| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* FreeBSD: Fix make extract.
A header was missing...
* FreeBSD: Fix make extract
Changes in generated files.
|
| |
|
|
| |
Suggested by Dmitry Vyukov.
|
| | |
|
| |
|
|
|
| |
Fix the compilation on FreeBSD when not supporting the tun
interface.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes two issues related to the task syscalls.
The zx_task_resume syscall has been recently removed from zircon[0]. It
has been deprecated for some time already. This commit removes the
syscall.
The `ZX_EXCEPTION_PORT_UNBIND_QUIETLY` option for the syscall
`zx_task_bind_exception_port` has been removed recently as well[1]. This
commit removes that option from tasks.txt.
To test this change, I followed the procedure for building syzkaller for
fuchsia:
```shell
$ make extract TARGETOS=fuchsia SOURCEDIR=${FUCHSIADIR}
$ make generate
$ make TARGETOS=fuchsia TARGETARCH=amd64 SOURCEDIR=${FUCHSIADIR}
```
I excluded the changes from make extract. This commit only has the
generated files from make generate.
[0]: https://fuchsia-review.googlesource.com/c/zircon/+/228712
[1]: https://fuchsia-review.googlesource.com/c/zircon/+/228658
|
| | |
|
| | |
|
| |
|
|
| |
The include statement for endian.h failed on FreeBSD. Changed include statement to syz/endian.h for FreeBSD.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sys/fuchsia: update vmar syscalls.
In a previous zircon commit[0], the vmar related syscalls (like
`zx_vmar_map`, `zx_vmar_protect` and `zx_vmar_allocate`) changed the
order of their parameters, making putting the flags parameter as the
second parameter, and renaming it to "options".
This commit modifies vmars.txt so that it reflects the latest state of
the syscalls in zircon. I also modified the usage in
`executor/common_fuchsia.h`
I ran make extract, make generate and compiled syzkaller to test this
change.
[0]: https://fuchsia-review.googlesource.com/c/zircon/+/168060
* sys/fuchsia run make generate
This commit is just the result of running make generate after its
parent. This regenerates the definitions for the modified VMAR syscalls.
|
| |
|
|
|
|
|
| |
This commit is just a run of make extract + make generate with an up to
date fuchsia tree. This commit only updates the fidl definitions, there
are some other syscalls that had changed and need to be manually updated
(that will come in a future commit).
|
| | |
|
| |
|
|
| |
Use the new vma64 now that we have it.
|
| | |
|
| | |
|
| |
|
|
| |
Use one syscall per command, refine arguments, etc.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Squash of:
* Doc typo
* Ported some tun related functions.
* Copy vnet.txt from linux to openbsd.
* Simplified syz_emit_ethernet and stubbed out vnet.txt.
* Undo clang-format header sorting: headers are order sensitive.
* Uniquify tap devices by pid.
* clang-format off for includes
* Happier clang-format.
* Partially revert "Uniquify tap devices by pid."
Just rely on procid magic instead of getting it from a flag.
|
| |
|
|
| |
definition in linux to make trace2syz generation simpler
|
| |
|
|
|
|
| |
Create planar and non-planar vivid devices.
Create each for each test process.
Add swradio/radio/vbi/cec media devices.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Trusty is a set of software components supporting
a Trusted Execution Environment (TEE) on mobile devices.
https://source.android.com/security/trusty
Add syscall descriptions and some boilerplate.
|
| |
|
|
|
| |
We use GOOS now to figure out target arch
(which can be different from host arch).
|
| | |
|
| | |
|
| |
|
|
| |
Fixes #783
|
| |
|
|
|
|
|
| |
1. Extract consts on the latest linux tree.
2. Don't manually define O_TMPFILE/O_ACCMODE/_LINUX_CAPABILITY_VERSION_N,
they are defined in kernel headers.
3. Don't use CLOCK_SGI_CYCLE as clock id, it's not implemented.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* sys/openbsd: added minherit, extended/simplified mmap.
Added a script from anton_at_openbsd.org for regenerating syscalls.
Generated by ksh ./sys/openbsd/extract-openbsd.sh
* Undo whitespace change not passing on CI
* No need for magic script.
|
| | |
|
| |
|
|
| |
Fix copy-paste error.
|
| |
|
|
| |
Also remove the second syscall for opening of /dev/fd*.
|
| |
|
|
|
| |
CPU argument can be -1.
It makes sense to mmap perf fd.
|
| |
|
|
|
|
|
|
| |
The latest Linux kernel misses some arch-specific headers on some archs:
asm/a.out.h
asm/prctl.h
asm/mce.h
Support that.
|
| |
|
|
|
|
|
|
|
|
| |
For floppy fuzzing you need to enable:
1) CONFIG_BLK_DEV_FD in your kernel configuration
2) "cmdline": " -fda FLOPPY.img " in syzkaller configuration
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Alexander Popov <alex.popov@linux.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently when we get target consts with target.ConstMap["name"]
during target initialization, we just get 0 for missing consts.
This is error-prone as we can mis-type a const, or a const may
be undefined only on some archs (as we have common unix code
shared between several OSes).
Check that all the consts are actually defined.
The check detects several violations, to fix them:
1. move mremap to linux as it's only defined on linux
2. move S_IFMT to openbsd, as it's only defined and used on openbsd
3. define missing MAP_ANONYMOUS for freebsd and netbsd
4. fix extract for netbsd
|
| |
|
|
|
|
|
| |
FAN_OPEN_PERM and FAN_ACCESS_PERM require the program to reply to open requests.
If that does not happen, the program will hang in an unkillable state forever.
See the following bug for details:
https://groups.google.com/d/msg/syzkaller-bugs/pD-vbqJu6U0/kGH30p3lBgAJ
|
| |
|
|
|
|
|
|
|
|
|
| |
My test harness for this code performed some steps that are not
performed when syz-executor is invoked directy.
Specifcally, we need to operate from a directory under /data/data,
and have the correct UID/GID set as the owner of the directory.
My test harness now correctly sets these, all sandbox operations
succeed, and loop() is invoked.
|
| |
|
|
|
| |
zx_task_resume() is deprecated; switch to using
zx_task_resume_from_exception() instead.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The current memcg container seems to lead to lots of hangs/stalls.
Presumably the problem is with oom_score_adj and KASAN.
Executor process tree eats all memory and then the leaf process is killed
but the memory is not returned to memcg due to KASAN quarantine;
and the parent processes are protected from killing with oom_score_adj=-1000.
As the result the kernel locks up.
1. Don't use oom_score_adj=-1000. Instead bump leaf process score to 1000 (kill always).
2. Increase size of memcg to be larger than expected KASAN quarantine size.
|
| |
|
|
|
| |
The Syzkaller IR upstream has been updated, so we can properly update
consts/fidl descriptions now.
|
| |
|
|
|
|
|
| |
This sucks a lot, but ebtables.h is now broken too on Debian 4.17:
ebtables.h: In function ‘ebt_entry_target* ebt_get_target(ebt_entry*)’:
ebtables.h:197:19: error: invalid conversion from ‘void*’ to ‘ebt_entry_target*’
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes race conditions are reproduced by syz-execprog and are not
reproduced by the programs generated with syz-prog2c. In such cases
it's very helpful to know when exactly the fuzzing syscalls are executed.
Unfortunately, adding timestamps to the output of the original 'debug'
mode doesn't work. This mode provides very verbose output, which slows
down executor and breaks the repro.
So let's make the executor debug output less verbose and add
the timestamps.
Signed-off-by: Alexander Popov <alex.popov@linux.com>
|
| |
|
|
| |
Add descriptions for /proc/self/attr/* and known lsm file xattrs.
|
