Skip to content
Permalink
Tree: fe7127be71
Commits on Dec 13, 2018
  1. docs/openbsd/setup.md: micro-simplification

    blackgnezdo authored and dvyukov committed Dec 13, 2018
    @mptre WDYT
  2. pkg/report: another gvisor OOM suppression

    dvyukov committed Dec 13, 2018
  3. pkg/report: another gvisor OOM suppression

    dvyukov committed Dec 13, 2018
  4. pkg/report: another gvisor OOM suppression

    dvyukov committed Dec 13, 2018
  5. pkg/report: pkg/report: relaxed gvisor OOM suppressions more

    dvyukov committed Dec 13, 2018
    There are more variations of this panic format.
  6. pkg/report: replace more moving parts in gvisor crash titles

    dvyukov committed Dec 13, 2018
    "container" seems to have been renamed to "sandbox".
    Also exact pid numbers are harmful.
  7. pkg/report: relaxed gvisor OOM suppressions

    dvyukov committed Dec 13, 2018
    Existing ones don't match actual gvisor output after address mangling.
    Not matching exact context in parens should be good enough re false positives.
  8. pkg/csource: support tun and setuid repros on {free,open}bsd

    blackgnezdo authored and dvyukov committed Dec 11, 2018
    * expose procid on BSD for tun, always declare loop()
    * deal with terrible bsd includes
    * replicate loop() declaration
  9. Merge pull request #874 from prattmic/bazel_version

    prattmic authored and dvyukov committed Dec 13, 2018
    pkg/build: fix bazel version parsing
  10. vm/gvisor: don't close conn on error

    prattmic authored and dvyukov committed Dec 12, 2018
    If net.Dial returns an error, conn is nil and closing it will panic.
  11. Merge pull request #872 from prattmic/patch-2

    prattmic authored and dvyukov committed Dec 13, 2018
    vm/gvisor: support forwarding on IPv6
  12. pkg/report: update gvisor ptrace regs suppressions

    prattmic authored and dvyukov committed Dec 13, 2018
    google/gvisor@99d5958
    changed the format of these to include the registers.
Commits on Dec 12, 2018
  1. sys/linux: add basic tipc test

    dvyukov committed Dec 12, 2018
  2. vm/gvisor: replace signal panic with log

    prattmic authored and dvyukov committed Dec 11, 2018
    Diagnose currently sends the panic signal to generate a traceback for
    additional context.
    
    However, Diagnose is also called in otherwise successful scenarios
    (vm.Instance.MonitorExecution -> vm.monitor.extractError). Triggering a
    panic will make this successful scenario look like a failure.
    
    We could simply suppress this panic, but 1) that means we never shutdown
    cleanly (not important, but ugly), and 2) we're less likely to detect
    delayed crashes since we kill the sandbox immediately (that's what
    MonitorExecution is checking for).
    
    Instead, switch from -panic-signal to -trace-signal, which simply logs a
    traceback without exiting. This option was added to runsc in
    google/gvisor@24c1158.
    
    The other uses of Diagnose will always generate a report regardless of
    an additional panic, so we're not losing any reports.
Commits on Dec 11, 2018
  1. prog: detect invalid target.Syscalls in BuildChoiceTable

    blackgnezdo authored and dvyukov committed Dec 11, 2018
    Without this check programs may end up panicing in places far away
    from the real cause. E.g.
    
    worker# ./syz-fuzzer -executor=./syz-executor -name=vm-0 -arch=amd64 -manager=10.128.0.101:21386 -sandbox=setuid -procs=2 -v=0 -cover=true -debug=false -test=false
    2004/02/03 12:11:11 fuzzer started
    2004/02/03 12:11:11 dialing manager at 10.128.0.101:21386
    2004/02/03 12:11:12 syscalls: 1
    2004/02/03 12:11:12 code coverage: enabled
    2004/02/03 12:11:12 comparison tracing: support is not implemented in syzkaller
    2004/02/03 12:11:12 setuid sandbox: support is not implemented in syzkaller
    2004/02/03 12:11:12 namespace sandbox: support is not implemented in syzkaller
    2004/02/03 12:11:12 Android sandbox: support is not implemented in syzkaller
    2004/02/03 12:11:12 fault injection: support is not implemented in syzkaller
    2004/02/03 12:11:12 leak checking: support is not implemented in syzkaller
    2004/02/03 12:11:12 net packet injection: enabled
    2004/02/03 12:11:12 net device setup: support is not implemented in syzkaller
    panic: invalid argument to Intn
    
    goroutine 27 [running]:
    math/rand.(*Rand).Intn(0xc000dff530, 0x0, 0x40)
            /usr/local/go/src/math/rand/rand.go:169 +0x9c
    github.com/google/syzkaller/prog.(*ChoiceTable).Choose(0xc000d92ec0, 0xc000dff530, 0xffffffffffffffff, 0xc000dff650)
            /syzkaller/gopath/src/github.com/google/syzkaller/prog/prio.go:241 +0x1a0
    github.com/google/syzkaller/prog.(*randGen).generateCall(0xc000e145a0, 0xc000c2a200, 0xc000ce7f80, 0x2348f1940, 0xc000ce3440, 0xc000e6ee01)
            /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:451 +0x69
    github.com/google/syzkaller/prog.(*Target).Generate(0xc00007f1e0, 0x8f8680, 0xc000ce3440, 0x1e, 0xc000d92ec0, 0x0)
            /syzkaller/gopath/src/github.com/google/syzkaller/prog/generation.go:19 +0x2b2
    main.(*Proc).loop(0xc000d92f40)
            /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:93 +0x2a1
    created by main.main
            /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236 +0xfe2
  2. executor: reapply setuid sandbox for bsd

    blackgnezdo authored and dvyukov committed Dec 11, 2018
    * Revert "Revert "executor: add setuid sandbox for openbsd""
    
    The problem is the low file descriptor limit.
    
    This reverts commit 4093e33.
    
    * executor/executor make sure the file descriptor limit is sufficient
Commits on Dec 10, 2018
  1. Revert "executor: add setuid sandbox for openbsd"

    blackgnezdo authored and dvyukov committed Dec 10, 2018
    This reverts commit 6565f24.
  2. prog: support AUTO args in programs

    dvyukov committed Dec 10, 2018
    AUTO arguments can be used for:
     - consts
     - lens
     - pointers
    
    For const's and len's AUTO is replaced with the natural value,
    addresses for AUTO pointers are allocated linearly.
    
    This greatly simplifies writing test programs by hand
    as most of the time we want these natural values.
    
    Update tests to use AUTO.
  3. tools/syz-runtest: test program parsing before booting VMs

    dvyukov committed Dec 10, 2018
    It sucks to wait for VMs to boot just to discover that programs don't parse.
  4. pkg/ipc: move sandbox helpers from ipcconfig

    dvyukov committed Dec 10, 2018
    Currently syz-runtest fails to start because -debug flag is defined
    both in syz-runtest and ipcconfig.
    But moving sandbox functions we prevent ipcconfig from being imported into syz-runtest.
  5. prog: implement strict parsing mode

    dvyukov committed Dec 9, 2018
    Add bulk of checks for strict parsing mode.
    Probably not complete, but we can extend then in future as needed.
    Turns out we can't easily use it for serialized programs
    as they omit default args and during deserialization it looks like missing args.
  6. prog: introduce strict parsing mode

    dvyukov committed Dec 9, 2018
    Over time we relaxed parsing to handle all kinds of invalid programs
    (excessive/missing args, wrong types, etc).
    This is useful when reading old programs from corpus.
    But this is harmful for e.g. reading test inputs as they can become arbitrary outdated.
    For runtests which creates additional problem of executing not
    what is actually written in the test (or at least what author meant).
    Add strict parsing mode that does not tolerate any errors.
    For now it just checks excessive syscall arguments.
  7. prog: refactor deserialization code

    dvyukov committed Dec 9, 2018
    Move target and vars into parser and make all
    parsing functions methods of the parser.
    This reduces number of args that we need to pass around
    and eases adding more state that needs to be passed around.
  8. tools/syz-cover: add utility for generation of coverage reports

    dvyukov committed Dec 9, 2018
    syz-cover generates coverage HTML report from raw coverage files.
    Raw coverage files are text files with one PC in hex form per line, e.g.:
    
    	0xffffffff8398658d
    	0xffffffff839862fc
    	0xffffffff8398633f
    
    Raw coverage files can be obtained either from /rawcover manager HTTP handler,
    or from syz-execprog with -coverfile flag.
    
    Usage:
    	syz-cover [-os=OS -arch=ARCH -kernel_src=. -kernel_obj=.] rawcover.file*
  9. syz-manager: move coverage report code to pkg/cover

    dvyukov committed Dec 9, 2018
    This will allow better testing and make it possible to reuse this code.
  10. Update found_bugs.md

    dvyukov committed Dec 10, 2018
  11. executor: add setuid sandbox for openbsd

    blackgnezdo authored and dvyukov committed Dec 10, 2018
    * executor/common_bsd: add setuid sandbox
    
    Fixes #833
    
    cc @mptre
    
    * Reduced duplications, resolved TODO.
Commits on Dec 9, 2018
  1. sys/openbsd: fix socketpair usage

    tuexen authored and dvyukov committed Dec 9, 2018
  2. sys/netbsd: fix socketpair usage

    tuexen authored and dvyukov committed Dec 9, 2018
  3. sys/freebsd: fix socketpair usage

    tuexen authored and dvyukov committed Dec 9, 2018
  4. sys/linux: add AF_TIPC netlink interface and packet formats

    dvyukov committed Dec 5, 2018
Older
You can’t perform that action at this time.