| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
The interface has significantly changed since the first version.
Update to the upstreammed interface.
Fixes #3030
|
| | |
|
| |
|
|
|
|
| |
It seems we had a bogus signature for sigaltstack for all that time.
It accepts 2 sigaltstack structs according to the kernel code:
https://elixir.bootlin.com/linux/v5.16/source/kernel/signal.c#L4217
|
| |
|
|
| |
Update #590
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As was pointed out in #2921, the current approach of limiting the number
of pids per process does not work on all Linux-based kernels.
We could just treat fork, clone and clone3 in a special way (e.g. exit
on a zero return). However, in that case we also need to sanitize the
arguments for clone and clone3 - if CLONE_VM is passed and stack is 0,
the forked child processes (threads) will become nearly unindentifiable
and will corrupt syz-executor's memory. While we could sanitize clone's
arguments, we cannot do so for clone3 - nothing can guarantee that they
will not be changed concurrently.
Instead of calling those syscalls directly, introduce a special pseudo
syscall syz_clone3. It copies and sanitizes the arguments and then
executes clone3 (or fork, if we're on an older kernel) in such a way so
as to prevent fork bombs from happening.
Also introduce syz_clone() to still be able to fuzz it on older systems.
|
| |
|
|
|
|
|
|
|
| |
Move existing bits of /dev/media descriptions from sys.txt and dev_video4linux.txt
and complete the descriptions.
Also provide more concrete specialization of VIDIOC_QUERYBUF ioctl.
Add ioctl specialization that serves as fd_v4l2_buffer resource constructor
(returns it outside of a union).
|
| | |
|
| |
|
|
|
|
|
|
|
| |
It's a somewhat common mistake to write comments instead of directives:
#include <foo>
#define FOO BAR
because that's how it's done in C.
In preparation for warning about such cases remove all existing
comments that fake directives.
|
| | |
|
| |
|
|
| |
See: https://elixir.bootlin.com/linux/v5.15-rc6/source/mm/secretmem.c#L194
|
| |
|
|
| |
See: https://elixir.bootlin.com/linux/v5.15-rc6/source/fs/eventpoll.c#L2279
|
| |
|
|
| |
See: https://elixir.bootlin.com/linux/v5.15-rc6/source/mm/oom_kill.c#L1146
|
| |
|
|
|
|
| |
Regenerate const files on the latest upstream tree.
Remove IPX support since it was removed from the kernel
in 7a2e838d28 ("staging: ipx: delete it from the tree").
|
| |
|
|
|
|
| |
O_RDONLY is not really a flag. Not providing O_WRONLY means O_RDONLY.
Signed-off-by: Denis Efremov <efremov@linux.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* all: add new typename dirname
The current way to check files under sysfs or proc is:
- define a string to represent each file
- open the file
- pass the fd to write / read / close
The issues above are:
- Need to know what file present on target device
- Need to write openat for each file
With dirname added, which will open one file
in the directory randomly and then pass the fd to
write/read/close.
* all: use typename glob to match filename
Fixes #481
|
| | |
|
| |
|
|
|
|
| |
Duplicate mknod$loop() for architectures without mknod().
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
| |
Add a variant to create a /dev/null character device.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
| |
fork() is useful for Landlock fuzzing.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
| |
Both are ChromeOS-specific.
|
| |
|
|
|
|
|
|
|
|
| |
Also flip these:
/proc/sys/net/ipv4/tcp_dsack
/proc/sys/net/ipv4/tcp_recovery
/proc/sys/net/ipv4/tcp_mtu_probing
/proc/sys/net/ipv4/tcp_rfc1337
/proc/sys/net/ipv4/tcp_rmem
/proc/sys/net/ipv4/tcp_wmem
|
| |
|
|
|
|
|
| |
These have some non-trivial effects like compacting memory
or changing TCP parameters in realistic ways.
Fixes #1671
|
| | |
|
| |
|
|
|
| |
Add descriptions for qat_adf_ctl. It might need an intel qat device.
Update #533.
|
| |
|
|
|
|
|
|
|
| |
The fsinfo() system call is under heavy discussion upstream, and it
might be totally changed. As a result it was dropped from linux-next
starting in next-20200819, and the pull request for 5.9
(https://lkml.kernel.org/r/1845353.1596469795@warthog.procyon.org.uk/)
wasn't accepted. Therefore revert the syscall description (commit
4b0871d) for now.
|
| |
|
|
|
| |
Add desciptions for testing /dev/vga_arbiter.
Update #533
|
| |
|
|
|
|
|
|
|
|
| |
If a resource is never used as an input, it is not useful.
It's effectively the same as using an integer.
Detect such cases, they are quite confusing.
Fix all existing errors in descriptions.
This uncovered some interesting bugs as well,
e.g. use of a completely unrelated fd subtype after copy-paste
(while the resource that was supposed to be used there is completely unused).
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The raw system calls have call signatures that differ slightly from
that of the corresponding GNU C library wrapper functions. The descriptions
are fixed to reflect the raw system calls, which unpacks the offset into
two args, off_l and off_h.
|
| | |
|
| | |
|
| |
|
|
|
| |
ioprio priority values (as passed to ioprio_set()) take values from
a limited range. This fact was reflected in the descriptions.
|
| |
|
|
|
| |
Added description for close_range which is currently in linux-next
(https://lore.kernel.org/lkml/20200602204219.186620-2-christian.brauner@ubuntu.com/).
|
| |
|
|
|
| |
Adde description for process_madvise syscall in
linux-next (https://lore.kernel.org/lkml/20200622192900.22757-4-minchan@kernel.org).
|
| |
|
|
|
| |
Added the CLONE_INTO_CGROUP and CLONE_CLEAR_SIGHAND flag for the clone3
syscall.
|
| |
|
|
| |
+extract constants on next-20200701
|
| |
|
|
| |
Added the faccessat2 description (linux 5.8) (https://git.kernel.org/linus/c8ffd8bcdd28296a).
|
| |
|
|
|
|
| |
Added the description for the new fsinfo sys call (currently in
linux-next). Details about fsinfo can be seen in
https://lkml.kernel.org/linux-fsdevel/158454408854.2864823.5910520544515668590.stgit@warthog.procyon.org.uk/.
|
| |
|
|
|
|
| |
Added the openat2 syscall for file and for directory. Details of the
syscall can be seen at
https://man7.org/linux/man-pages/man2/openat2.2.html.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a set of descriptions to focus the fuzzing process on the V4L2 vim2m
test driver. This should be useful to test the M2M framework.
The syscalls are based on a specific file descriptor for the vim2m
device and a selection of v4l2 ioctls that operate on it. Some of the
existing v4l2 data structure definitions have been extended to allow
restricting and selecting some options in order to narrow down the
fuzzing process.
Initial support for Request API added.
|
| |
|
|
| |
Update https://github.com/google/syzkaller/issues/533.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Mark ioctls we disable in init.go as disabled.
Update #477
Update #502
|
| |
|
|
|
| |
We had these hard-coded for fuchsia and linux accordingly.
Replace with call attributes.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introduce common infrastructure for describing and parsing attribute
instead of custom per-attribute code scattered across several locations.
Change align attribute syntax from the weird align_N to align[N].
This also allows to use literal constants as N.
Introduce notion of builtin constants.
Currently we have only PTR_SIZE, which is needed to replace
align_ptr with align[PTR_SIZE].
|
