| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Update #5308
|
| |
|
|
| |
It may be useful if the config value is synthesised programmatically.
|
| |
|
|
| |
It will be useful for new syz-agent binary in the future.
|
| | |
|
| |
|
|
|
|
| |
1. Properly set up a manager config.
2. Use clang/ld.lld by default.
3. Set the right boot partition for qemu VMs.
|
| |
|
|
| |
It allows to reduce parameters count for some functions.
|
| |
|
|
|
| |
Check for the existence of fsck binaries and report their absence only
once.
|
| |
|
|
|
|
|
|
| |
We don't really need an HTTP server when running syz-manager during kernel
image testing and when running syz-diff automatically.
Don't require the config to be set and don't start the HTTP server in
this case.
|
| |
|
|
|
|
|
|
|
|
|
| |
In some build environments (notably Yocto), syzkaller host and target
binaries end up in separate packages for each built architecture, which
are then shipped with the respective image/SDK.
Add the "Execprog/ExecutorBinOnTarget" and "StraceBinOnTarget" options
to the manager config, which when set expects the respective binaries to
be shipped with the target image and does not attempt to copy them from
the host.
|
| |
|
|
|
|
|
|
|
| |
If we have converted one way of configuration into another, we should
reset the old one.
Otherwise after the processing in syz-ci both will be set and the
instance no longer starts due to
"you cannot use both cov_filter and focus_areas".
|
| |
|
|
|
| |
Switch from the CoverageFilter to the more flexible mechanism of focus
areas.
|
| |
|
|
|
|
| |
Previously we were assuming that QEMU with matching host/guest
architectures was using -enable-kvm, but for arm64 that's not always the
case.
|
| |
|
|
|
| |
Add automatic_helper attribute and enable it for system calls that are required to properly run automatically generated
descriptions. Enable these system calls when descriptions_mode = `Auto`.
|
| |
|
|
| |
This will enable the reuse of the functionality elsewhere.
|
| |
|
|
| |
It lets us get bug reproductions out of box.
|
| |
|
|
|
|
| |
written descriptions or both
Add "Auto" type and allow to choose descriptions mode in configurations. Defaults to using manual only.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.
Update #4917 (sets most signal handlers to SIG_IGN)
|
| |
|
|
|
| |
Lint started warning about duplicate "gvisor" const in pkg/cover.
Add gvisor/starnix consts to sys/targets package to avoid duplication.
|
| |
|
|
|
| |
VM-less mode stopped working after addition of RPCServer.createInstance.
Repair it.
|
| |
|
|
| |
To reduce diff in the next change.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Let users set the asset storage config in the syz-manager config.
When running under syz-ci, pass the asset storage config from the syz-ci.
Create an asset storage instance on the start of syz-manager.
Refactor some of syz-manager code to make it less complex.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow manager configuration to specify that certain syscalls should not
be mutated. This is expected to be useful when mutating certain syscalls
is unlikely to produce interesting executions. For example, mutating a
`syz_mount_image` call will likely produce a corrupt image.
Some implementation details:
- Add a `no_mutate_syscalls` manager config entry, with the same format
as `enable_syscalls`. Ensure this is parsed and stored in the config
as a set of syscall IDs.
- Send this set to fuzzers when they connect to their managers via RPC.
Ensure each fuzzer stores a copy of the set.
- When mutating arguments of a syscall, check first whether it has been
specified as non-mutatable.
- For all mutations not managed by a `syz-manager`, retain previous
behaviour by ensuring that no syscalls are considered non-mutable.
|
| |
|
|
|
|
|
|
| |
If `strace_bin` is specified, syzkaller will invoke a reproducer with it
and save the output. This should help in debugging.
If syz-manager is attached to a dashboard, upload the strace-powered output
and report.
|
| |
|
|
|
| |
Introduce a presere_progs parameter, which, if set to false, forces
syz-manager to purge unneeded programs from the corpus.
|
| |
|
|
|
|
|
|
| |
Currenly there are no means to limit the total number of reproducing
instances and syzkaller can de facto suspend fuzzing when there are
many new bug types.
Introduce the option to control this behavior.
|
| |
|
|
| |
Permit empty hub_key to indicate oauth.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update mgrconfig tests so that they properly test manager configuration.
Add dummy files to the testdata directory so that it looks like a real
syzkaller folder.
Adjust gce1.cfg to test the situation when there dashboard_client is not
accompanied by dashboard_key.
Make dashboard_key unnecessary.
|
| |
|
|
| |
Fuchsia provides its own copy of syz-executor, built in tree.
|
| |
|
|
|
|
|
| |
Add a configureable value for the maximum number of logs stored per
crash to the json config format.
syz-manager: use the new config value
|
| |
|
|
|
|
| |
Add sys/targets.Timeouts struct that parametrizes timeouts throughout the system.
The struct allows to control syscall/program/no output timeouts for OS/arch/VM/etc.
See comment on the struct for more details.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hub input domain identifier (optional).
The domain is used to avoid duplicate work (input minimization, smashing)
across multiple managers testing similar kernels and connected to the same hub.
If two managers are in the same domain, they will not do input minimization after each other.
If additionally they are in the same smashing sub-domain, they will also not do smashing
after each other.
By default (empty domain) all managers testing the same OS are placed into the same domain,
this is a reasonable setting if managers test roughly the same kernel. In this case they
will not do minimization nor smashing after each other.
The setting can be either a single identifier (e.g. "foo") which will affect both minimization
and smashing; or two identifiers separated with '/' (e.g. "foo/bar"), in this case the first
identifier affects minimization and both affect smashing.
For example, if managers test different Linux kernel versions with different tools,
a reasonable use of domains on these managers can be:
- "upstream/kasan"
- "upstream/kmsan"
- "upstream/kcsan"
- "5.4/kasan"
- "5.4/kcsan"
- "4.19/kasan"
Fixes #2095
|
| |
|
|
|
|
|
| |
Everything in syzkaller is syz-something, it's pointless to add syz prefix
to everything and unnecessary increases clutter. Remove the prefix.
Also, rename ExecutorCmd in target to ExecutorBin to make it consistent
with mgrconfig and ExecprogBin/FuzzerBin.
|
| |
|
|
|
|
| |
These are widely used with the config as the refactoring shows.
This removes a bunch of unnecessary code.
Also fixes a number of bugs where we confused Arch with VMArch.
|
| |
|
|
|
|
| |
Users should not be concerned with the internal derived fields.
Move all derived fields into a separate struct before adding more.
This leaves config.go as a better documentation for end users.
|
| |
|
|
|
|
|
| |
A future change makes vm/* depend on pkg/report,
and pkg/report already depends on pkg/mgrconfig.
This introduces a cycle for mgrconfig tests.
Move tests into a separate package.
|
| | |
|
| |
|
|
|
| |
pkg/mgrconfig/load.go:78:1: cyclomatic complexity 26 of func `Complete` is high (> 24)
sys/targets/targets.go:217: File is not `gofmt`-ed with `-s`
|
| |
|
|
|
| |
Qemu can use ssh key after chdir to workdir.
Consistently apply Abs to all paths.
|
| |
|
|
|
| |
Update #477
Update #502
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new manager config argument workdir_template refers to a directory. Optional.
Each VM will get a recursive copy of the files that are present in workdir_template.
VM config can then use these private copies as needed. The copy directory
can be referenced with "{{TEMPLATE}}" string. This is different from using
the files directly in that each instance will get own clean, private,
scratch copy of the files. Currently supported only for qemu_args argument
of qemu VM type. Use example:
Create a template dir with necessary files:
$ mkdir /mytemplatedir
$ truncate -s 64K /mytemplatedir/fd
Then specify the dir in the manager config:
"workdir_template": "/mytemplatedir"
Then use these files in VM config:
"qemu_args": "-fda {{TEMPLATE}}/fd"
|
| |
|
|
| |
In preparation for future changes.
|
| |
|
|
|
|
|
| |
syz-symbolize did not use the common mgrconfig logic
to calculate kernel dirs. Thus KernelBuildSrc ended up empty,
+dirs were not extended to absolute paths.
Use the common mgrconfig logic to calculate kernel dirs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pkg/cover: Modify parsing logic
1. Remove prefix computation
2. Add a mgrconfig for kernel build directory
* pkg/report: shorten reports with kernelBuildSrc instead of kernelSrc
* pkg/report: Fix failing tests
* pkg/report: fix formating issues
* tools/syz-cover: Fix unintended redefinition
* make changes to fix failing ci build
* pkg/report: fix issues
|
|
|
Currently we have them duplicated in docs/configuration.md
and the actual source in pkg/mgrconfig/config.go.
Documentation is missing in one place or another,
some is outdated, some is phrased slightly differently.
Move all docs to pkg/mgrconfig/config.go and reference it
from docs/configuration.md instead.
|
