Skip to content
Permalink
Tree: c2faf9b2d5
Commits on Jan 16, 2019
  1. all: detect extra coverage support

    xairy committed Jan 16, 2019
    Based on whether the kernel supports KCOV_REMOTE_ENABLE ioctl.
  2. all: support extra coverage

    xairy committed Nov 22, 2018
    Right now syzkaller only supports coverage collected from the threads that
    execute syscalls. However some useful things happen in background threads,
    and it would be nice to collect coverage from those threads as well.
    
    This change adds extra coverage support to syzkaller. This coverage is not
    associated with a particular syscall, but rather with the whole program.
    Executor passes extra coverage over the same ipc mechanism to syz-fuzzer
    with syscall number set to -1. syz-fuzzer then passes this coverage to
    syz-manager with the call name "extra".
    
    This change requires the following kcov patch:
    xairy/linux#2
  3. sys/freebsd: add SCTP syscalls

    msvoelker authored and dvyukov committed Jan 16, 2019
    * sys/freebsd: Add SCTP syscalls
    
    * sys/freebsd: SCTP syscalls updated
    
    * sys/freebsd: SCTP syscalls fixed
  4. tools/syz-trace2syz/proggen: add support for open, openat, syz_open_d…

    shankarapailoor authored and dvyukov committed Jan 15, 2019
    …ev variants
    
    Add support to accurately select variants for open and openat system calls.
    This is needed because in order to accurately select ioctl variants we need
    to use device resource types. The device resource types can only be created
    by syz_open_dev and openat variants.
  5. pkg/mgrconfig: do not serialize optional fields

    dvyukov committed Jan 16, 2019
    Since we now show manager config on web page, make it leaner.
  6. syz-manager: add repo version and config link on stats page

    JoeyJiao authored and dvyukov committed Jan 16, 2019
  7. Update found_bugs.md

    dvyukov committed Jan 16, 2019
Commits on Jan 15, 2019
  1. pkg/report: more tuning for trusty reports

    dvyukov committed Jan 15, 2019
    Update #933
  2. vm/qemu: Disable VGA on ppc64le

    ajdlinux authored and dvyukov committed Dec 18, 2018
    Disable qemu VGA output on ppc64le. The current pseries console code in
    the kernel has a bunch of bugs, and if you don't disable VGA syzkaller
    won't see console output.
    
    Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
  3. vm/qemu: Enable KVM on ppc64le

    ajdlinux authored and dvyukov committed Jan 11, 2019
    ppc64le supports KVM, let's use it.
    
    This obviously won't work on an x86 host, but at present there are issues
    using syzkaller on ppc64le with qemu in TCG mode anyway.
    
    Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
  4. pkg/host: Support extracting kallsyms on ppc64le

    ajdlinux authored and dvyukov committed Jan 11, 2019
    Add a regex for syscall symbol extraction on ppc64le. ppc64le doesn't have
    any special arch prefix.
    
    Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
  5. Update found_bugs.md

    dvyukov committed Jan 15, 2019
  6. Update executing_syzkaller_programs.md

    dvyukov committed Jan 15, 2019
    -cover=0 is the default now
    -procs=16 looks too high, syzbot uses 6-8 so let's suggest 8
Commits on Jan 14, 2019
  1. Makefile: fix double $(GO) $(GO)

    dvyukov committed Jan 14, 2019
  2. sys/linux: add trusty support

    dvyukov committed Jan 10, 2019
    Add support for trusty tipc devices and several trusty app ports.
    
    Update #933
  3. sys/linux: Add syscalls to read from sockets for crypto operations

    Zubin Mithra authored and dvyukov committed Jan 10, 2019
    sockaddr_alg with salg_type as "skcipher", "aead", "hash" and "rng"
    support for reading from these sockets. Add read descriptions to
    socket_alg.txt.
  4. docs/trusty: add instructions on building trusty

    dvyukov committed Jan 14, 2019
    Update #933
  5. tools/syz-trace2syz/proggen: deleting unnecessary code in genSockaddr…

    shankarapailoor authored and dvyukov committed Jan 14, 2019
    …Storage()
    
    genSockaddrStorage() determines the correct sockaddr_storage union option when we
    cannot identify the system call variant. We used to have custom logic per system
    call which was not tested and is actually unnecessary. This patch deletes that
    code and adds a test to make sure there are no regressions.
  6. pkg/report: add parsing of trusty crashes

    dvyukov committed Jan 14, 2019
    Update #933
  7. pkg/report: strip trailing deadlock reports for real

    dvyukov committed Jan 14, 2019
    Oops messages frequently induce possible deadlock reports
    because oops reporting introduces unexpected locking chains.
    So if we have enough of the actual oops, strip the deadlock message.
  8. pkg/report: strip trailing deadlock reports

    dvyukov committed Jan 14, 2019
    Oops messages frequently induce possible deadlock reports
    because oops reporting introduces unexpected locking chains.
    So if we have enough of the actual oops, strip the deadlock message.
  9. executor: adapt switching to user nobody to be more portable on BSDs

    krytarowski authored and dvyukov committed Jan 14, 2019
    NetBSD uses different uid/gid than FreeBSD/OpenBSD for the user
    nobody. Instead of hardcoding the values, retrieve it from the
    password entry database.
    
    While there, switch to setuid(2) and setgid(2) calls as they are
    good enough and portable. setresgid(2) and setresuid(2) aren't
    available on NetBSD.
  10. executor: do not call setrlimit(2) for RLIMIT_AS for NetBSD

    krytarowski authored and dvyukov committed Jan 14, 2019
    Setting the limit caused abnormal failure during early init on NetBSD.
  11. docs/netbsd.md: updated documentation for NetBSD

    R3x authored and dvyukov committed Jan 12, 2019
    Refactored the document and updated the changes.
  12. executor: update KCOV support for FreeBSD

    tuexen authored and dvyukov committed Jan 12, 2019
    KCOV support has been added to FreeBSD in r342962. Use
    the header file and update the code to latest changes
    introduced in the review process.
  13. tools/kcovtrace: add FreeBSD support

    tuexen authored and dvyukov committed Jan 12, 2019
    KCOV support has been committed to FreeBSD in r342962. Therefore,
    allow this program to be run on FreeBSD.
  14. sys/openbsd: avoid /dev/fd node creation

    blackgnezdo authored and dvyukov committed Jan 12, 2019
    Prevents corpus explosion with corrupted coverage data.
    
    The two parallel runs of:
    `doas ./syz-execprog -cover -coverfile /tmp/{fixed,unfixed} r.syz`
    show markedly different coverage pictures:
    
    unfixed:
    ```
    2019/01/12 13:55:38 parsed 1 programs
    2019/01/12 13:55:38 executed programs: 0
    2019/01/12 13:55:38 call #0: signal 821, coverage 2438
    2019/01/12 13:55:38 call #1: signal 243, coverage 1363
    2019/01/12 13:55:38 call #2: signal 502, coverage 1993
    2019/01/12 13:55:38 call #3: signal 15, coverage 44
    2019/01/12 13:55:38 call #4: signal 335, coverage 8196
    ```
    
    fixed:
    ```
    2019/01/12 13:51:57 parsed 1 programs
    2019/01/12 13:51:57 executed programs: 0
    2019/01/12 13:51:57 call #0: signal 837, coverage 2491
    2019/01/12 13:51:57 call #1: signal 241, coverage 1341
    2019/01/12 13:51:57 call #2: signal 27, coverage 61
    2019/01/12 13:51:57 call #3: signal 13, coverage 44
    2019/01/12 13:51:57 call #4: signal 39, coverage 299
    ```
    
    The contents of `r.syz` is
    ```
    mknod(&(0x7f0000000180)='./file0\x00', 0x2006, 0x10000016e8)
    r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
    mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0, 0x0)
    writev(0xffffffffffffffff, &(0x7f0000002480)=[{&(0x7f0000001480)="<junk>", 0x573}], 0x1)
    lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000))
    ```
    
    So, it's the final lstat which was getting that extra coverage.  In
    particular, the end of unfixed.4 has some 4734 values
    0xffffffff00000000.
Commits on Jan 11, 2019
  1. Update syzbot.md

    dvyukov committed Jan 11, 2019
    Mention i386 userspace arch and -m32 flag.
  2. Update syzbot.md

    dvyukov committed Jan 11, 2019
    Mention chmod 0600 on the ssh key, otherwise it's rejected by ssh.
Commits on Jan 10, 2019
  1. tools/syz-trace2syz/proggen.go: delete reorderStructFields()

    shankarapailoor authored and dvyukov committed Jan 10, 2019
    strace incorrectly printed sin6_addr before sin6_flowinfo. To fix this,
    trace2syz added reorderStructFields() which swapped back the order. Incorrect
    orderings of structs is a bug in strace or in our descriptions so we should
    fix the source rather than work around. We have submitted a patch to fix the
    sockaddr_in6 decoding in strace so we can safely delete this function.
  2. pkg/vcs: relax check on git hash length

    dvyukov committed Jan 10, 2019
    We've seen 15 and 17 char hashes already.
    And 14 wasn't initially in the list, but somebody used it.
    Relax the check to 8..40 chars.
  3. executor: disable gen.go for NetBSD

    krytarowski authored and dvyukov committed Jan 10, 2019
    kvm is Linux specific.
  4. tools/syz-trace2syz/proggen/proggen_test.go: test ipv6 address conver…

    shankarapailoor authored and dvyukov committed Jan 8, 2019
    …sion
  5. tools/syz-trace2syz/proggen: convert strace byte arrays to int args

    shankarapailoor authored and dvyukov committed Jan 8, 2019
    strace decodes certain arguments like sockaddr_in.sin_port or sin_addr
    as hex strings under -Xraw. This is because the arguments are in network byte
    order. This patch supports converting those hex strings to int args if the size
    of the string is 1, 2, 4, or 8.
Older
You can’t perform that action at this time.