aboutsummaryrefslogtreecommitdiffstats
path: root/ipc/ipc.go
Commit message (Collapse)AuthorAgeFilesLines
* pkg/ipc: move from ipcDmitry Vyukov2017-06-171-678/+0
|
* pkg/fileutil: move from fileutilDmitry Vyukov2017-06-031-1/+1
|
* all: cleanup executor/ipc status checkingMichael Pratt2017-05-301-13/+13
| | | | | | | | | | This is mostly a cleanup change with little functional change. In ipc.command.exec, remove the status fallback from the pipe to the exit status. Once the executor is serving, it always writes the status over the pipe; anything else is an error. Remove the panic check in syz-stress, which is no longer needed.
* all: add fault injection capabilityDmitry Vyukov2017-05-261-21/+54
| | | | | | | Systematically inject faults during smashing. Requires kernel patch: "fault-inject: support systematic fault injection" (currently in linux-next).
* ipc: fix test buildDmitry Vyukov2017-05-231-8/+16
|
* ipc: allow configuration of executor output buffer sizeMichael Pratt2017-05-191-7/+11
| | | | | | | | | | | If an external sandbox program wraps the executor, it may include much more log output than the standard executor, making 128k of logs insufficient to get full context. Add a flag to allow increasing the size of the buffer. The current buffering mechanism isn't ideal, as it allocates the entire size up front and may include as little as half of the buffer size of output, but it works for now when you just need a bit more space.
* ipc: add an optional 'abort' signalMichael Pratt2017-05-191-41/+82
| | | | | | | | | | | | | If an external sandbox process wraps the executor, it may be helpful to send a signal other than SIGKILL to the sandbox when the program times out or fails to respond. This gives the sandbox the opportunity to emit additional debugging information before exiting. Add an 'abort' signal to ipc, which is sent to the executor before SIGKILL. If the executor fails to exit within 5s, the signal is upgraded to SIGKILL. The default abort signal remains SIGKILL, maintaining existing behavior.
* executor: support wrapping executor with an external sandbox processDmitry Vyukov2017-02-271-21/+36
| | | | | | | | If an external sandbox process wraps executor, the out pipe will be closed before the sandbox process exits this will make ipc package kill the sandbox. As the result sandbox process will exit with exit status 9 instead of the executor exit status (notably kRetryStatus). Consequently, ipc will treat it as hard failure rather than a temporal failure. So we duplicate the exit status on the pipe.
* ipc: print call number on corrupted output regionDmitry Vyukov2017-02-061-2/+2
|
* ipc: fix hangs in debug modeDmitry Vyukov2017-02-011-0/+1
| | | | | exec waits for readDone channel, but it is not closed in debug mode. Close readDone in debug mode.
* all: implement edge coverageDmitry Vyukov2017-01-271-50/+59
| | | | | | | | | | | Currently syzkaller uses per-call basic block (BB) coverage. This change implements edge (not-per-call) coverage. Edge coverage is more detailed than BB coverage as it captures not-taken branches, looping, etc. So it provides better feedback signal. This coverage is now called "signal" throughout the code. BB code coverage is also collected as it is required for visualisation. Not doing per-call coverage reduces corpus ~6-7x (from ~35K to ~5K), this has profound effect on fuzzing efficiency.
* all: spot optimizationsDmitry Vyukov2017-01-201-28/+35
| | | | | | | | | | | | | A bunch of spot optmizations after cpu/memory profiling: 1. Optimize hot-path coverage comparison in fuzzer. 2. Don't allocate and copy serialized program, serialize directly into shmem. 3. Reduce allocations during parsing of output shmem (encoding/binary sucks). 4. Don't allocate and copy coverage arrays, refer directly to the shmem region (we are not going to mutate them). 5. Don't validate programs outside of tests, validation allocates tons of memory. 6. Replace the choose primitive with simpler switches. Choose allocates fullload of memory (for int, func, and everything the func refers). 7. Other minor optimizations.
* ipc: produce more detailed error messagesDmitry Vyukov2016-12-081-14/+38
| | | | | | Always prepend executor PID to error messages, so it is clear what program triggered a bug. Extend coverage parsing error messages.
* executor: don't try to open tun if it's not enabledAndrey Konovalov2016-12-021-0/+1
|
* executor: emit ethernet trafficAndrey Konovalov2016-11-291-1/+3
|
* ipc: improve handling of executor failuresDmitry Vyukov2016-11-291-1/+26
| | | | | | | 1. Logical executor failures were not handled in waitServing. 2. Fuzzer did not distinguish temporal errors and logical errors and always waited for 10 errors before crashing. Fix that.
* ipc: append pid to binary nameDmitry Vyukov2016-11-261-0/+15
| | | | | | | E.g. if binary is 'syz-executor' and pid=15, we create a link from 'syz-executor15' to 'syz-executor' and use 'syz-executor15' as binary. This allows to easily identify program that lead to a crash in the log. Log contains pid in "executing program 15" and crashes usually contain "Comm: syz-executor15".
* ipc, prog, sysgen: format codeDmitry Vyukov2016-11-251-2/+2
|
* sys: add proc type to denote per proccess integersAndrey Konovalov2016-11-251-2/+4
|
* ipc: extend error messagesDmitry Vyukov2016-11-221-2/+2
|
* ipc: read out executor outputDmitry Vyukov2016-08-131-18/+34
| | | | | If executor constantly prints something, it will eventually hang since the pipe will overflow. Read out executor output to prevent the hang.
* executor: revive setuid sandboxDmitry Vyukov2016-07-011-12/+19
| | | | | | | | | | | | | | The new namespace-based sanboxing is good, but it's not always what one wants (and also requires special kernel configs). Change dropprivs config value to sandbox, which can have different values (currently: none, setuid, namespace). Setuid mode uses setuid(nobody) before fuzzing as before. In future we can add more sandboxing modes or, say, extend -sandbox=setuid to -sandbox=setuid:johndoe to impersonolate into given user.
* executor: ignore the case when test process kills loop processDmitry Vyukov2016-03-101-4/+13
| | | | This lead to lots of false positives.
* fuzzer: improve kmemleak logicDmitry Vyukov2016-03-101-1/+1
| | | | | | | | | | | Kmemleak has false positives. To mitigate most of them, it checksums potentially leaked objects, and reports them only on the next scan iff the checksum does not change. Because of that we do the following intricate dance: Scan, sleep, scan again. At this point we can get some leaks. If there are leaks, we sleep and scan again, this can remove false leaks. Then, read kmemleak again. If we get leaks now, then hopefully these are true positives during the previous testing cycle.
* ipc: increase default response timeoutDmitry Vyukov2016-03-101-1/+4
|
* ipc: give executor some time to startupDmitry Vyukov2016-01-271-0/+22
| | | | | | Namespace-based sandbox can take some time to setup. In particular, lots of parallel executors block on net namespace creation.
* ipc: unify command line flag handlingDmitry Vyukov2016-01-271-0/+31
| | | | It was duplicated in 3 programs.
* ipc: remove strace support tracesDmitry Vyukov2016-01-271-32/+3
| | | | | It is not working and not tested, and can't be restored with new namespace sandboxing code.
* executor: new namespace-based sandboxDmitry Vyukov2016-01-221-8/+1
|
* executor: start moving sandboxing code into executorDmitry Vyukov2016-01-201-11/+0
|
* ipc: umount all mounts before removing temp dirsDmitry Vyukov2016-01-111-0/+3
| | | | | This is needed if unshare(CLONE_NEWNS) is not implemented. Otherwise, os.RemoveAll fails.
* ipc: increase timeout in testsDmitry Vyukov2015-12-281-0/+5
| | | | | | IPC timeout must be larger than executor timeout. Otherwise IPC kills parent executor but does not kill child executor.
* add a flag to disable setpgid syscallDmitry Vyukov2015-12-171-5/+8
| | | | It is broken on some of our test systems.
* executor: export syscall execution resultsDmitry Vyukov2015-12-171-2/+11
| | | | Errno can be used to guide fuzzing, or detect not implemented syscalls.
* ipc: fix removal of temp dir if chmod failsDmitry Vyukov2015-12-171-4/+8
|
* sys: automatically add padding to structsDmitry Vyukov2015-12-171-1/+1
|
* ipc: fix potential nil deref in command.closeDmitry Vyukov2015-11-231-4/+7
|
* add various statistics to http interfaceDmitry Vyukov2015-11-191-145/+5
|
* use fork server in executorDmitry Vyukov2015-11-101-2/+237
| | | | | | | | This avoids exec per test. Also allows to pre-map shared memory regions. And will allow to pre-map coverage regions, etc. Seems to work already, but probably there are still some bugs.
* add collide mode to executorDmitry Vyukov2015-11-061-0/+1
| | | | | In this mode we execute pairs of syscalls concurrently to provoke data races in kernel.
* experimental functionality to impersonate nobody user in executorDmitry Vyukov2015-10-201-1/+13
|
* dump executor output directly to console when debugDmitry Vyukov2015-10-201-2/+7
| | | | Otherwise there is no way to see the output if executor hangs dead.
* lkvm supportDmitry Vyukov2015-10-161-0/+4
|
* deduplicate coverare in executorDmitry Vyukov2015-10-131-4/+5
| | | | | This allows to use larger coverage buffer and not overflow output at the same time.
* process covereage in ipc package instead of fuzzerDmitry Vyukov2015-10-131-5/+75
|
* make ipc.Env.Exec accept the program to executeDmitry Vyukov2015-10-131-3/+16
|
* initial commitDmitry Vyukov2015-10-121-0/+222
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 00:13:12 +0000