aboutsummaryrefslogtreecommitdiffstats
path: root/executor/common_test.h
Commit message (Collapse)AuthorAgeFilesLines
* executor: handle zero length in syz_compare_zlibAleksandr Nogikh2025-07-141-3/+7
| | | | | | It used to fail because we cannot mmap 0 bytes. Closes #6148.
* executor: fix writing of remote coverageDmitry Vyukov2024-07-221-0/+11
| | | | | | | | We never reset remote coverage, so if there is one block, we will write it after every call and multiple times at the end. It can lead to "too many calls in output" and just writes quadratic amount of coverage/signal. Reset remote coverage after writing.
* pkg/rpcserver: move kernel test/data range checks from executorDmitry Vyukov2024-07-011-1/+1
| | | | | | | | | | | | | | | | | We see some errors of the form: SYZFAIL: coverage filter is full pc=0x80007000c0008 regions=[0xffffffffbfffffff 0x243fffffff 0x143fffffff 0xc3fffffff] alloc=156 Executor shouldn't send non kernel addresses in signal, but somehow it does. It can happen if the VM memory is corrupted, or if the test program does something very nasty (e.g. discovers the output region and writes to it). It's not possible to reliably filter signal in the tested VM. Move all of the filtering logic to the host. Fixes #4942
* pkg/runtest: test feature detectionDmitry Vyukov2024-06-271-0/+27
| | | | | Fail some features in various ways for test OS, and check that features are detected properly.
* executor: prohibit malloc/calloc via linterDmitry Vyukov2024-06-251-1/+1
| | | | | | We include a number of C++ headers in the runnner. On FreeBSD some of them mention malloc, and our defines break the build. Use the style test to check only our files for these things.
* executor: add end-to-end coverage/signal/comparisons testDmitry Vyukov2024-06-111-0/+11
|
* pkg/fuzzer: factor out the fuzzing engineAleksandr Nogikh2024-03-121-0/+20
| | | | | | | | | | | | | This is the first step for #1541. Move the fuzzing engine that used to be interleaved with other syz-fuzzer code into a separate package. For now, the algorithm is more or less the same as it was, the only difference is that a pkg/fuzzer instance scales to the available computing power. Add an executor-based test that performs real fuzzing.
* executor: don't pass uncompressed zlib sizeDmitry Vyukov2022-11-231-4/+6
| | | | | | This will allow us to mutate the image size. Fixes #3527
* executor: add test for zlib decompressionDmitry Vyukov2022-11-231-0/+22
|
* sys/test/test: add a hanging testDmitry Vyukov2020-09-121-0/+9
| | | | Ensure that we can handle hanging syscalls in all modes.
* executor: make syz_compare output more handy to useDmitry Vyukov2019-12-201-8/+9
|
* sys/test: and another set of bitfield testsDmitry Vyukov2019-12-201-1/+2
| | | | | | Just trying to get my head around it (and fix this in tests). Update #1542
* executor: prevent non-null expected warningsDmitry Vyukov2019-03-211-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | The added test triggers warnings like these: <stdin>: In function ‘syz_mount_image.constprop’: <stdin>:298:3: error: argument 1 null where non-null expected [-Werror=nonnull] In file included from <stdin>:26:0: /usr/include/x86_64-linux-gnu/sys/stat.h:320:12: note: in a call to function ‘mkdir’ declared here extern int mkdir (const char *__path, __mode_t __mode) ^~~~~ cc1: all warnings being treated as errors <stdin>: In function ‘syz_open_procfs.constprop’: <stdin>:530:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=] <stdin>:85:110: note: in definition of macro ‘NONFAILING’ <stdin>:532:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=] <stdin>:85:110: note: in definition of macro ‘NONFAILING’ <stdin>:534:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=] <stdin>:85:110: note: in definition of macro ‘NONFAILING’ Use volatile for all arguments of syz_ functions to prevent compiler from treating the arguments as constants in reproducers. Popped up during bisection that used a repro that previously worked. Update #501
* sys/test/test: add tests for test exiting in the middle of executionDmitry Vyukov2019-01-311-0/+9
|
* executor: fix do_sandbox_none on akaros and testDmitry Vyukov2019-01-311-1/+1
| | | | do_sandbox_none must not exit, it needs to return.
* pkg/csource: use 0 for missing syscall argsDmitry Vyukov2018-12-271-0/+30
| | | | | | | | | | | | | | We don't specify trailing unused args for some syscalls (e.g. ioctl that does not use its arg). Executor always filled tailing unsed args with 0's but pkg/csource didn't. Some such syscalls actually check that the unsed arg is 0 and as the result failed with C repro. We could statically check and eliminate all such cases, but it turns out the warning fires in 1500+ cases: https://gist.githubusercontent.com/dvyukov/e59ba1d9a211ee32fa0ba94fab86a943/raw/a3ace5a63f7281f0298f51ea9842ead1e4713418/gistfile1.txt So instead fill such args with 0's in pkg/csource too.
* executor: fix handling of big-endian bitfieldsDmitry Vyukov2018-12-081-1/+4
| | | | | Currently we apply big-endian-ness and bitfield-ness in the wrong order in copyin. This leads to totally bogus result. Fix this.
* executor: make sandboxes more modularDmitry Vyukov2018-09-171-6/+0
| | | | | | | | Currently we have a global fixed set of sandboxes, which makes it hard to add new OS-specific ones (all OSes need to updated to say that they don't support this sandbox). Let it each OS say what sandboxes it supports instead.
* RFC: android: Add support for untrusted_app sandboxing (#697)Zach Riggle2018-09-171-0/+1
| | | | | | | | | | | | | | | | | | | | | executor: add support for android_untrusted_app sandbox This adds a new sandbox type, 'android_untrusted_app', which restricts syz-executor to the privileges which are available to third-party applications, e.g. those installed from the Google Play store. In particular, this uses the UID space reserved for applications (instead of the 'setuid' sandbox, which uses the traditional 'nobody' user / 65534) as well as a set of groups which the Android-specific kernels are aware of, and finally ensures that the SELinux context is set appropriately. Dependencies on libselinux are avoided by manually implementing the few functions that are needed to change the context of the current process, and arbitrary files. The underlying mechanisms are relatively simple. Fixes google/syzkaller#643 Test: make presubmit Bug: http://b/112900774
* sys/test: add more testsDmitry Vyukov2018-08-031-0/+35
| | | | | | | | | | | | | | Add syz_errno syscall which sets errno to the argument, and add a test with different errno values. This mostly tests the testing infrastructure itself. Add syz_compare syscall which compare two blobs, this can be used for testing of argument memory layout. Implement syz_mmap and fix Makefile to allow building syz-execprog for test OS. Useful for debugging. Update #603
* pkg/csource: tidy generated codeDmitry Vyukov2018-07-271-4/+2
| | | | | | | | | | | 1. Remove unnecessary includes. 2. Remove thunk function in threaded mode. 3. Inline syscalls into main for the simplest case. 4. Define main in common.h rather than form with printfs. 5. Fix generation for repeat mode (we had 2 infinite loops: in main and in loop). 6. Remove unused functions (setup/reset_loop, setup/reset_test, sandbox_namespace, etc).
* executor: overhaulDmitry Vyukov2018-07-241-0/+30
Make as much code as possible shared between all OSes. In particular main is now common across all OSes. Make more code shared between executor and csource (in particular, loop function and threaded execution logic). Also make loop and threaded logic shared across all OSes. Make more posix/unix code shared across OSes (e.g. signal handling, pthread creation, etc). Plus other changes along similar lines. Also support test OS in executor (based on portable posix) and add 4 arches that cover all execution modes (fork server/no fork server, shmem/no shmem). This change paves way for testing of executor code and allows to preserve consistency across OSes and executor/csource.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 04:12:46 +0000