| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
| |
executor: changed kOutputDataAddr so that it works on 32-bit kernels
executor: simplified ifdefs for arm in executor_linux.cc
executor: removed empty lines that were accidentally added.
|
| |
|
|
|
|
| |
get_kernel_syms does not seem to be present upstream.
Describe an old quotactl syscall.
Also fix umount/umount2 names in kallsyms.
|
| |
|
|
|
|
|
|
|
| |
For some racy bugs syzkaller can generate a C reproducer with tun
enabled, when it's not actuallly required to trigger the bug.
Some kernel developers (that don't have CONFIG_TUN=y on their setups)
complain about such C repros.
When tun is not available, instead of exiting, print a message that tun
initialization failed and proceed.
|
| | |
|
| |
|
|
| |
The v4.14 kernel will support a new loop ioctl, LOOP_SET_BLOCK_SIZE.
|
| |
|
|
|
|
|
| |
Fix a couple apparent copy-and-paste errors:
- ioctl$LOOP_CHANGE_FD should use LOOP_CHANGE_FD
- ioctl$LOOP_CTL_REMOVE should use LOOP_CTL_REMOVE
|
| |
|
|
|
| |
Add a definition for keyctl_restrict_keyring(), which was added in the
v4.12 kernel.
|
| |
|
|
|
|
| |
Add a definition for keyctl_dh_compute(), which was added in the v4.7
kernel, then in the v4.12 kernel extended to take in an optional
'keyctl_kdf_params' argument. (Requires CONFIG_KEY_DH_OPERATIONS=y.)
|
| |
|
|
|
|
|
|
|
|
|
| |
Many functions in the keys API take in an ID parameter that is expected
to refer to a keyring, not to any key. Therefore, define a resource
subtype 'keyring' which can be created by add_key("keyring", ...) or by
using one of the special keyring IDs.
Also define a resource subtype 'user_key', since we'll be adding a
definition for KEYCTL_DH_COMPUTE which takes in a struct containing
"user" key IDs.
|
| |
|
|
|
|
|
| |
Add to key.txt all key types that currently might be present in the
kernel. It was missing a few important ones such as "asymmetric", which
has a significant attack surface since the payloads are run through an
ASN.1 decoder.
|
| |
|
|
| |
As defined in the header files.
|
| |
|
|
| |
and other related files.
|
| | |
|
| | |
|
| |
|
|
| |
mmap syscall has 7 arguments (one unused padding)
|
| |
|
|
|
|
|
|
|
|
| |
RLIMIT_AS auses frequent random aborts on netbsd.
Reason unknown. Disable it for now.
Documentation says that __syscall should be used
for syscalls with 64-bit arguments. On amd64 most
syscalls have 64-bit arguments (incl mmap),
so switch to it.
|
| |
|
|
|
|
| |
executor_netbsd.cc was including syscalls_freebsd.h,
which completely messed up syscall numbers and names.
Include the right syscalls header.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Lots of changes to sys/netbsd:
- Removed a few syscalls that did not have proper constants defined.
- Autogenerated *.const files.
- Removed a few types like uid and gid, that were not available.
- Ran make generate
* Few changes for NetBSD support:
- Added sys/netbsd/init.go
- Added netbsd to sys/sys.go
* Fix order in sys/sys.go
* Update documentation for NetBSD
|
| |
|
|
| |
mkdtemp return NULL on failure.
|
| |
|
|
|
| |
This just makes make TARGETOS=netbsd succeed.
We don't yet have prog target for netbsd.
|
| |
|
|
|
|
|
|
| |
When comparisons are enabled fuzzer somehow manages to discover
the output region and corrupt it. It seems to fetch the address
from some memory operations (mmap/munmap).
Don't leak the output region address.
|
| |
|
|
|
| |
Some standard libraries contain "using ::exit;",
which breaks with the current redefinition of exit.
|
| |
|
|
|
| |
It seems to explode linux corpus.
So make it freebsd-specific.
|
| |
|
|
|
|
|
| |
Use forkserver and shmem for freebsd.
This greatly improves speed.
Also introduce fallback coverage signal based
on unique (syscall+errno) pairs.
|
| | |
|
| |
|
|
|
|
|
| |
This is mostly copied form linux.
We probably need better support for sharing descriptions
between multiple OSes. But there are lots of differences,
so this is not trivial.
|
| |
|
|
|
|
|
| |
1. remove workaround for pthread attrs (was fixed in akaros)
2. remove workaround for dup2 (was fixed in akaros)
3. check that we receive a program
4. implement timeout for test processes
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently use more complex and functional protocol on linux,
and a simple ad-hoc protocol on other OSes.
This leads to code duplication in both ipc and executor.
Linux supports coverage, shared memory communication and fork server,
which would also be useful for most other OSes.
Unify communication protocol and parametrize it by
(1) use of shmem or only pipes, (2) use of fork server.
This reduces duplication in ipc and executor and will
allow to support the useful features for other OSes easily.
Finally, this fixes akaros support as it currently uses
syz-stress running on host (linux) and executor running on akaros.
|
| |
|
|
| |
Does not work yet, also needs ipc changes.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
pthread_mutex/cond_init should accept NULL attr,
but Akaros crashes with NULL attr:
https://github.com/brho/akaros/issues/40
|
| |
|
|
|
|
| |
We print all other output to stderr, write debug output to stderr as well.
This does not matter for the main use case of running syz-execprog -debug,
but can is helpful if we want to communicate with syz-executor via stdin/stdout.
|
| |
|
|
|
|
|
| |
KCOV comparisons support is in the kernel mm tree already, and the
patch contains an additional uint64_t to store PCs of functions calling
__sanitizer_cov_trace_XXX().
Change kcov_comparison_t accordingly.
|
| | |
|
| | |
|
| |
|
|
| |
writev requires <sys/uio.h>. Include it.
|
| |
|
|
|
|
| |
Executor process does not have any env, including PATH.
On some distributions, system/shell adds a minimal PATH, on some it does not.
Set own standard PATH to make it work across distributions.
|
| |
|
|
| |
For now we just make Go part build for freebsd.
|
| |
|
|
|
|
| |
A recent linux commit "tun: enable napi_gro_frags() for TUN/TAP driver"
added support for fragmentation when emitting packets via tun.
Support this feature in syz_emit_ethernet.
|
| | |
|
| | |
|
| | |
|
