syz - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	sys: skip kvm const extraction for non i386/amd64	Aleksandr Nogikh	2021-09-13	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	It is impossible to compile a number of definitions in include/uapi/linux/kvm.h for other platforms, which leads to syz-extract failing to update constants. Skip processing of this file for all arches except i386 and amd64. This is a hacky and (hopefully) temporary solution until #2754 is implemented.
*	executor: prepare code generator to allow other achitectures	Alexey Kardashevskiy	2021-07-19	1	-1/+1
\| \| \| \| \| \| \|	At the moment only AMD64 is supported, change file names to emphasise this. Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
*	executor: warn about C89-style var declarations	Dmitry Vyukov	2020-08-14	1	-7/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We generally use the newer C99 var declarations combined with initialization because: - declarations are more local, reduced scope - fewer lines of code - less potential for using uninit vars and other bugs However, we have some relic code from times when we did not understand if we need to stick with C89 or not. Also some external contributions that don't follow style around. Add a static check for C89-style declarations and fix existing precedents. Akaros toolchain uses -std=gnu89 (or something) and does not allow variable declarations inside of for init statement. And we can't switch it to -std=c99 because Akaros headers are C89 themselves. So in common.h we need to declare loop counters outside of for.
*	executor: fix build errors in setup_32bit_idt()	Denis Efremov	2020-07-21	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	GCC10 fails to build the code with errors: executor/common_kvm_amd64.h:143:64: error: ‘gate.kvm_segment::type’ may be used uninitialized in this function [-Werror=maybe-uninitialized] executor/common_kvm_amd64.h:143:56: error: ‘gate.kvm_segment::base’ may be used uninitialized in this function [-Werror=maybe-uninitialized] Replace 'case 6' with 'case 5' since 'i % 6' results in [0..5]. Signed-off-by: Denis Efremov <efremov@linux.com>
*	executor: remove NONFAILING from pseudo-syscalls	Dmitry Vyukov	2020-07-15	1	-53/+46
\| \| \| \| \| \|	This is not needed anymore afer the previous commit. Fixes #1918
*	executor: prevent non-null expected warnings	Dmitry Vyukov	2019-03-21	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The added test triggers warnings like these: <stdin>: In function ‘syz_mount_image.constprop’: <stdin>:298:3: error: argument 1 null where non-null expected [-Werror=nonnull] In file included from <stdin>:26:0: /usr/include/x86_64-linux-gnu/sys/stat.h:320:12: note: in a call to function ‘mkdir’ declared here extern int mkdir (const char *__path, __mode_t __mode) ^~~~~ cc1: all warnings being treated as errors <stdin>: In function ‘syz_open_procfs.constprop’: <stdin>:530:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=] <stdin>:85:110: note: in definition of macro ‘NONFAILING’ <stdin>:532:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=] <stdin>:85:110: note: in definition of macro ‘NONFAILING’ <stdin>:534:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=] <stdin>:85:110: note: in definition of macro ‘NONFAILING’ Use volatile for all arguments of syz_ functions to prevent compiler from treating the arguments as constants in reproducers. Popped up during bisection that used a repro that previously worked. Update #501
*	executor: compile with -O2	Dmitry Vyukov	2018-02-10	1	-10/+11
\| \| \| \| \|	We don't frequently debug it and it does some intensive computations on coverage, so no reason to not compile with -O2.
*	executor: introduce uint64/32/16/8 types	Dmitry Vyukov	2017-12-27	1	-94/+94
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The "define uint64_t unsigned long long" were too good to work. With a different toolchain I am getting: cstdint:69:11: error: expected unqualified-id using ::uint64_t; ^ executor/common.h:34:18: note: expanded from macro 'uint64_t' Do it the proper way: introduce uint64/32/16/8 types and use them. pkg/csource then does s/uint64/uint64_t/ to not clutter code with additional typedefs.
*	csource: don't use guard macros for debug() and NONFAILING()	Andrey Konovalov	2017-06-12	1	-76/+69
\|
*	csource: only handle SIGSEGV when necessary	Andrey Konovalov	2017-06-12	1	-0/+9
\|
*	sys: improve kvm description	Dmitry Vyukov	2017-01-28	1	-62/+103
\| \| \| \| \| \|	Allow fuzzer to change types of segment descriptors. Alter more flags. Allow fuzzer to do a random vmwrite.
*	executor: protect against memory corruptions better	Dmitry Vyukov	2017-01-25	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \|	Fuzzer has figured out how to corrupt input/output shmem regions abusing the text memcpy in syz_kvm_setup_cpu. It guessed a negative text_size value that causes the memcpy to overwrite shmem regions. Protect better against such cases: 1. Make text_size unsigned (there is already a check that it is less than 1000). 2. Map input region as readable only, we don't write to it. 3. Add address sanity check to segv_handler, if we see that we are writing into executable data, it's better to crash instantly.
*	sys, executor: more kvm improvements	Dmitry Vyukov	2017-01-12	1	-0/+768
	1. Basic support for arm64 kvm testing. 2. Fix compiler warnings in x86 kvm code. 3. Test all pseudo syz calls in csource. 4. Fix handling of real code in x86.