| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
It seems to explode linux corpus.
So make it freebsd-specific.
|
| |
|
|
|
|
|
| |
Use forkserver and shmem for freebsd.
This greatly improves speed.
Also introduce fallback coverage signal based
on unique (syscall+errno) pairs.
|
| | |
|
| |
|
|
|
|
|
| |
This is mostly copied form linux.
We probably need better support for sharing descriptions
between multiple OSes. But there are lots of differences,
so this is not trivial.
|
| |
|
|
|
|
|
| |
1. remove workaround for pthread attrs (was fixed in akaros)
2. remove workaround for dup2 (was fixed in akaros)
3. check that we receive a program
4. implement timeout for test processes
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently use more complex and functional protocol on linux,
and a simple ad-hoc protocol on other OSes.
This leads to code duplication in both ipc and executor.
Linux supports coverage, shared memory communication and fork server,
which would also be useful for most other OSes.
Unify communication protocol and parametrize it by
(1) use of shmem or only pipes, (2) use of fork server.
This reduces duplication in ipc and executor and will
allow to support the useful features for other OSes easily.
Finally, this fixes akaros support as it currently uses
syz-stress running on host (linux) and executor running on akaros.
|
| |
|
|
| |
Does not work yet, also needs ipc changes.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
pthread_mutex/cond_init should accept NULL attr,
but Akaros crashes with NULL attr:
https://github.com/brho/akaros/issues/40
|
| |
|
|
|
|
| |
We print all other output to stderr, write debug output to stderr as well.
This does not matter for the main use case of running syz-execprog -debug,
but can is helpful if we want to communicate with syz-executor via stdin/stdout.
|
| |
|
|
|
|
|
| |
KCOV comparisons support is in the kernel mm tree already, and the
patch contains an additional uint64_t to store PCs of functions calling
__sanitizer_cov_trace_XXX().
Change kcov_comparison_t accordingly.
|
| | |
|
| | |
|
| |
|
|
| |
writev requires <sys/uio.h>. Include it.
|
| |
|
|
|
|
| |
Executor process does not have any env, including PATH.
On some distributions, system/shell adds a minimal PATH, on some it does not.
Set own standard PATH to make it work across distributions.
|
| |
|
|
| |
For now we just make Go part build for freebsd.
|
| |
|
|
|
|
| |
A recent linux commit "tun: enable napi_gro_frags() for TUN/TAP driver"
added support for fragmentation when emitting packets via tun.
Support this feature in syz_emit_ethernet.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
First, they must be called with stdcall convention.
Second, wrap them in __try/__except because they can crash.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Nothing works, but builds.
Update #191
|
| |
|
|
| |
Update #191
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
We used to generate them only because manager had no idea
what arch it is testing. So syscalls numbers had to match
between all arches.
This is not needed anymore.
Also don't generate unreferenced structs/resources.
|
| |
|
|
|
|
|
| |
Check that manager/fuzzer/executor are build on the same git revision,
use the same syscall descriptions and the same target arch.
Update #336
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Info about targets (like C arch/CFLAGS) is required in multiple places:
extract.sh
syz-extract
syz-sysgen
csource
vm/qemu
...
Consolidate it in one place and use that in syz-sysgen.
|
| |
|
|
|
| |
The correct type is kernel long size, not user-space long size.
We approximate it with uint64.
|
| | |
|
| |
|
|
| |
Fixes #217
|
| | |
|
| |
|
|
|
|
| |
Unfortunately this is sitll needed, see the added comment.
Update #191
|
| | |
|
| |
|
|
|
| |
Now executor is able to read comparisons data from KCOV and write them
to fuzzer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have implemented a new version of KCOV, which is able to dump
comparison operands' data, obtained from Clang's instrumentation hooks
__sanitizer_cov_trace_cmp[1248], __sanitizer_cov_trace_const_cmp[1248]
and __sanitizer_cov_trace_switch.
Current KCOV implementation can work in two modes: "Dump only the PCs"
or "Dump only comparisons' data". Mode selection is done by the
following series of calls:
fd = open(KCOV_PATH, ...); // works as previous
ioctl(fd, KCOV_INIT_TRACE, ...); // works as previous
mmap(fd, ...); // works as previous
ioctl(fd, KCOV_ENABLE, mode);
// mode = KCOV_MODE_TRACE_CMP or mode = KCOV_MODE_TRACE_PC
Note that this new interface is backwards compatible, as old KCOV
devices will just return -EINVAL for the last ioctl. This way we can
distinguish if the KCOV device is able to dump the comparisons.
Main changes in this commit:
1. Fuzzer now checks at startup which type (new/old) of KCOV device
is running.
2. Executor now receives an additional flag, which indicates if
executor should read the comparisons data from KCOV. The flag works on
per-call basis, so executor can collect PCs or Comps for each
individual syscall.
|
| | |
|
| |
|
|
| |
Now pkg/compiler deals with consts.
|
