diff options
| author | Hrutvik Kanabar <hrutvik@google.com> | 2022-09-20 14:43:25 +0000 |
|---|---|---|
| committer | Marco Elver <me@marcoelver.com> | 2022-09-22 16:42:04 +0200 |
| commit | 3fddc7194573e00eabde07dbb8ff17b025eb5c75 (patch) | |
| tree | 666f974b48e810491fc10070d8176acbf881c3ac /tools | |
| parent | 5088f152247b1ec7659f72a05309254ca1b2b1d7 (diff) | |
pkg/mgrconfig, prog, syz-fuzzer: manager-configurable syscall mutation
Allow manager configuration to specify that certain syscalls should not
be mutated. This is expected to be useful when mutating certain syscalls
is unlikely to produce interesting executions. For example, mutating a
`syz_mount_image` call will likely produce a corrupt image.
Some implementation details:
- Add a `no_mutate_syscalls` manager config entry, with the same format
as `enable_syscalls`. Ensure this is parsed and stored in the config
as a set of syscall IDs.
- Send this set to fuzzers when they connect to their managers via RPC.
Ensure each fuzzer stores a copy of the set.
- When mutating arguments of a syscall, check first whether it has been
specified as non-mutatable.
- For all mutations not managed by a `syz-manager`, retain previous
behaviour by ensuring that no syscalls are considered non-mutable.
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/syz-mutate/mutate.go | 2 | ||||
| -rw-r--r-- | tools/syz-stress/stress.go | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/tools/syz-mutate/mutate.go b/tools/syz-mutate/mutate.go index b6b43f48f..7619acbd9 100644 --- a/tools/syz-mutate/mutate.go +++ b/tools/syz-mutate/mutate.go @@ -79,7 +79,7 @@ func main() { fmt.Fprintf(os.Stderr, "failed to deserialize the program: %v\n", err) os.Exit(1) } - p.Mutate(rs, *flagLen, ct, corpus) + p.Mutate(rs, *flagLen, ct, nil, corpus) } fmt.Printf("%s\n", p.Serialize()) } diff --git a/tools/syz-stress/stress.go b/tools/syz-stress/stress.go index 15847df16..26d17844b 100644 --- a/tools/syz-stress/stress.go +++ b/tools/syz-stress/stress.go @@ -104,13 +104,13 @@ func main() { if *flagGenerate && len(corpus) == 0 || i%4 != 0 { p = target.Generate(rs, prog.RecommendedCalls, ct) execute(pid, env, execOpts, p) - p.Mutate(rs, prog.RecommendedCalls, ct, corpus) + p.Mutate(rs, prog.RecommendedCalls, ct, nil, corpus) execute(pid, env, execOpts, p) } else { p = corpus[rnd.Intn(len(corpus))].Clone() - p.Mutate(rs, prog.RecommendedCalls, ct, corpus) + p.Mutate(rs, prog.RecommendedCalls, ct, nil, corpus) execute(pid, env, execOpts, p) - p.Mutate(rs, prog.RecommendedCalls, ct, corpus) + p.Mutate(rs, prog.RecommendedCalls, ct, nil, corpus) execute(pid, env, execOpts, p) } } |