aboutsummaryrefslogtreecommitdiffstats
path: root/pkg/csource
Commit message (Collapse)AuthorAgeFilesLines
* pkg/csource: fix build of generated filesDmitry Vyukov2018-01-061-1/+1
| | | | | | | | | On another machine both clang and gcc produce: test.c:163:32: error: invalid suffix "+procid" on integer constant *(uint32_t*)0x20001004 = 0x25dfdbfe+procid*4; Not sure why this wasn't caught on buildbot.
* pkg/csource: tidy up generated code a bitDmitry Vyukov2017-12-272-16/+26
| | | | | | | Remove dup newlines around includes. Makes int values shorter if not hurting readability. Increase line len to 80. Remove {} when not needed during copyout.
* executor: introduce uint64/32/16/8 typesDmitry Vyukov2017-12-275-165/+187
| | | | | | | | | | | | | | | The "define uint64_t unsigned long long" were too good to work. With a different toolchain I am getting: cstdint:69:11: error: expected unqualified-id using ::uint64_t; ^ executor/common.h:34:18: note: expanded from macro 'uint64_t' Do it the proper way: introduce uint64/32/16/8 types and use them. pkg/csource then does s/uint64/uint64_t/ to not clutter code with additional typedefs.
* executor: fix another format bugDmitry Vyukov2017-12-271-1/+1
| | | | Detected only by clang.
* pkg/csource: add top-level repeat loopDmitry Vyukov2017-12-271-16/+28
| | | | | | | | Even if all 3 levels of processes in executor exit, execprog will still recreate them. Model the same in csource. This matters when the inner process kills loop and then everything stops.
* pkg/csource: simplify generated codeDmitry Vyukov2017-12-271-5/+3
| | | | We already have procid variable, no need to introduce i.
* executor: check format stringsDmitry Vyukov2017-12-275-35/+40
| | | | | | | | | | | | | | | | | | | I see a crash which says: #0: too much cover 0 (errno 0) while the code is: uint64_t n = ...; if (n >= kCoverSize) fail("#%d: too much cover %u", th->id, n); It seems that the high part of n is set, but we don't see it. Add printf format attribute to fail and friends and fix all similar cases. Caught a bunch of similar cases and a missing argument in: exitf("opendir(%s) failed due to NOFILE, exiting");
* pkg/csource: mimic the way syscalls are scheduled in executorDmitry Vyukov2017-12-222-22/+70
| | | | | | | | Currently csource uses completely different, simpler way of scheduling syscalls onto threads (thread per call with random sleeps). Mimic the way calls are scheduled in executor. Fixes #312
* executor: remove dead codeDmitry Vyukov2017-12-221-2/+0
| | | | doexit already contains an infinite loop.
* pkg/csource: fix handling of proc typesDmitry Vyukov2017-12-222-18/+37
| | | | | | | | | | Generated program always uses pid=0 even when there are multiple processes. Make each process use own pid. Unfortunately required to do quite significant changes to prog, because the current format only supported fixed pid. Fixes #490
* pkg/csource: limit thread stacksDmitry Vyukov2017-12-221-2/+5
| | | | | | | | | We always set RLIMIT_AS to 128MB. I've debugged a program with 21 syscalls. With collide it creates 42 threads. With default stack size of 8MB this requires: 42*8 = 336MB. Thread creation fails and nothing works. Limit thread stacks the same way executor does. Fixes #488
* pkg/csource: fix string escaping bugDmitry Vyukov2017-12-221-0/+2
|
* pkg/csource: make strings more readableDmitry Vyukov2017-12-171-11/+56
| | | | | If string contains a file name or a crypto alg name, don't escape it all to hex.
* prog: use dense indexes for copyout instructionsDmitry Vyukov2017-12-171-13/+42
| | | | Fixes #174
* prog: add DeserializeExecDmitry Vyukov2017-12-171-124/+77
| | | | | | | | | Factor out program parsing from pkg/csource. csource code that parses program and at the same time formats output is very messy and complex. New aproach also allows to understand e.g. when a call has copyout instructions which is useful for better C source output.
* pkg/csource: refactorDmitry Vyukov2017-12-174-179/+230
| | | | | | | csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
* sys: move test syscalls to a separate targetDmitry Vyukov2017-12-172-7/+3
| | | | | | We have them in linux solely for historical reasons. Fixes #462
* executor: fix macros in common.hAndrey Konovalov2017-12-144-12/+16
|
* executor: fix buildDmitry Vyukov2017-12-064-16/+34
| | | | | | exitf function was not defined with some combinations of options in csource. Fix defines and switch exitf back to fail, fail already checks ENOMEM/EAGAIN, so there is no reason to use exitf in this particular case.
* sys/linux: open files from /procDmitry Vyukov2017-11-271-8/+28
|
* sys/syz-extract: fix mmap on armDmitry Vyukov2017-11-231-1/+1
| | | | | | | __NR_mmap is missing on arm entirely, so we disable mmap during generate. Patch mmap to mmap2 right in syz-extract, so that mmap is never missing.
* pkg/csource: add function to parse serialized optionsDmitry Vyukov2017-11-174-105/+215
| | | | | Also move options and options tests into a separate file, add serialization function.
* pkg/osutil: don't leace runaway processesDmitry Vyukov2017-11-161-4/+5
| | | | | | When manager is stopped there are sometimes runaway qemu processes still running. Set PDEATHSIG for all subprocesses. We never need child processes outliving parents.
* executor: proceed even if /dev/net/tun is not availableAndrey Konovalov2017-11-081-2/+12
| | | | | | | | | For some racy bugs syzkaller can generate a C reproducer with tun enabled, when it's not actuallly required to trigger the bug. Some kernel developers (that don't have CONFIG_TUN=y on their setups) complain about such C repros. When tun is not available, instead of exiting, print a message that tun initialization failed and proceed.
* csource: Fix sed(1) invocationzoulasc2017-11-061-4/+4
| | | | | | | | There is no need to specify '-' as the filename for sed(1): - The default behavior is to read stdin - It was not done in all places - It breaks on NetBSD sed(1) (although I am tempted to fix it now :-) and it does not work
* pkg/csource: add freebsd/netbsd supportDmitry Vyukov2017-10-264-0/+652
|
* executor: fix build breakages due to doexitDmitry Vyukov2017-10-192-6/+21
| | | | | Some standard libraries contain "using ::exit;", which breaks with the current redefinition of exit.
* executor: fix akaros nonfailing modeDmitry Vyukov2017-10-161-1/+9
|
* executor, pkg/ipc: unify ipc protocol between linux and other OSesDmitry Vyukov2017-10-163-12/+17
| | | | | | | | | | | | | | | | | We currently use more complex and functional protocol on linux, and a simple ad-hoc protocol on other OSes. This leads to code duplication in both ipc and executor. Linux supports coverage, shared memory communication and fork server, which would also be useful for most other OSes. Unify communication protocol and parametrize it by (1) use of shmem or only pipes, (2) use of fork server. This reduces duplication in ipc and executor and will allow to support the useful features for other OSes easily. Finally, this fixes akaros support as it currently uses syz-stress running on host (linux) and executor running on akaros.
* pkg/csource: support akarosDmitry Vyukov2017-10-164-123/+548
|
* executor: write debug output to stderrDmitry Vyukov2017-10-161-2/+2
| | | | | | We print all other output to stderr, write debug output to stderr as well. This does not matter for the main use case of running syz-execprog -debug, but can is helpful if we want to communicate with syz-executor via stdin/stdout.
* pkg/ipc: don't send program padding to executorDmitry Vyukov2017-10-121-1/+1
| | | | | | Currently we always send 2MB of data to executor in ipc_simple.go. Send only what's consumed by the program, and don't send the trailing zeros. Serialized programs usually take only few KBs.
* executor: include missing headerDmitry Vyukov2017-10-101-3/+6
| | | | writev requires <sys/uio.h>. Include it.
* all: basic freebsd supportDmitry Vyukov2017-10-021-0/+3
| | | | For now we just make Go part build for freebsd.
* executor: support fragmentation in syz_emit_ethernetDmitry Vyukov2017-10-021-16/+67
| | | | | | A recent linux commit "tun: enable napi_gro_frags() for TUN/TAP driver" added support for fragmentation when emitting packets via tun. Support this feature in syz_emit_ethernet.
* executor: fix execution of windows syscallsDmitry Vyukov2017-09-271-1/+6
| | | | | First, they must be called with stdcall convention. Second, wrap them in __try/__except because they can crash.
* executor, sys/windows: initial windows supportDmitry Vyukov2017-09-252-56/+63
|
* pkg/csource: disable linux/386 testsDmitry Vyukov2017-09-221-0/+5
| | | | Another attempt to fix travis build.
* all: more assorted fuchsia supportDmitry Vyukov2017-09-223-148/+153
|
* sys/targets: move targets from sys packageDmitry Vyukov2017-09-151-3/+3
| | | | | | | This breaks circular dependency between: sysgen -> sys/linux -> sys -> sysgen With this circular dependency it is very difficult to update format of generated descriptions because sysgen does not build.
* pkg/csource: support archs other than x86_64Dmitry Vyukov2017-09-152-24/+68
|
* prog: remove default target and all global stateDmitry Vyukov2017-09-152-15/+15
| | | | | | Now each prog function accepts the desired target explicitly. No global, implicit state involved. This is much cleaner and allows cross-OS/arch testing, etc.
* syz-manager/mgrconfig: explicitly specify target in configDmitry Vyukov2017-09-151-0/+5
| | | | | Add target config parameter (e.g. linux/amd64) which controls target OS/arch. No more explicit assumptions about target.
* prog, sys: move types to progDmitry Vyukov2017-09-052-2/+3
| | | | | | | | | | | Large overhaul moves syscalls and arg types from sys to prog. Sys package now depends on prog and contains only generated descriptions of syscalls. Introduce prog.Target type that encapsulates all targer properties, like syscall list, ptr/page size, etc. Also moves OS-dependent pieces like mmap call generation from prog to sys. Update #191
* sys: rename Call to SyscallDmitry Vyukov2017-09-051-1/+1
| | | | | In preparation for moving sys types to prog to avoid confusion between sys.Call and prog.Call.
* pkg/compiler: check and generate typesDmitry Vyukov2017-09-021-5/+6
| | | | | | Move most of the logic from sysgen to pkg/compiler. Update #217
* sys, prog: switch values to to uint64Dmitry Vyukov2017-08-191-5/+5
| | | | | | | | | | We currently use uintptr for all values. This won't work for 32-bit archs. Moreover in some cases we use uintptr but assume that it is always 64-bits (e.g. in encodingexec). Switch everything to uint64. Update #324
* pkg/repro: fix invalid options minimizationDmitry Vyukov2017-08-092-6/+15
| | | | | | | | | | | Repro can generate Sandbox="namespace"/UseTmpDir=false. This combination is broken for two reasons: - on second and subsequent executions of the program, it fails to create syz-tmp dir - with Procs>1, it fails right away, because all procs try to create syz-tmp dir Don't generate such combination.
* pkg/csource, pkg/repro: filter out invalid options combinationsDmitry Vyukov2017-08-092-2/+25
| | | | | | | | | We currently have 2 invalid options combinations: - collide without threads - procs>1 without repeat They are invalid in the sense that result of csource.Write is the same for them. Filter out these combinations. This cuts csource testing time in half and reduces repro minimization time.
* executor: sandbox with RLIMIT_MEMLOCKDmitry Vyukov2017-08-081-0/+2
| | | | | | | Locking memory is a reasonably legitimate local DoS vector. E.g. bpf maps allow allocation of large chunks of kernel memory without RLIMIT_MEMLOCK, which leads to hangups. Set RLIMIT_MEMLOCK=8MB in executor.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 17:32:29 +0000