| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.
Update #4917 (sets most signal handlers to SIG_IGN)
|
| |
|
|
|
| |
Flatbuffers compiler generates slices of pointers for these types,
so return slices of pointers to avoid converting the whole slice.
|
| |
|
|
|
|
|
|
|
|
| |
Remove T suffix from object API types.
It seems that we will use these types thoughout the code,
and the suffix looks alien in Go code.
So it's better to remove it before we started using
these names more widely.
Also add few extensions we will need to move feature
checking to the host.
|
| |
|
|
|
|
| |
Switch to flatrpc.FileInfoT instead.
In preparation for pkg/host removal and to avoid
circular dependencies in future changes.
|
| |
|
|
|
|
| |
In preparation for pkg/host removal.
Nothing in pkg/host uses KernelModule, and pkg/cover
is effectively the only user of KernelModule.
|
| |
|
|
| |
No test b/c this code should be deleted soon.
|
| |
|
|
|
|
|
| |
Move more complex glob processing to the host (into prog package).
Make fuzzer just read and return globs if requested.
This moves us closer to #1541
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This moves significant part of logic from the target to host (#1541),
eventually this will allow us to switch target code from Go to C++.
Currnetly syz-fuzzer parses a number of system files (/proc/cpuinfo)
in non-trivial ways and passes that info to the host.
This is problematic to recreate in C++.
So instead make the fuzzer part as simple as possible:
now it merely reads the gives set of files and returns contents.
The rest of the parsing happens on the host (the new vminfo package).
Package vminfo extracts information about the target VM.
The package itself runs on the host, which may be a different OS/arch.
User of the package first requests set of files that needs to be fetched from the VM
(Checker.RequiredFiles), then fetches these files, and calls Checker.MachineInfo
to parse the files and extract information about the VM.
The information includes information about kernel modules and OS-specific info
(for Linux that includes things like parsed /proc/cpuinfo).
This also requires changing RPC flow between fuzzer and manager.
Currently, Check call is optional and happens only for first VMs.
With this change Check is always done because we need to return
contents of the requested files always.
The plan is to switch the rest of the pkg/host package to this scheme later:
instead of some complex custom logic, we need to express it as some
simple operations on the target (checking file presence, etc), and the rest
of the logic on the host.
|
| |
|
|
|
|
|
|
| |
Addresses from /proc/modules have little to do with the addresses of
modules' text sections. Instead of trying to fix them by parsing ELF
headers, stop supporting this use case.
It is still possible to pass modules.json to syz-cover.
|
| |
|
|
| |
Change-Id: I3119aed5cfe223e24cfc56b27612adaf2a638a99
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* syz-manager: endpoint to display canonical modules
Add a "/modules" endpoint that displays canonical module
information.
* tools/syz-cover: accept module info
Add support to syz-cover to generate coverage reports for drivers that
are built as kernel modules.
At the moment, ReportGenerator instances are created with no
[]host.KernelModule information. As a result, discoverModulesLinux()
does not process kernel modules, only the vmlinux.
Add a "-modules" flag that accepts module info. This info
can be fetched from the web UI at "/modules".
Usage:
$ ./bin/syz-cover -arch arm64 -kernel_obj ${KOBJ} -kernel_src ${KSRC} \
-json ~/report.json -modules ~/modules \
~/rawcover
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Created a hash in syz-manager to map between each
instance address and a stored canonical address.
Translate PC coverage values when receiving inputs
from VMs and when sending inputs to each VM.
Signal conversion and coverage filtering will be
fixed in a future commit.
Edit from last (reverted) PR: added a check to confirm
fuzzer has been instantiated before canonicalization.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit c778c7f49050c40ff7c5e409d9b2c667483b3fc9.
We're getting the following panic:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x103ffdd]
goroutine 44811 [running]:
main.(*RPCServer).NewInput(0xc001010bb0, 0xc01d0b60a0, 0x1?)
syz-manager/rpc.go:270 +0x2dd
|
| |
|
|
|
|
|
|
|
|
|
| |
Created a hash in syz-manager to map between each
instance address and a stored canonical address.
Translate PC coverage values when receiving inputs
from VMs and when sending inputs to each VM.
Signal conversion and coverage filtering will be
fixed in a future commit.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* all: add new typename dirname
The current way to check files under sysfs or proc is:
- define a string to represent each file
- open the file
- pass the fd to write / read / close
The issues above are:
- Need to know what file present on target device
- Need to write openat for each file
With dirname added, which will open one file
in the directory randomly and then pass the fd to
write/read/close.
* all: use typename glob to match filename
Fixes #481
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PCs returned for dynamic loaded module (DLKM) is not
parsed in coverage page, these PCs are dropped.
The commit is to use DLKM modules' load address and symbol file
to restore the PC and show coverage data of DLKM.
Introduced new config module_obj to specify module directories.
Example of config:
"module_obj": [
"module_path1"
"module_path2"
]
For linux target, before Manager.Connect run, load addresses are
getting from /proc/modules in order to group PCs into modules.
And so, if modules are under kernel_obj or module_obj dir,
their addresses and paths can be generated automatically.
kernel_obj is searched before module_obj dir and the first found
ko object is always used.
Also note that kaslr needs to be disabled.
|
|
|
It's better to keep functionality in packages rather than in main.
It makes it reusable and better organized.
Move machine info functionality to pkg/host and do some cosmetic refactoring.
|
