aboutsummaryrefslogtreecommitdiffstats
path: root/pkg/csource
Commit message (Collapse)AuthorAgeFilesLines
* pkg/csource: init res var in generated callDmitry Vyukov2020-05-041-1/+1
| | | | | | | | | | | | | | | It seems that gcc in ubuntu on travis got dumber: <stdin>: In function ‘execute_call’: <stdin>:1741:6: error: ‘res’ may be used uninitialized in this function [-Werror=maybe-uninitialized] cc1: all warnings being treated as errors compiler invocation: arm-linux-gnueabi-gcc [-o /tmp/syz-executor675297211 -DGOOS_linux=1 -DGOARCH_arm=1 -DHOSTGOOS_linux=1 -x c - -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -D__LINUX_ARM_ARCH__=6 -march=armv6 -static -Wno-overflow] https://travis-ci.com/github/dvyukov/syzkaller/jobs/327487382 Though, we generate the same code and res seems to be initialized on all paths. Initialize it explicitly.
* prog: support disabled attributeDmitry Vyukov2020-05-041-2/+2
| | | | | Update #477 Update #502
* sys/targets: better detection for missing/broken cross-compilersDmitry Vyukov2020-04-292-23/+1
| | | | | | | | | | | | | | 1. Detect when compiler is present, but is not functioning (can't build a simple program, common for Linux distros). 2. Be more strict with skipping tests due to missing/broken compilers on CI (on CI they should work, so fail loudly if not). 3. Dedup this logic across syz-env and pkg/csource tests. 4. Add better error reporting for syz-env. Fixes #1606
* sys/linux: add timeout call attributesDmitry Vyukov2020-04-191-12/+1
| | | | | | | Move additional call/prog timeouts to descriptions. Due to this logic duplication executor used 50ms for syz_mount_image, while pkg/csource used 100ms.
* executor: remove more code if ENABLE_NAPI_FRAGS is not setDmitry Vyukov2020-04-181-7/+10
| | | | | | In some configurations tun_frags_enabled ends up being unused with a compiler warning and failed build. Remove mode code if ENABLE_NAPI_FRAGS is not enabled.
* prog: refactor target.MakeMmapDmitry Vyukov2020-04-181-1/+1
| | | | | | | | | | | Make MakeMmap return more than 1 call. This is a preparation for future changes. Also remove addr/size as they are effectively always the same and can be inferred from the target (will also conflict with the future changes). Also rename to MakeDataMmap to better represent the new purpose: it's just some arbitrary mmap, but rather mapping of the data segment.
* executor/usb: don't fail when ath9k is not enabledAndrey Konovalov2020-04-071-1/+1
|
* csource, executor: add usb emulation featureAndrey Konovalov2020-04-034-0/+27
| | | | | | | | | The feature gets enabled when /dev/raw-gadget is present and accessible. With this feature enabled, executor will do chmod 0666 /dev/raw-gadget on startup, which makes it possible to do USB fuzzing in setuid and namespace sandboxes. There should be no backwards compatibility issues with syz reproducers that don't explicitly enable this feature, as they currently only work in none sandbox.
* executor: split out Linux specific USB codeAndrey Konovalov2020-03-282-296/+308
|
* executor: fix data raceDmitry Vyukov2020-03-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ThreadSanitizer says: WARNING: ThreadSanitizer: data race (pid=3) Atomic read of size 4 at 0x56360e562f08 by main thread: #0 __tsan_atomic32_load <null> (libtsan.so.0+0x64249) #1 event_isset executor/common_linux.h:51 (syz-executor.0+0x2cf1f) #2 handle_completion executor/executor.cc:886 (syz-executor.0+0x2cf1f) #3 execute_one executor/executor.cc:732 (syz-executor.0+0x2da3b) #4 loop executor/common.h:581 (syz-executor.0+0x2f1aa) #5 do_sandbox_none executor/common_linux.h:2694 (syz-executor.0+0x189d6) #6 main executor/executor.cc:407 (syz-executor.0+0x189d6) Previous write of size 4 at 0x56360e562f08 by thread T1: #0 event_reset executor/common_linux.h:32 (syz-executor.0+0x1f5af) #1 worker_thread executor/executor.cc:1048 (syz-executor.0+0x1f5af) #2 <null> <null> (libtsan.so.0+0x2b0b6) Location is global 'threads' of size 2560 at 0x56360e562f00 (syz-executor.0+0x00000008bf08) Thread T1 (tid=6, running) created by main thread at: #0 pthread_create <null> (libtsan.so.0+0x2d55b) #1 thread_start executor/common.h:256 (syz-executor.0+0x2d707) #2 thread_create executor/executor.cc:1037 (syz-executor.0+0x2d707) #3 schedule_call executor/executor.cc:811 (syz-executor.0+0x2d707) #4 execute_one executor/executor.cc:719 (syz-executor.0+0x2d707) #5 loop executor/common.h:581 (syz-executor.0+0x2f1aa) #6 do_sandbox_none executor/common_linux.h:2694 (syz-executor.0+0x189d6) #7 main executor/executor.cc:407 (syz-executor.0+0x189d6)
* executor, sys/linux: add ath9k usb descriptionsAndrey Konovalov2020-03-132-38/+119
| | | | | | | Among other things this changes timeout for USB programs from 2 to 3 seconds. ath9k fuzzing also requires ath9k firmware to be present, so system images need to be regenerated with the updated script.
* executor: minor cleanup of android sandboxDmitry Vyukov2020-03-111-24/+17
| | | | Fix code formatting, clang-tidy warnings, minor style nits.
* executor: fix clang-tidy warningsDmitry Vyukov2020-03-111-3/+5
|
* executor: add seccomp support for Androidmspectorgoogle2020-03-112-30/+615
| | | | | | | | | | This adds support for the seccomp filters that are part of Android into the sandbox. A process running as untrusted_app in Android has a restricted set of syscalls that it is allow to run. This is accomplished by setting seccomp filters in the zygote process prior to forking into the application process. The seccomp filter list comes directly from the Android source, it cannot be dynamically loaded from an Android phone because libseccomp_policy.so does not exist as a library on the system partition.
* executor: don't exit if NETLINK_GENERIC isnt' supportedAndrei Vagin2020-02-271-2/+4
| | | | | | | NETLINK_GENERIC isn't supported in gVisor. Fixes: c5ed587f4af5 ("wireguard: setup some initial devices in a triangle") Signed-off-by: Andrei Vagin <avagin@google.com>
* executor: uncomment accidentially commented codeDmitry Vyukov2020-02-241-0/+3
| | | | | | | unshare(CLONE_NEWPID) was commented out in 4428511d10687cb446ad705148333478437d3f23 accidentially. Uncomment it. Spotted by @xairy: https://github.com/google/syzkaller/commit/4428511d10687cb446ad705148333478437d3f23#r37456572
* sys/linux: add NETLINK_RDMA descriptionsDmitry Vyukov2020-02-211-3/+0
|
* tools: add script that checks copyright headersDmitry Vyukov2020-02-182-2/+2
| | | | Fixes #1604
* executor: disable IFF_NAPI_FRAGSDmitry Vyukov2020-02-181-1/+8
| | | | Update #1594
* wireguard: setup some initial devices in a triangleJason A. Donenfeld2020-02-131-0/+272
| | | | | | | | | | | | | | | | | | | | | | | * wireguard: setup some initial devices in a triangle The fuzzer will wind up undoing some of this, which is fine, but at least it now has the chance of hitting some other paths it wasn't before. Closes: #1599 * wireguard: make code ugly after `make generate` pass * wireguard: get rid of unused structs that are still interesting * wireguard: compile in C++ mode with gcc 7 Complex designated initializers are only supported in C++ mode from gcc 8, and for whatever reason syzkaller wants to be compiled in C++ mode. * wireguard: add braces around debug statements for checker * wireguard: regenerate go source
* pkg/csource: don't print too much error outputDmitry Vyukov2020-02-131-0/+19
| | | | | | | We print whole reproducer programs on failure, if lots of programs fail, this results in thousands of lines of output, which is esp bad on travis. Limit amount of output.
* wireguard: use wg0, wg1, wg2Jason A. Donenfeld2020-02-101-4/+6
| | | | | This matches more closely what people are used to dealing with. We also add one additional device for interesting multi-interface effects.
* sys/linux: add some wireguard descriptionsDmitry Vyukov2020-01-311-0/+4
| | | | Update #806
* sys/linux: add more device descriptions (geneve, lowpan, ipoib, cfhsi)Dmitry Vyukov2020-01-191-0/+30
|
* sys/linux: add some batadv descriptionsDmitry Vyukov2020-01-181-1/+5
|
* executor: create macvtap, macsec devicesDmitry Vyukov2020-01-181-5/+13
|
* executor: provide explicit values for usb_raw_event_typeAndrey Konovalov2020-01-131-3/+3
| | | | To match the kernel uapi headers.
* executor: setns requires including sched.h on some setupsAndrey Konovalov2020-01-071-0/+1
|
* executor: fix IPVLAN_F_VEPA definition againDmitry Vyukov2020-01-031-2/+1
| | | | | | | | Now other machines failed with redefinition IPVLAN_F_VEPA. The #ifndef does not really work the way it should due to the way pkg/csource preprocesses sources. IPVLAN_F_VEPA is never defined during preprocessing. Let's try this.
* executor: define constants that are missing on some distrosDmitry Vyukov2020-01-031-0/+6
|
* executor: setup vlan/macvlan/ipvlan devicesDmitry Vyukov2020-01-031-0/+64
|
* executor: connect virt_wifi to vethDmitry Vyukov2020-01-031-1/+5
| | | | | | virt_wifi docs say that the enslaved device won't be usable on itself. It's probably not a good idea to make lo unusable. Enslave a dedicated veth instead.
* sys/linux: add virt_wifi and xfrm devicesDmitry Vyukov2019-12-301-0/+16
| | | | + some netlink descriptions
* executor: make syz_compare output more handy to useDmitry Vyukov2019-12-201-8/+9
|
* sys/test: and another set of bitfield testsDmitry Vyukov2019-12-201-1/+2
| | | | | | Just trying to get my head around it (and fix this in tests). Update #1542
* Autogenerated files for linux/mips64leJouni Hogander2019-12-171-0/+2
| | | | | | | | | This patch adds all autogenerated files for linux/mips64le. Files are generated by following commands: make extract bin/syz-extract -build -os=linux -arch=mips64le -sourcedir=linux make generate
* executor: fix FUTEX_WAKE callDmitry Vyukov2019-12-161-1/+1
| | | | | | | | | Amusingly we never passed number of threads to wake for FUTEX_WAKE. It somehow worked reliably on linux (we just needed it to not be 0, so presumably garbage in registers did it). However, in gVisor every other syscall wasn't even started (first syscall on a thread started, but second on the same worker thread wasn't unable to start).
* executor: update raw gadget interfaceAndrey Konovalov2019-12-111-5/+7
|
* executor: check pwrite return values againDmitry Vyukov2019-12-101-2/+10
| | | | | | | | | | | | | | | | | | | | | Build with some gcc's fails: In file included from executor/executor.cc:133:0: executor/common_linux.h: In function ‘long int syz_read_part_table(long unsigned int, long unsigned int, long int)’: executor/common.h:117:15: error: ignoring return value of ‘ssize_t pwrite(int, const void*, size_t, __off_t)’, declared with attribute warn_unused_result [-Werror=unused-result] __VA_ARGS__; \ ^ executor/common_linux.h:1279:3: note: in expansion of macro ‘NONFAILING’ NONFAILING(pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset)); ^ executor/common_linux.h: In function ‘long int syz_mount_image(long int, long int, long unsigned int, long unsigned int, long int, long int, long int)’: executor/common.h:117:15: error: ignoring return value of ‘ssize_t pwrite(int, const void*, size_t, __off_t)’, declared with attribute warn_unused_result [-Werror=unused-result] __VA_ARGS__; \ ^ executor/common_linux.h:1364:3: note: in expansion of macro ‘NONFAILING’ NONFAILING(pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset)); ^ cc1plus: all warnings being treated as errors
* executor: fix syz_mount_imageDmitry Vyukov2019-12-102-26/+19
| | | | | | | 1. It always crashed in cover_reset when coverage is disabled. 2. Use NONFAILING when accessing image segments. 3. Give it additional 100 ms as it may be slow. 4. Add a test for syz_mount_image.
* pkg/csource: detect common mistakes in the common executor headerDmitry Vyukov2019-11-282-2/+39
|
* executor: Add debug message in case devlink namespace move failsJiri Pirko2019-11-281-2/+6
| | | | Signed-off-by: Jiri Pirko <jiri@mellanox.com>
* executor: Fix value of DEVLINK_ATTR_NETNS_FDJiri Pirko2019-11-281-1/+1
| | | | | | | During kernel -net and -next-next trees merge, the value got moved. Fix it. Signed-off-by: Jiri Pirko <jiri@mellanox.com>
* Call initialize_devlink_ports only when a device has been createdAndrei Vagin2019-11-261-3/+4
| | | | | | | | | | | | | | | | | | | | gVisor doesn't support netdevsim and NETLINK_GENERIC and without this fix, sys-executor always fails: E openat(AT_FDCWD, /sys/bus/netdevsim/new_device, ...) X openat(AT_FDCWD, /sys/bus/netdevsim/new_device, ...) = 0x0 errno=2 E socket(AF_NETLINK, SOCK_RAW|0x0, NETLINK_GENERIC) X socket(AF_NETLINK, SOCK_RAW|0x0, NETLINK_GENERIC) = 0x0 errno=93 E write(0x2 host:[3], "socket(AF_NETLINK) failed\n", 0x1a) X write(0x2 host:[3], ..., 0x1a) = 0x1a (2.767µs) E write(0x2 host:[3], " (errno 93)\n", 0xc) X write(0x2 host:[3], ..., 0xc) = 0xc (2.729µs) E exit_group(0x43) X exit_group(0x43) = 0x0 (900ns) Cc: Jiri Pirko <jiri@mellanox.com> Fixes: f350e2dc1f59 ("executor: rename devlink port netdevices to defined names") Signed-off-by: Andrei Vagin <avagin@google.com>
* executor: extend USB debug messagesAndrey Konovalov2019-11-191-44/+430
| | | | | When USB_DEBUG is enabled, syzkaller crashes on unknown USB requests. This helps to find missing descriptions for particular USB classes.
* executor: add missing includesDenis Efremov2019-11-191-0/+3
| | | | | | | stdbool.h is required by initialize_devlink_ports(): true define. fcntl.h is required by initialize_devlink_pci(): O_RDONLY define. Signed-off-by: Denis Efremov <efremov@linux.com>
* pkg/csource: rename some optionsDmitry Vyukov2019-11-164-155/+154
| | | | | Rename some options in preparation for subsequent changes which will align names across the code base.
* executor: refactor sandbox flagsDmitry Vyukov2019-11-164-18/+14
| | | | In preparation for future changes.
* executor: rename some macrosDmitry Vyukov2019-11-162-111/+111
| | | | | Rename some macros in preparation for subsequent changes which will align names across the code base.
* pkg/csoruce: test that executor does not mis-spell any of the SYZ_* macrosDmitry Vyukov2019-11-163-28/+48
|
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-04-04 16:45:45 +0000