| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
For now we just make Go part build for freebsd.
|
| |
|
|
|
|
| |
A recent linux commit "tun: enable napi_gro_frags() for TUN/TAP driver"
added support for fragmentation when emitting packets via tun.
Support this feature in syz_emit_ethernet.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
First, they must be called with stdcall convention.
Second, wrap them in __try/__except because they can crash.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Nothing works, but builds.
Update #191
|
| |
|
|
| |
Update #191
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
We used to generate them only because manager had no idea
what arch it is testing. So syscalls numbers had to match
between all arches.
This is not needed anymore.
Also don't generate unreferenced structs/resources.
|
| |
|
|
|
|
|
| |
Check that manager/fuzzer/executor are build on the same git revision,
use the same syscall descriptions and the same target arch.
Update #336
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Info about targets (like C arch/CFLAGS) is required in multiple places:
extract.sh
syz-extract
syz-sysgen
csource
vm/qemu
...
Consolidate it in one place and use that in syz-sysgen.
|
| |
|
|
|
| |
The correct type is kernel long size, not user-space long size.
We approximate it with uint64.
|
| | |
|
| |
|
|
| |
Fixes #217
|
| | |
|
| |
|
|
|
|
| |
Unfortunately this is sitll needed, see the added comment.
Update #191
|
| | |
|
| |
|
|
|
| |
Now executor is able to read comparisons data from KCOV and write them
to fuzzer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have implemented a new version of KCOV, which is able to dump
comparison operands' data, obtained from Clang's instrumentation hooks
__sanitizer_cov_trace_cmp[1248], __sanitizer_cov_trace_const_cmp[1248]
and __sanitizer_cov_trace_switch.
Current KCOV implementation can work in two modes: "Dump only the PCs"
or "Dump only comparisons' data". Mode selection is done by the
following series of calls:
fd = open(KCOV_PATH, ...); // works as previous
ioctl(fd, KCOV_INIT_TRACE, ...); // works as previous
mmap(fd, ...); // works as previous
ioctl(fd, KCOV_ENABLE, mode);
// mode = KCOV_MODE_TRACE_CMP or mode = KCOV_MODE_TRACE_PC
Note that this new interface is backwards compatible, as old KCOV
devices will just return -EINVAL for the last ioctl. This way we can
distinguish if the KCOV device is able to dump the comparisons.
Main changes in this commit:
1. Fuzzer now checks at startup which type (new/old) of KCOV device
is running.
2. Executor now receives an additional flag, which indicates if
executor should read the comparisons data from KCOV. The flag works on
per-call basis, so executor can collect PCs or Comps for each
individual syscall.
|
| | |
|
| |
|
|
| |
Now pkg/compiler deals with consts.
|
| | |
|
| |
|
|
| |
Update #191
|
| |
|
|
|
|
|
| |
Not tested, but const extraction and build works.
Update #324
Update #191
|
| |
|
|
|
| |
Update #211
Update #310
|
| |
|
|
| |
Update #211
|
| |
|
|
|
|
|
| |
Locking memory is a reasonably legitimate local DoS vector.
E.g. bpf maps allow allocation of large chunks of kernel memory
without RLIMIT_MEMLOCK, which leads to hangups.
Set RLIMIT_MEMLOCK=8MB in executor.
|
| |
|
|
|
|
| |
ResultArg might have const value.
Also add a test.
|
| | |
|
| |
|
|
|
|
| |
We can't know the exact values of those sleeps in advance, they can be
different for different bugs. Making them random increases the chance that
the C repro executes with the right timings at some point.
|
| |
|
|
|
|
|
|
| |
When syzkaller generates arg that uses a few structs that reference each
other via pointers, it can go into infinite recursion and crash.
Fix this by forcing pointer args to be null when the depth of recursion
reaches 3 for some struct.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Port console to Darwin
* Get syz-executor to build correctly
* Do not export unix and syscall constants
* Add presubmit test
* Add myself to contributors
|
| |
|
|
|
|
| |
Add ioctl$sock_SIOCETHTOOL and ETHTOOL structures defined in uapi/linux/ethtool.h
http://elixir.free-electrons.com/linux/latest/source/include/uapi/linux/ethtool.h
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
A single check is enabled for now (misc-definitions-in-headers).
But it's always fixable and found 2 bugs in csource.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to have all generated files checked in.
Later we removed them (now users are supposed to
run make to generate them). This causes several
problems:
- go get does not work as it tries to build everything
straight away (go get -d works, but users are confused)
- users don't run make and complain that build is broken
- users don't re-run make after updates and complain that
build is broken
- hard to integrate into other build system (even if they
support building Go, they don't support running sysgen
out-of-the-box)
Fixes #216
|
| |\
| |
| | |
executor: add sys/sysmacros.h include for makedev in newer gcc
|
