| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
syz_kvm_add_vcpu
The old syz_kvm_setup_cpu() API mixed together VM and VCPU setup, making it
harder to create and fuzz two VCPUs in the same VM.
Introduce two new pseudo-syscalls, syz_kvm_setup_syzos_vm() and syz_kvm_add_vcpu(),
that will simplify this task.
syz_kvm_setup_syzos_vm() takes a VM file descriptor, performs VM setup
(allocates guest memory and installs SYZOS code into it) and returns a
new kvm_syz_vm resource, which is in fact a pointer to `struct kvm_syz_vm`
encapsulating VM-specific data in the C code.
syz_kvm_add_vcpu() takes the VM ID denoted by kvm_syz_vm and creates a
new VCPU within that VM with a proper CPU number. It then stores the
fuzzer-supplied SYZOS API sequence into the corresponding part (indexed by
CPU number) of the VM memory slot, and sets up the CPU registers to interpret
that sequence.
The new pseudo-syscall let the fuzzer create independent CPUs that run different
code sequences without interfering with each other.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Use v6.9-rc7.
|
| |
|
|
|
|
| |
Our fs is more generic than it was defined in MAINTAINERS. Let's not
spam its mailing lists with bugs from individual filesystem
implementations.
|
| |
|
|
| |
This must be a strong signal to assign a bcachefs subsystem.
|
| | |
|
| |
|
|
|
| |
There are cases of very long names that make it too hard for the golang
library to properly parse the address.
|
| |
|
|
| |
We used to ignore the skipped lines.
|
| | |
|
| |
|
|
| |
It will help keep more generic reports in "net".
|
| |
|
|
| |
Adjust subsystem generation code to the latest changes.
|
| |
|
|
| |
The new mailing list can be parsed by the generic algorithm.
|
| |
|
|
| |
Use the latest torvalds master.
|
| |
|
|
| |
See https://lore.kernel.org/all/20230908082846.GB9560@lst.de/
|
| |
|
|
|
| |
If a record was specified in a custom subsystem list, do not consider it
while grouping records by mailing list.
|
| |
|
|
|
| |
Regenerate the list using v6.5-rc5.
Also, rename fat -> exfat.
|
| |
|
|
|
|
|
|
|
| |
The current syz-query-subsystems raise below error:
failed to query subsystems: failed to set names: failed to extract a name from kernel-tls-handshake@lists.linux.dev
This patch adds this email to exception list to fix that.
Signed-off-by: Lin Ma <linma@zju.edu.cn>
|
| | |
|
| |
|
|
|
|
| |
For some subsystems (e.g. `kernel`) such reports just don't make much
sense, since there are too many incorrectly classified bugs in there.
Make it possible to exclude such subsystems from periodic reminders.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's just accept that we cannot fully trust guilty paths and try to
increase the weight of subsystems extracted from reproducers.
Instead of taking all subsystems that have received the highest number
of votes, take all which have received >= 33%. This will reduce noise
and in almost all cases limit the number of assigned subsystems to 2.
If there are >= 3 reproducers that point to exactly the same set of
subsystems, give them a preference. But still take one subsystem from
guilty paths if there's one that's mentioned >= 66% times.
The numbers themselves are somewhat arbitrary, but hopefully this will
improve the quality of subsystem inference.
Add some more tests.
|
| |
|
|
|
|
|
|
|
|
|
| |
We currently prioritize a subsystem if it's present in all reproducers
and that is supported by at least one guilty path among the considered
crashes.
Due to a small bug in the code we only considered it to be supported if
the guilty path belonged to one of parent subsystems of the one
mentioned in the reproducer. It's fair to also consider full overlap
between them.
|
| |
|
|
|
|
|
| |
There was a small bug and, as a result, subsystems from reproducers
always superceded all other ones. That was not the desired side-effect.
Fix the logic and add a test to linux_test.go.
|
| |
|
|
| |
Also make the call point to the "input" subsystem.
|
| |
|
|
|
| |
Let's consider them a strong indicator that usb subsystem is affected by
a bug.
|
| |
|
|
|
| |
Adjust the rules so that syz_mount_image$nilfs2 begins to point to
nilfs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Earlier we only took maintainers if there was just one MAINTAINERS
record, but that was a very severe limitation.
Let's try a more elaborate approach. It's also not perfect, but allows
us to extract many more maintainers, while keeping false positives at
zero.
Group raw MAINTAINER records by their T: entries. If there's just one
set of T: values per group mailing list, take the intersection of M:
entries from there.
|
| |
|
|
| |
Rename `cluster` to `gfs2`
|
| | |
|
| |
|
|
|
|
|
|
|
| |
There are some minor subsystems (e.g. PAGE CACHE in Linux) that are
parts of several big subsystems. At the same time, a reproducer can
clearly disambiguate such case.
If subsystems from reproducers and subsystems from guilty files
intersect, only proceed with the results of the intersection.
|
| |
|
|
|
|
|
|
|
| |
We're not yet perfect at eliminating unneeded calls from reproducers, so
let's make the subsystem extraction rules stricter: only take a
subsystem from the reproducer if it's present in all reproducers.
Consider more crashes (7 instead of 5) to give more opportunities to
drop an unneeded call.
|
| | |
|
| |
|
|
|
|
| |
Two more flags:
- filter: allows to choose only a subset of the possible subsystems.
- emails: allows to force empty Lists and Maintainers.
|
| |
|
|
| |
Add isofs and fat. Match them with their pseudo syscalls.
|
| |
|
|
| |
9p is a much more common name.
|
| |
|
|
| |
Use the "v6.2" release.
|
| |
|
|
| |
We've put too much under the "fs" tag.
|
| |
|
|
|
|
|
| |
There are cases when a subsystem doesn't have a mailing list and yet
we'd prefer not to merge it with others. Let's add the ability to add
custom rules that join several specified MAINTAINERS records into one
Subsystem.
|
| | |
|
| |
|
|
| |
Let the Service also serve the child subsystem query requests.
|
| |
|
|
| |
There were cases when subsystems did not get reasonable enough names.
|
| |
|
|
| |
Take the counts from the cache, include links to the filtered bug views.
|
| |
|
|
|
| |
This might happen if the user forgot to import pkg/subsystem/lists. Make
the problem more visible by panicking in ServiceList().
|
| |
|
|
| |
Now it's no longer needed.
|
| |
|
|
|
|
| |
After each saved crash, invoke the new pkg/subsystem machinery to infer
the subsystem list. Use 5 crashes with biggest priority to base the
inference on.
|
| |
|
|
|
|
| |
For the subsystem itself, we take both maintainers and lists. But from
all parents we only take lists, because otherwise too many unrelated
people might be notified.
|
| |
|
|
|
|
| |
Add a few more prefixes to strip. Remove dots from the resulting names.
Regenerate the list of Linux subsystems.
|
| |
|
|
| |
Add a test to verify that the function works as intended.
|
| |
|
|
|
|
| |
Remove the entity and match subpackages.
Regenerate the linux.go file.
|
