| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | sys/syz-sysgen: from from sysgen | Dmitry Vyukov | 2017-06-17 | 1 | -103/+0 |
| | | |||||
| * | sys/sysparser: move from sysparser | Dmitry Vyukov | 2017-06-17 | 1 | -1/+1 |
| | | |||||
| * | executor: fix clang-tidy warnings | Dmitry Vyukov | 2017-06-13 | 1 | -1/+1 |
| | | | | | | A single check is enabled for now (misc-definitions-in-headers). But it's always fixable and found 2 bugs in csource. | ||||
| * | sys, executor: extract tcp sequence numbers from /dev/net/tun | Andrey Konovalov | 2017-05-26 | 1 | -7/+8 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds a new pseudo syscall syz_extract_tcp_res, that reads a packet from /dev/net/tun and extracts tcp sequence numbers to be used in subsequent packets. As a result this syzkaller program: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) listen(r0, 0x5) syz_emit_ethernet(0x36, &(0x7f0000002000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="4c6112cc15d8", [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}) syz_extract_tcp_res(&(0x7f0000003000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x38, &(0x7f0000004000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {"0c10"}}}}}}) r3 = accept$inet(r0, &(0x7f0000005000)={0x0, 0x0, @multicast1=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000006000)=0x10) established a TCP connection: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 5477/a.out tcp 2 0 172.20.0.170:20000 172.20.0.187:20001 ESTABLISHED 5477/a.out Similar program for IPv6: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x1, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) listen(r0, 0x5) syz_emit_ethernet(0x4a, &(0x7f0000001000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) syz_extract_tcp_res(&(0x7f0000002000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000003000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) r3 = accept$inet6(r0, &(0x7f0000004000)={0x0, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, &(0x7f0000005000)=0x1c) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::20001 :::* LISTEN 5527/a.out tcp6 0 0 fe80::aa:20001 fe80::bb:20000 ESTABLISHED 5527/a.out | ||||
| * | sys: extend kvm support | Dmitry Vyukov | 2017-01-09 | 1 | -0/+1 |
| | | | | | | | Add new pseudo syscall syz_kvm_setup_cpu that setups VCPU into interesting states for execution. KVM is too difficult to setup otherwise. Lots of improvements possible, but this is a starting point. | ||||
| * | executor: emit ethernet traffic | Andrey Konovalov | 2016-11-29 | 1 | -0/+1 |
| | | |||||
| * | sys, prog: add tests for description parsing and serialization | Dmitry Vyukov | 2016-09-28 | 1 | -4/+5 |
| | | | | | | | | | | | Add sys/test.txt file with description of syscalls for tests. These descriptions can be used to ensure that we can parse everything we clain we can parse. Use these descriptions to write several tests for exec serialization (one test shows that alignment handling is currently incorrect). These test descriptions can also be used to write e.g. mutation tests. Update #78 | ||||
| * | overhaul syscall description generation process | Dmitry Vyukov | 2016-08-26 | 1 | -67/+17 |
| | | | | | | | | | | | | | | | | | | | | | | | This splits generation process into two phases: 1. Extract values of constants from linux kernel sources. 2. Generate Go code. Constant values are checked in. The advantage is that the second phase is now completely independent from linux source files, kernel version, presence of headers for particular drivers, etc. This allows to change what Go code we generate any time without access to all kernel headers (which in future won't be limited to only upstream headers). Constant extraction process does require proper kernel sources, but this can be done only once by the person who added the driver and has access to the required sources. Then the constant values are checked in for others to use. Consant extraction process is per-file/per-arch. That is, if I am adding a driver that is not present upstream and that works only on a single arch, I will check in constants only for that driver and for that arch. | ||||
| * | executor: add support for 386 arch (COMPAT syscalls) | Dmitry Vyukov | 2016-06-30 | 1 | -5/+7 |
| | | | | | | This is not fully working now: e.g. prog and sys packages assume that pointer size is 8. But at least it compiles and works. | ||||
| * | Add debug logging to sysgen/ code | David Drysdale | 2016-03-10 | 1 | -2/+6 |
| | | |||||
| * | sys: fix build with Go1.4 | Dmitry Vyukov | 2016-02-15 | 1 | -2/+5 |
| | | | | | | | It does not know about arm64 arch. Fixes #17 | ||||
| * | sysgen: use __ppc64__ || __PPC64__ || __powerpc64__ to detect ppc | Dmitry Vyukov | 2016-01-25 | 1 | -6/+6 |
| | | | | | Different macros are defined by different compilers... | ||||
| * | sys: use kernel headers instead of host headers | Dmitry Vyukov | 2016-01-22 | 1 | -9/+10 |
| | | | | | | | | | This solves several problems: - host usually have outdates headers, so previously we need to define missing consts - host may not have some headers at all - generation depends on linux distribution and version - some of the consts cannot be defined at all (e.g. ioctls that use struct arguments) | ||||
| * | sys: introduce a generic syz_open_dev helper syscall | Dmitry Vyukov | 2016-01-13 | 1 | -3/+2 |
| | | |||||
| * | sys: add support for /dev/snd/control | Dmitry Vyukov | 2016-01-13 | 1 | -0/+1 |
| | | |||||
| * | sysgen: fix syscall number assignment for syzkalls | Dmitry Vyukov | 2015-12-24 | 1 | -1/+1 |
| | | |||||
| * | sysgen: pull in syscall numbers from kernel headers | Dmitry Vyukov | 2015-12-24 | 1 | -0/+139 |
| Syscall numbers for different architectures are now pulled in from kernel headers. This solves 2 problems: - we don't need to hardcode numbers for new syscalls (that don't present in typical distro headers) - we have correct number for different archs (previously hardcoded numbers were for x86_64) This also makes syscall numbers available for Go code, which can be useful. | |||||
 |
index : syz | |
| Unnamed repository; edit this file 'description' to name the repository. | root |
| aboutsummaryrefslogtreecommitdiffstats |