aboutsummaryrefslogtreecommitdiffstats
path: root/csource/csource.go
Commit message (Collapse)AuthorAgeFilesLines
* pkg/csource: move from csourceDmitry Vyukov2017-06-171-533/+0
|
* executor: fix clang-tidy warningsDmitry Vyukov2017-06-131-1/+9
| | | | | A single check is enabled for now (misc-definitions-in-headers). But it's always fixable and found 2 bugs in csource.
* csource: don't use guard macros for debug() and NONFAILING()Andrey Konovalov2017-06-121-16/+28
|
* repro: always minimize over EnableTunAndrey Konovalov2017-06-121-6/+8
|
* csource: generate includes when necessaryAndrey Konovalov2017-06-121-1/+9
|
* csource: don't generate execute_syscall callsAndrey Konovalov2017-06-121-6/+24
|
* csourse: don't generate debug printfsAndrey Konovalov2017-06-121-0/+4
|
* csource: try to simplify repeat loopAndrey Konovalov2017-06-121-0/+4
|
* csource: use sandbox only when requiredAndrey Konovalov2017-06-121-9/+32
|
* csource: emit bitmasks only when requiredAndrey Konovalov2017-06-121-15/+6
|
* csource: force enable tun flag when requiredAndrey Konovalov2017-06-121-0/+16
|
* csource: only handle SIGSEGV when necessaryAndrey Konovalov2017-06-121-13/+27
|
* csource: use tmp dir only when necessaryAndrey Konovalov2017-06-121-3/+13
|
* executor: split setup_main_process into smaller functionsAndrey Konovalov2017-06-121-3/+6
|
* csource: add EnableTun optionAndrey Konovalov2017-06-121-17/+19
|
* csource: reproduce crashes with fault injectionDmitry Vyukov2017-05-261-8/+19
|
* sys, executor: extract tcp sequence numbers from /dev/net/tunAndrey Konovalov2017-05-261-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds a new pseudo syscall syz_extract_tcp_res, that reads a packet from /dev/net/tun and extracts tcp sequence numbers to be used in subsequent packets. As a result this syzkaller program: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) listen(r0, 0x5) syz_emit_ethernet(0x36, &(0x7f0000002000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="4c6112cc15d8", [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}) syz_extract_tcp_res(&(0x7f0000003000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x38, &(0x7f0000004000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {"0c10"}}}}}}) r3 = accept$inet(r0, &(0x7f0000005000)={0x0, 0x0, @multicast1=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000006000)=0x10) established a TCP connection: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 5477/a.out tcp 2 0 172.20.0.170:20000 172.20.0.187:20001 ESTABLISHED 5477/a.out Similar program for IPv6: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x1, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) listen(r0, 0x5) syz_emit_ethernet(0x4a, &(0x7f0000001000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) syz_extract_tcp_res(&(0x7f0000002000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000003000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) r3 = accept$inet6(r0, &(0x7f0000004000)={0x0, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, &(0x7f0000005000)=0x1c) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::20001 :::* LISTEN 5527/a.out tcp6 0 0 fe80::aa:20001 fe80::bb:20000 ESTABLISHED 5527/a.out
* prog, executor: move checksum computation to executorAndrey Konovalov2017-05-121-1/+26
| | | | | This commit moves checksum computation to executor. This will allow to embed dynamically generated values (like TCP sequence numbers) into packets.
* csource: strip __STDC_VERSION__ macro from generated sourceDmitry Vyukov2017-05-061-1/+12
|
* csource: fix parallel mode to wait for subprocessesDmitry Vyukov2017-02-021-1/+3
| | | | | | Currently it lefts some orphaned children, so that ctrl+C does not kill them. Wait for the children.
* csource: regenerate and reformatDmitry Vyukov2017-02-011-0/+1
|
* executor: fix tun initialization when sandbox != noneAndrey Konovalov2017-01-311-6/+6
|
* csource: use 0x%x format for printing bitfield addr and argAndrey Konovalov2017-01-231-1/+1
|
* all: spot optimizationsDmitry Vyukov2017-01-201-1/+4
| | | | | | | | | | | | | A bunch of spot optmizations after cpu/memory profiling: 1. Optimize hot-path coverage comparison in fuzzer. 2. Don't allocate and copy serialized program, serialize directly into shmem. 3. Reduce allocations during parsing of output shmem (encoding/binary sucks). 4. Don't allocate and copy coverage arrays, refer directly to the shmem region (we are not going to mutate them). 5. Don't validate programs outside of tests, validation allocates tons of memory. 6. Replace the choose primitive with simpler switches. Choose allocates fullload of memory (for int, func, and everything the func refers). 7. Other minor optimizations.
* csource: fix STORE_BY_BITMASK in prog2cAndrey Konovalov2017-01-201-1/+1
|
* prog: add bitfields to templatesAndrey Konovalov2017-01-171-1/+10
| | | | | | Now it's possible to use `int32:18` to denote a bitfield of size 18 as a struct field. This fixes #72.
* sys, executor: more kvm improvementsDmitry Vyukov2017-01-121-2/+4
| | | | | | | 1. Basic support for arm64 kvm testing. 2. Fix compiler warnings in x86 kvm code. 3. Test all pseudo syz calls in csource. 4. Fix handling of real code in x86.
* sys: extend kvm supportDmitry Vyukov2017-01-091-1/+2
| | | | | | Add new pseudo syscall syz_kvm_setup_cpu that setups VCPU into interesting states for execution. KVM is too difficult to setup otherwise. Lots of improvements possible, but this is a starting point.
* csource: compile with -WerrorDmitry Vyukov2017-01-091-7/+7
| | | | | | Check for compiler warnings during compilation. Don't require -std=c99. Fix existing compiler warnings.
* csource: fix fork bombDmitry Vyukov2017-01-091-0/+1
|
* csource: remove more predefined defines from generated sourceDmitry Vyukov2017-01-091-14/+21
|
* executor: don't try to open tun if it's not enabledAndrey Konovalov2016-12-021-3/+8
|
* csourse: emit remove_dir only when neededAndrey Konovalov2016-11-291-2/+2
|
* csourse: fix emitting syz_* syscalls in c reproducerAndrey Konovalov2016-11-291-2/+12
|
* executor: emit ethernet trafficAndrey Konovalov2016-11-291-3/+3
|
* csource: don't emit syz_ syscalls is they are not usedDmitry Vyukov2016-11-261-6/+2
|
* sys: add proc type to denote per proccess integersAndrey Konovalov2016-11-251-1/+1
|
* repro: factor out of syz-repro toolDmitry Vyukov2016-11-191-16/+96
| | | | | | | | Factor out repro logic from syz-repro tool, so that it can be used in syz-manager. Also, support sandboxes in code generated by csoure. This is required to reproduce crashes that require e.g. namespace sandbox.
* csource: make collide mode more randomDmitry Vyukov2016-08-281-4/+5
| | | | Update #59
* csource: teach how to execute pseudo syz_ syscallsDmitry Vyukov2016-08-281-13/+17
| | | | Update #59
* executor, csource: share some common code between executor and csourceDmitry Vyukov2016-08-281-33/+7
|
* csource: support nonfailing argument copyin/copyoutDmitry Vyukov2016-08-281-8/+36
| | | | Update #59
* csource: use dynamic libraries if static are not supportedDmitry Vyukov2016-02-191-1/+5
| | | | Fixes #20
* csource: format source with clang-formatDmitry Vyukov2016-01-151-0/+31
|
* sysgen: pull in syscall numbers from kernel headersDmitry Vyukov2015-12-241-3/+2
| | | | | | | | Syscall numbers for different architectures are now pulled in from kernel headers. This solves 2 problems: - we don't need to hardcode numbers for new syscalls (that don't present in typical distro headers) - we have correct number for different archs (previously hardcoded numbers were for x86_64) This also makes syscall numbers available for Go code, which can be useful.
* prog: remove padding checkingDmitry Vyukov2015-12-231-7/+0
| | | | | So far it has found only false positives. Let's leave this to KMSAN.
* fileutil: new packageDmitry Vyukov2015-12-231-15/+0
| | | | Move some file utilities into a separate package.
* csource: reformatDmitry Vyukov2015-12-231-14/+13
|
* csource: new packageDmitry Vyukov2015-12-231-0/+233
Move C source generation into a separate package. Prog is too bloated already.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 01:12:16 +0000