| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
"make generate" produces this diff when go 1.17 (go1.17-c95464f0ea3f==upstream)
is used. Seems compatible with >=1.16.
https://github.com/golang/go/commit/4d2d89ff42ca documents the syntax.
https://github.com/golang/go/commit/eeadce2d8713 enforces "ignore" for
unsatisfiable tags hence the pkg/csource/gen.go change.
Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* all: add new typename dirname
The current way to check files under sysfs or proc is:
- define a string to represent each file
- open the file
- pass the fd to write / read / close
The issues above are:
- Need to know what file present on target device
- Need to write openat for each file
With dirname added, which will open one file
in the directory randomly and then pass the fd to
write/read/close.
* all: use typename glob to match filename
Fixes #481
|
| | |
|
| |
|
|
|
| |
* sys/linux: support syncobjs in dev_msm
* sys/linux: describe syncpoints and dma fences for dev_dri
|
| |
|
|
|
| |
Updates perf_event_attr (perf events subsystem) to be in sync with
latest linux-next.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Represent array[const[X, int8], N] as string["XX...X"].
This replaces potentially huge number of:
NONFAILING(*(uint8_t*)0x2000126c = 0);
NONFAILING(*(uint8_t*)0x2000126d = 0);
NONFAILING(*(uint8_t*)0x2000126e = 0);
with a single memcpy. In one reproducer we had 3991 such lines.
Also replace memcpy's with memset's when possible.
Update #1070
|
| |
|
|
|
|
| |
Commit empty files into generated packages,
so that the tree is buildable even w/o generated files
and Go tools continue to work.
|
| | |
|
| |
|
|
| |
Add VSYSCALL_ADDR, PAGE_OFFSET, VMEMMAP addresses.
|
| |
|
|
| |
Add some arm/arm64 algs + some missing x86 algs.
|
| |
|
|
|
|
|
| |
This test covers mount namespace manipulation forbidden in
security/landlock/fs.c
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
|
| |
This test helps cover most types of access checks in
security/landlock/fs.c
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
| |
This test helps cover security/landlock/ptrace.c
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
| |
This test helps cover security/landlock/fs.c:check_access_path()
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
| |
This test helps cover security/landlock/fs.c:hook_sb_delete()
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
|
|
|
| |
Based on Linux next-20210319:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f00397ee41c79b6155b9b44abd0055b2c0621349
Co-developed-by: Vincent Dagonneau <vincent.dagonneau@ssi.gouv.fr>
Signed-off-by: Vincent Dagonneau <vincent.dagonneau@ssi.gouv.fr>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because there is not a proper prctl syscall but only variants, it happens that
the logic to infer the number of syscall argument doesn't work (cf.
callArgSizes in pkg/compiler/gen.go). As a result, the kernel rejects multiple
prctl calls by returning -EINVAL because the fifth argument is not zero:
* PR_MCE_KILL
* PR_MCE_KILL_GET
* PR_SET_MM
* PR_SET_NO_NEW_PRIVS
* PR_GET_NO_NEW_PRIVS
* PR_GET_THP_DISABLE
* PR_SET_THP_DISABLE
* PR_GET_SPECULATION_CTRL
* PR_SET_SPECULATION_CTRL
Fix this by adding a new dummy prctl variant with all 5 arguments.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
| |
If rfkill is enabled by the fuzzer, wifi setup will fail.
Disable rfkill to initial state during setup.
|
| |
|
|
|
|
| |
Add a description for the FS_IOC_READ_VERITY_METADATA ioctl,
which is new in Linux v5.12-rc1. See
https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#fs-ioc-read-verity-metadata
|
| |
|
|
|
| |
Update consts on upstream 7a7fd0de4a9804299793e564a555a49c1fc924cb.
Remove termiox ioctls, they were removed in commit e0efb3168d34.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
I've moved the idmapped mount patchset into my for-next branch and plan
to send it for the v5.12 merge window in ~2.5 weeks. It comes with a
large xfstest but I would also like to get some syzkaller coverage.
With-help-from: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
| |
|
|
|
|
|
|
|
|
| |
We used to use our own netlink socket and then fail
on any errors. But commit "sys/linux: add ieee802154 descriptions"
made it possible to use fuzzer-provided socket,
and fuzzer can pass any invalid fd.
So don't fail on errors now.
Fixes #2444
|
| |
|
|
|
|
| |
Duplicate mknod$loop() for architectures without mknod().
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
| |
Add a variant to create a /dev/null character device.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| | |
|
| |
|
|
| |
Update consts on upstream 825b5991a46ef28a05a4646c8fe1ae5cef7c7828.
|
| |
|
|
|
|
| |
Simplify and align mount$tmpfs() with other mount variants.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
| |
mount$tmpfs() is useful for Landlock fuzzing.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
| |
mount$bind() is useful for Landlock fuzzing.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
| |
fork() is useful for Landlock fuzzing.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
|
|
|
| |
* sys/linux: add description for mali bifrost driver
* sys/linux: regenerate dev_bifrost.txt.const
* sys/linux/dev_bifrost: separate BASE_*_GROUP_ID_* to individual bits
* sys/linux/dev_bifrost: format code
|
| |
|
|
| |
Based on 5.11-rc1 and upstream-usb.config.
|
| |
|
|
| |
Signed-off-by: Paul Chaignon <paul@cilium.io>
|
| |
|
|
|
|
| |
Add sys/targets.Timeouts struct that parametrizes timeouts throughout the system.
The struct allows to control syscall/program/no output timeouts for OS/arch/VM/etc.
See comment on the struct for more details.
|
| |
|
|
|
|
|
|
| |
FUTEX_WAIT_MULTIPLE was added before it was merged, and nowadays we have
other plans for futex. Remove all WAIT_MULTIPLE references so futex
fuzzing can be re-enabled.
Signed-off-by: André Almeida <andrealmeid@collabora.com>
|
| | |
|
| | |
|
| |
|
|
| |
Both are ChromeOS-specific.
|
| |
|
|
|
|
|
|
|
|
| |
Also flip these:
/proc/sys/net/ipv4/tcp_dsack
/proc/sys/net/ipv4/tcp_recovery
/proc/sys/net/ipv4/tcp_mtu_probing
/proc/sys/net/ipv4/tcp_rfc1337
/proc/sys/net/ipv4/tcp_rmem
/proc/sys/net/ipv4/tcp_wmem
|
| |
|
|
|
|
| |
- Add a test for BPF_PROG_TYPE_CGROUP_SYSCTL. This could be used as a
corpus.
- Remove an unnecessary file sys/linux/bpf_lsm.txt.const.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Apply ignore_return to semctl$GETVAL which produces random errno
values on linux and freebsd.
2. Apply ignore_return to prctl and remove the custom code in executor.
3. Remove the custom errno ignoring code in fuchsia executor.
The calls are already marked as ignore_return, so this is just a leftover.
4. Only reset errno for ignore_return.
The syscall can still return a resource (maybe).
We only need to reset errno for fallback coverage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With fscrypt (a.k.a. ext4, f2fs, and ubifs encryption), several steps
are required to get to a properly set-up encrypted directory:
- Mount a filesystem that supports encryption.
- Call FS_IOC_ADD_ENCRYPTION_KEY on the mountpoint.
- Create a directory in the filesystem.
- Call FS_IOC_SET_ENCRYPTION_POLICY on the directory, specifying the
encryption key that was added earlier.
- Then actually create stuff in the directory.
It may be too hard for syzkaller to generate all these steps, which may
explain why syzbot isn't yet properly covering the fscrypt code; see
https://storage.googleapis.com/syzkaller/cover/ci-upstream-kasan-gce.html
which currently shows only 5% coverage of the fs/crypto/ directory.
Therefore add some test programs which do this setup on ext4 and f2fs.
Note that ubifs support can't be included yet because syzkaller doesn't
yet know how to mount an ubifs filesystem (which would likely require
using block2mtd, as ubifs uses MTD devices rather than block devices).
|
| |
|
|
|
|
|
| |
These have some non-trivial effects like compacting memory
or changing TCP parameters in realistic ways.
Fixes #1671
|
| |
|
|
|
|
| |
Add per-field direction attributes to the fields in fscrypt ioctl
argument structs, where the struct is marked as "inout" but the
individual fields should be either "in" or "out" (not both).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add some sample keys with their precomputed fscrypt key identifiers, and
add some sample fscrypt key descriptors.
This hopefully makes it much more likely that syzkaller will generate
programs that both add an encryption key to the kernel
(FS_IOC_ADD_ENCRYPTION_KEY or add_key$fscrypt_v1) *and* create a
directory that is encrypted using that key (mkdir() +
FS_IOC_SET_ENCRYPTION_POLICY). Doing this requires matching up the
value of the fscrypt key identifier or the fscrypt key descriptor.
|
