| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Introduce generic config.Load function that can be
reused across multiple programs (syz-manager, syz-gce, etc).
Move the generic config functionality to pkg/config package.
The idea is to move all helper (non-main) packages to pkg/ dir,
because we have more and more of them and they pollute the top dir.
Move the syz-manager config parts into syz-manager/config package.
|
| | |
|
| |
|
|
| |
There is a fallthrough in "gce" which now falls thrugh to "odroid" and fails there.
|
| |
|
|
|
|
|
|
|
|
|
| |
This commit adds Odroid C2 support to syzkaller.
It's now possible to specify "type": "odroid" in manager config.
Documentation on how to setup fuzzing with Odroid C2 board is here:
https://github.com/google/syzkaller/wiki/Setup:-Odroid-C2
Note, that after this change libusb-1.0-0-dev package should be
installed to build syzkaller.
|
| |
|
|
|
| |
Manager can send crashes and repros to a dashboard app.
Dashboard app is not checked-in yet.
|
| | |
|
| |
|
|
|
| |
We have "9p" special value, also GCE images are not local paths.
Don't mess with it.
|
| | |
|
| |
|
|
|
| |
Reproducing is still turned on by default,
turning it off can be useful for benchmarking.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Currently we always enable clock_gettime in config.
This is required since the call is needed for generation of timespec/timeval structs.
The negative side effect is that one gets clock_gettime even
if he wants to fuzz a small set of unrelated syscalls.
Don't enable clock_gettime by default.
Instead handle timeval/timespec as other resources.
|
| |
|
|
|
|
| |
Add new config parameter "ignores" which contains list of regexp expressions.
If one of the expressions is matched against oops line,
crash report is not saved and VM is not restarted.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
CreateVMConfig uses fileutil.ProcessTempDir to assign indices to VMs.
fileutil.ProcessTempDir generates unique indices globally across several processes.
This was required for old vm/qemu code that used the index to choose unique ssh port for the VM.
Now vm/qemu does not use index as port and this global index assignment started
causing problems for adb and gce. Adb really needs indexes to be dense --
index is used to choose adb device id (if we have 2 devices, index 3 causes
out of bounds panic). For gce it leads to creation of unnecessary VM instances
(if I set count=4, I want at most 4 VMs created).
Don't use fileutil.ProcessTempDir-generated index in CreateVMConfig
and instead just use the dense indices passed by caller.
|
| |
|
|
|
|
| |
Add config bin_args parameter that contains additional arguments for qemu binary.
This allows to specify e.g. "bin_args": "-machine virt -cpu cortex-a57".
Also restore qemu debugging output when -debug flag is specified.
|
| |
|
|
| |
syz-hub is used to exchange programs between syz-managers.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Name is used for identification on web ui
and included in gce instance names (so that
several managers can coexist in a single project).
|
| |
|
|
|
|
|
| |
If config contains "tag" parameter, save it along with crash reports.
The tag is meant to contain kernel branch/commit hash.
If workdir contains crashes from different kernel versions,
it is useful to be able to find out on what kernel revision a crash happened.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Device IDs are specified in "devices" config param.
|
| |
|
|
|
|
|
| |
Type "none" in config says manager to not manage any VMs,
and just manage the corpus (it still server RPCs).
This is useful when something else manages the VMs
and starts fuzzer processes on them.
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new namespace-based sanboxing is good,
but it's not always what one wants
(and also requires special kernel configs).
Change dropprivs config value to sandbox,
which can have different values (currently: none, setuid, namespace).
Setuid mode uses setuid(nobody) before fuzzing as before.
In future we can add more sandboxing modes or, say,
extend -sandbox=setuid to -sandbox=setuid:johndoe
to impersonolate into given user.
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
| |
Manager does not assume that empty syscalls list means
that all syscalls are enabled. So fill it always.
|
| |
|
|
|
|
|
| |
Currently the failure mode is too obscure,
so warn explicitly about these common cases.
Also make local mode more usable.
|
| |
|
|
| |
syz-execprog is not built by 'make', so syz-manager fails for first-timers.
|
| |
|
|
| |
It was duplicated in 3 programs.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
adb has more complex port forwarding setup, also / is mounted read-only.
Make VM interface more flexible to support such cases.
|
| |
|
|
| |
Mostly useful for local VM.
|
| | |
|
| |
|
|
| |
Fixes #9
|
|
|
Current interface is suitable only for running syz-fuzzer.
Make the interface more generic (boot, copy file, run an arbitrary command).
This allows to build other tools on top of vm package
(e.g. reproducer creation).
|
