| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Hash the code section of the individual symbols from vmlinux.o and use
it to determine the functions that changed their bodies between the base
and the patched build.
If the number of affected symbols is reasonable (<5%), fuzz it with the
highest priority.
|
| |
|
|
|
|
| |
Make the fuzzing step of syz-cluster create the manager.DiffStore object
explicitly and dump its state to the logs after finishing the fuzzing
session.
|
| | |
|
| |
|
|
| |
Run differential fuzzing as a workflow step.
|
| |
|
|
|
| |
Make the method more flexible.
Rename the variables to better reflect what is being done.
|
| | |
|
| |
|
|
|
|
| |
Adjust the code to properly handle context cancellation.
Replace log.Fatalf() by errors where it was straightforward.
Decouple from the global variables.
|
| |
|
|
|
|
|
|
| |
We don't really need an HTTP server when running syz-manager during kernel
image testing and when running syz-diff automatically.
Don't require the config to be set and don't start the HTTP server in
this case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We query globs for 2 reasons:
1. Expand glob types in syscall descriptions.
2. Dynamic file probing for automatic descriptions generation.
In both of these contexts are are interested in files
that will be present during test program execution
(rather than normal unsandboxed execution).
For example, some files may not be accessible to test programs
after pivot root. On the other hand, we create and link
some additional files for the test program that don't
normally exist.
Add a new request type for querying of globs that are
executed in the test program context.
|
| |
|
|
|
|
|
|
|
|
|
| |
Few assorted changes to reduce future diffs:
- add rpcserver.RemoteConfig similar to LocalConfig
(there are too many parameters)
- add CheckGlobs to requesting additional globs from VMs
- pass whole InfoRequest to the MachineChecked callback
so that it's possible to read globs information
- add per-mode config checking in the manager
- add Manager.saveJson helper
|
| |
|
|
|
|
|
|
|
|
| |
Refactor pkg/repro to accept a context.Context object. This will make it
look more similar to other package interfaces and will eventually let us
abort currently running repro jobs without having to shut down the whole
application.
Simplify the code by factoring out the parameters common both to RunSyzRepro()
and RunCRepro().
|
| |
|
|
|
|
|
|
|
| |
Pools and ReproLoop and always created on start,
so there is no need to support lazy set for them.
It only complicates code and makes it harder to reason about.
Also introduce vm.Dispatcher as an alias to dispatcher.Pool,
as it's the only specialization we use in the project.
|
| |
|
|
|
| |
Set Corpus in HTTPServer dynamically.
Refactor syz-manager and syz-diff accordingly.
|
|
|
This is the prototype version of the patch series fuzzing functionality
based on the syzkaller fuzzing engine.
The tool takes two syzkaller configs -- one for the base kernel, one for
the patched kernel. Optionally the patch itself can be also provided.
syz-diff will consider a bug patched-only if:
1) It happened while fuzzing the patched kernel.
2) It was never observed on the base kernel.
3) The tool found a repro on the patched kernel.
4) The repro did not crash the base kernel.
|
