| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
open is not present on arm64, only openat.
accept is not present on 386, only accept4.
Duplicate all open/accept specializations with
corresponding openat/accept4 specializations
to enable testing on 386/arm64.
|
| | |
|
| |
|
|
|
| |
Note: ion supercedes the old android interface,
which is moved to sys/android.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
type sock_port proc[20000, 4, int16be]
That was repeated a few times.
|
| |
|
|
|
|
|
| |
We don't need compiler support for such things anymore,
now we simply can do:
type signalno int32[0:65]
|
| | |
|
| |
|
|
| |
Test we actually can get an unnatural len value.
|
| |
|
|
| |
This is need for few crypto/xfrm descriptions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Mostly extensions of API in 4.15.
|
| | |
|
| |
|
|
| |
...was wrong all that time
|
| |
|
|
|
|
|
|
| |
Fixes #188
We now will write just ""/1000 to denote a 1000-byte output buffer.
Also we now don't store 1000-byte buffer in memory just to denote size.
Old format is still parsed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #460
File names, crypto algorithm names, etc in programs are completely unreadable:
bind$alg(r0, &(0x7f0000408000)={0x26, "6861736800000000000000000000",
0x0, 0x0, "6d6435000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000
00000000000"}, 0x58)
Introduce another format for printable strings.
New args are denoted by '' ("" for old args).
New format is enabled for printable chars, \x00
and \t, \r, \n.
Example:
`serialize(&(0x7f0000408000)={"6861736800000000000000000000", "4849000000"})`,
vs:
`serialize(&(0x7f0000408000)={'hash\x00', 'HI\x00'})`,
|
| |
|
|
|
|
| |
Now works fast enough even for short mode.
Fixes #208
|
| |
|
|
|
|
| |
We have them in linux solely for historical reasons.
Fixes #462
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Hints for data args don't work.
We do all the work, but at the final stage we patch
arg in the _old_ program, not in the _new_ one.
So programs passed to the callback are all the same
and don't contain any mutations.
Tests did not catch this because they work right before that point
(don't test the actual interface function MutateWithHints).
Fix that and add a test that catches this.
|
| | |
|
| |
|
|
|
|
| |
I guess this is currently unused,
but ignoring bytesizeN for vma looks wrong.
If user asks for bytesizeN for vma, divide vma size by N.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For string[N] we successfully deserialize a string of any length.
Similarly for a fixed-size array[T, N] we successfully deserialize
an array of any size.
Such programs later crash in foreachSubargOffset because static size
Type.Size() does not match what we've calculated iterating over fields.
The crash happens only in SerializeForExec in syz-fuzzer,
which is especially bad.
Fix this from both sides:
1. Validate sizes of arrays/buffers in Validate.
2. Repair incorrect sizes in Deserialize.
|
| |
|
|
|
| |
This [almost] always means a bug in descriptions.
Fix all bugs identified by the check.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Contol len is in bytes, not array elements.
|
| |
|
|
|
|
|
| |
KEYCTL_DH_COMPUTE used the old fixed list of algorithm names.
Use the new code for algorithm generation.
+ it needs only SHASH algs, but we passed in all alg names.
Pass only SHASH algs.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
These can't be created from user-space.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
There is effectively infinite number of possible crypto
algorithm names due to templates. Plus there is tricky
relation between algorithms and algorithm type names.
This change adds custom mutator for sockaddr_alg struct
to improve variance in generated algorithms.
|
| |
|
|
|
|
|
| |
__NR_mmap is missing on arm entirely,
so we disable mmap during generate.
Patch mmap to mmap2 right in syz-extract,
so that mmap is never missing.
|
| | |
|
| |
|
|
|
|
| |
get_kernel_syms does not seem to be present upstream.
Describe an old quotactl syscall.
Also fix umount/umount2 names in kallsyms.
|
| | |
|
| |
|
|
|
|
| |
When manager is stopped there are sometimes runaway qemu
processes still running. Set PDEATHSIG for all subprocesses.
We never need child processes outliving parents.
|
| | |
|
| |
|
|
| |
The v4.14 kernel will support a new loop ioctl, LOOP_SET_BLOCK_SIZE.
|
| |
|
|
|
|
|
| |
Fix a couple apparent copy-and-paste errors:
- ioctl$LOOP_CHANGE_FD should use LOOP_CHANGE_FD
- ioctl$LOOP_CTL_REMOVE should use LOOP_CTL_REMOVE
|
| |
|
|
|
|
| |
commit 3520854be0e7 ("syz-extract: select declaring printf or not")
broke 'make extract' because it introduced invalid syntax in a text
template. Fix it.
|
