From 9fe8aa42c5bd11e2eb6952a16da6287205d7bf97 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Sat, 24 Feb 2018 14:33:36 +0100 Subject: prog: add arbitrary mutation of complex structs Squash complex structs into flat byte array and mutate this array with generic blob mutations. This allows to mutate what we currently consider as paddings and add/remove paddings from structs, etc. --- executor/common_linux.h | 4 ++-- executor/syscalls_linux.h | 10 +++++----- executor/syscalls_test.h | 12 ++++++++---- 3 files changed, 15 insertions(+), 11 deletions(-) (limited to 'executor') diff --git a/executor/common_linux.h b/executor/common_linux.h index a2b09353e..1411fe8e2 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -452,8 +452,8 @@ static uintptr_t syz_emit_ethernet(uintptr_t a0, uintptr_t a1, uintptr_t a2) // syz_emit_ethernet(len len[packet], packet ptr[in, eth_packet], frags ptr[in, vnet_fragmentation, opt]) // vnet_fragmentation { // full int32[0:1] - // count len[frags, int32] - // frags array[int32[0:4096], 1:4] + // count int32[1:4] + // frags array[int32[0:4096], 4] // } if (tunfd < 0) return (uintptr_t)-1; diff --git a/executor/syscalls_linux.h b/executor/syscalls_linux.h index a3f01f0ac..3ebffc2ad 100644 --- a/executor/syscalls_linux.h +++ b/executor/syscalls_linux.h @@ -2,7 +2,7 @@ #if defined(__i386__) || 0 #define GOARCH "386" -#define SYZ_REVISION "7fa1dc861170866b93bcdf1919d822e8d0a07cec" +#define SYZ_REVISION "9ec0173f31cb1936a6a5913dd48542851e4e86c9" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 @@ -1599,7 +1599,7 @@ call_t syscalls[] = { #if defined(__x86_64__) || 0 #define GOARCH "amd64" -#define SYZ_REVISION "f5d957ae165e714c54b67d39db5982187b5393ec" +#define SYZ_REVISION "3aed60c42df2cc7ef2ac7f3e16d21628ec0649c9" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 @@ -3249,7 +3249,7 @@ call_t syscalls[] = { #if defined(__arm__) || 0 #define GOARCH "arm" -#define SYZ_REVISION "4b33f66a0aeae24040db5b4a35e18e6ff2977b10" +#define SYZ_REVISION "c4a0e4b5eaf2ba6525f3c7ccd07e35532c7cc41e" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 @@ -4854,7 +4854,7 @@ call_t syscalls[] = { #if defined(__aarch64__) || 0 #define GOARCH "arm64" -#define SYZ_REVISION "95e5f9d1ee68c969b1db26d8fd6ef0fb8b329019" +#define SYZ_REVISION "757e10e8ba130d265ef537544c5defb8dc52c0b6" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 @@ -6433,7 +6433,7 @@ call_t syscalls[] = { #if defined(__ppc64__) || defined(__PPC64__) || defined(__powerpc64__) || 0 #define GOARCH "ppc64le" -#define SYZ_REVISION "067ce945ca9c59814a9ba64002ae646a553e757c" +#define SYZ_REVISION "a6de45082b1273527d9bb9832f7f0abc2820c50a" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 diff --git a/executor/syscalls_test.h b/executor/syscalls_test.h index 7f91e398e..db1591e1f 100644 --- a/executor/syscalls_test.h +++ b/executor/syscalls_test.h @@ -2,12 +2,14 @@ #if 0 #define GOARCH "32" -#define SYZ_REVISION "8e3bfbc4dd1f6619b4895bcb80e0004ef4c96928" +#define SYZ_REVISION "0d78e9b1f441c9ae33361f9778195af0a245ffdd" #define SYZ_PAGE_SIZE 8192 #define SYZ_NUM_PAGES 2048 #define SYZ_DATA_OFFSET 536870912 -unsigned syscall_count = 88; +unsigned syscall_count = 90; call_t syscalls[] = { + {"foo$any0", 0, (syscall_t)foo}, + {"foo$anyres", 0, (syscall_t)foo}, {"mmap", 0, (syscall_t)mmap}, {"mutate0", 0, (syscall_t)mutate0}, {"mutate1", 0, (syscall_t)mutate1}, @@ -102,12 +104,14 @@ call_t syscalls[] = { #if 0 #define GOARCH "64" -#define SYZ_REVISION "4a4abb9774bf056d0952d60f2fffdfdc392353a2" +#define SYZ_REVISION "e361957ea430829459298bc20840e4edbd324930" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 -unsigned syscall_count = 88; +unsigned syscall_count = 90; call_t syscalls[] = { + {"foo$any0", 0, (syscall_t)foo}, + {"foo$anyres", 0, (syscall_t)foo}, {"mmap", 0, (syscall_t)mmap}, {"mutate0", 0, (syscall_t)mutate0}, {"mutate1", 0, (syscall_t)mutate1}, -- cgit mrf-deployment