| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Make sure regressions in guest code validation are reported during testing
rather than fuzzing.
|
| |
|
|
|
|
| |
It seems to be redundant and moreover it lets us
compile on musl which does not provide this system
header.
|
| |
|
|
|
|
| |
It seems like VIRT86 and CPL3 KVM_RUN command prefixes do not work with SVM
virtualization. Detect which virtualization option is used and select
appropriate tests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes:
[0ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=1 signal=0 timeouts=50/5000/1 prog=168 filter=0
spawned worker pid 12456
--- FAIL: TestExecutorMistakes (0.09s)
style_test.go:193:
executor/test_linux.h:104: Don't use C89 var declarations. Declare vars where they are needed \
and combine with initialization
int res;
FAIL
FAIL github.com/google/syzkaller/executor 1.070s
FAIL
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sets up a page table to map the text in order to exercise
more code paths in the KVM.
This defines flags to control the MMU state. When enabled, this
creates a simple page table at the 64K offset and maps all the RAM.
The fuzzer code is placed right after the table.
The flags are:
IR - enables MMU for instruction fetches
DR - enables MMU for data loads/stores
PR - "problem state", i.e. userspace (implies DR and IR)
PID1 - initializes a process table for PID>0 (PID#0 is used by the VM OS
normally)
This adds a simple "syz_kvm_setup_cpu_ppc64" syz-test with MSR=IR|DR|LE
which is a typical Linux kernel mode.
Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turns out the ifuzz on powerpc did not ever properly work. This fixes
syz_kvm_setup_cpu$ppc64:
Enable the PAPR KVM capability (otherwise KVM_RUN fails right away).
Finish generated sequences with the software debug breakpoint as
there is no x86's "hlt" variant on POWER and otherwise KVM won't exit.
Add exception handlers, use the software debug breakpoint instruction
to trigger immediate exit from KVM with the only exception of
the decrementer interrupt handler (timer) to recharge the timer and
continue.
Define and use endianness selection flag (Big vs. Little endian).
Define the code generator similar to kvm_gen.cc which for now contains
2 simple tests and the decrementer interrupt handler code.
Add test cases to the executor so "bin/linux_ppc64le/syz-executor test"
can run some sensible tests. The tests copy 0xbadc0de around similar
to x86 and uses gpr[3] is a return value register (similar to EAX).
Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This moves x86 instructions under GOARCH_amd64 and makes some
cross-platforms changes.
This allocates as much memory for a VM as syzkaller normally does so
we are testing here what syzkaller itself runs.
This should not cause any behavioral change for x86. Other arches
are not properly supported anyway.
Follow-up patches will use these changes for PPC64.
Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds KVM's syz_kvm_setup_cpu pseudo syscall. This adds placeholder
for options (none implemented yet).
This adds instruction generator for ifuzz; this also adds a few pseudo
instructions to simulate super/hyper/ultracalls
(a PPC64/pseries platform thing).
The insns.go is generated from PowerISA_public.v3.0B.pdf [1] by
a horrendous python3 script on top of pdftotext. The ISA covers POWER9
which is the latest available POWER CPU at the moment. The next ISA
for POWER10 is quite different and we will deal with it later.
The // comment after every instruction is a fixed opcode list for
verification purposes.
This does not define DecodeExt as there is no obvious replacement of
the Intel XED library for POWERPC (gapstone-capstone, later, may be).
[1] https://openpowerfoundation.org/?resource_lib=power-isa-version-3-0
Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes an error in printf() format for __u64:
gcc -o ./bin/linux_ppc64le/syz-executor executor/executor.cc \
-D__powerpc64__ -O2 -pthread -Wall -Werror -Wparentheses \
-Wunused-const-variable -Wframe-larger-than=16384
-static -DGOOS_linux=1 -DGOARCH_ppc64le=1 \
-DHOSTGOOS_linux=1 \
-DGIT_REVISION=\"82d2e60626ef1f43e557ca2933aee53bd5265eaf+\"
In file included from executor/test.h:5:0,
from executor/executor.cc:343:
executor/test_linux.h: In function ‘int test_one(int, const char*, int, \
int, unsigned int, bool)’:
executor/test_linux.h:74:60: error: format ‘%llx’ expects argument of type \
‘long long unsigned int’, but argument
2 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
cpu_mem->fail_entry.hardware_entry_failure_reason);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
|
| |
|
|
|
|
|
| |
Move the test from pkg/csource to executor/
in order to be able to (1) run it on *.cc files,
(2) run on unprocessed *.h files, (3) produce line numbers.
Add a check for missed space after //.
|
|
|
Make as much code as possible shared between all OSes.
In particular main is now common across all OSes.
Make more code shared between executor and csource
(in particular, loop function and threaded execution logic).
Also make loop and threaded logic shared across all OSes.
Make more posix/unix code shared across OSes
(e.g. signal handling, pthread creation, etc).
Plus other changes along similar lines.
Also support test OS in executor (based on portable posix)
and add 4 arches that cover all execution modes
(fork server/no fork server, shmem/no shmem).
This change paves way for testing of executor code
and allows to preserve consistency across OSes and executor/csource.
|
