| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
New measures still does not help against fuzzer producing
fake corrupted coverage.
Try to terminate instantly as we detect bad coverage.
|
| |
|
|
|
| |
Fuzzer manages to corrupt output region and write random coverage again and again.
Do a sanity range check on coverage PCs to filter out invalid ones.
|
| |
|
|
|
| |
Fuzzer manages to corrupt output region and write random coverage again and again.
Randomize output region addr to make it harder.
|
| |
|
|
|
|
|
|
|
| |
gcc8 is stricter when dealing with strings and strncpy and demands that
the size of the actual string to be copied to be explicitly smaller than
the size of the destination, just to make sure the NULL terminator is
taken into considerantion. This patch fixes the issue.
Signed-off-by: Ioana Ciornei <ciorneiioana@gmail.com>
|
| |
|
|
|
| |
Now generated on:
https://source.codeaurora.org/quic/la/kernel/msm-4.9 msm-4.9
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For now other arches are regenerated on upstream tree.
It does not contain a bunch of consts, so we define them to 1 for now.
arm64 consts are left intact.
video4linux.txt is added to "android" files in syz-extract,
so that future make extract runs don't overwrite arm64 consts.
Also fix VIDIOC_G_FBUF argument direction, currently tests crash with:
panic: call ioctl$VIDIOC_G_FBUF: pointer arg 'buffer' has output direction [recovered]
panic: call ioctl$VIDIOC_G_FBUF: pointer arg 'buffer' has output direction
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update #533
As TC(net sched) is a large group, I separate it from socket_netlink_route.txt.
Currently I only implement the framework with two qdisc/tclass/filters.
I will add the others later.
v2: Fix tcm_handle major and minor order. Add tcm_handle_offsets.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| |
|
|
| |
Update #538
|
| |
|
|
|
|
|
|
|
| |
Move generated files to gen subdir. This allows to:
1. Rebuild init.go without rebuilding generated code.
2. Excluding generated files from gometalinter checking.
This makes faster and consume less memory.
Update #538
|
| |
|
|
| |
Update #538
|
| |
|
|
| |
Update #538
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Describe block device ioctls.
Describe sg device ioctls.
Add few more devices.
|
| | |
|
| |
|
|
|
| |
Slightly extend namespace descriptions and move
them to a separate file.
|
| |
|
|
| |
Detect kernel bitness and properly extract coverage on 32-bit kernels.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also fix RTA_MULTIPATH data type. We only need struct rtnexthop,
no need to use array type.
v1 -> v2:
Use uid and sock_port instead of int32/16. Use flags for FRA_PROTOCOL
and FRA_IP_PROTO.
Add type fib_rule_hdr because even though the structure is same with rtmsg.
The table, action and flags values are not same.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| |
|
|
|
|
| |
Check in checkpoint_iptables is not enough as
reset_iptables will fail even if no tables enabled.
Add similar check to reset_iptables.
|
| |
|
|
| |
Images of some filesystems need to be that large (xfs, btrfs, f2fs).
|
| | |
|
| |
|
|
| |
Basic description of i2c from SIL2LinuxMP workshop.
|
| |
|
|
|
|
|
|
| |
Update RTM_GETSTATS PAYLOAD format.
Also fix ipv4_getroute and ipmr_getroute PAYLOAD format.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| |
|
|
|
| |
There is no autodetection yet, but at least bitness
is encapsulated in cover_t type.
|
| | |
|
| |
|
|
|
|
|
|
| |
Bridge device is used for forwarding. Bond/team device is used for
load balance and fail over. So it would make more sense to add two
slave interfaces for these devices.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| |
|
|
|
|
|
| |
RDMA_PS_SDP has been removed since commit 1b90d3002e3ee ("RDMA/CMA: remove
RDMA_PS_SDP")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| |
|
|
| |
Also comment new veth code for future me.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add a veth pair with name bond/team_slave and set their master
to bond0/team0.
Remove veth from devtypes because the cmd `ip link add veth0 type veth`
will actually failed with "RTNETLINK answers: File exists" and no veth
interface created. When create veth device, kernel will create a
pair of veth, so no need to create them one by one.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Create ifindex_team, because TEAM_ATTR_TEAM_IFINDEX must
always point to a team device.
2. Remove output only attributes like team_attr_item_port, TEAM_ATTR_LIST_PORT,
TEAM_ATTR_OPTION_CHANGED.
3. Restructure team_nl_option_policy: we always want TEAM_ATTR_OPTION_NAME/TYPE/DATA
+ optionally TEAM_ATTR_OPTION_ARRAY_INDEX and TEAM_ATTR_OPTION_PORT_IFINDEX.
4. Provide specialized team_nl_option_policy_per_port and team_nl_option_policy_array.
5. Make team_attr_option varlen.
6. Remove unnecessary indirection via team_attr_list_option/team_attr_list_port.
7. Fix data type for bpf_hash_func and lb_tx_hash_to_port_mapping.
|
| | |
|
| |
|
|
| |
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| |
|
|
|
|
| |
Make the required changes to the BSD executor file to interface with
FreeBSD's kernel coverage implementation. This will allow coverage to be
used when running syzkaller on this platform.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now file names become:
string[filename]
with a possibility of using other string features:
stringnoz[filename]
string[filename, CONST_SIZE]
and filename is left as type alias as it is commonly used:
type filename string[filename]
|
| | |
|
| | |
|
| |
|
|
| |
Fixes #552
|
| |
|
|
|
|
|
|
| |
SYS_memfd_create define produces warning in scource
if system headers already contain the definition (we strip all ifdefs!).
The same is true for CLONE_NEWCGROUP but we just never hit it yet.
Also fix format string for 32 bits.
Also fix potential uninit var in csource, and a missing new line.
|
| | |
|
| |
|
|
|
| |
A previous commit included some non-regenerateed files.
Regenerate them now.
|
| |
|
|
|
| |
Our syz syscalls may mishandle errno in some cases
and fail with errno=0. Fix it up.
|
| |
|
|
|
|
|
|
|
|
| |
Turns out creating a cgroup per test is too expensive.
Moreover, it leads to hanged tasks as cgroup destruction
is asynchronous and overloads kernel work queues.
Create only a single cgroup per proc, but restrict
descriptions to mess with that single group,
instead test processes create own nested cgroups for messing.
|
| |
|
|
| |
Update #533
|
| |
|
|
| |
We left entries non-zero, so memcmp always failed.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
It seems that alignment is never present in the nlattr.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fuchsia: Fix the `extractor` tool.
The include path in Zircon has changed; updated syz-extract/fuchsia.go
to include this, and re-ran extract to get updated *.const files.
* fuchsia: Update syzkaller to build with current Fuchsia API.
Fuchsia doesn't have a stable API right now, so alas, this will probably
continue to change until that's nailed down.
But, useful to get this up-to-date at least.
Relevant notes:
* zx_channel_call_finish and _retry aren't technically public; leave
them out until we have a less-cludgy way to expose them
* musl supports setjmp/longjmp but not _setjmp/_longjump
* remove some unsupported syscalls
* update the build invocation
|
