| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
1. Change HID descriptions to allow devices to have two interrupt endpoints.
2. Remove unneeded responses to OUT control requests from descriptions.
3. Add some debugging code to detect and report missing descriptions.
|
| |
|
|
|
|
|
|
| |
The fs-verity API was redesigned, and we're planning to re-add the
fs-verity patches to linux-next soon. Get the syzkaller descriptions up
to date with the new API [1]
[1] https://lkml.kernel.org/linux-fsdevel/20190701153237.1777-4-ebiggers@kernel.org
|
| |
|
|
| |
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update descriptions to be compatible with latest linux-next
(next-20190715), which in theory will match v5.3-rc1 when the merge
window closes.
- KEYCTL_GRANT_PERMISSION was reverted. So remove its description.
- CRYPTO_ALG_TYPE_DIGEST was removed. So remove its description.
- IB_QP_CREATE_SIGNATURE_EN was renamed to IB_QP_CREATE_INTEGRITY_EN.
Also remove the sys/linux/rdma_*.const files which were incorrectly
checked into git. The real copies of those files are in
sys/linux/dev_infiniband_rdma_*.const.
For now I did *not* check for other new APIs that need to be described.
|
| |
|
|
|
|
|
|
| |
- Add KEYCTL_MOVE (new in v5.3)
- Add KEYCTL_CAPABILITIES (new in v5.3)
- Add KEYCTL_GRANT_PERMISSION (new in v5.3)
- Remove KEY_PERM_UNDEF (was only ever in an internal kernel header,
not in UAPI; removed in v5.3)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Initial Commit
* working build of network packet fuzzing
* Add missed csource file
* pkg/csource: fix build
* executor/common_bsd.h: Add comment stating reason for ifconfig create
|
| |
|
|
|
| |
We might not have any string descriptors provided at all, use a hardcoded
string in this case.
|
| |
|
|
|
| |
The kernel API has changed and now differentiates between IN and OUT
control requests.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* sys/linux: fix floppy description
Fix typo in the FDGETPRM ioctl.
* sys/linux: extract && generate for floppy
Signed-off-by: Denis Efremov <efremov@linux.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On OpenBSD, the executor sometimes manages to set the memory resource
limit 0 causing any following memory allocation to fail. Since threads
are potentially created from such a thread which cannot allocate any
memory, the executor will exit non-zero which in turn will cause
false-positive panics to be reported. For more info see the
discussion[1] in PR #1243.
Instead, if hitting a fatal error during thread creation exit zero.
[1] https://github.com/google/syzkaller/pull/1243
|
| | |
|
| |
|
|
| |
syz_usb_ep_read reads data from USB endpoints other than #0.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sys/netbsd: Adding more syscalls
* Added lwp create structures
* Added a few lwp flags
* completed _lwp* syscalls
* add clone syscall
* fix errors, recheck arguments
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Kernel get mpls lable like
```
unsigned entry = be32_to_cpu(hdr->label_stack_entry);
result.label = (entry & MPLS_LS_LABEL_MASK) >> MPLS_LS_LABEL_SHIFT;
```
So we just need to store the label in big endian order.
For mpls rta types, kernel accpet only one lable for RTA_DST and
multi labels for RTA_NEWDST.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
This commit adds the necessary descriptions and executor adjustments to
enable targeted fuzzing of the enumeration process of USB HID devices.
|
| |
|
|
| |
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
| |
FreeBSD uses in sockaddr_{in,in6,un} structures a length field.
|
| | |
|
| |
|
|
|
| |
Always call write_extra_output() only if the current program or call
can produce extra coverage (== is a syz_usb* syzcall).
|
| |
|
|
|
| |
Forgot to do it after the last changes in hiddev descriptions.
Fuse is also updated.
|
| |
|
|
|
|
|
|
|
|
|
| |
One of the root causes to reported "lost connection to test machine" is
when the egress network interface is being used as a multicast
interface:
setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0x66, &(0x7f0000000180)={0x2}, 0xc)
Prevent such syscalls from being generated by limiting the range of
allowed interface indices.
|
| |
|
|
|
|
|
|
| |
To allow future extensions of USB descriptions to fuzz particular USB
classes this patch changes the structure of USB descriptions to use
templates.
This will invalidate all existing USB corpus.
|
| | |
|
| |
|
|
| |
This is a special fd, we don't want various ioctls be called on it.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Add functions to protect and unprotect the coverage buffer. The buffer is
protected from being written to while tracing. When the trace data is
sorted we need to make it read/write, but can return it to read only after
this has completed.
Leave the first page as read/write as we need to clear the length field.
|
| |
|
|
|
| |
zx_deadline_after also returns time, not status.
So don't use it as coverage.
|
| |
|
|
|
| |
Add sendmsg$inet, sendmmsg$inet for ip_cmsg_send.
Add sendmsg$inet6, sendmmsg$inet6 for ip6_datagram_send_ctl
|
| |
|
|
| |
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
| |
This patch only covers per call timeouts, per prog one is not adjusted yet.
|
| |
|
|
| |
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
| |
Add support to fuzz 32 bit FreeBSD system calls.
|
| |
|
|
|
|
| |
Simply
make extract TARGETOS=fuchsia SOURCEDIR=<FUCHSIA_DIR>/fuchsia
|
| | |
|
| |
|
|
| |
Otherwise C repros print infinite stream of the same leaks again and again.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Leak checking support was half done and did not really work.
This is heavy-lifting to make it work.
1. Move leak/fault setup into executor.
pkg/host was a wrong place for them because we need then in C repros too.
The pkg/host periodic callback functionality did not work too,
we need it in executor so that we can reuse it in C repros too.
Remove setup/callback functions in pkg/host entirely.
2. Do leak setup/checking in C repros.
The way leak checking is invoked is slightly different from fuzzer,
but much better then no support at all.
At least the checking code is shared.
3. Add Leak option to pkg/csource and -leak flag to syz-prog2c.
4. Don't enalbe leak checking in fuzzer while we are triaging initial corpus.
It's toooo slow.
5. Fix pkg/repro to do something more sane for leak bugs.
Few other minor fixes here and there.
|
| |
|
|
|
| |
Refine some consts to increase changes of correct programs.
Fix some types. Add comments and a test.
|
| |
|
|
|
|
| |
Always pass 3 objects in a transaction.
This allows to specify correct offsets for objects.
Let's see if this improves coverage.
|
| |
|
|
| |
Resolve 2 TODOs in ebtables using the new offsetof type.
|
| |
|
|
|
|
| |
Similar to C offsetof gives offset of a field
from the beginning of the parent struct.
We have several TODOs in descriptions asking for this.
|
| |
|
|
|
|
|
| |
A const can be used as array size. Then if the const is not present
on all arches, compiler will produce an error about 0-sized-array.
There is no easy way to work around this for a user.
Use value of 1 for missing consts. It's just a bit safer.
|
| |
|
|
|
|
|
|
|
| |
Using a build tag to exclude files for golangci-lint
reduces memory consumption (it does not parse them).
The naive attempt with skip-dirs did not work.
So add codeanalysis build tag and use it in auto-generated files.
Update #977
|
| |
|
|
| |
Add few new ioctl's. Add some typedefs for clarity.
|
