aboutsummaryrefslogtreecommitdiffstats
path: root/pkg/csource
Commit message (Collapse)AuthorAgeFilesLines
* executor: fix format stringsDmitry Vyukov2019-02-191-2/+2
| | | | clang complains that we pass an int to %hx. Fix it.
* pkg/host: don't fail if CONFIG_FAIL_FUTEX is not enabledDmitry Vyukov2019-02-111-0/+4
| | | | | | See #991 and added comments. Fixes #991
* executor: add missing includeDmitry Vyukov2019-02-011-0/+1
| | | | thread_start now uses errno, so include <errno.h>
* executor, pkg/ipc: simplify retry handlingDmitry Vyukov2019-01-311-2/+3
| | | | | | Remove kRetryStatus, it's effectively the same as exiting with 0. Remove ipc.ExecutorFailure, nobody uses it. Simplify few other minor things around exit status handling.
* executor: remove ability to detect kernel bugsDmitry Vyukov2019-01-312-3/+0
| | | | | | | | This ability was never used but we maintain a bunch of code for it. syzkaller also recently learned to spoof this error code with some ptrace magic (probably intercepted control flow again and exploited executor binary). Drop all of it.
* sys/test/test: add tests for test exiting in the middle of executionDmitry Vyukov2019-01-311-0/+8
|
* executor: fix do_sandbox_none on akaros and testDmitry Vyukov2019-01-311-83/+2
| | | | do_sandbox_none must not exit, it needs to return.
* executor: handle pthread_create errors betterDmitry Vyukov2019-01-311-3/+13
| | | | See the added comment for explanation.
* pkg/csource: write tracing output to stderrDmitry Vyukov2019-01-312-3/+3
| | | | stdout is not flushed on abnormal exit.
* Makefile: enable -Wunused-const-variableDmitry Vyukov2019-01-191-1/+1
| | | | | | | See discussion in PR #942. Extend support for optional flags in sys/targets as this flag is not supported by gcc 5. Make flags consistent across Makefile and pkg/csource.
* executor: unbreak on OpenBSDAnton Lindqvist2019-01-191-0/+1
| | | | | | | Commit b5df78dc ("all: support extra coverage") broke the executor on OpenBSD: executor/executor.cc:61:11: error: unused variable 'kExtraCoverSize' [-Werror,-Wunused-const-variable] const int kExtraCoverSize = 256 << 10;
* executor: remove unused kvm_asm64_vm86Dmitry Vyukov2019-01-171-1/+0
| | | | | | | -Wunused-const-variable shows it. No idea now if it should be used or not, seems to be the same as kvm_asm32_paged_vm86. So let's just remove it.
* all: support extra coverageAndrey Konovalov2019-01-161-1/+6
| | | | | | | | | | | | | | | Right now syzkaller only supports coverage collected from the threads that execute syscalls. However some useful things happen in background threads, and it would be nice to collect coverage from those threads as well. This change adds extra coverage support to syzkaller. This coverage is not associated with a particular syscall, but rather with the whole program. Executor passes extra coverage over the same ipc mechanism to syz-fuzzer with syscall number set to -1. syz-fuzzer then passes this coverage to syz-manager with the call name "extra". This change requires the following kcov patch: https://github.com/xairy/linux/pull/2
* executor: adapt switching to user nobody to be more portable on BSDsKamil Rytarowski2019-01-141-5/+10
| | | | | | | | | NetBSD uses different uid/gid than FreeBSD/OpenBSD for the user nobody. Instead of hardcoding the values, retrieve it from the password entry database. While there, switch to setuid(2) and setgid(2) calls as they are good enough and portable. setresgid(2) and setresuid(2) aren't available on NetBSD.
* executor: do not call setrlimit(2) for RLIMIT_AS for NetBSDKamil Rytarowski2019-01-141-1/+1
| | | Setting the limit caused abnormal failure during early init on NetBSD.
* prog, pkg/{csource,ifuzz,ipc,repro}: make tests deterministic on travisDmitry Vyukov2019-01-021-0/+3
| | | | | Don't use random seed on travis as it produces flaky coverage reports, and probably generally better for CI setting.
* executor: fix linux includesDmitry Vyukov2018-12-291-9/+10
| | | | | | | | | | | Builds in one distro, but another says: In file included from <stdin>:39:0: /usr/powerpc64le-linux-gnu/include/linux/if.h:143:8: error: redefinition of ‘struct ifmap’ /usr/powerpc64le-linux-gnu/include/net/if.h:111:8: note: originally defined here Mess. Try to fix it. Not sure what's the right solution and it it even exists.
* executor: use netlink instead of ip command to setup net devicesDmitry Vyukov2018-12-291-133/+374
| | | | | | | | | | | | | | | ip command caused several problems: 1. It is installed in different locations or not installed at all in different distros. 2. It does not support latest kernel devices, e.g. setup of hsr currently fails because our ip does not understand its custom prose. 3. ip command is slow, unbearably slow in emulator (full setup takes tens of seconds). This change reduces setup from ~2s to ~400ms. 4. ip is not present in gvisor, but it will support netlink. Use netlink directly to solve all these problems.
* executor: log failure in write_fileDmitry Vyukov2018-12-291-41/+15
| | | | | | Almost all callers of write_file just log the failure. Log the failure in write_file directly to remove lots of "error handling" code.
* pkg/csource: split emitCall functionDmitry Vyukov2018-12-271-11/+16
| | | | | gometalinter points that emitCall is too complex. Factor out call name emission.
* pkg/csource: use 0 for missing syscall argsDmitry Vyukov2018-12-272-0/+62
| | | | | | | | | | | | | | We don't specify trailing unused args for some syscalls (e.g. ioctl that does not use its arg). Executor always filled tailing unsed args with 0's but pkg/csource didn't. Some such syscalls actually check that the unsed arg is 0 and as the result failed with C repro. We could statically check and eliminate all such cases, but it turns out the warning fires in 1500+ cases: https://gist.githubusercontent.com/dvyukov/e59ba1d9a211ee32fa0ba94fab86a943/raw/a3ace5a63f7281f0298f51ea9842ead1e4713418/gistfile1.txt So instead fill such args with 0's in pkg/csource too.
* pkg/csource: fix PRINTF removalDmitry Vyukov2018-12-261-1/+1
| | | | PRINTF now accepts arguments.
* executor: create more net devices on linuxDmitry Vyukov2018-12-261-15/+26
|
* executor: restrict ipc resource usageDmitry Vyukov2018-12-261-1/+21
| | | | | For context see: https://groups.google.com/d/msg/syzkaller-bugs/ZaBzAJbn6i8/Py9FVlAqDQAJ
* sys/linux: extend AX25/ROSE/NETROM descriptionsDmitry Vyukov2018-12-241-2/+26
|
* prog, pkg/csource: more readable serialization for stringsDmitry Vyukov2018-12-151-52/+4
| | | | | | | Always serialize strings in readable format (non-hex). Serialize binary data in readable format in more cases. Fixes #792
* pkg/csource: support tun and setuid repros on {free,open}bsdGreg Steuck2018-12-133-8/+17
| | | | | | * expose procid on BSD for tun, always declare loop() * deal with terrible bsd includes * replicate loop() declaration
* executor: reapply setuid sandbox for bsdGreg Steuck2018-12-111-0/+70
| | | | | | | | | | * Revert "Revert "executor: add setuid sandbox for openbsd"" The problem is the low file descriptor limit. This reverts commit 4093e33b1338f274ae0062f555de9d6af8640d61. * executor/executor make sure the file descriptor limit is sufficient
* Revert "executor: add setuid sandbox for openbsd"Greg Steuck2018-12-101-70/+0
| | | | This reverts commit 6565f24da9f4eb36702339ba290213995fcc902f.
* executor: add setuid sandbox for openbsdGreg Steuck2018-12-101-0/+70
| | | | | | | | | | * executor/common_bsd: add setuid sandbox Fixes #833 cc @mptre * Reduced duplications, resolved TODO.
* executor: fix handling of big-endian bitfieldsDmitry Vyukov2018-12-082-21/+22
| | | | | Currently we apply big-endian-ness and bitfield-ness in the wrong order in copyin. This leads to totally bogus result. Fix this.
* pkg/csource: exclude linux/arm64 testsDmitry Vyukov2018-12-051-7/+5
| | | | | | | | | | | | | | | I think I misinterpreted the error that episodically happens on ci: collect2: error: ld terminated with signal 11 [Segmentation fault], core dumped compiler invocation: aarch64-linux-gnu-gcc [-Wall -Werror -O1 -g -o /tmp/syz-executor570589071 -pthread -DGOOS_linux=1 -DGOARCH_arm64=1 -x c - -static] as OOM, but they all involve aarch64-linux-gnu-gcc: https://travis-ci.org/google/syzkaller/jobs/461827347 https://travis-ci.org/google/syzkaller/jobs/460226110 https://travis-ci.org/google/syzkaller/jobs/463564291 So I guess the problem can be with the arm64 toolchain that just crashes randomly.
* pkg/csource: reduce short testsDmitry Vyukov2018-12-032-40/+43
| | | | | | | | | | | | pkg/csource test gets OOM-killed on travis: https://travis-ci.org/google/syzkaller/jobs/461827347 https://travis-ci.org/google/syzkaller/jobs/460226110 Add several measures: - set GOMAXPROCS=1 to restrict parallel processes - remove -g from compiler invocation - reduce set of tests run in short mode to compensate for GOMAXPROCS=1 - also reduce set of tests in full mode as they timeout now
* pkg/csource: use defines from sys/syscall.h on *bsdGreg Steuck2018-12-021-0/+1
| | | Fixes #841
* executor: add support for tap interfaces on FreeBSDMichael Tüxen2018-12-011-1/+15
|
* openbsd: repair pkg/csource_testGreg Steuck2018-11-302-43/+35
|
* executor: Use correct macros.Michael Tuexen2018-11-301-1/+1
| | | | Suggested by Dmitry Vyukov.
* executor: Fix compilation on FreeBSD.Michael Tuexen2018-11-301-5/+4
| | | | | | | This is an autogenerated file, but it seem that changes to it resulting from changes in executor/common_bsd.h must also be committed. e
* executor: FreeBSD: fixed endian.h pathmsvoelker2018-11-231-0/+4
| | | | The include statement for endian.h failed on FreeBSD. Changed include statement to syz/endian.h for FreeBSD.
* sys/fuchsia: update VMAR syscallsMarco Vanotti2018-11-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | | * sys/fuchsia: update vmar syscalls. In a previous zircon commit[0], the vmar related syscalls (like `zx_vmar_map`, `zx_vmar_protect` and `zx_vmar_allocate`) changed the order of their parameters, making putting the flags parameter as the second parameter, and renaming it to "options". This commit modifies vmars.txt so that it reflects the latest state of the syscalls in zircon. I also modified the usage in `executor/common_fuchsia.h` I ran make extract, make generate and compiled syzkaller to test this change. [0]: https://fuchsia-review.googlesource.com/c/zircon/+/168060 * sys/fuchsia run make generate This commit is just the result of running make generate after its parent. This regenerates the definitions for the modified VMAR syscalls.
* executor: OpenBSD network package injectionGreg Steuck2018-11-171-6/+214
| | | | | | | | | | | | | | | | | | | | | | | | Squash of: * Doc typo * Ported some tun related functions. * Copy vnet.txt from linux to openbsd. * Simplified syz_emit_ethernet and stubbed out vnet.txt. * Undo clang-format header sorting: headers are order sensitive. * Uniquify tap devices by pid. * clang-format off for includes * Happier clang-format. * Partially revert "Uniquify tap devices by pid." Just rely on procid magic instead of getting it from a flag.
* sys/targest: introduce target.BuildOSDmitry Vyukov2018-11-171-3/+3
| | | | | | | | We can't cross-compile native binaries from just any OS to any other. For most OSes we can do only native compilation. Some can only be compiled from linux. To date we avoided this problem completely (mostly assumed linux build OS). Make this notion of what can build what explicit.
* pkg/csource: add support for creating reproducers on OpenBSDAnton Lindqvist2018-11-171-1/+2
|
* executor: fix inclusion of kvm arch-specific codeDmitry Vyukov2018-10-311-2/+2
| | | | | We use GOOS now to figure out target arch (which can be different from host arch).
* Android: Fix sandbox implementationZach Riggle2018-10-121-3/+10
| | | | | | | | | | | My test harness for this code performed some steps that are not performed when syz-executor is invoked directy. Specifcally, we need to operate from a directory under /data/data, and have the correct UID/GID set as the owner of the directory. My test harness now correctly sets these, all sandbox operations succeed, and loop() is invoked.
* executor: Fuchsia: Use zx_task_resume_from_exception()Scott Graham2018-10-101-2/+2
| | | | | zx_task_resume() is deprecated; switch to using zx_task_resume_from_exception() instead.
* executor: tune memcg container logicDmitry Vyukov2018-10-101-12/+6
| | | | | | | | | | | | The current memcg container seems to lead to lots of hangs/stalls. Presumably the problem is with oom_score_adj and KASAN. Executor process tree eats all memory and then the leaf process is killed but the memory is not returned to memcg due to KASAN quarantine; and the parent processes are protected from killing with oom_score_adj=-1000. As the result the kernel locks up. 1. Don't use oom_score_adj=-1000. Instead bump leaf process score to 1000 (kill always). 2. Increase size of memcg to be larger than expected KASAN quarantine size.
* executor: fix build on newer linux distrosDmitry Vyukov2018-09-271-2/+30
| | | | | | | This sucks a lot, but ebtables.h is now broken too on Debian 4.17: ebtables.h: In function ‘ebt_entry_target* ebt_get_target(ebt_entry*)’: ebtables.h:197:19: error: invalid conversion from ‘void*’ to ‘ebt_entry_target*’
* executor: make the debug output useful for race condition debuggingAlexander Popov2018-09-241-4/+1
| | | | | | | | | | | | | | | Sometimes race conditions are reproduced by syz-execprog and are not reproduced by the programs generated with syz-prog2c. In such cases it's very helpful to know when exactly the fuzzing syscalls are executed. Unfortunately, adding timestamps to the output of the original 'debug' mode doesn't work. This mode provides very verbose output, which slows down executor and breaks the repro. So let's make the executor debug output less verbose and add the timestamps. Signed-off-by: Alexander Popov <alex.popov@linux.com>
* executor: fix buildDmitry Vyukov2018-09-201-12/+0
| | | | | | | | Move debug_dump_data back to executor.cc. debug_dump_data in common_linux.h does not play well with pkg/csource debug stripping logic. It strips a large random piece of code since it thinks debug_dump_data definition is actually debug_dump_data call site.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-18 22:39:46 +0000