| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Setting itself or another process as a real-time one leads to the
starvation of kernel threads and, as a result, to false positive stall
bug reports. We have been getting complaints about them for already
quite a long time now.
Neutralize the policy argument of the syscall as much as possible given
the set of possible syzkaller mutations.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We use strings to identify OS/Arch.
These strings are duplicated throughout the code base massively.
golangci-lint points to possiblity of typos and duplication.
We already had to define these names in pkg/csource
and disable checking for prog package. A future change triggers
such warnings in another package.
Add OS/Arch name consts to sys/targets so that they can be used
to refer to OS/Arch. Use the consts everywhere.
|
| |
|
|
|
|
|
| |
Mark ioctls we disable in init.go as disabled.
Update #477
Update #502
|
| |
|
|
|
| |
1. Allow to not provide Out if it's the same as In.
2. Always check Out.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We will need a wrapper for target.SanitizeCall that will do more
than just calling the target-provided function. To avoid confusion
and potential mistakes, give the target function and prog function
different names. Prog package will continue to call this "sanitize",
which will include target's "neutralize" + more.
Also refactor API a bit: we need a helper function that sanitizes
the whole program because that's needed most of the time.
Fixes #477
Fixes #502
|
| |
|
|
|
| |
sys/{linux,openbsd} duplicate deserialization test logic as well.
Export and reuse the existing helper function.
|
| |
|
|
|
|
|
|
| |
String value enforcement broke a number of tests
where we use different values.
Be more string as to what string values we use in tests.
Required to add tmpfs descriptions to test syz_mount_image.
Also special-casing AF_ALG algorithms as these are auto-generated.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Replace TIOCSSERIAL with TIOCGSERIAL.
TIOCSSERIAL can do nasty things under root, like causing writes to random memory
pretty much like /dev/mem, but this is also working as intended.
For details see:
https://groups.google.com/g/syzkaller-bugs/c/1rVENJf9P4U/m/QtGpapRxAgAJ
https://syzkaller.appspot.com/bug?extid=f4f1e871965064ae689e
TODO: TIOCSSERIAL does some other things that are not dangerous
and would be nice to test, if/when we can sanitize based on sandbox value
we could prohibit it only under sandbox=none.
|
| |
|
|
|
| |
Opening random devices can lead to havoc.
Enforce device major/minor.
|
| |
|
|
|
| |
Fuzzer manages to open it and do bad things with it.
Prevent it from doing so.
|
| | |
|
| |
|
|
|
|
|
|
| |
This ability was never used but we maintain a bunch of code for it.
syzkaller also recently learned to spoof this error code
with some ptrace magic (probably intercepted control flow again
and exploited executor binary).
Drop all of it.
|
| |
|
|
|
|
|
| |
Add bulk of checks for strict parsing mode.
Probably not complete, but we can extend then in future as needed.
Turns out we can't easily use it for serialized programs
as they omit default args and during deserialization it looks like missing args.
|
| |
|
|
|
|
|
|
|
|
|
| |
Over time we relaxed parsing to handle all kinds of invalid programs
(excessive/missing args, wrong types, etc).
This is useful when reading old programs from corpus.
But this is harmful for e.g. reading test inputs as they can become arbitrary outdated.
For runtests which creates additional problem of executing not
what is actually written in the test (or at least what author meant).
Add strict parsing mode that does not tolerate any errors.
For now it just checks excessive syscall arguments.
|
| | |
|
|
|
FAN_OPEN_PERM and FAN_ACCESS_PERM require the program to reply to open requests.
If that does not happen, the program will hang in an unkillable state forever.
See the following bug for details:
https://groups.google.com/d/msg/syzkaller-bugs/pD-vbqJu6U0/kGH30p3lBgAJ
|
