aboutsummaryrefslogtreecommitdiffstats
path: root/csource/common.go
Commit message (Collapse)AuthorAgeFilesLines
* pkg/csource: move from csourceDmitry Vyukov2017-06-171-1975/+0
|
* executor: fix clang-tidy warningsDmitry Vyukov2017-06-131-15/+15
| | | | | A single check is enabled for now (misc-definitions-in-headers). But it's always fixable and found 2 bugs in csource.
* executor: add sys/sysmacros.h include for makedev in newer gccAndrey Konovalov2017-06-131-0/+1
|
* csource: don't use guard macros for debug() and NONFAILING()Andrey Konovalov2017-06-121-107/+69
|
* repro: always minimize over EnableTunAndrey Konovalov2017-06-121-1/+1
|
* csource: generate includes when necessaryAndrey Konovalov2017-06-121-25/+102
|
* csource: don't generate execute_syscall callsAndrey Konovalov2017-06-121-0/+2
|
* csource: use tmp dir in repeat loop when tmpdir flag is onAndrey Konovalov2017-06-121-1/+9
|
* csource: only emit fail(), exitf() and doexit() when necessaryAndrey Konovalov2017-06-121-1/+15
|
* csourse: don't generate debug printfsAndrey Konovalov2017-06-121-2/+32
|
* csource: try to simplify repeat loopAndrey Konovalov2017-06-121-3/+10
|
* csource: use sandbox only when requiredAndrey Konovalov2017-06-121-0/+2
|
* csource: emit bitmasks only when requiredAndrey Konovalov2017-06-121-15/+20
|
* csource: force enable tun flag when requiredAndrey Konovalov2017-06-121-10/+2
|
* csource: only handle SIGSEGV when necessaryAndrey Konovalov2017-06-121-9/+24
|
* executor: don't define SYZ_ENABLE_TUN in executorAndrey Konovalov2017-06-121-11/+11
|
* csource: use tmp dir only when necessaryAndrey Konovalov2017-06-121-1/+4
|
* executor: split setup_main_process into smaller functionsAndrey Konovalov2017-06-121-19/+17
|
* csource: add EnableTun optionAndrey Konovalov2017-06-121-29/+33
|
* executor: call flush_tun for repeat reprosAndrey Konovalov2017-06-121-7/+12
|
* executor: move inet checksum code under ifdefAndrey Konovalov2017-06-121-30/+32
|
* csource: regenerateDmitry Vyukov2017-06-031-1/+1
|
* csource: reproduce crashes with fault injectionDmitry Vyukov2017-05-261-7/+26
|
* sys, executor: extract tcp sequence numbers from /dev/net/tunAndrey Konovalov2017-05-261-10/+132
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds a new pseudo syscall syz_extract_tcp_res, that reads a packet from /dev/net/tun and extracts tcp sequence numbers to be used in subsequent packets. As a result this syzkaller program: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) listen(r0, 0x5) syz_emit_ethernet(0x36, &(0x7f0000002000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="4c6112cc15d8", [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}) syz_extract_tcp_res(&(0x7f0000003000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x38, &(0x7f0000004000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {"0c10"}}}}}}) r3 = accept$inet(r0, &(0x7f0000005000)={0x0, 0x0, @multicast1=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000006000)=0x10) established a TCP connection: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 5477/a.out tcp 2 0 172.20.0.170:20000 172.20.0.187:20001 ESTABLISHED 5477/a.out Similar program for IPv6: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x1, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) listen(r0, 0x5) syz_emit_ethernet(0x4a, &(0x7f0000001000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) syz_extract_tcp_res(&(0x7f0000002000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000003000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) r3 = accept$inet6(r0, &(0x7f0000004000)={0x0, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, &(0x7f0000005000)=0x1c) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::20001 :::* LISTEN 5527/a.out tcp6 0 0 fe80::aa:20001 fe80::bb:20000 ESTABLISHED 5527/a.out
* csource: regenerateDmitry Vyukov2017-05-251-0/+6
|
* prog, executor: move checksum computation to executorAndrey Konovalov2017-05-121-0/+30
| | | | | This commit moves checksum computation to executor. This will allow to embed dynamically generated values (like TCP sequence numbers) into packets.
* vm: add Odroid supportAndrey Konovalov2017-03-101-1/+1
| | | | | | | | | | | This commit adds Odroid C2 support to syzkaller. It's now possible to specify "type": "odroid" in manager config. Documentation on how to setup fuzzing with Odroid C2 board is here: https://github.com/google/syzkaller/wiki/Setup:-Odroid-C2 Note, that after this change libusb-1.0-0-dev package should be installed to build syzkaller.
* csource: regenerateDmitry Vyukov2017-03-051-1/+6
|
* executor: fix undefined setup_tun() function error in c reprosAndrey Konovalov2017-02-011-2/+6
|
* csource: regenerate and reformatDmitry Vyukov2017-02-011-2/+3
|
* executor: fix tun initialization when sandbox != noneAndrey Konovalov2017-01-311-14/+25
|
* sys: improve kvm descriptionDmitry Vyukov2017-01-281-63/+106
| | | | | | Allow fuzzer to change types of segment descriptors. Alter more flags. Allow fuzzer to do a random vmwrite.
* csource, syz-gce: regenerate and reformatDmitry Vyukov2017-01-271-2/+2
|
* executor: protect against memory corruptions betterDmitry Vyukov2017-01-251-2/+8
| | | | | | | | | | | Fuzzer has figured out how to corrupt input/output shmem regions abusing the text memcpy in syz_kvm_setup_cpu. It guessed a negative text_size value that causes the memcpy to overwrite shmem regions. Protect better against such cases: 1. Make text_size unsigned (there is already a check that it is less than 1000). 2. Map input region as readable only, we don't write to it. 3. Add address sanity check to segv_handler, if we see that we are writing into executable data, it's better to crash instantly.
* executor: change tun subnet to 172.20.*Andrey Konovalov2017-01-231-3/+3
|
* executor: fix warning regarding type cast in STORE_BY_BITMASKAndrey Konovalov2017-01-201-1/+1
|
* executor: fix copyin of valuesDmitry Vyukov2017-01-171-11/+13
| | | | | | Currently non-bitfield values are copied incorrectly. Probably all turned into zeros or something. Fix that. Add test.
* csource: regenerateDmitry Vyukov2017-01-171-0/+12
|
* sys, executor: more kvm improvementsDmitry Vyukov2017-01-121-13/+98
| | | | | | | 1. Basic support for arm64 kvm testing. 2. Fix compiler warnings in x86 kvm code. 3. Test all pseudo syz calls in csource. 4. Fix handling of real code in x86.
* sys: extend kvm supportDmitry Vyukov2017-01-091-0/+834
| | | | | | Add new pseudo syscall syz_kvm_setup_cpu that setups VCPU into interesting states for execution. KVM is too difficult to setup otherwise. Lots of improvements possible, but this is a starting point.
* executor: use NONFAILING strcpy in syz_open_devDmitry Vyukov2017-01-091-1/+1
| | | | The source is fuzzer provided memory, it can be non-addressable.
* csource: compile with -WerrorDmitry Vyukov2017-01-091-2/+2
| | | | | | Check for compiler warnings during compilation. Don't require -std=c99. Fix existing compiler warnings.
* executor: don't fail on ENOMEMDmitry Vyukov2016-12-161-1/+1
|
* executor: handle exit failuresDmitry Vyukov2016-12-081-9/+25
| | | | See the added comment for explanation.
* executor: add struct to cap structsDmitry Vyukov2016-12-071-7/+9
| | | | | Otherwise it does not compile as C. Also regenerate csource/common.go (it misses the MAX_PIDS change).
* executor: don't try to open tun if it's not enabledAndrey Konovalov2016-12-021-3/+8
|
* csourse: emit remove_dir only when neededAndrey Konovalov2016-11-291-0/+2
|
* executor: emit ethernet trafficAndrey Konovalov2016-11-291-12/+133
|
* csource: don't emit syz_ syscalls is they are not usedDmitry Vyukov2016-11-261-3/+26
|
* executor: fix sandbox=setuidDmitry Vyukov2016-11-221-0/+4
| | | | | Need to chmod(0777) the work dir before we do setuid(nobody). Otherwise nobody user won't have rights to use the temp dir.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 02:57:31 +0000