aboutsummaryrefslogtreecommitdiffstats
path: root/executor
Commit message (Collapse)AuthorAgeFilesLines
...
* sys/freebsd: include ioccom.h in pf.txtMichael Tuexen2019-04-301-1/+1
| | | | This is needed for the IORW() macros.
* executor: fix another compiler warningAndrey Konovalov2019-04-251-1/+1
|
* executor: fix compiler warningAndrey Konovalov2019-04-241-2/+2
|
* executor: use NONFAILING in common_usb.hAndrey Konovalov2019-04-231-105/+130
| | | | Also move some code to helper functions.
* executor: adjust waiting time for all usb syzcallsAndrey Konovalov2019-04-232-10/+14
| | | | | | Allow 2000 ms of waiting time for syz_usb_connect and and the same time for the whole program is this syzkall is present. Allow 200 ms of waiting time for syz_usb_disconnect. Remove sleep from syz_usb_control_io.
* sys/freebsd: Add pf ioctl()sKristof Provost2019-04-232-1/+60
| | | | | Tweak the building of the FreeBSD vm image to ensure pf is loaded at startup, so that we can test it.
* Update syscalls (#1116)Marco Vanotti2019-04-222-4/+28
| | | | | | | | | * sys/fuchsia: update all syscalls. This commit modifies all the existing syscalls definitions to match more closely the documentation in the Fuchsia repo. * run make extract && make generate
* sys/linux: add pidfd_send_signalDmitry Vyukov2019-04-122-5/+13
|
* sys/linux: more tty descriptionsDmitry Vyukov2019-04-122-5/+114
|
* sys/linux: add simple io_uring descriptionsDmitry Vyukov2019-04-122-5/+38
| | | | | We don't actually communicate with the uring yet, but this already finds a bunch of bugs.
* all: run make generateAndrey Konovalov2019-04-112-5/+25
|
* all: add basic USB fuzzing supportAndrey Konovalov2019-04-114-3/+484
| | | | | | | | | | | | This commits implements 4 syzcalls: syz_usb_connect, syz_usb_io_control, syz_usb_ep_write and syz_usb_disconnect. Those syzcalls are used to emit USB packets through a custom GadgetFS-like interface (currently exposed at /sys/kernel/debug/usb-fuzzer), which requires special kernel patches. USB fuzzing support is quite basic, as it mostly covers only the USB device enumeration process. Even though the syz_usb_ep_write syzcall does allow to communicate with USB endpoints after the device has been enumerated, no coverage is collected from that code yet.
* all: add optional close_fds feature to reproducersAndrey Konovalov2019-04-093-4/+28
| | | | | | | | Instead of always closing open fds (number 3 to 30) after each program, add an options called EnableCloseFds. It can be passed to syz-execprog, syz-prog2c and syz-stress via the -enable and -disable flags. Set the default value to true. Also minimize C repros over it, except for when repeat is enabled.
* csource: use /*FOO*/ instead of [[FOO]]Andrey Konovalov2019-04-091-13/+10
| | | | The latter differently confuses different versions of clang-format.
* sys/openbsd: add pci descriptionsAnton Lindqvist2019-04-052-1/+5
|
* executor: move syz_execute_func after os imports. (#1107)Marco Vanotti2019-04-031-16/+16
| | | | | | | | | | | | | | | | | This commit moves the definition of the `syz_execute_func` after the block of code that imports all the OS specific common headers. This is required because after commit dfd3394d42ddd333c68cf355273b312da8c65a51 `syz_execute_func` started using the `NONFAILING` macro, which is defined in those header files for each OS. I also ran `make generate`. TEST=I only tested that the executor works for Fuchsia with: ```shell $ make executor TARGETOS=fuchsia TARGETARCH=amd64 SOURCEDIR=~/fuchsia ```
* executor: don't fallthrough in switches in fuchsia (#1103)Marco Vanotti2019-04-031-0/+3
| | | | | | This commit modifies the common_fuchsia.h file changing the behavior of the `syz_future_time function`. Before, the function used to have a switch case that would fallthrough, making it always set the delta_ms to 10000. The fix is to add a `break;` statement after each switch case.
* sys/fuchsia: Remove object_*_cookie syscalls. (#1099)Marco Vanotti2019-04-032-6/+2
| | | | | | | | Those syscalls were removed from Zircon in a recent CL[0]. This commit runs make extract && make generate to update syscalls and fidl interfaces. [0]: https://fuchsia-review.googlesource.com/c/fuchsia/+/249349
* executor: try to prevent machine outbreakDmitry Vyukov2019-04-021-1/+13
| | | | | | | | | The fuzzer gained control over host machines again with something like: syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0d5e57c3c3b7d95a91914e424a2664f0ff065b460f343030062e67660f50e900004681e400000100440fe531feabc4aba39d6c450754ddea420fae9972b571112d02") Let's see if perturbing syz_execute_func a bit and wiping registers will stop the outbreak.
* pkg/compiler: make buffer alias to ptr[array[int8]]Dmitry Vyukov2019-04-011-12/+12
| | | | | | | | | | | Ptr type has special handling of direction (pointers are always input). But buffer type missed this special case all the time. Make buffer less special by aliasing to the ptr[array[int8]] type. As the result buffer type can't have optional trailing "opt" attribute because we don't have such support for templates yet. Change such cases to use ptr type directly. Fixes #1097
* executor: connect tun and bpf devices on OpenBSDAnton Lindqvist2019-04-011-1/+1
|
* sys/openbsd: add common ioctl() commandsAnton Lindqvist2019-04-012-1/+6
|
* sys/openbsd: add bpf descriptionsAnton Lindqvist2019-03-292-1/+26
|
* modifyhoujingyi2019-03-291-5/+5
|
* Sys/linux: Add rdma.txtNoa Osherovich2019-03-272-5/+265
| | | | | | | | | | Initial description of the kernel's RDMA subsystem. This patch covers most of the older write() interface as well as the some ioctl functions. Also disable rdma_cm's ib_qp_type flags as it conflicts with rdma's definition, and rdma builds first. Signed-off-by: Noa Osherovich <noaos@mellanox.com>
* sys/sys-extract: update import path for fuchsia.Marco Vanotti2019-03-271-2/+2
| | | | | | | | | | Apparently, sysroot/include doesn't exist in the build-zircon path anymore. I changed the path in sys-extract to make it point to the exported sdk include path. I also ran make extract and make generate to add new fidl definitions. TEST=ran make extract and make generate.
* sys/linux: move openat to dev_rtc.txtShankara Pailoor2019-03-241-5/+5
| | | | move openat$rtc to rtc_dev and change return type to fd_rtc
* executor: prevent non-null expected warningsDmitry Vyukov2019-03-217-22/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | The added test triggers warnings like these: <stdin>: In function ‘syz_mount_image.constprop’: <stdin>:298:3: error: argument 1 null where non-null expected [-Werror=nonnull] In file included from <stdin>:26:0: /usr/include/x86_64-linux-gnu/sys/stat.h:320:12: note: in a call to function ‘mkdir’ declared here extern int mkdir (const char *__path, __mode_t __mode) ^~~~~ cc1: all warnings being treated as errors <stdin>: In function ‘syz_open_procfs.constprop’: <stdin>:530:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=] <stdin>:85:110: note: in definition of macro ‘NONFAILING’ <stdin>:532:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=] <stdin>:85:110: note: in definition of macro ‘NONFAILING’ <stdin>:534:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=] <stdin>:85:110: note: in definition of macro ‘NONFAILING’ Use volatile for all arguments of syz_ functions to prevent compiler from treating the arguments as constants in reproducers. Popped up during bisection that used a repro that previously worked. Update #501
* executor: update fdio import pathMarco Vanotti2019-03-201-1/+1
| | | | | | | | | | | The Fuchsia team is going to remove the `lib/fdio/util.h` library. They have already moved all the functions to new header files. I have seen that fuchsia uses `fdio_service_connect`, which has been moved to the `lib/fdio/directory.h` header file. This commit just changes the import path in the fuchsia executor, and in the corresponding generated go file (I made that change by running `make generate`).
* sys/linux: disable SYSLOG_ACTION_CLEARDmitry Vyukov2019-03-191-5/+5
| | | | | For context see: https://groups.google.com/d/msg/syzkaller/8nUJCnMfark/y8HOM_vrCQAJ
* sys/linux: restrict SYSLOG_ACTION_CONSOLE_LEVELDmitry Vyukov2019-03-181-5/+5
| | | | | Fuzzer must not mess with console, turn it on/off, change log level, etc. Otherwise it turns off kernel output on console.
* sys/openbsd: add chflags descriptionsAnton Lindqvist2019-03-182-1/+4
|
* sys/linux: Add rfkill description for LinuxAlexander Popov2019-03-182-5/+20
|
* sys/linux: regenerate and fix const filesDmitry Vyukov2019-03-142-5/+81
| | | | | | | | 1. Move fsverity descriptions to a separate file which is not regenerated automatically. It was dropped from linux-next. 2. Fix tlk_device.txt name in syz-extract. 3. Update some socket consts e.g. s/SO_TIMESTAMPING/SO_TIMESTAMPING_OLD/. 4. Regenerate const files on current upstream head.
* pkg/runtest: make tests pass on freebsdDmitry Vyukov2019-03-071-1/+1
| | | | | | The problem is stupid: <endian.h> should be included as <sys/endian.h> on freebsd. Pass actual host OS to executor build as HOSTGOOS and use it to figure out how we should include this header.
* sys/freebsd: avoid mangling syscall namesMark Johnston2019-03-072-21/+22
| | | | | | | | | | | | | | | | | syz-extract was removing certain prefixes from syscall names, but this caused some problems: - freebsd* prefixes are for compatibility syscalls when the syscall ABI has changed. For instance, we have both fstat() and freebsd11_fstat(), and it is desirable to fuzz them both. - Stripping prefixes may leave us with undefined SYS_ constants. This resulted in some test failures in pkg/csource, which emitted code referencing SYS_semctl when it should have been SYS___semctl. Fix the problem by updating syscall descriptions to match the names given by the FreeBSD kernel. Add some new descriptions for compatibility syscalls, fix the mknodat() description (dev_t is now 64 bits wide on FreeBSD), and remove mknod$loop, which appears to be Linux-specific.
* execprog, stress, prog2c: unify flags to enable additional featuresAndrey Konovalov2019-03-053-87/+150
| | | | | | | | | | | This change makes all syz-execprog, syz-prog2c and syz-stress accept -enable and -disable flags to enable or disable additional features (tun, net_dev, net_reset, cgroups and binfmt_misc) instead of having a separate flag for each of them. The default (without any flags) behavior isn't changed: syz-execprog and syz-stress enabled all the features (provided the runtime supports them) and syz-prog2c disables all of them.
* executor: add newline in debug callDmitry Vyukov2019-02-271-1/+1
| | | | debug does not add newlines.
* executor: update syntax for making W+X fuchsia memoryJulia Hansbrough2019-02-272-3/+8
| | | | | | | Fuchsia recently changed such that zx_vmar_map can't be declared executable and writeable at the same time; use a new syscall for this purpose. Also made a few errors more informative.
* sys/fuchsia/fidlgen: update FIDL path & extract new descriptionsJulia Hansbrough2019-02-211-2/+2
| | | | | | | | Garnet-layer FIDL descriptions are in a new subdirectory. This CL changes it to the proper directory, and performed a "make extract" shortly after. This should fix some of the errors on the Syzkaller hub.
* sys/linux: add netlink seg6 descriptionshoujingyi2019-02-212-5/+30
| | | | | | | | | | * Add files via upload * Add files via upload * Add files via upload * Add files via upload
* executor: fix format stringsDmitry Vyukov2019-02-191-2/+2
| | | | clang complains that we pass an int to %hx. Fix it.
* executor: fix detection of blocked callsDmitry Vyukov2019-02-131-2/+1
| | | | | Unfinished calls are always blocked too, so set the blocked flag for unfinished calls.
* hafnium: add basic supportDmitry Vyukov2019-02-122-5/+25
| | | | | | | Add [very] basic support for testing Hafnium: https://hafnium.googlesource.com/hafnium Update #996
* sys/linux: regenerate constsDmitry Vyukov2019-02-122-79/+103
| | | | Regenereate consts on latest linux-next.
* sys/linux: add NDISC packet formats to vnet.txtDan Robertson2019-02-111-5/+5
| | | | Add the basic NDISC (RFC 4861) packet formats to sys/linux/vnet.txt.
* sys/linux: prohibit EXT4_IOC_RESIZE_FSDmitry Vyukov2019-02-082-10/+5
| | | | | | | | | | | | | | | When we run with sandbox=none, test program can do EXT4_IOC_RESIZE_FS which shrinks rootfs basically to 0. This breaks the machine as all tests then fail with: failed to create temp dir: mkdir syzkaller-testdir077269498: no space left on device This is the most common source of "lost connection" crashes overall and they are not actually kernel bugs. Prohibit EXT4_IOC_RESIZE_FS for now. Alternatively we can mount tmpfs with sandbox=none. Update #971
* sys/linux: extend key descriptionsDmitry Vyukov2019-02-072-5/+35
|
* sys/linux: move {i,fa}notify into own filesDmitry Vyukov2019-02-072-7/+81
|
* sys/fuchsia: fix fidlgen issuesMarco Vanotti2019-02-062-94/+82
| | | | | | | | | | | | | | | | | | | | | | | | | * sys/fuchsia: fix fidlgen issues. This change modifies fidlgen removing fuchsia.mediacodec and renaming zircon-ethernet to fuchsia-hardware-ethernet. fuchsia.mediacodec has most of its functionality merged into fuchsia.media and it's not included in the default amd64 builds. zircon-ethernet has been renamed to fuchsia-hardware-ethernet recently: https://fuchsia-review.googlesource.com/c/zircon/+/237178 * docs/fuchsia: Add troubleshooting sections This commit adds a troubleshooting section in the fuchsia syzkaller docs that mentions how to solve fidlgen issues when fidl interfaces are removed or renamed. * sys/fuchsia: remove stale autogenerated files. * sys/fucsia run make extract && make generate.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-13 13:27:07 +0000