| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer.
Also restore syz-runtest functionality in the manager.
Update #4917 (sets most signal handlers to SIG_IGN)
|
| |
|
|
|
|
| |
Switch to flatrpc.ProgInfo.
Note: this disables syz-runtest and syz-verifier.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Feature checking procedure is split into 2 phases:
1. syz-fuzzer invokes "syz-executor setup feature" for each feature one-by-one,
and checks if executor does not fail.
Executor can also return a special "this feature does not need custom setup",
this allows to not call setup of these features in each new VM.
2. pkg/vminfo runs a simple program with ipc.ExecOpts specific for a concrete feature,
e.g. for wifi injection it will try to run a program with wifi feature enabled,
if setup of the feature fails, executor should also exit with an error.
For coverage features we also additionally check that we actually got coverage.
Then pkg/vminfo combines results of these 2 checks into final result.
syz-execprog now also uses vminfo package and mimics the same checking procedure.
Update #1541
|
| |
|
|
|
|
| |
Remove things that are only needed for target VM communication:
conditional compression, timeout scaling, traffic stats.
To minimize diffs when we switch target VM communication to flatrpc.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pass EnvFlags into Exec instead of New.
This allows to change EnvFlags between executions.
Change of EnvFlags forces executor process restart
since it uses EnvFlags during setup.
Currently this is intended to be NFC since we always
pass the same EnvFlags.
In future this will allow to (1) reduce part of the
VM checking procedure to execution of programs with
different options (e.g. we can probe for coverage/comparisons
support, probe different sandboxes, etc);
(2) use it during fuzzing/reproduction, e.g. we can check
if the crash reproduces under setuid sandbox, or execute some
fuzzing programs in significantly different modes.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fuzzer don't need timeouts for the RPC connection much,
if it does not receive new programs, we will kill it
due to "no output" anyway.
But they are problematic when we do parallel calls (Exchange),
e.g. one call can cancel timeout of an existing call.
They also will be more problematic if we also send
notifications about programs fuzzer started executing in parallel.
And they also marginally slow down things.
Disable timeouts in the fuzzer.
|
| |
|
|
|
|
|
|
| |
RPC compression take up to 10% of CPU time in profiles,
but it's unlikely to be beneficial for local VM runs
(we are mostly copying memory in this case).
Enable RPC compression based on the VM type
(local VM don't use it, remove machines use it).
|
| |
|
|
|
|
|
|
|
| |
(#2908)
Program verification logic is located in one function now.
VMs fetch programs from priority queues, not from the generator.
VMs operate the tasks, not programs now.
For the crashed VM - return error for every program in the queue
*fixed some road errors
|
| |
|
|
|
|
|
|
|
|
|
| |
When syz-fuzzer starts, it tries all syscalls to filter out any that are
not supported. This process should include only the syscalls that are
enabled using the 'enable_syscalls' and 'disable_syscalls' fields in
syz-manager's config.
This is useful for fuzzing Cuttlefish devices, for example, where the
'vhost_vsock' syscall needs to be excluded from fuzzing and from this
test.
|
| |
|
| |
There is no need to use RPC prefix. It is already a part of the element path.
|
| |
|
|
| |
Current state: every 5 minutes VM reboots.
Fix: signal "executing program" to monitor to prevent this reboot.
|
| |
|
|
|
|
|
| |
When a mismatch is found in the results returned for a program, the program will be rerun on all the kernels to ensure
the mismatch is not flaky (i.e. it didn't occur because of some background activity or external state and will always
be returned when running the program). If the same mismatch occurs in all reruns, syz-verifier creates a report for
the program, otherwise it discards the program as being flaky
|
| |
|
|
| |
environment for each program
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
transitive dependencies when building the `prog.ChoiceTable` (#2653)
* pkg/rpctype: add types for CheckUnsupported RPC
* syz-runner: added functionality for detecting unsupported system calls
* syz-verifier: added UpdateUnsupported RPC method
This will receive the unsupported system calls from each kernel,
compute the intersections of system calls that are enabled by all
kernels and build the choice table only using those.
* syz-verifier, syz-runner: report only when specific calls are enabled
|
| |
|
|
| |
These can be used to disable threaded execution and collision mode for program's system calls.
|
| |
|
