| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
When determining whether a patch series is worth fuzzing, consider not
only the hashes of .text symbols, but also the hashes of the global
(static and non-static) variables.
As before, calculate the hashes during build and process them at the
beginning of the fuzz step.
|
| |
|
|
|
| |
When set as env variables, these don't seem to have any effect, but
start to work as indended when passed as explicit make arguments.
|
| |
|
|
|
|
|
|
|
| |
Hash the code section of the individual symbols from vmlinux.o and use
it to determine the functions that changed their bodies between the base
and the patched build.
If the number of affected symbols is reasonable (<5%), fuzz it with the
highest priority.
|
| |
|
|
| |
Update #2297
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is the standard way now.
Since our configuration permits multiple parameter value combinations,
explicitly check for the compiler and linker that were to be passed via
CC and LD, and replace that with LLVM=1 if they were clang and ld.lld
correspondingly.
Update syz-kconf to rely on pkg/build's exported functionality for
generating Linux kernel build arguments.
|
| |
|
|
| |
Record the logs from the build and fuzzing steps.
|
| |
|
|
|
|
| |
This unifies the build() and clean() interfaces such that if a custom
compiler or make binary is provided in the manager or bisection config,
they can be taken into account by the clean() interface.
|
| |
|
|
|
|
| |
Certain environments might need a specific make command or wrap make
calls with extra logic. This lets users provide a path to a custom make
binary.
|
| |
|
|
| |
The latter is a better suitable name.
|
| |
|
|
|
| |
This parameter defines the number of cores dedicated to the kernel build
process. By default, it's equal to the number of available CPUs.
|
| | |
|
| | |
|
| |
|
|
|
| |
The call has quite a lot of fixed arguments, which makes it prone to
errors that do not manifest themselves during compilation (see #3441).
|
| |
|
|
|
|
|
|
|
| |
Unfortunately we don't keep it in targets, so we have to do a
workaround.
Also, previously the existence of a kernel image was used as an
indication of whether the disk image is bootable. Now that we upload it
always, decide depending on the VM type.
|
| |
|
|
| |
This will let it be uploaded to the asset storage.
|
| | |
|
| |
|
|
|
| |
Add this as an option to syz-ci and syz-build tools.
Otherwise we cannot use clang + ld.lld for kernel builds.
|
| |
|
|
|
|
| |
Add ability to trace build process and save debug artefacts.
Add tracing of ELF signature calculation.
Useful for debugging of #2297.
|
| |
|
|
|
| |
Presently Linux doesn't support bzImage/zImage for arm64, but at least
we can use Image.gz.
|
| |
|
|
|
|
|
|
| |
Currently syzkaller leaves an empty CompilerID, when it has failed to
build a kernel. However, in almost all cases this is possible to do.
Query compiler information irregardless of whether the build process
is successful.
|
| |
|
|
|
| |
Detect compiler that was used to build the Linux kernel from
auto-generated header files. This would be the most precise information.
|
| |
|
|
|
|
|
|
|
| |
Modify the `builder` interface in such a way that build method also
returns a struct containing extra information about the build process.
This allows to fetch compiler ID from individual builders. Also, this
makes the `signer` interface obsolete, as this information can also go
into that structure.
|
| |
|
|
|
|
|
|
|
|
| |
The struct pkg.build.Params is currently primarily passed on as a
pointer, which leads make it hard to see the places, where it can
(and should) actually be modified.
Make it all more explicit by only passing pointer references to objects
of this type when the object is expected to be modified by the function.
In fact, at this moment there are no such situations.
|
| |
|
|
|
|
|
|
|
|
| |
Add a new, simpler procedure:
working bootable image is accepted as an input
and we only replace the kernel in it.
This just looks much saner and the right way to do it
(instead of assembling the image from bits and shelling out
to mkfs, fdisk, grub, etc). The new way also works inside of
containers much better.
|
| |
|
|
|
|
| |
We used to use ssh keys, but there are no partiuclar advantages
of using key over empty password. It just makes things more complex.
And the new image building code in pkg/build does not support keys.
|
| | |
|
| |
|
|
|
|
|
|
| |
The way we assemble the image now from userspace files is not reasonable.
Support injected boot for qemu when we just copy image+kernel to output dir.
It makes it much easier to prepare images for other arches.
Since this mode is triggered only when UserspaceDir points to a file
it should not affect any existing users (since it used to be a dir).
|
| |
|
|
|
|
| |
We currently only support native build in pkg/build (does not even pass ARCH).
Move the existing cross-compilation logic from sys/syz-extract/linux.go
and reuse it in both places.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We use strings to identify OS/Arch.
These strings are duplicated throughout the code base massively.
golangci-lint points to possiblity of typos and duplication.
We already had to define these names in pkg/csource
and disable checking for prog package. A future change triggers
such warnings in another package.
Add OS/Arch name consts to sys/targets so that they can be used
to refer to OS/Arch. Use the consts everywhere.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Kernel build runs under sandboxed user, while the rest of the code
runs under root. Sandboxed user does not have access to root files.
Chown all new created files for sandboxed user.
Currently builds fail with:
unable to write 'random state'
writing new private key to 'certs/signing_key.pem'
certs/signing_key.pem: Permission denied
22979106625176:error:0200100D:system library:fopen:Permission
denied:bss_file.c:398:fopen('certs/signing_key.pem','w')
22979106625176:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
certs/Makefile:55: recipe for target 'certs/signing_key.pem' failed
make[1]: *** [certs/signing_key.pem] Error 1
Makefile:1053: recipe for target 'certs' failed
make: *** [certs] Error 2
|
| |
|
|
|
| |
Generating new key for every build causes problems to having
reproducible builds. To avoid this use fixed key.
|
| |
|
|
|
|
| |
Add option to use ccache in kernel builds.
Signed-off-by: Jouni Hogander <jouni.hoegander@partner.bmw.de>
|
| |
|
|
|
|
|
|
| |
Mentions of "// Code generated ... DO NOT EDIT." in these Go files
somehow prevents golangci-lint from checking them.
And github treats them as auto-generated as well.
I guess some code somewhere has some imprecise heuristics.
Move generation into separate shell scripts. Also cleaner.
|
| |
|
|
| |
Signed-off-by: Alexander Egorenkov <Alexander.Egorenkov@ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Use the standard Go convention for Go files:
https://golang.org/pkg/cmd/go/internal/generate
Use github linguish for other files:
https://github.com/github/linguist#generated-code
Both are understood by github and should result
in these files being collapsed in PRs by default.
|
| |
|
|
|
|
|
| |
SHA-1 is insecure. See a representative summary of known attacks here:
https://en.wikipedia.org/wiki/Hash_function_security_summary
Some external build systems warn about sha1 uses and reject to build.
Whitelisting is pain. Switch to sha256.
|
| |
|
|
|
|
| |
We were almost there...
Update #1271
|
| |
|
|
|
| |
There are few more dynamic variables related to kernel release tagging.
Set these to known deterministic values.
|
| |
|
|
|
|
|
| |
Add optional build signature for images, currently only implemented for linux.
This can be used in bisection process to detect changes that does not affect kernel.
Update #1271
|
| |
|
|
|
|
|
| |
Image takes too many arguments, so we need to do lots of forwarding,
adding new argumnets is painful and most OSes are not interested
in lots of arguments.
Combine all arguments into a params struct.
|
| |
|
|
| |
-j flag is weird, make fails on -j=N.
|
| |
|
|
|
|
|
|
|
| |
Kbuild inserts build timestamp into every build.
This makes vmlinux change always even if no present.
Make the build more deterministic.
We plan to use it for detecting no-op changes during bisection.
Update #1271
|
| |
|
|
| |
Remove duplication when calling linux make.
|
| |
|
|
|
|
|
|
|
|
|
| |
Enable the Linux builder for ppc64le.
For ppc64le, we use zImage rather than bzImage as our kernel target. Pass
through the target architecture to buildKernel() so we can pick the right
target based on arch.
Closes: #1084 ("pkg/build: Support building Linux on ppc64le")
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
|
| |
|
|
| |
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
We currently manually call extractRootCause in few selected places
to denote kernel build errors that we want to report to developers.
The rest are considered infra errors that we don't report.
This does not work well. We are missing fuchsia and gvisor build errors.
Treat all external command exection failures as kernel build errors instead.
Let's see how this works in practice.
Also add bazel-specfic error patterns and tests.
|
| |
|
|
|
|
|
| |
1. Implement clean since we do incremental build we actually need no-op clean.
2. Don't copy netbsd to output dir, we don't need it there (we create full-fledged image).
3. Copy netbsd.gdb to obj/ dir, that's where it is expected.
4. Fix boot disk name for gce (it's sd0 instead of wd0).
|
| |
|
|
|
|
|
|
|
|
| |
* pkg/build: share extractRootCause with openbsd
This should get kernel build errors reported in syz-ci console.
* Add a test
* lint
|
| |
|
|
|
| |
os.Rename fails for cross-device renaming (e.g. to/from tmpfs).
This is quite unpleasant. Provide own version that falls back to copying.
|
| |
|
|
|
|
| |
Currently we don't capture kernel config for broken builds
because the config is saved as the last step.
Save it as early as possible.
|
