| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
If the test process is not dying after 100ms,
abort all fuse connections in the system.
This gets rid at least of simple fuse deadlocks,
let's see how well this works in all cases.
|
| |
|
|
|
| |
We see some failures there, extend logging so that it's least
possible to understand what exactly call has failed.
|
| |
|
|
|
|
|
|
|
|
|
| |
1. Remove unnecessary includes.
2. Remove thunk function in threaded mode.
3. Inline syscalls into main for the simplest case.
4. Define main in common.h rather than form with printfs.
5. Fix generation for repeat mode
(we had 2 infinite loops: in main and in loop).
6. Remove unused functions (setup/reset_loop, setup/reset_test,
sandbox_namespace, etc).
|
| |
|
|
|
|
| |
We always have current_time_ms in event_timedwait
so use it instead of manual clock_gettime calls
which tend to be bulkier.
|
| |
|
|
| |
We already do this in sandbox=none, but forgot about setuid.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make as much code as possible shared between all OSes.
In particular main is now common across all OSes.
Make more code shared between executor and csource
(in particular, loop function and threaded execution logic).
Also make loop and threaded logic shared across all OSes.
Make more posix/unix code shared across OSes
(e.g. signal handling, pthread creation, etc).
Plus other changes along similar lines.
Also support test OS in executor (based on portable posix)
and add 4 arches that cover all execution modes
(fork server/no fork server, shmem/no shmem).
This change paves way for testing of executor code
and allows to preserve consistency across OSes and executor/csource.
|
| |
|
|
|
|
| |
Linux executor sets up some network devices for testing,
detect when that's supported on the machine and don't
do it if it's not supported.
|
| |
|
|
|
| |
Remove syz_fuse* and implement them as normal syscalls.
We not have enough expressive power to form mount options.
|
| |
|
|
| |
See the added comments.
|
| |
|
|
|
| |
fmt type allows to convert intergers and resources
to string representation.
|
| | |
|
| |
|
|
| |
Lots of assorted heavylifting to support csource on fuchsia.
|
| |
|
|
|
| |
Some options that tun initialization sets up are optional.
Don't fail if they are missing in kernel.
|
| |
|
|
|
|
|
|
|
|
| |
We have fallback coverage implmentation for freebsd.
1. It's broken after some recent changes.
2. We need it for fuchsia, windows, akaros, linux too.
3. It's painful to work with C code.
Move fallback coverage to ipc package,
fix it and provide for all OSes.
|
| |
|
|
| |
No AF_INET is somewhat crazy, but why not.
|
| |
|
|
|
|
|
| |
For ext2/3/4 we have to have errors=continue because the image
can contain errors=panic flag and can legally crash kernel.
Fixes #599
|
| |
|
|
|
|
| |
Add separate options to minimize netdevices setup and net namespace reset.
Fixes #581
|
| |
|
|
|
|
|
|
|
| |
gcc8 is stricter when dealing with strings and strncpy and demands that
the size of the actual string to be copied to be explicitly smaller than
the size of the destination, just to make sure the NULL terminator is
taken into considerantion. This patch fixes the issue.
Signed-off-by: Ioana Ciornei <ciorneiioana@gmail.com>
|
| |
|
|
|
|
| |
Check in checkpoint_iptables is not enough as
reset_iptables will fail even if no tables enabled.
Add similar check to reset_iptables.
|
| |
|
|
| |
Images of some filesystems need to be that large (xfs, btrfs, f2fs).
|
| | |
|
| |
|
|
|
|
|
|
| |
Bridge device is used for forwarding. Bond/team device is used for
load balance and fail over. So it would make more sense to add two
slave interfaces for these devices.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| |
|
|
| |
Also comment new veth code for future me.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add a veth pair with name bond/team_slave and set their master
to bond0/team0.
Remove veth from devtypes because the cmd `ip link add veth0 type veth`
will actually failed with "RTNETLINK answers: File exists" and no veth
interface created. When create veth device, kernel will create a
pair of veth, so no need to create them one by one.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
SYS_memfd_create define produces warning in scource
if system headers already contain the definition (we strip all ifdefs!).
The same is true for CLONE_NEWCGROUP but we just never hit it yet.
Also fix format string for 32 bits.
Also fix potential uninit var in csource, and a missing new line.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Turns out creating a cgroup per test is too expensive.
Moreover, it leads to hanged tasks as cgroup destruction
is asynchronous and overloads kernel work queues.
Create only a single cgroup per proc, but restrict
descriptions to mess with that single group,
instead test processes create own nested cgroups for messing.
|
| |
|
|
| |
We left entries non-zero, so memcmp always failed.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
There is test failure on travis:
https://travis-ci.org/google/syzkaller/jobs/349948391
I can't reproduce it locally, and it only happened on 1.8, but not on 1.9?
But this seems to be what could have provoked such failure.
|
| |
|
|
|
|
|
|
|
|
|
| |
The new pseudo syscall allows opening sockets that can only
be created in init net namespace (BLUETOOTH, NFC, LLC).
Use it to open these sockets.
Unfortunately this only works with sandbox none at the moment.
The problem is that setns of a network namespace requires CAP_SYS_ADMIN
in the target namespace, and we've lost all privs in the init namespace
during creation of a user namespace.
|
| |
|
|
| |
Remove executor_pid, enable_tun and setup_tun.
|
| |
|
|
|
|
|
|
|
|
| |
We now always create net namespace for testing,
so socket ports and other IDs do not overlap between
different test processes.
Proc types play badly with squashing packets to ANYBLOB.
To squash into a block we need concrete value, but it depends
on process id.
Removing proc also makes tun setup and address descriptions simpler.
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently when executor creates fd's it gets: 0, 3, 4.
When tun is enabled: 3, 4, 5.
For C programs: 3, 4, 5.
When run is enabled: 4, 5, 6.
Theoretically it should not matter,
but these fd numbers are probably sometimes are used as data.
So make them consistent in all these cases (3, 4, 5).
|
| |
|
|
|
|
| |
Squash complex structs into flat byte array and mutate this array
with generic blob mutations. This allows to mutate what we currently
consider as paddings and add/remove paddings from structs, etc.
|
| | |
|
| |
|
|
| |
Older versions of linux require an additional header.
|
| | |
|
| |
|
|
| |
debug calls are only properly stripped if they are on a single line.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Put the underflow entry at the end.
Entries must end on an unconditional, non-goto entry,
otherwise fallthrough from the last entry is invalid.
Add arp tables support.
Split unspec matches/targets to unspec and inet.
Reset ipv6 and arp tables in executor.
Fix number of counters in tables.
Plus a bunch of assorted fixes for matches/targets.
|
| |
|
|
|
| |
ipt_get_entries.entrytable must be pointer aligned,
so in 32-bit build there is no padding before it.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Now we create tun in the _outer_ net namespace,
which is tied to init user namespace. Thus fuzzer
does not have CAP_ADMIN in it.
In the end it seems that there is no sandboxing sequence,
which would give us everything we need.
Reshuffle sequences so that we have corrent namespace
hierarchy, but don't have IFF_NAPI_FRAGS.
|
| | |
|
