| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
See #991 and added comments.
Fixes #991
|
| |
|
|
|
|
| |
Use PC tracing mode when detecting KCOV_REMOTE_ENABLE support in the kernel.
Also fix kcov_remote_handle_usb argument.
|
| |
|
|
| |
Based on whether the kernel supports KCOV_REMOTE_ENABLE ioctl.
|
| |
|
|
|
|
|
| |
Add a regex for syscall symbol extraction on ppc64le. ppc64le doesn't have
any special arch prefix.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
|
| |
|
|
|
| |
As pointed out my Mark Rutland, kallsyms entries have format of
__ia32_sys_${NAME} rather than __ia32_${NAME}. Fix the regexps.
|
| |
|
|
|
|
|
| |
Right now syz-fuzzer does a search through /proc/kallsyms for each syscall
to check whether it's supported. Do one search instead and save the results
to a map. This speeds up syscall detection ~60 times when testing arm64 kernel
on x86. Also add another search pattern for arm64 and add some logging.
|
| |
|
|
|
|
|
|
| |
EBUSY is returned when KMEMLEAK is in fact turned off,
not when scanning is already turned off.
That can't be recovered.
So instead check that we can write to the file in the check
function and give useful diagnostics.
|
| |
|
|
|
|
|
|
|
|
|
| |
Rewind kmemleak fd before reading it second time,
otherwise we will read truncated reports.
Auto-learn what leak reports we've already seen
and ignore them in future. This is required because
there are some false positives and some fire too frequently.
So now we will hit each leak only once per manager run,
but we still will try to reproduce them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
executor: add support for android_untrusted_app sandbox
This adds a new sandbox type, 'android_untrusted_app', which restricts
syz-executor to the privileges which are available to third-party applications,
e.g. those installed from the Google Play store.
In particular, this uses the UID space reserved for applications (instead of
the 'setuid' sandbox, which uses the traditional 'nobody' user / 65534)
as well as a set of groups which the Android-specific kernels are aware of,
and finally ensures that the SELinux context is set appropriately.
Dependencies on libselinux are avoided by manually implementing the few
functions that are needed to change the context of the current process,
and arbitrary files. The underlying mechanisms are relatively simple.
Fixes google/syzkaller#643
Test: make presubmit
Bug: http://b/112900774
|
| |
|
|
|
|
| |
The function executes random code.
Update #310
|
| |
|
|
| |
Update #533
|
| |
|
|
|
|
| |
Strengthen gocycle limit 35->24! Yay! No more jumbo functions!
Fixes #538
|
| |
|
|
|
|
|
| |
Check some errors where relevant.
Unfortunately enabling errcheck does not look feasible, too many warnings.
Update #538
|
| |
|
|
|
|
| |
Linux executor sets up some network devices for testing,
detect when that's supported on the machine and don't
do it if it's not supported.
|
| |
|
|
|
| |
Remove syz_fuse* and implement them as normal syscalls.
We not have enough expressive power to form mount options.
|
| |
|
|
|
|
|
| |
See issue #640 where /dev/net/tun is present, but open fails with ENODEV.
Check that we can actually open all these files.
Fixes #640
|
| | |
|
| |
|
|
|
| |
Detect supported syscall by directly executing them
if kallsyms is not present. This is required for gvisor testing.
|
| |
|
|
|
| |
Check socketpair.
Check non-constant socket types.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Currently host feature detection/setup code is spread
across platform-independent fuzzer code, pkg/host, pkg/ipc
and executor.
Move this all into pkg/host and show readable info
about features on manager start.
Fixes #46
|
| |
|
|
| |
Only init admin can mount filesystems with images.
|
| | |
|
| |
|
|
| |
Some x86 syscalls now seem to be __x64_ and __ia32_ instead of sys_ or ksys_.
|
| |
|
|
|
|
| |
Recent kernel changes to not call syscalls directly from kernel code
renamed syscall symbols from sys_foo to ksys_foo.
Support both formats.
|
| |
|
|
| |
Fix warnings pointed out by gometalinter.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fix typos, non-canonical code, remove dead code, etc.
|
| |
|
|
|
|
|
|
|
|
|
| |
The new pseudo syscall allows opening sockets that can only
be created in init net namespace (BLUETOOTH, NFC, LLC).
Use it to open these sockets.
Unfortunately this only works with sandbox none at the moment.
The problem is that setns of a network namespace requires CAP_SYS_ADMIN
in the target namespace, and we've lost all privs in the init namespace
during creation of a user namespace.
|
| |
|
|
|
|
| |
We have them in linux solely for historical reasons.
Fixes #462
|
| | |
|
| |
|
|
|
|
| |
get_kernel_syms does not seem to be present upstream.
Describe an old quotactl syscall.
Also fix umount/umount2 names in kallsyms.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently use more complex and functional protocol on linux,
and a simple ad-hoc protocol on other OSes.
This leads to code duplication in both ipc and executor.
Linux supports coverage, shared memory communication and fork server,
which would also be useful for most other OSes.
Unify communication protocol and parametrize it by
(1) use of shmem or only pipes, (2) use of fork server.
This reduces duplication in ipc and executor and will
allow to support the useful features for other OSes easily.
Finally, this fixes akaros support as it currently uses
syz-stress running on host (linux) and executor running on akaros.
|
| |
|
