| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
On different platforms and in different coverage collection modes
the pointer to the beginning of kcov buffer may or may not differ
from the pointer to the region that mmap() returned.
Decouple these two pointers, so that the memory is always allocated
and deallocated with cov->mmap_alloc_ptr and cov->mmap_alloc_size, and the
buffer is accessed via cov->data and cov->data_size.
I tried my best to not break Darwin and BSD, but I did not test them.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
MAP_FIXED_NOREPLACE allows to fail early if we happened to overlap with
an existing memory mapping. It should help detects bugs #5674 at an
earlier stage, before it led to memory corruptions.
MAP_FIXED_NOREPLACE is supported from Linux 4.17, which is okay for all
syzkaller use cases on syzbot.
There's no such option for some of the supported OSes, so set it
depending on the configuration we're building for.
|
| |
|
|
|
|
|
|
| |
We never reset remote coverage, so if there is one block,
we will write it after every call and multiple times at the end.
It can lead to "too many calls in output" and just writes quadratic
amount of coverage/signal.
Reset remote coverage after writing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We see some errors of the form:
SYZFAIL: coverage filter is full
pc=0x80007000c0008 regions=[0xffffffffbfffffff 0x243fffffff 0x143fffffff 0xc3fffffff] alloc=156
Executor shouldn't send non kernel addresses in signal,
but somehow it does. It can happen if the VM memory is corrupted,
or if the test program does something very nasty (e.g. discovers
the output region and writes to it).
It's not possible to reliably filter signal in the tested VM.
Move all of the filtering logic to the host.
Fixes #4942
|
| |
|
|
| |
This allows to enable test executor with coverage.
|
| |
|
|
|
|
| |
Currnetly we always write PCs into the buffer even if tracing comparisons.
Such bogus data will fail comparison consistentcy checks (type/pc)
and executor will crash. Don't trace PCs as comparisons.
|
| |
|
|
|
| |
Fail some features in various ways for test OS,
and check that features are detected properly.
|
| |
|
|
|
|
|
| |
Otherwise we may leave orphaned executor process children, which prevent
the cleanup of the executor directory.
Closes #4920.
|
| |
|
|
| |
Factor out is_kernel_pc helper and add kernel pc range for test OS for testing.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
All OSes we have now support shmem.
Support for Fuchia/Starnix/Windows wasn't implemented,
but generally they support shared memory.
Remove all of the complexity and code associated with noshmem mode.
If/when we revive these OSes, it's easier to properly
implement shmem mode for them.
|
| |
|
|
|
| |
Collect PC coverage like it's done by KCOV. This will help write better
tests for the fuzzer.
|
| |
|
|
|
|
| |
A fixed-address mmap can fail completely or return a different address.
Log what it was. Based on:
https://groups.google.com/g/syzkaller/c/lto00RwlDIQ
|
| |
|
|
|
| |
The type size of long depends on compiler.
Therefore, changing to intptr_t makes it depends on architecture.
|
|
|
Make as much code as possible shared between all OSes.
In particular main is now common across all OSes.
Make more code shared between executor and csource
(in particular, loop function and threaded execution logic).
Also make loop and threaded logic shared across all OSes.
Make more posix/unix code shared across OSes
(e.g. signal handling, pthread creation, etc).
Plus other changes along similar lines.
Also support test OS in executor (based on portable posix)
and add 4 arches that cover all execution modes
(fork server/no fork server, shmem/no shmem).
This change paves way for testing of executor code
and allows to preserve consistency across OSes and executor/csource.
|
