aboutsummaryrefslogtreecommitdiffstats
path: root/sys/linux/init.go
Commit message (Collapse)AuthorAgeFilesLines
...
* sys/linux: limit init_module size argumentDmitry Vyukov2018-10-301-0/+7
| | | | | | | Kernel tries to vmalloc whatever we pass as size and it's not accounted against memcg. As the result it can lead to massive OOM kills of everything running on the machine. Strictly saying, the same applies to finit_module with a sparse file too, but there is no simple way to handle that.
* sys/syz-extract: support missing arch headersDmitry Vyukov2018-10-281-2/+3
| | | | | | | | The latest Linux kernel misses some arch-specific headers on some archs: asm/a.out.h asm/prctl.h asm/mce.h Support that.
* sys: check that target consts are definedDmitry Vyukov2018-10-191-20/+30
| | | | | | | | | | | | | | Currently when we get target consts with target.ConstMap["name"] during target initialization, we just get 0 for missing consts. This is error-prone as we can mis-type a const, or a const may be undefined only on some archs (as we have common unix code shared between several OSes). Check that all the consts are actually defined. The check detects several violations, to fix them: 1. move mremap to linux as it's only defined on linux 2. move S_IFMT to openbsd, as it's only defined and used on openbsd 3. define missing MAP_ANONYMOUS for freebsd and netbsd 4. fix extract for netbsd
* sys/linux: prohibit FAN_OPEN_PERM and FAN_ACCESS_PERMDmitry Vyukov2018-10-151-1/+12
| | | | | | | FAN_OPEN_PERM and FAN_ACCESS_PERM require the program to reply to open requests. If that does not happen, the program will hang in an unkillable state forever. See the following bug for details: https://groups.google.com/d/msg/syzkaller-bugs/pD-vbqJu6U0/kGH30p3lBgAJ
* sys/linux: prohibit EXT4_IOC_SHUTDOWNDmitry Vyukov2018-09-131-0/+10
| | | | EXT4_IOC_SHUTDOWN EXT4_IOC_SHUTDOWN on root fs effectively brings the machine down in weird ways.
* prog: add concept of "special pointers"Dmitry Vyukov2018-08-301-18/+20
| | | | | | | | | | | | | | | | | Currently we only generate either valid user-space pointers or NULL. Extend NULL to a set of special pointers that we will use in programs. All targets now contain 3 special values: - NULL - 0xfffffffffffffff (invalid kernel pointer) - 0x999999999999999 (non-canonical address) Each target can add additional special pointers on top of this. Also generate NULL/special pointers for non-opt ptr's. This restriction was always too restrictive. We may want to generate them with very low probability, but we do want to generate them. Also change pointers to NULL/special during mutation (but still not in the opposite direction).
* Makefile: don't compile all targets into target binariesDmitry Vyukov2018-08-021-2/+3
| | | | | | | | | | Currently target binaries contain support for all OS/arch combinations. However, obviously a fuchsia target binary won't test windows. For target binaries we need support only for a single target (with the exception of 386/arm target in amd64/arm64 binaries). So compile in only _the_ target into target binaries. This reduces akaros/amd64 fuzzer binary from 33 to 7 MB and execprog from 28 to 2 MB.
* sys: dedup sanitization of common unix syscallsDmitry Vyukov2018-05-071-56/+4
| | | | Update #538
* sys: dedup mmap code across OSesDmitry Vyukov2018-05-061-32/+2
| | | | Update #538
* sys: move generate files to separate packagesDmitry Vyukov2018-05-051-0/+9
| | | | | | | | | Move generated files to gen subdir. This allows to: 1. Rebuild init.go without rebuilding generated code. 2. Excluding generated files from gometalinter checking. This makes faster and consume less memory. Update #538
* prog: simplify codeDmitry Vyukov2018-05-051-2/+2
| | | | | | Now that we don't have ReturnArg and only ResultArg's refer to other ResultArg's we can remove ArgUser/ArgUsed and devirtualize lots of code.
* syz-fuzzer: clean up after probing coverageDmitry Vyukov2018-04-271-0/+2
| | | | We left mmap memory and comparison tracing enabled.
* sys/linux: add syz_init_net_socket syscallDmitry Vyukov2018-03-051-0/+14
| | | | | | | | | | | The new pseudo syscall allows opening sockets that can only be created in init net namespace (BLUETOOTH, NFC, LLC). Use it to open these sockets. Unfortunately this only works with sandbox none at the moment. The problem is that setns of a network namespace requires CAP_SYS_ADMIN in the target namespace, and we've lost all privs in the init namespace during creation of a user namespace.
* prog: return concrete arg types from Make functionsDmitry Vyukov2018-02-241-5/+5
| | | | This removes a bunch of type assertions and makes code type safer.
* sys/linux: prevent programs from doing arbitrary writes with ARCH_SET_FSDmitry Vyukov2018-02-231-0/+12
|
* sys/linux: fix mmap call argsDmitry Vyukov2018-02-201-1/+1
| | | | Also add a test for this.
* prog: rework address allocationDmitry Vyukov2018-02-191-42/+5
| | | | | | | | | | | | 1. mmap all memory always, without explicit mmap calls in the program. This makes lots of things much easier and removes lots of code. Makes mmap not a special syscall and allows to fuzz without mmap enabled. 2. Change address assignment algorithm. Current algorithm allocates unmapped addresses too frequently and allows collisions between arguments of a single syscall. The new algorithm analyzes actual allocations in the program and places new arguments at unused locations.
* sys/linux: add bridge netfilter supportDmitry Vyukov2018-02-171-0/+6
|
* sys/linux: improve netfilter descriptionsDmitry Vyukov2018-02-091-0/+1
| | | | | | | | | | | | | | | | Put the underflow entry at the end. Entries must end on an unconditional, non-goto entry, otherwise fallthrough from the last entry is invalid. Add arp tables support. Split unspec matches/targets to unspec and inet. Reset ipv6 and arp tables in executor. Fix number of counters in tables. Plus a bunch of assorted fixes for matches/targets.
* sys/linux: extend netfilter descriptionsDmitry Vyukov2018-01-271-2/+6
|
* sys/linux: don't touch mknod$loop during sanitizationDmitry Vyukov2018-01-161-0/+3
| | | | | | | mknod$loop contains proc type as dev number. Current sanitization code truncates 64-bit -1 to 32-bits which later causes validation failure. Don't do that, it's unnecessary for proc type.
* sys/linux: add AF_NETLINK/NETLINK_CRYPTO descriptionsDmitry Vyukov2018-01-091-0/+1
|
* sys/linux: netlink xfrm supportDmitry Vyukov2017-12-311-4/+6
|
* sys/linux: improve hash generation for KEYCTL_DH_COMPUTEDmitry Vyukov2017-11-271-3/+4
| | | | | | | KEYCTL_DH_COMPUTE used the old fixed list of algorithm names. Use the new code for algorithm generation. + it needs only SHASH algs, but we passed in all alg names. Pass only SHASH algs.
* sys/linux: resolve TODO re argument truncationDmitry Vyukov2017-11-271-4/+2
|
* sys/linux: improve AF_ALG alg name generationDmitry Vyukov2017-11-241-3/+5
| | | | | | | | | There is effectively infinite number of possible crypto algorithm names due to templates. Plus there is tricky relation between algorithms and algorithm type names. This change adds custom mutator for sockaddr_alg struct to improve variance in generated algorithms.
* all: initial support for fuchsiaDmitry Vyukov2017-09-201-120/+41
| | | | | | Nothing works, but builds. Update #191
* syz-manager, syz-fuzzer, executor: ensure that binaries are consistentDmitry Vyukov2017-09-151-1/+2
| | | | | | | Check that manager/fuzzer/executor are build on the same git revision, use the same syscall descriptions and the same target arch. Update #336
* prog: remove special knowledge about "mmap" syscallDmitry Vyukov2017-09-151-0/+1
| | | | Abstract "mmap" away as it can be called differently on another OS.
* sys: compile all supported targets into the packageDmitry Vyukov2017-09-151-47/+136
| | | | | Currently we compile in only GOOS/GOARCH target. Compile in all targets so that they can be selected at runtime.
* sys/linux: rename package from sys to linuxDmitry Vyukov2017-09-151-1/+1
|
* sys: move linux descriptions to sys/linuxDmitry Vyukov2017-09-151-0/+272
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-13 17:35:41 +0000