| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
+ some netlink descriptions
|
| | |
|
| |
|
|
|
|
| |
Just trying to get my head around it (and fix this in tests).
Update #1542
|
| |
|
|
|
|
|
|
|
| |
This patch adds all autogenerated files for linux/mips64le. Files are
generated by following commands:
make extract
bin/syz-extract -build -os=linux -arch=mips64le -sourcedir=linux
make generate
|
| |
|
|
|
|
|
|
|
| |
Amusingly we never passed number of threads to wake for FUTEX_WAKE.
It somehow worked reliably on linux (we just needed it to not be 0,
so presumably garbage in registers did it).
However, in gVisor every other syscall wasn't even started
(first syscall on a thread started, but second on the same worker
thread wasn't unable to start).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build with some gcc's fails:
In file included from executor/executor.cc:133:0:
executor/common_linux.h: In function ‘long int syz_read_part_table(long unsigned int, long unsigned int, long int)’:
executor/common.h:117:15: error: ignoring return value of ‘ssize_t pwrite(int, const void*, size_t, __off_t)’, declared with attribute warn_unused_result [-Werror=unused-result]
__VA_ARGS__; \
^
executor/common_linux.h:1279:3: note: in expansion of macro ‘NONFAILING’
NONFAILING(pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset));
^
executor/common_linux.h: In function ‘long int syz_mount_image(long int, long int, long unsigned int, long unsigned int, long int, long int, long int)’:
executor/common.h:117:15: error: ignoring return value of ‘ssize_t pwrite(int, const void*, size_t, __off_t)’, declared with attribute warn_unused_result [-Werror=unused-result]
__VA_ARGS__; \
^
executor/common_linux.h:1364:3: note: in expansion of macro ‘NONFAILING’
NONFAILING(pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset));
^
cc1plus: all warnings being treated as errors
|
| |
|
|
|
|
|
| |
1. It always crashed in cover_reset when coverage is disabled.
2. Use NONFAILING when accessing image segments.
3. Give it additional 100 ms as it may be slow.
4. Add a test for syz_mount_image.
|
| | |
|
| |
|
|
| |
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
|
|
|
| |
During kernel -net and -next-next trees merge, the value got moved.
Fix it.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gVisor doesn't support netdevsim and NETLINK_GENERIC and
without this fix, sys-executor always fails:
E openat(AT_FDCWD, /sys/bus/netdevsim/new_device, ...)
X openat(AT_FDCWD, /sys/bus/netdevsim/new_device, ...) = 0x0 errno=2
E socket(AF_NETLINK, SOCK_RAW|0x0, NETLINK_GENERIC)
X socket(AF_NETLINK, SOCK_RAW|0x0, NETLINK_GENERIC) = 0x0 errno=93
E write(0x2 host:[3], "socket(AF_NETLINK) failed\n", 0x1a)
X write(0x2 host:[3], ..., 0x1a) = 0x1a (2.767µs)
E write(0x2 host:[3], " (errno 93)\n", 0xc)
X write(0x2 host:[3], ..., 0xc) = 0xc (2.729µs)
E exit_group(0x43)
X exit_group(0x43) = 0x0 (900ns)
Cc: Jiri Pirko <jiri@mellanox.com>
Fixes: f350e2dc1f59 ("executor: rename devlink port netdevices to defined names")
Signed-off-by: Andrei Vagin <avagin@google.com>
|
| |
|
|
|
| |
When USB_DEBUG is enabled, syzkaller crashes on unknown USB requests.
This helps to find missing descriptions for particular USB classes.
|
| |
|
|
|
|
|
| |
stdbool.h is required by initialize_devlink_ports(): true define.
fcntl.h is required by initialize_devlink_pci(): O_RDONLY define.
Signed-off-by: Denis Efremov <efremov@linux.com>
|
| |
|
|
|
| |
Rename some options in preparation for subsequent changes
which will align names across the code base.
|
| |
|
|
| |
In preparation for future changes.
|
| |
|
|
|
| |
Rename some macros in preparation for subsequent changes
which will align names across the code base.
|
| | |
|
| |
|
|
|
| |
Rename some flags in preparation for subsequent changes
which will align names across the code base.
|
| |
|
|
|
| |
common_bsd.h is used for 3 OSes, so checking if it's
any of these 3 OSes is pointless. Remove these checks.
|
| |
|
|
|
|
|
|
|
| |
In case the dump is empty, NLMSG_DONE type message is received from
kernel right away. Count with this and return 0. Set the reply_len to 0.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Fixes: f350e2dc1f59 ("executor: rename devlink port netdevices to defined names")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
| |
The patches are being upstreamed and the interface has changed.
|
| |
|
|
|
|
| |
The port-based exception APIs have been deprecated on Fuchsia and will
be removed shortly. Delete them from the syscall definitions and
modify the Fuchsia executor to use the new channel-based APIs instead.
|
| |
|
|
|
|
|
| |
Devlink port netdevices stay in the form of eth%d. Rename then to
defined names so they could be used for system calls.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
|
|
|
|
| |
Don't rely on global "nlmsg" struct and rather pass the structure to
netlink_* helpers. That allows to possibly work with multiple netlink
messages (sending while receiving for example) at the same time.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
|
|
|
| |
Extend existing helper netlink_device_change() in order to allow to
change netdevice names.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
|
|
|
| |
IFLA_NAME is going to be used to set the name of the netdevice, so
change the handle to be ifindex.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
| |
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
|
|
|
|
|
|
| |
Constant 64-bit arguments to the variadic syscall(2) must have their
width specified explicitly. In practice this is not necessary most of
the time, but on amd64/freebsd with clang the compiler can and does
store the constant 32-bit value to the stack, leaving garbage in the
upper 32 bits.
This makes C reproducers somewhat uglier, but I see no other solution.
|
| |
|
|
|
| |
Test presence of a working compiler before running any tests for a target.
This helps to make tests pass even if some cross-compilers are not installed properly.
|
| |
|
|
| |
The number of reported event types changed.
|
| |
|
|
| |
The interface is being upstreamed and the name has changed.
|
| |
|
|
|
|
|
| |
Remove a check that was mistakenly added with devlink_pci feature and is
duplicate of the existing check.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
| |
Adding vxcan1 also adds vxcan0. Setup and use both.
|
| |
|
|
|
| |
CI failed:
https://travis-ci.org/google/syzkaller/jobs/606730911?utm_medium=notification&utm_source=github_status
|
| |
|
|
|
|
|
|
| |
In case there is a fixed pci devlink handle "pci/pci/0000:00:10.0"
on the system (initial network namespace), it is moved to a working
network namespace.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
|
|
| |
Create testing netdevsim instance with 4 ports.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
| |
|
|
|
| |
This adds support to add frames that have already been in data races, to
the KCSAN report blacklist.
|
| |
|
|
|
| |
This commit changes syz_usb_control_io to enable the relevant endpoints
for the interface being set via a SET_INTERFACE request.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
By default, the current KCSAN .config does not enable KCSAN during boot,
since we encounter races during boot which would prevent syzkaller from
ever executing.
This adds support to detect if KCSAN is available, and enables it on the
fuzzer host.
|
| |
|
|
| |
Looks like opening hiddev can take up to ~100 ms.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes a handle leak in syz_mmap. The bug was pointed out by
mdempsky during a code review.
The `syz_mmap` function creates a VMO and maps it to a VMAR in the address
specified by the `syz_mmap` parameters. Once a VMO is mapped to a vmar,
the handle to the vmo can be closed without problems.
The new code makes sure that `zx_handle_close(vmo_handle)` gets called before
the `syz_mmap` function returns.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
syz_mmap is a pseudo-syscall that can be used by syzkaller in fuzzing
programs, however, it is also used to setup the environment for
syz-executor. syz-executor already checks the return value[0] when it is
used for setting up the environment, so it doesn't make sense for the
function to crash (most probably, in a fuzzing program it will be called
with arguments that would make it fail).
The previous behavior was causing a bunch of "Lost connection to test
machine" syzkaller crashes which were meaningless. An example of a
program in which syz_mmap would crash would be any program in which the
handle to the root vmar is closed before calling syz_mmap.
[0]:
https://github.com/google/syzkaller/blob/a60cb4cd840ce786236a00480e8bb1025e0c5fef/executor/executor_fuchsia.h#L15
|
| |
|
|
| |
Also respond with lang ID when string #0 is requested.
|
| | |
|
| | |
|
| | |
|
