syz - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	all: move KernelModule into vminfo package	Joey Jiao	2024-07-10	1	-4/+6
\|
*	all: always use KernelModule ptr to unify usage	Joey Jiao	2024-06-17	1	-4/+4
\|
*	syz-manager: remove the beginnings of weighted coverage filter	Dmitry Vyukov	2024-06-05	1	-43/+43
\| \| \| \| \| \| \| \|	The beginnings of the weighted filter were added in 2020, but never materialized. Remove them to simplify code. The weighted filter allows to have uint32 weight for every PC in the filter, but we always use just 0/1 (present/not present).
*	all: adapt all cover and sig to 64bit	Joey Jiao	2024-05-27	1	-31/+31
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Taken some arm64 devices for example: kaslr_offset is diff at bits 12-40, and kernel modules are loaded at 2GB space, so we have `ffffffd342e10000 T _stext` where uppper 32bit is ffffffd3. However, if we check modules range, the 1st module is loaded at 0xffffffd2eeb2a000, while the last module is loaded at 0xffffffd2f42c4000. We can see the upper 32bits are diff for core kernel and modules. If we use current 32bits for covered PC, we will get wrong module address recovered. So we need to move to 64bit cover and signal: - change cover/sig to 64bit to fit for syz-executor change - remove kernel upper base logic as kernel upper base is not a constant when kaslr enabled for core kernel and modules. - remove unused pcBase
*	pkg/cover: move KernelModule from pkg/host	Dmitry Vyukov	2024-05-03	1	-6/+4
\| \| \| \| \| \|	In preparation for pkg/host removal. Nothing in pkg/host uses KernelModule, and pkg/cover is effectively the only user of KernelModule.
*	pkg/cover: don't rename test package	Dmitry Vyukov	2024-05-03	1	-5/+4
\| \| \| \| \|	Test package uses a different package name only in very special cases (e.g. import cycles). No special cases here.
*	all: move fuzzer to the host	Aleksandr Nogikh	2024-03-25	1	-33/+13
\| \| \| \| \| \| \| \| \| \| \| \|	Instead of doing fuzzing in parallel in running VM, make all decisions in the host syz-manager process. Instantiate and keep a fuzzer.Fuzzer object in syz-manager and update the RPC between syz-manager and syz-fuzzer to exchange exact programs to execute and their resulting signal and coverage. To optimize the networking traffic, exchange mostly only the difference between the known max signal and the detected signal.
*	pkg/cover: print a warning and discard coverage if module is invalid	Liz Prucka	2023-08-09	1	-6/+45
\| \| \| \| \| \| \| \|	Addresses https://github.com/google/syzkaller/issues/4078 Does not fix canonicalization when modules change over time, but does unblock fuzzing by avoiding a kernel panic when modules change.
*	pkg/cover, syz-manager: support coverage filtering with modules	Liz Prucka	2023-07-10	1	-0/+57
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Apply module conversion to filter bitmap to support coverage filtering when modules are used. Coverage bitmap is decanonicalized to match each instance's module PCs. This was done by decanonicalizing the map of bitmap PCs before bitmap creation to simplify conversion. I could convert the final bitmap or pass in the canonicalization instance to createCoverageFilter() to prevent this change. The "coverFilter" used by the manager is only used on canonicalized PCs, so it remains unchanged.
*	syz-manager, pkg/cover: normalize signals between VM instances	Liz Prucka	2023-06-12	1	-25/+80
\| \| \| \| \| \| \| \| \| \| \| \| \|	Adjust signal creation in syz-executor so hash is independent of module offsets. This allows for canonicalization of the signal between VMs. Added signals to canonicalization/decanonicalization between instances. Coverts serialized Signal values as they have already been serialized in rpc.go. Added a function in signal.go to update serial signal elements.
*	pkg/cover: disable canonicalization when modules change	Liz Prucka	2023-05-25	1	-68/+64
\| \| \| \| \|	Added a check to make sure instance's modules match the canonical modules. If not, abort fuzzing.
*	syz-manager, pkg/cover: normalize module PCs between VM instances	Liz Prucka	2023-05-02	1	-0/+144
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Created a hash in syz-manager to map between each instance address and a stored canonical address. Translate PC coverage values when receiving inputs from VMs and when sending inputs to each VM. Signal conversion and coverage filtering will be fixed in a future commit. Edit from last (reverted) PR: added a check to confirm fuzzer has been instantiated before canonicalization.
*	all: revert "syz-manager, pkg/cover: normalize module PCs between VM instances"	Aleksandr Nogikh	2023-04-24	1	-144/+0
\| \| \| \| \| \| \| \| \| \| \| \| \|	This reverts commit c778c7f49050c40ff7c5e409d9b2c667483b3fc9. We're getting the following panic: panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x103ffdd] goroutine 44811 [running]: main.(*RPCServer).NewInput(0xc001010bb0, 0xc01d0b60a0, 0x1?) syz-manager/rpc.go:270 +0x2dd
*	syz-manager, pkg/cover: normalize module PCs between VM instances	Liz Prucka	2023-04-24	1	-0/+144
	Created a hash in syz-manager to map between each instance address and a stored canonical address. Translate PC coverage values when receiving inputs from VMs and when sending inputs to each VM. Signal conversion and coverage filtering will be fixed in a future commit.