| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Go support is not a priority for Fuchsia at the moment, so it's
preferable to use host fuzzing mode for Fuchsia like currently done
for Akaros.
This commit basically looks for all the places where there was special
logic for OS=="akaros" and extends the same logic for OS=="fuchsia".
|
| | |
|
| |
|
|
|
|
| |
bNumEndpoints is defined as len[endpoints]. This initially assumed that
endpoints is an array, which is not the case for descriptions for
particular USB classes. Improve it by defining a new template for interfaces
and passing in a value range for bNumEndpoints for these cases.
|
| | |
|
| |
|
|
| |
CDC NCM support is incomplete, as it requires support for describing multiples
interfaces per configuration.
|
| |
|
|
|
| |
They should either contain a lang id or a string.
Do some other minor fixes as well.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
syz_open_dev$char_usb opens char devices with major = USB_MAJOR.
Sanitize its values to make sure it doesn't open other char/block devices.
|
| | |
|
| |
|
| |
Also simplify timeout related code a bit.
|
| |
|
| |
Also put USB HID descriptions together.
|
| |
|
| |
Remove long items and better specify tags.
|
| |
|
|
|
|
|
|
|
| |
Update socket timeval, timestamp options and flags.
v2: separate SO_{TIMESTAMP, TIMESTAMPNS}_{OLD, NEW} as they only need
enable/disable option value.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| |
|
|
|
|
|
|
| |
Default value for ProcType is 0 (same for all PID's).
Usually 0 either does not make sense at all or make different PIDs collide
(since we use ProcType to separate value ranges for different PIDs).
So don't change ProcType to 0 unless the type is explicitly marked as opt
(in that case we will also generate 0 anyway).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sys/linux: extract USB HID ids
As it turns out the HID kernel subsystem registers only one USB driver that
checks that the interface of the connected device has HID class and then looks
up its own list of vendor/device ids to find a matching driver. This means
that we currently don't generate proper vendor/device ids for USB HID devices.
This patch updates the syz-usbgen tool to also extract USB HID vendor/device
ids from a running kernel and makes the generated descriptions for HID devices
to be patched using the extracted ids.
This patch also contains some minor improvements to USB descriptions
(better HID descriptions and more replies for some USB classes/drivers).
* sys/linux: run make generate
|
| |
|
|
|
|
| |
Currently we use AT_FDCWD as a special value for all file descriptors,
but it does not make sense for almost all of them (sockets, bpf, etc).
Use it as a special value only for fd_dir.
|
| |
|
|
|
|
|
|
|
|
| |
A process with CAP_SYS_NICE can bring kernel down by asking for too high SCHED_DEADLINE priority,
as the result rcu and other system services that use kernel threads will stop functioning.
Some parameters for SCHED_DEADLINE should be OK, but we don't have means to enforce
values of indirect syscall arguments. Peter Zijlstra proposed sysctl_deadline_period_{min,max}
which could be used to enfore safe limits without droppping CAP_SYS_NICE, but we don't have it yet.
See the following bug for details:
https://groups.google.com/forum/#!topic/syzkaller-bugs/G6Wl_PKPIWI
|
| |
|
|
| |
Today we have means to properly describe parent size.
|
| |
|
|
|
|
| |
We only drop CAP_SYS_PTRACE for sandbox=namespace,
but it can equally affect testing with sandbox=none.
Drop it for sandbox=none, add a test.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* sys/fuchsia: update zx_clock_get.
zx_clock_get was deprecated and replaced by zx_clock_get_new. In a
recent CL[0], they replaced the zx_clock_get by zx_clock_get_new and
moved all client. This commit updates syzkaller to use the new function.
[0]: https://fuchsia-review.googlesource.com/c/fuchsia/+/298575
* run make extract && make generate
|
| | |
|
| |
|
|
|
| |
1. Change HID descriptions to allow devices to have two interrupt endpoints.
2. Remove unneeded responses to OUT control requests from descriptions.
3. Add some debugging code to detect and report missing descriptions.
|
| |
|
|
|
|
|
|
| |
The fs-verity API was redesigned, and we're planning to re-add the
fs-verity patches to linux-next soon. Get the syzkaller descriptions up
to date with the new API [1]
[1] https://lkml.kernel.org/linux-fsdevel/20190701153237.1777-4-ebiggers@kernel.org
|
| |
|
|
| |
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update descriptions to be compatible with latest linux-next
(next-20190715), which in theory will match v5.3-rc1 when the merge
window closes.
- KEYCTL_GRANT_PERMISSION was reverted. So remove its description.
- CRYPTO_ALG_TYPE_DIGEST was removed. So remove its description.
- IB_QP_CREATE_SIGNATURE_EN was renamed to IB_QP_CREATE_INTEGRITY_EN.
Also remove the sys/linux/rdma_*.const files which were incorrectly
checked into git. The real copies of those files are in
sys/linux/dev_infiniband_rdma_*.const.
For now I did *not* check for other new APIs that need to be described.
|
| |
|
|
|
|
|
|
| |
- Add KEYCTL_MOVE (new in v5.3)
- Add KEYCTL_CAPABILITIES (new in v5.3)
- Add KEYCTL_GRANT_PERMISSION (new in v5.3)
- Remove KEY_PERM_UNDEF (was only ever in an internal kernel header,
not in UAPI; removed in v5.3)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Initial Commit
* working build of network packet fuzzing
* Add missed csource file
* pkg/csource: fix build
* executor/common_bsd.h: Add comment stating reason for ifconfig create
|
| |
|
|
|
| |
We might not have any string descriptors provided at all, use a hardcoded
string in this case.
|
| |
|
|
|
| |
The kernel API has changed and now differentiates between IN and OUT
control requests.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* sys/linux: fix floppy description
Fix typo in the FDGETPRM ioctl.
* sys/linux: extract && generate for floppy
Signed-off-by: Denis Efremov <efremov@linux.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On OpenBSD, the executor sometimes manages to set the memory resource
limit 0 causing any following memory allocation to fail. Since threads
are potentially created from such a thread which cannot allocate any
memory, the executor will exit non-zero which in turn will cause
false-positive panics to be reported. For more info see the
discussion[1] in PR #1243.
Instead, if hitting a fatal error during thread creation exit zero.
[1] https://github.com/google/syzkaller/pull/1243
|
| | |
|
| |
|
|
| |
syz_usb_ep_read reads data from USB endpoints other than #0.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sys/netbsd: Adding more syscalls
* Added lwp create structures
* Added a few lwp flags
* completed _lwp* syscalls
* add clone syscall
* fix errors, recheck arguments
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Kernel get mpls lable like
```
unsigned entry = be32_to_cpu(hdr->label_stack_entry);
result.label = (entry & MPLS_LS_LABEL_MASK) >> MPLS_LS_LABEL_SHIFT;
```
So we just need to store the label in big endian order.
For mpls rta types, kernel accpet only one lable for RTA_DST and
multi labels for RTA_NEWDST.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
This commit adds the necessary descriptions and executor adjustments to
enable targeted fuzzing of the enumeration process of USB HID devices.
|
| |
|
|
| |
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
| |
FreeBSD uses in sockaddr_{in,in6,un} structures a length field.
|
