diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2019-12-30 11:41:20 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2019-12-30 16:37:38 +0100 |
| commit | 6b36d33868a01cea153c3a9cca05aef3548e4aea (patch) | |
| tree | 5bafeab3ed23d24f167dd28d2b66d27b2d5bcf37 /sys/linux | |
| parent | 3203771359c999c7f7936897b06592758536af44 (diff) | |
syz-manager: corpus rotation
Use a random subset of syscalls/corpus/coverage for each individual VM run.
Hypothesis is that this should allow fuzzer to get more coverage
find more bugs in saturated state (stuck in local optimum).
See the issue and comments for details.
Update #1348
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/init.go | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/sys/linux/init.go b/sys/linux/init.go index fe214156e..aea6a6957 100644 --- a/sys/linux/init.go +++ b/sys/linux/init.go @@ -67,6 +67,7 @@ func InitTarget(target *prog.Target) { "usb_device_descriptor": arch.generateUsbDeviceDescriptor, "usb_device_descriptor_hid": arch.generateUsbHidDeviceDescriptor, } + // TODO(dvyukov): get rid of this, this must be in descriptions. target.StringDictionary = []string{ "user", "keyring", "trusted", "system", "security", "selinux", @@ -75,17 +76,24 @@ func InitTarget(target *prog.Target) { "lo", "eth0", "eth1", "em0", "em1", "wlan0", "wlan1", "ppp0", "ppp1", "vboxnet0", "vboxnet1", "vmnet0", "vmnet1", "GPL", } - switch target.Arch { + target.AuxResources = map[string]bool{ + "uid": true, + "pid": true, + "gid": true, + "timespec": true, + "timeval": true, + "time_sec": true, + "time_usec": true, + "time_nsec": true, + } + + switch target.Arch { case "amd64": target.SpecialPointers = []uint64{ 0xffffffff81000000, // kernel text } - case "386": - case "arm64": - case "arm": - case "ppc64le": - case "mips64le": + case "386", "arm64", "arm", "ppc64le", "mips64le": default: panic("unknown arch") } |