diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2025-02-25 15:02:45 +0000 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2025-02-28 13:32:02 +0000 |
| commit | 17d36e51d0fc3e756c450827100222e1f09eb2f0 (patch) | |
| tree | e739c1250ae0eab62fb3174c3ebbb98906132737 /sys | |
| parent | 1e7a43e1953cb209e1a0ae4cf74256c17fbdedbd (diff) | |
sys/targets: add a kernel address range for FreeBSD/amd64 kernels
After some time, my FreeBSD fuzzing runs start to hit frequent "coverage
filter is full" SYZFAILs, caused by garbage PC values. Some assertions
in kcov convinced me that PC values exported by the kernel are in the
expected range, so it appears that the executor is corrupting them
somehow. In particular, we leave the first page of each kcov mapping
writeable since the interface to clear the trace buffer involves
overwriting the first quadword.
Sanitize kernel PC values so that we don't fill up the coverage filter
with bogus values.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/targets/targets.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/targets/targets.go b/sys/targets/targets.go index 18b722945..e1c763f42 100644 --- a/sys/targets/targets.go +++ b/sys/targets/targets.go @@ -357,6 +357,12 @@ var List = map[string]map[string]*Target{ // freebsd_12_shm_open, shm_open2, shm_rename, __realpathat, close_range, copy_file_range return nr == 482 || nr >= 569 }, + KernelAddresses: KernelAddresses{ + // On amd64 the kernel and KLDs are loaded into the top + // 2GB of the kernel address space. + TextStart: 0xffffffff80000000, + TextEnd: 0xffffffffffffffff, + }, }, ARM64: { PtrSize: 8, |