_fuzzer.go +++ b/contrib/fuzz/containerd_import_fuzzer.go @@ -22,16 +22,9 @@ import ( fuzz "github.com/AdaLogics/go-fuzz-headers" "github.com/containerd/containerd" - _ "github.com/containerd/containerd/cmd/containerd/builtins" "github.com/containerd/containerd/namespaces" ) -const ( - defaultRoot = "/var/lib/containerd" - defaultState = "/tmp/containerd" - defaultAddress = "/tmp/containerd/containerd.sock" -) - func fuzzContext() (context.Context, context.CancelFunc) { ctx, cancel := context.WithCancel(context.Background()) ctx = namespaces.WithNamespace(ctx, "fuzzing-namespace") diff --git a/contrib/fuzz/daemon.go b/contrib/fuzz/daemon.go index 4ce201801..37325a447 100644 --- a/contrib/fuzz/daemon.go +++ b/contrib/fuzz/daemon.go @@ -19,29 +19,83 @@ package fuzz import ( + "context" "sync" "time" - "github.com/containerd/containerd/cmd/containerd/command" + "github.com/containerd/containerd/defaults" + "github.com/containerd/containerd/services/server" + "github.com/containerd/containerd/services/server/config" + "github.com/containerd/containerd/sys" + "github.com/containerd/log" +) + +const ( + defaultRoot = "/var/lib/containerd" + defaultState = "/tmp/containerd" + defaultAddress = "/tmp/containerd/containerd.sock" ) var ( initDaemon sync.Once ) -func startDaemonForFuzzing(arguments []string) { - app := command.App() - _ = app.Run(arguments) -} - func startDaemon() { - args := []string{"--log-level", "debug"} + ctx := context.Background() + ctx, cancel := context.WithTimeout(ctx, 10*time.Second) + defer cancel() + + errC := make(chan error, 1) + go func() { - // This is similar to invoking the - // containerd binary. - // See contrib/fuzz/oss_fuzz_build.sh - // for more info. - startDaemonForFuzzing(args) + defer close(errC) + + srvconfig := &config.Config{ + Version: config.CurrentConfigVersion, + Root: defaultRoot, + State: defaultState, + Debug: config.Debug{ + Level: "debug", + }, + GRPC: config.GRPCConfig{ + Address: defaultAddress, + MaxRecvMsgSize: defaults.DefaultMaxRecvMsgSize, + MaxSendMsgSize: defaults.DefaultMaxSendMsgSize, + }, + DisabledPlugins: []string{}, + RequiredPlugins: []string{}, + } + + server, err := server.New(ctx, srvconfig) + if err != nil { + errC <- err + return + } + + l, err := sys.GetLocalListener(srvconfig.GRPC.Address, srvconfig.GRPC.UID, srvconfig.GRPC.GID) + if err != nil { + errC <- err + return + } + + go func() { + defer l.Close() + if err := server.ServeGRPC(l); err != nil { + log.G(ctx).WithError(err).WithField("address", srvconfig.GRPC.Address).Fatal("serve failure") + } + }() + + server.Wait() }() - time.Sleep(time.Second * 4) + + var err error + select { + case err = <-errC: + case <-ctx.Done(): + err = ctx.Err() + } + + if err != nil { + panic(err) + } }