| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Otherwise we may end up corrupting device memory.
See https://groups.google.com/g/syzkaller-netbsd-bugs/c/Iy8-NZ_M9Ug/m/5jKKfncsAQAJ
|
| |
|
|
|
|
|
|
|
|
|
| |
Ideally, we should properly support the already existing fix flag to
distinguish between fixing and checking, but for now at least let it
control whether structural changes are to be made.
Otherwise we get into trouble while hint-mutating syz_mount_image calls,
because we iterate over all call arguments and (possibly) remove them at
the same time. It leads to `bad group arg size %v, should be <= %v for
%#v type %#v` errors.
|
| |
|
|
|
| |
Create a constructor for the prog.Call type. It allows to reduce
the duplication of code now and during further changes.
|
| |
|
|
|
|
| |
Do not tamper character device creation when creating /dev/null .
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
|
|
|
| |
* sys/linux: add description for mali bifrost driver
* sys/linux: regenerate dev_bifrost.txt.const
* sys/linux/dev_bifrost: separate BASE_*_GROUP_ID_* to individual bits
* sys/linux/dev_bifrost: format code
|
| |
|
|
|
| |
mknod on netbsd can now also accept a resource for the last arg.
Fix that and add a test that will catch such things more reliably.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remvoe FieldName from Type and add a separate Field type
that holds field name. Use Field for struct fields, union options
and syscalls arguments, only these really have names.
Reduces size of sys/linux/gen/amd64.go from 5665583 to 5201321 (-8.2%).
Allows to not create new type for squashed any pointer.
But main advantages will follow, e.g. removing StructDesc,
using TypeRef in Arg, etc.
Update #1580
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having Dir is Type is handy, but forces us to duplicate lots of types.
E.g. if a struct is referenced as both in and out, then we need to
have 2 copies and 2 copies of structs/types it includes.
If also prevents us from having the struct type as struct identity
(because we can have up to 3 of them).
Revert to the old way we used to do it: propagate Dir as we walk
syscall arguments. This moves lots of dir passing from pkg/compiler
to prog package.
Now Arg contains the dir, so once we build the tree, we can use dirs
as before.
Reduces size of sys/linux/gen/amd64.go from 6058336 to 5661150 (-6.6%).
Update #1580
|
| |
|
|
|
|
|
|
|
|
|
|
| |
pkg/compiler/compiler.go:182: line is 125 characters
func (comp *compiler) parseAttrs(descs map[string]*attrDesc, parent ast.Node, attrs []*ast.Type) (res map[*attrDesc]uint64) {
sys/targets/common.go:47:21: unnecessary conversion
makeMmap(^uint64(target.PageSize)+1, target.PageSize, 0),
^
sys/targets/common.go:61: File is not `gofmt`-ed with `-s`
&prog.Call{
sys/windows/init.go:35: File is not `gofmt`-ed with `-s`
&prog.Call{
|
| |
|
|
|
|
|
|
|
|
|
| |
Surround the main data mapping with PROT_NONE pages to make virtual address layout more consistent
across different configurations (static/non-static build) and C repros.
One observed case before: executor had a mapping above the data mapping (output region),
while C repros did not have that mapping above, as the result in one case VMA had next link,
while in the other it didn't and it caused a bug to not reproduce with the C repro.
The bug that reproduces only with the mapping above:
https://lkml.org/lkml/2020/4/17/819
|
| |
|
|
|
|
|
|
|
|
|
| |
Make MakeMmap return more than 1 call.
This is a preparation for future changes.
Also remove addr/size as they are effectively
always the same and can be inferred from the target
(will also conflict with the future changes).
Also rename to MakeDataMmap to better represent
the new purpose: it's just some arbitrary mmap,
but rather mapping of the data segment.
|
| |
|
|
|
|
|
| |
Turns out the mmap protection get out of sync
between executor and C reproducers.
C reproducers missed PROT_EXEC.
Add PROT_EXEC for linux, freebsd and akaros.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We will need a wrapper for target.SanitizeCall that will do more
than just calling the target-provided function. To avoid confusion
and potential mistakes, give the target function and prog function
different names. Prog package will continue to call this "sanitize",
which will include target's "neutralize" + more.
Also refactor API a bit: we need a helper function that sanitizes
the whole program because that's needed most of the time.
Fixes #477
Fixes #502
|
| |
|
|
|
|
|
|
| |
This ability was never used but we maintain a bunch of code for it.
syzkaller also recently learned to spoof this error code
with some ptrace magic (probably intercepted control flow again
and exploited executor binary).
Drop all of it.
|
| |
|
|
|
|
|
| |
Some targets (NetBSD and OpenBSD) have a mmap() padding argument between the
file descriptor and offset. Make sure to omit such argument in MakePosixMmap().
Otherwise, reproduce programs will crash at runtime since the expected mapping
at 0x20000000 is not established.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently when we get target consts with target.ConstMap["name"]
during target initialization, we just get 0 for missing consts.
This is error-prone as we can mis-type a const, or a const may
be undefined only on some archs (as we have common unix code
shared between several OSes).
Check that all the consts are actually defined.
The check detects several violations, to fix them:
1. move mremap to linux as it's only defined on linux
2. move S_IFMT to openbsd, as it's only defined and used on openbsd
3. define missing MAP_ANONYMOUS for freebsd and netbsd
4. fix extract for netbsd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
all: add openbsd support
squash of the following commits:
* openbsd: add mandatory bits
* report: add OpenBSD support
* executor: skip building kvm on OpenBSD
* executor: add OpenBSD support
Linking against libutil is necessary due to usage of openpty(3).
* executor: fix typo in fail() message
* fixup! report: add OpenBSD support
* fixup! openbsd: add mandatory bits
* fixup! openbsd: add mandatory bits
* fixup! openbsd: add mandatory bits
* fixup! report: add OpenBSD support
* gometalinter: skip sys/openbsd
|
| |
|
|
| |
Update #538
|
|
|
Update #538
|
