| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
The structure of arguments passed into syscalls is often hard to parse
since it is memcpy'd into mmap'd regions. Structural relations are often
lost in translation, resulting in reproducers that take longer for a
developer to understand.
This patch adds functionality for parsing syscall arguments semantically and
emitting a structured and human-readable comment which is inserted before each
syscall in the resulting C-source.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We used to generate a choice table and do its normalization for all
present syscalls, also it was not considered during the /prio page
generation.
Enabled/disabled syscalls were accounted for in the choice table
construction, but there's a chance that the resulting table was still
somewhat skewed.
The situation must have become worse after several thousands of auto
syscalls were added.
|
| |
|
|
|
|
| |
Don't specify the subsystem revision in the dashboard config and instead
let it be nested in the registered subsystems. This reduces the amount
of the manual work needed to switch syzbot to a newer subsystem list.
|
| |
|
|
|
|
|
|
|
| |
Hash the code section of the individual symbols from vmlinux.o and use
it to determine the functions that changed their bodies between the base
and the patched build.
If the number of affected symbols is reasonable (<5%), fuzz it with the
highest priority.
|
| |
|
|
| |
./tools/syz-env bin/golangci-lint run ./... --fix
|
| |
|
|
| |
Some dependencies update fail because of the len(descr_line)>120.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The most frustrating part of updating syzbot configs is figuring out
what config options (possibly transivitely) selected the configs we
wanted to stay disabled.
For each "X is present in the final config" message, auto-generate
a small list of enabled config options that may have transitively
"select"ed X.
|
| |
|
|
|
|
|
| |
Check if the translations in docs/translations/LANG/FILES are update
with docs/FILES with detailed outputs.
Translations should be committed with "Update to commit HASH (TITLE)".
|
| |
|
|
|
|
|
|
|
|
| |
In a previous change (https://github.com/google/syzkaller/pull/6023) we
made a simplification, assuming that a non-existent Match section in
systemd networkd's config would allow DHCP for any network interface.
After more testing this turns out to be incorrect and we really only get
an IP via DHCP with an explicit broad Name regex.
Signed-off-by: Bjoern Doebel <doebel@amazon.de>
|
| |
|
|
|
| |
Add the new dependencies necessary for generating RUST=y Linux configs
and for building RUST=y kernels.
|
| |
|
|
|
|
|
|
|
| |
Split off kvm-x86 from kvm for better coverage accounting.
Both subsystems will still share the CC lists, so bugs in x86 code
won't be emailed twice.
While at this, also fix the tool name in the generated comment and
regenerate pkg/subsystem/lists/linux.go on v6.14-rc7.
|
| |
|
|
|
|
|
|
|
| |
The current EC2/AL2023 root file system only works for systems using the
Intel e1000 driver. Remove the match clause to support all potential
network interfaces and allow fuzzing with other network interfaces (such
as virtio-net).
Signed-off-by: Bjoern Doebel <doebel@amazon.de>
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Rename the method to LatestCommit and make it more flexible:
1) Return the commit date alongside the commit hash.
2) Rename the time filter to highlight that it's non-inclusive.
3) Make it possible to query the commits newer than the specified commit
hash.
It will let us poll lore archives more efficiently.
|
| |
|
|
|
|
|
|
|
| |
Use a newer Buildroot release.
Use an appropriate arm instruction set for arm32.
Reduce the syslogd logging level.
Closes #5986.
Closes #5452.
|
| |
|
|
|
| |
It requires appengine dependency update to match golang versions.
gcloud-appengine-python patching is needed to fix #4785.
|
| |
|
|
| |
The tests began to fail after pushing the new env container.
|
| |
|
|
|
|
|
| |
clang-15 is now the minimum required version, so we're already on the
verge of not being able to compile the Linux kernel.
But keep clang-15 anyway - it will be used during bisections.
|
| |
|
|
|
|
|
|
|
| |
It's almost never reasonable to keep on generating configs after some
targets have already failed. We have a lot of different kernels and
regenerating them all takes a very long time.
Having to regenerate everything on each iteration slows down the
development significantly.
|
| |
|
|
|
|
| |
1. Properly set up a manager config.
2. Use clang/ld.lld by default.
3. Set the right boot partition for qemu VMs.
|
| |
|
|
|
| |
We use the env container to update kernel configs and the lack of ld.lld
in it prevents the usage of LLVM=1.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is the standard way now.
Since our configuration permits multiple parameter value combinations,
explicitly check for the compiler and linker that were to be passed via
CC and LD, and replace that with LLVM=1 if they were clang and ld.lld
correspondingly.
Update syz-kconf to rely on pkg/build's exported functionality for
generating Linux kernel build arguments.
|
| |
|
|
|
|
| |
Make the fuzzing step of syz-cluster create the manager.DiffStore object
explicitly and dump its state to the logs after finishing the fuzzing
session.
|
| | |
|
| |
|
|
|
| |
Regenerate golden files with up-to-date clang tool.
Missed part of commit c7e92da6cb06679b04062786481f50e42c585bfc.
|
| |
|
|
|
|
| |
Add open callback if there are no other unique callbacks.
This happens for e.g. seq files which only have unique open,
while read is a common seq_read callback.
|
| |
|
|
|
|
| |
Use resolved Function references instead of string names for fileops
callback resolution. Function names are not unique, a number of callbacks
have the same names.
|
| |
|
|
|
|
| |
Currently we misparse some function references, e.g. for:
.write = (foo) ? bar : baz,
we extract "foo". Extract first function reference from such expressions.
|
| | |
|
| |
|
|
|
| |
Some ioctls are declared inconsistently using enums rather than macros.
Extract these as well.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Add coverage percent for kernel interfaces.
The current data is generated with Mar coverage report
on kernel commit 1e7857b28020ba57ca7fdafae7ac855ba326c697.
|
| |
|
|
|
|
| |
Export each syscall variant (e.g. fcnt$*) as a separate interface.
Effectively these are separate syscalls. We will want this for
ioctl as well (it's not 1 interface).
|
| |
|
|
| |
pkg/clangtool checks that source files were compiled with clang.
|
| |
|
|
|
|
| |
It seems that new clang is more picky about asserts for large ints.
It not assert-fails when converting large ints to int64.
Be more careful when converting these to ints.
|
| | |
|
| |
|
|
| |
The -out option is used by syz-testbed, which only needs the output.
|
| |
|
|
|
|
| |
Use scope-based dataflow analysis for syscall variants (including ioctls).
As the result we only consider code that relates to a partiuclar command/ioctl,
and can infer arguments/return types for each command/ioctl independently.
|
| |
|
|
|
| |
Update the latest tested llvm revision.
Add additional compiler flags to suppress unuseful warnings.
|
| |
|
|
|
|
| |
Add few interesting cases for scope analysis.
Move functions related to resource to the header file,
they must be visible in every file to work.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Quarter long aggregation means thousands of gzip files.
Opening all the files in parallel we struggle from:
1. Memory overhead.
2. GCS API errors. It can't read Attrs for 1500+ files.
|
| |
|
|
|
|
| |
Remove __attribute__ on types.
Some kernels now use it on some syscall args as shown in the test.
The __attribute__ may contain quotes and break json.
|
| |
|
|
|
|
|
| |
This may be useful for downstream kernels that only build
and are supposed to be used with a subset of arches.
Some esoteric arches may be broken on such kernels.
Allow to ignore them.
|
| |
|
|
| |
Empty flagToGCS means nil WriteCloser.
|
