syz - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	sys/linux: fix bugs pointed out by syz-check	Dmitry Vyukov	2022-01-13	1	-3/+6
\| \| \| \|	Update #590
*	executor/common_linux: fuzz kvm_run	Alexey Kardashevskiy	2021-11-09	1	-0/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Syzkaller runs KVM until it exits and this is considered the end of the KVM_RUN syscall. We can do a bit more with a VM if the exit was legit (for example MMIO access or a hypercall). In such cases the userspace emulates the request and stores the result in the kvm_run struct (mmaped from vcpu_fd) which the next KVM_RUN checks. This defines specialized mmap and syz_memcpy_off to allow Syzkaller fuzz the kvm_run struct with focus on the part where the huge union is. Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com> --- Changes: v4: * defined offset/size constants * re-autogenerated dev_kvm.txt.const v3: * fixed syz_memcpy_off's src size v2: * limited changes to dev_kvm.txt instead of defining all new syz_kvm_run.
*	sys/linux: extend KVM caps descriptions	Dmitry Vyukov	2021-10-13	1	-15/+43
\| \| \| \|	Add missing VM/CPU caps and specify type of arguments for each cap.
*	sys/linux: fix KVM defines	Dmitry Vyukov	2021-09-16	1	-5/+10
\| \| \| \| \| \|	We don't support # comments at the end of defines. This never worked and .const file wasn't even re-generated (otherwise it would contain ???).
*	executor/common_kvm_ppc64: run with enabled MMU	Alexey Kardashevskiy	2021-07-19	1	-1/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This sets up a page table to map the text in order to exercise more code paths in the KVM. This defines flags to control the MMU state. When enabled, this creates a simple page table at the 64K offset and maps all the RAM. The fuzzer code is placed right after the table. The flags are: IR - enables MMU for instruction fetches DR - enables MMU for data loads/stores PR - "problem state", i.e. userspace (implies DR and IR) PID1 - initializes a process table for PID>0 (PID#0 is used by the VM OS normally) This adds a simple "syz_kvm_setup_cpu_ppc64" syz-test with MSR=IR\|DR\|LE which is a typical Linux kernel mode. Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
*	executor/common_kvm_ppc64: fix KVM support	Alexey Kardashevskiy	2021-07-19	1	-1/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Turns out the ifuzz on powerpc did not ever properly work. This fixes syz_kvm_setup_cpu$ppc64: Enable the PAPR KVM capability (otherwise KVM_RUN fails right away). Finish generated sequences with the software debug breakpoint as there is no x86's "hlt" variant on POWER and otherwise KVM won't exit. Add exception handlers, use the software debug breakpoint instruction to trigger immediate exit from KVM with the only exception of the decrementer interrupt handler (timer) to recharge the timer and continue. Define and use endianness selection flag (Big vs. Little endian). Define the code generator similar to kvm_gen.cc which for now contains 2 simple tests and the decrementer interrupt handler code. Add test cases to the executor so "bin/linux_ppc64le/syz-executor test" can run some sensible tests. The tests copy 0xbadc0de around similar to x86 and uses gpr[3] is a return value register (similar to EAX). Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
*	pkg/ifuzz/powerpc: add powerpc support	Alexey Kardashevskiy	2020-11-20	1	-0/+18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This adds KVM's syz_kvm_setup_cpu pseudo syscall. This adds placeholder for options (none implemented yet). This adds instruction generator for ifuzz; this also adds a few pseudo instructions to simulate super/hyper/ultracalls (a PPC64/pseries platform thing). The insns.go is generated from PowerISA_public.v3.0B.pdf [1] by a horrendous python3 script on top of pdftotext. The ISA covers POWER9 which is the latest available POWER CPU at the moment. The next ISA for POWER10 is quite different and we will deal with it later. The // comment after every instruction is a fixed opcode list for verification purposes. This does not define DecodeExt as there is no obvious replacement of the Intel XED library for POWERPC (gapstone-capstone, later, may be). [1] https://openpowerfoundation.org/?resource_lib=power-isa-version-3-0 Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
*	sys/linux: use per-field directions in descriptions	Necip Fazil Yildiran	2020-08-13	1	-3/+3
\|
*	sys/linux: fix some warnings in descriptions	Dmitry Vyukov	2020-06-13	1	-4/+6
\| \| \| \| \|	syz-check pointed to a new batch of bugs in descriptions. Fix them.
*	sys/syz-extract: use -nostdinc on linux	Dmitry Vyukov	2020-05-11	1	-1/+0
\| \| \| \|	This makes the build completely hermetic.
*	pkg/compiler: check that flags values fit into base type	Dmitry Vyukov	2020-03-17	1	-1/+1
\| \| \| \| \| \| \| \|	flags[foo, int8] foo = 0x12345678 is always an error, detect these cases. Found some bugs in mptcp, packet sockets, kvm.
*	sys/linux: fix 32-bit warnings	Dmitry Vyukov	2019-12-23	1	-4/+4
\| \| \| \| \| \| \|	Lots of interesting findings... Especially 2 byte uid/gid/pid. Update #590
*	sys/linux: fix 240 warnings in descriptions	Dmitry Vyukov	2019-12-20	1	-11/+11
\| \| \| \| \| \|	Sweeping fix of everything up to socket_netlink_route.txt. Update #590
*	sys/linux: another batch of syz-check fixes	Dmitry Vyukov	2019-12-18	1	-37/+47
\| \| \| \|	Update #590
*	sys/linux: rename dev descriptions files	Andrey Konovalov	2019-02-01	1	-0/+805
	Prefix file names of descriptions of /dev/* files with dev_. And give some of them more appropriate names.