Skip to content
Permalink
Tree: 02613a4124
Commits on Dec 12, 2018
  1. sys/linux: add basic tipc test

    dvyukov committed Dec 12, 2018
  2. vm/gvisor: replace signal panic with log

    prattmic authored and dvyukov committed Dec 11, 2018
    Diagnose currently sends the panic signal to generate a traceback for
    additional context.
    
    However, Diagnose is also called in otherwise successful scenarios
    (vm.Instance.MonitorExecution -> vm.monitor.extractError). Triggering a
    panic will make this successful scenario look like a failure.
    
    We could simply suppress this panic, but 1) that means we never shutdown
    cleanly (not important, but ugly), and 2) we're less likely to detect
    delayed crashes since we kill the sandbox immediately (that's what
    MonitorExecution is checking for).
    
    Instead, switch from -panic-signal to -trace-signal, which simply logs a
    traceback without exiting. This option was added to runsc in
    google/gvisor@24c1158.
    
    The other uses of Diagnose will always generate a report regardless of
    an additional panic, so we're not losing any reports.
Commits on Dec 11, 2018
  1. prog: detect invalid target.Syscalls in BuildChoiceTable

    blackgnezdo authored and dvyukov committed Dec 11, 2018
    Without this check programs may end up panicing in places far away
    from the real cause. E.g.
    
    worker# ./syz-fuzzer -executor=./syz-executor -name=vm-0 -arch=amd64 -manager=10.128.0.101:21386 -sandbox=setuid -procs=2 -v=0 -cover=true -debug=false -test=false
    2004/02/03 12:11:11 fuzzer started
    2004/02/03 12:11:11 dialing manager at 10.128.0.101:21386
    2004/02/03 12:11:12 syscalls: 1
    2004/02/03 12:11:12 code coverage: enabled
    2004/02/03 12:11:12 comparison tracing: support is not implemented in syzkaller
    2004/02/03 12:11:12 setuid sandbox: support is not implemented in syzkaller
    2004/02/03 12:11:12 namespace sandbox: support is not implemented in syzkaller
    2004/02/03 12:11:12 Android sandbox: support is not implemented in syzkaller
    2004/02/03 12:11:12 fault injection: support is not implemented in syzkaller
    2004/02/03 12:11:12 leak checking: support is not implemented in syzkaller
    2004/02/03 12:11:12 net packet injection: enabled
    2004/02/03 12:11:12 net device setup: support is not implemented in syzkaller
    panic: invalid argument to Intn
    
    goroutine 27 [running]:
    math/rand.(*Rand).Intn(0xc000dff530, 0x0, 0x40)
            /usr/local/go/src/math/rand/rand.go:169 +0x9c
    github.com/google/syzkaller/prog.(*ChoiceTable).Choose(0xc000d92ec0, 0xc000dff530, 0xffffffffffffffff, 0xc000dff650)
            /syzkaller/gopath/src/github.com/google/syzkaller/prog/prio.go:241 +0x1a0
    github.com/google/syzkaller/prog.(*randGen).generateCall(0xc000e145a0, 0xc000c2a200, 0xc000ce7f80, 0x2348f1940, 0xc000ce3440, 0xc000e6ee01)
            /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:451 +0x69
    github.com/google/syzkaller/prog.(*Target).Generate(0xc00007f1e0, 0x8f8680, 0xc000ce3440, 0x1e, 0xc000d92ec0, 0x0)
            /syzkaller/gopath/src/github.com/google/syzkaller/prog/generation.go:19 +0x2b2
    main.(*Proc).loop(0xc000d92f40)
            /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:93 +0x2a1
    created by main.main
            /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236 +0xfe2
  2. executor: reapply setuid sandbox for bsd

    blackgnezdo authored and dvyukov committed Dec 11, 2018
    * Revert "Revert "executor: add setuid sandbox for openbsd""
    
    The problem is the low file descriptor limit.
    
    This reverts commit 4093e33.
    
    * executor/executor make sure the file descriptor limit is sufficient
Commits on Dec 10, 2018
  1. Revert "executor: add setuid sandbox for openbsd"

    blackgnezdo authored and dvyukov committed Dec 10, 2018
    This reverts commit 6565f24.
  2. prog: support AUTO args in programs

    dvyukov committed Dec 10, 2018
    AUTO arguments can be used for:
     - consts
     - lens
     - pointers
    
    For const's and len's AUTO is replaced with the natural value,
    addresses for AUTO pointers are allocated linearly.
    
    This greatly simplifies writing test programs by hand
    as most of the time we want these natural values.
    
    Update tests to use AUTO.
  3. tools/syz-runtest: test program parsing before booting VMs

    dvyukov committed Dec 10, 2018
    It sucks to wait for VMs to boot just to discover that programs don't parse.
  4. pkg/ipc: move sandbox helpers from ipcconfig

    dvyukov committed Dec 10, 2018
    Currently syz-runtest fails to start because -debug flag is defined
    both in syz-runtest and ipcconfig.
    But moving sandbox functions we prevent ipcconfig from being imported into syz-runtest.
  5. prog: implement strict parsing mode

    dvyukov committed Dec 9, 2018
    Add bulk of checks for strict parsing mode.
    Probably not complete, but we can extend then in future as needed.
    Turns out we can't easily use it for serialized programs
    as they omit default args and during deserialization it looks like missing args.
  6. prog: introduce strict parsing mode

    dvyukov committed Dec 9, 2018
    Over time we relaxed parsing to handle all kinds of invalid programs
    (excessive/missing args, wrong types, etc).
    This is useful when reading old programs from corpus.
    But this is harmful for e.g. reading test inputs as they can become arbitrary outdated.
    For runtests which creates additional problem of executing not
    what is actually written in the test (or at least what author meant).
    Add strict parsing mode that does not tolerate any errors.
    For now it just checks excessive syscall arguments.
  7. prog: refactor deserialization code

    dvyukov committed Dec 9, 2018
    Move target and vars into parser and make all
    parsing functions methods of the parser.
    This reduces number of args that we need to pass around
    and eases adding more state that needs to be passed around.
  8. tools/syz-cover: add utility for generation of coverage reports

    dvyukov committed Dec 9, 2018
    syz-cover generates coverage HTML report from raw coverage files.
    Raw coverage files are text files with one PC in hex form per line, e.g.:
    
    	0xffffffff8398658d
    	0xffffffff839862fc
    	0xffffffff8398633f
    
    Raw coverage files can be obtained either from /rawcover manager HTTP handler,
    or from syz-execprog with -coverfile flag.
    
    Usage:
    	syz-cover [-os=OS -arch=ARCH -kernel_src=. -kernel_obj=.] rawcover.file*
  9. syz-manager: move coverage report code to pkg/cover

    dvyukov committed Dec 9, 2018
    This will allow better testing and make it possible to reuse this code.
  10. Update found_bugs.md

    dvyukov committed Dec 10, 2018
  11. executor: add setuid sandbox for openbsd

    blackgnezdo authored and dvyukov committed Dec 10, 2018
    * executor/common_bsd: add setuid sandbox
    
    Fixes #833
    
    cc @mptre
    
    * Reduced duplications, resolved TODO.
Commits on Dec 9, 2018
  1. sys/openbsd: fix socketpair usage

    tuexen authored and dvyukov committed Dec 9, 2018
  2. sys/netbsd: fix socketpair usage

    tuexen authored and dvyukov committed Dec 9, 2018
  3. sys/freebsd: fix socketpair usage

    tuexen authored and dvyukov committed Dec 9, 2018
  4. sys/linux: add AF_TIPC netlink interface and packet formats

    dvyukov committed Dec 5, 2018
  5. sys/linux: socketpair returns sockets not just fd's

    dvyukov committed Dec 4, 2018
  6. tools/*openbsd*: use nc from base instead of curl from package

    Greg Steuck authored and dvyukov committed Dec 9, 2018
    This worked fine for ci machine but gce workers have no packages.
Commits on Dec 8, 2018
  1. executor: fix handling of big-endian bitfields

    dvyukov committed Dec 8, 2018
    Currently we apply big-endian-ness and bitfield-ness in the wrong order in copyin.
    This leads to totally bogus result. Fix this.
  2. pkg/report: add initial symbolize suppport to OpenBSD

    mptre authored and dvyukov committed Dec 8, 2018
  3. tools/syz-symbolize: add optional arch flag with sensible default

    mptre authored and dvyukov committed Dec 8, 2018
    The manager config passed to NewReporter() must include a valid arch by now.
  4. pkg/report: pass the target to each OS report constructor

    mptre authored and dvyukov committed Dec 8, 2018
    In order to use the already defined kernel name in sys/targets to reduce
    duplications.
  5. docs/openbsd: update found_bugs.md

    mptre authored and dvyukov committed Nov 20, 2018
  6. docs: mention OpenBSD in setup.md

    mptre authored and dvyukov committed Dec 8, 2018
  7. docs/darwin: add some info about darwin

    dvyukov committed Dec 8, 2018
    Also move windows into separate dir,
    mention windows/darwin in found bugs.
  8. sys/linux: improve recvmsg descriptions

    tuexen authored and dvyukov committed Dec 8, 2018
Older
You can’t perform that action at this time.