| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Emit families w/o policy, emit duplicate commands.
|
| | |
|
| |
|
|
|
|
|
| |
Emit all information related to a single netlink family close to each other.
Previously we emitted them scattered and grouped by info type.
That was both inconvinient to emit and inconvinient to read.
NFC.
|
| |
|
|
|
|
| |
Currently we append "$auto", or "$auto_record", or prepend "auto_",
or insert "auto" somewhere in the middle.
Use more consistent naming: always append "$auto".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
syz-declextract accumulated a bunch of code health problems
so that now it's hard to change/extend it, lots of new features
can only be added in in hacky ways and cause lots of code duplication.
It's also completly untested. Rewrite the tool to:
- move as much code as possible to Go (working with the clang tool
is painful for a number of reasons)
- allow testing and add unit tests (first layer of tests test
what information is produced by the clang tool, second layer
of tests test how that information is transformed to descriptions)
- allow extending the clang tool output to export arbitrary info
in non-hacky way (now it produces arbitrary JSON instead of a mix
of incomplete descriptions and interfaces)
- remove code duplication in the clang tool and provide common
infrastructure to add new analysis w/o causing more duplication
- provide more convinient primitives in the clang tool
- improve code style consistency and stick to the LLVM code style
(in particular, variable names must start with a capital letter,
single-statement blocks are not surrounded with {})
- remove intermixing of code that works on different levels
(currently we have AST analysis + busness logic + printfs
all intermixed with each other)
- provide several helper Go packages for better code structuring
(e.g. pkg/clangtool just runs the tool on source files in parallel
and returns results, this already separates a bunch of low-level
logic from the rest of the code under a simple abstraction)
I've tried to make the output match the current output as much as possible
so that the diff is managable (in some cases at the cost of code quality,
this should be fixed in future commits). There are still some differences,
but hopefully they are managable for review (more includes/defines,
reordered some netlink attributes).
Fixed minor bugs are fixed along the way, but mostly NFC:
1. Some unions were incorrectly emitted as [varlen]
(C unions are never varlen).
2. Only a of [packed], [align[N]] attributes was emitted
for struct (both couldn't be emitted).
|
| |
|
|
|
|
| |
Mark the whole file with "meta automatic" instead of marking each syscall.
This reduces size of descriptions + allows to do special things
with the whole file (e.g. we already treat auto consts specially).
|
| | |
|
| |
|
|
|
| |
The new pseudo-syscall will serve as a test assertion, checking the uexit
return value. This is going to help us validate SyzOS code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Syscall attributes are extended with a fsck command field which lets
file system mount definitions specify a fsck-like command to run. This
is required because all file systems have a custom fsck command
invokation style.
When uploading a compressed image asset to the dashboard, syz-manager
also runs the fsck command and logs its output over the dashapi.
The dashboard logs these fsck logs into the database.
This has been requested by fs maintainer Ted Tso who would like to
quickly understand whether a filesystem is corrupted or not before
looking at a reproducer in more details. Ultimately, this could be used
as an early triage sign to determine whether a bug is obviously
critical.
|
| |
|
|
|
| |
Provide a test case that replaces syz_kvm_vgic_v3_setup() with a sequence
of 5 KVM ioctls.
|
| | |
|
| |
|
|
|
| |
Syscalls that initialize KVM and set up syzos have to be executed in the
particular order, there's no point in running them concurrently.
|
| | |
|
| |
|
|
| |
Now that we include linux/irqchip/arm-gic-v3.h, we don't need them anymore.
|
| |
|
|
| |
Hint syzkaller that it can write to ITS registers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is done to solve a particular test failure running:
$ tools/syz-env go test ./prog -run TestSpecialStructs
, which failed on PPC64, because prog/rand.go instanciated a call to
syz_kvm_setup_syzos_vm(), which requested too much memory (1024 pages)
from the allocator (PPC64 uses 64k pages, so the number of available pages
is lower).
On the other hand, factoring out syzos-related descriptions is probably
a nice thing to do anyway.
|
| | |
|
| |
|
|
|
|
| |
arm64-syz_kvm_setup_syzos_vm-vgicv3-its
Make sure the test actually performs guest-side ITS setup and invokes an LPI.
|
| |
|
|
|
|
|
| |
Pass 1024 pages of memory to both syz_kvm_setup_syzos_vm() and
syz_kvm_setup_cpu$arm64() to make sure that:
- there is enough memory for guest allocations (e.g. ITS pages)
- host can tamper with that memory, provoking more bugs
|
| | |
|
| | |
|
| |
|
|
| |
They can clash with our manual flags names.
|
| |
|
|
|
|
|
| |
Update to upstream commit 228a1157fb9f.
VFIO_TYPE1_NESTING_IOMMU const was removed in 35890f85573c.
Remove it from descriptions.
|
| | |
|
| |
|
|
| |
These are not accepted as inputs (NLA_REJECT is usually used in dump operation).
|
| |
|
|
|
| |
It was needed to work around restriction on recursion via arrays.
Since we permit it now, we can remove the hack.
|
| | |
|
| | |
|
| |
|
|
|
| |
Test that if we enable only auto descriptions, nothing gets disabled.
Currently nothing can create fd_cgroup which is used by the descriptions.
|
| |
|
|
|
|
|
|
|
|
| |
One line per interface allows to use all power of unix utilities
to process these files. For example the following command
allow to select all unpriviledged interfaces present in one kernel
but not in another:
comm -23 <(cat auto1.info | grep access:user | cut -f -2 | sort) \
<(cat auto2.info | cut -f -2 | sort)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
We already do this in most cases except for template structs (nlattr notably).
Add consts that are used in template structs to all files that use them.
This helps to avoid flakiness, and allows to replace descriptions files
with other descriptions files without regenerating all const files.
This also fixes check for presence of descriptions for sys/linux/auto.txt.json.
|
| | |
|
| |
|
|
|
|
|
| |
Extracting declaration name is trickier than removing casts.
If the initialized type is a union, then the expression may
also contain InitListExpr and other nodes.
Remove all of them in a more robust way.
|
| | |
|
| | |
|
| |
|
|
| |
For now for netlink only.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Currently syscall selection is non-deterministic and we frequently
choose wrond ones. This leads to flaky argument names/types,
and wrong argument types (e.g. int16 instead of uid,
old_utimbuf32 instead of utimbuf, etc).
Make syscall selection robust and correct.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Replace socket_$bt_{bnep, cmtp, hidp, rfcomm} to syz_init_net_socket.
Fixes: https://github.com/google/syzkaller/issues/4729
|
| | |
|
| |
|
|
|
|
|
|
| |
Produce both descriptions and interface list in one run
(it's slow, we don't want/need to run the tool twice).
Produce output in json format.
Later we will add more properties, and will do more processing of the list.
|
| |
|
|
| |
Combine all fixed header parts in a single raw string literal.
|
| |
|
|
| |
Regenerate descriptions on kernel commit 715ca9dd687f89ddaac8ec8ccb3b5e5a30311a99.
|
