| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Write coverage from unfinished syscalls.
Also detect when a syscall was blocked during execution,
even if it finished. Helpful for fallback coverage.
Fixes #580
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make as much code as possible shared between all OSes.
In particular main is now common across all OSes.
Make more code shared between executor and csource
(in particular, loop function and threaded execution logic).
Also make loop and threaded logic shared across all OSes.
Make more posix/unix code shared across OSes
(e.g. signal handling, pthread creation, etc).
Plus other changes along similar lines.
Also support test OS in executor (based on portable posix)
and add 4 arches that cover all execution modes
(fork server/no fork server, shmem/no shmem).
This change paves way for testing of executor code
and allows to preserve consistency across OSes and executor/csource.
|
| |
|
|
|
|
| |
Linux executor sets up some network devices for testing,
detect when that's supported on the machine and don't
do it if it's not supported.
|
| |
|
|
| |
Move common code from 4 vm implementations to vmimpl.
|
| | |
|
| |
|
|
|
| |
Pass actual target to DefaultConfig, that's what we really want,
not the stray ipc flag.
|
| | |
|
| |
|
|
|
| |
Also mixin resource constructors and some signature
of flags values for successful calls into fallback coverage.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Currently we first send on errs and then close env.
As the result process can exit before env.Close finishes,
which will leave garbage behind.
Close env before sending on errs.
|
| |
|
|
| |
fuchsia mishandles relative paths.
|
| |
|
|
|
|
| |
It's possible to get no signal from normal coverage due to dedup,
in that case we don't want to add fallback coverage
because it can lead to corpus bloat.
|
| |
|
|
|
|
|
|
|
|
| |
We have fallback coverage implmentation for freebsd.
1. It's broken after some recent changes.
2. We need it for fuchsia, windows, akaros, linux too.
3. It's painful to work with C code.
Move fallback coverage to ipc package,
fix it and provide for all OSes.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Currently host feature detection/setup code is spread
across platform-independent fuzzer code, pkg/host, pkg/ipc
and executor.
Move this all into pkg/host and show readable info
about features on manager start.
Fixes #46
|
| |
|
|
|
|
| |
In most cases we have source in memory,
so provide a function to build right from memory
without creating temp files.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently have native cross-compilation logic duplicated
in Makefile and in sys/targets. Some pieces are missed in one
place, some are in another. Only pkg/csource knows how to check
for -static support.
Move all CC/CFLAGS logic to sys/targets and pull results in Makefile.
This should make Makefile work on distros that have broken x86_64-linux-gnu-gcc,
now we will use just gcc. And this removes the need to define NOSTATIC,
as it's always auto-detected.
This also paves the way for making pkg/csource work on OSes other than Linux.
|
| |
|
|
|
|
|
| |
120 columns looks like a reasonable limit
and requires few changes to existing code.
Update #538
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
syz-manager always passes explicit value for the flag.
syz-stress does not need coverage.
The only real user is syz-execprog. syz-execprog already
forces coverage with -coverfile is given. Coverage is harmful
for external users trying to reproduce reported bugs.
For the remaining cases of syzkaller developers running
syz-execprog on KCOV-enabled kernel, the flag can be given
manually if really needed.
Fixes #554
|
| |
|
|
|
|
| |
Don't use random programs for testing.
Sometimes they lead to flakes like:
opendir(./1/file0) failed (errno 13)
|
| |
|
|
| |
Fix typos, non-canonical code, remove dead code, etc.
|
| |
|
|
| |
Also add a test for this.
|
| |
|
|
| |
Helps to understand what program caused it.
|
| |
|
|
|
|
|
|
|
|
| |
Generated program always uses pid=0 even when there are multiple processes.
Make each process use own pid.
Unfortunately required to do quite significant changes to prog,
because the current format only supported fixed pid.
Fixes #490
|
| |
|
|
|
|
|
|
|
|
|
| |
syz-fuzzer organically grew from a small nice main function
into a huge single-file monster with tons of global state.
Start refactoring it into something more managable.
This change separates 2 things:
1. Proc: a single fuzzing process (ipc.Env wrapper).
2. WorkQueue: holds global non-fuzzing work items.
More work needed, but this is good first step.
|
| |
|
|
|
|
|
| |
Currently threaded/collide are global environment flags.
It can be useful to turn off collider during some executions
(minimization, triage, etc).
Make them per-program options.
|
| |
|
|
|
|
|
| |
Boot and minimally test images before declaring them as good
and switching to using them.
If image build/boot/test fails, upload report about this to dashboard.
|
| |
|
|
|
|
| |
When manager is stopped there are sometimes runaway qemu
processes still running. Set PDEATHSIG for all subprocesses.
We never need child processes outliving parents.
|
| |
|
|
| |
if/else branches are intermixed
|
| |
|
|
|
| |
It seems to explode linux corpus.
So make it freebsd-specific.
|
| |
|
|
|
|
|
| |
Use forkserver and shmem for freebsd.
This greatly improves speed.
Also introduce fallback coverage signal based
on unique (syscall+errno) pairs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently use more complex and functional protocol on linux,
and a simple ad-hoc protocol on other OSes.
This leads to code duplication in both ipc and executor.
Linux supports coverage, shared memory communication and fork server,
which would also be useful for most other OSes.
Unify communication protocol and parametrize it by
(1) use of shmem or only pipes, (2) use of fork server.
This reduces duplication in ipc and executor and will
allow to support the useful features for other OSes easily.
Finally, this fixes akaros support as it currently uses
syz-stress running on host (linux) and executor running on akaros.
|
| |
|
|
|
|
| |
Currently we always send 2MB of data to executor in ipc_simple.go.
Send only what's consumed by the program, and don't send the trailing zeros.
Serialized programs usually take only few KBs.
|
| |
|
|
|
| |
This claimed to be fixed:
https://fuchsia.atlassian.net/browse/DNO-158
|
| |
|
|
|
|
| |
We currently return raw error, so sometimes it's hard to tell
even what call produced the error (e.g. just "invalid argument").
Extend the error so that it's clear that it comes from cmd.Start.
|
| |
|
|
| |
For now we just make Go part build for freebsd.
|
| |
|
|
|
| |
Abs does not work on fuchsia only, use it on windows.
Also maintain stats.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Nothing works, but builds.
Update #191
|
| |
|
|
| |
Update #191
|
| | |
|
| |
|
|
|
|
| |
Now each prog function accepts the desired target explicitly.
No global, implicit state involved.
This is much cleaner and allows cross-OS/arch testing, etc.
|
| |
|
|
|
| |
Add target config parameter (e.g. linux/amd64) which controls target OS/arch.
No more explicit assumptions about target.
|
| |
|
|
|
|
|
|
|
|
|
| |
Large overhaul moves syscalls and arg types from sys to prog.
Sys package now depends on prog and contains only generated
descriptions of syscalls.
Introduce prog.Target type that encapsulates all targer properties,
like syscall list, ptr/page size, etc. Also moves OS-dependent pieces
like mmap call generation from prog to sys.
Update #191
|
| |
|
|
|
| |
Now executor is able to read comparisons data from KCOV and write them
to fuzzer.
|
