| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
Unfortunately this is sitll needed, see the added comment.
Update #191
|
| | |
|
| |
|
|
|
| |
Now executor is able to read comparisons data from KCOV and write them
to fuzzer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have implemented a new version of KCOV, which is able to dump
comparison operands' data, obtained from Clang's instrumentation hooks
__sanitizer_cov_trace_cmp[1248], __sanitizer_cov_trace_const_cmp[1248]
and __sanitizer_cov_trace_switch.
Current KCOV implementation can work in two modes: "Dump only the PCs"
or "Dump only comparisons' data". Mode selection is done by the
following series of calls:
fd = open(KCOV_PATH, ...); // works as previous
ioctl(fd, KCOV_INIT_TRACE, ...); // works as previous
mmap(fd, ...); // works as previous
ioctl(fd, KCOV_ENABLE, mode);
// mode = KCOV_MODE_TRACE_CMP or mode = KCOV_MODE_TRACE_PC
Note that this new interface is backwards compatible, as old KCOV
devices will just return -EINVAL for the last ioctl. This way we can
distinguish if the KCOV device is able to dump the comparisons.
Main changes in this commit:
1. Fuzzer now checks at startup which type (new/old) of KCOV device
is running.
2. Executor now receives an additional flag, which indicates if
executor should read the comparisons data from KCOV. The flag works on
per-call basis, so executor can collect PCs or Comps for each
individual syscall.
|
| | |
|
| |
|
|
| |
Now pkg/compiler deals with consts.
|
| | |
|
| |
|
|
| |
Update #191
|
| |
|
|
|
|
|
| |
Not tested, but const extraction and build works.
Update #324
Update #191
|
| |
|
|
|
| |
Update #211
Update #310
|
| |
|
|
| |
Update #211
|
| |
|
|
|
|
|
| |
Locking memory is a reasonably legitimate local DoS vector.
E.g. bpf maps allow allocation of large chunks of kernel memory
without RLIMIT_MEMLOCK, which leads to hangups.
Set RLIMIT_MEMLOCK=8MB in executor.
|
| |
|
|
|
|
| |
ResultArg might have const value.
Also add a test.
|
| | |
|
| |
|
|
|
|
| |
We can't know the exact values of those sleeps in advance, they can be
different for different bugs. Making them random increases the chance that
the C repro executes with the right timings at some point.
|
| |
|
|
|
|
|
|
| |
When syzkaller generates arg that uses a few structs that reference each
other via pointers, it can go into infinite recursion and crash.
Fix this by forcing pointer args to be null when the depth of recursion
reaches 3 for some struct.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Port console to Darwin
* Get syz-executor to build correctly
* Do not export unix and syscall constants
* Add presubmit test
* Add myself to contributors
|
| |
|
|
|
|
| |
Add ioctl$sock_SIOCETHTOOL and ETHTOOL structures defined in uapi/linux/ethtool.h
http://elixir.free-electrons.com/linux/latest/source/include/uapi/linux/ethtool.h
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
A single check is enabled for now (misc-definitions-in-headers).
But it's always fixable and found 2 bugs in csource.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to have all generated files checked in.
Later we removed them (now users are supposed to
run make to generate them). This causes several
problems:
- go get does not work as it tries to build everything
straight away (go get -d works, but users are confused)
- users don't run make and complain that build is broken
- users don't re-run make after updates and complain that
build is broken
- hard to integrate into other build system (even if they
support building Go, they don't support running sysgen
out-of-the-box)
Fixes #216
|
| |\
| |
| | |
executor: add sys/sysmacros.h include for makedev in newer gcc
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Stack usage warning currently breaks our internal build (with 16K frame limit).
Executor uses stacks of limited size, that's another reason to not
allow frames of arbitrary size.
Limit stack frame size to 8K.
Reduce tun packet size. We don't need to read out whole packet.
|
| |
|
|
|
|
|
|
|
|
| |
This is mostly a cleanup change with little functional change.
In ipc.command.exec, remove the status fallback from the pipe to the
exit status. Once the executor is serving, it always writes the status
over the pipe; anything else is an error.
Remove the panic check in syz-stress, which is no longer needed.
|
