Age | Commit message (Collapse) | Author |
|
|
|
Enable it unconditionally.
|
|
If C reproducers keep on printing "executing program" lines, it will be
easier to re-use them during the repro and patch testing.
|
|
If syz-fuzzer has not been able to execute the request, set the proper
result status.
Assign fallback signal only if signal was requested and if the execution
was successful.
|
|
Always call the finish callback to make control flow consistent
if VM crash/does not crash. Then users can rely on the callback
being always called.
Fix a bug highlighted by the extended test:
currently we call extractError/callback twice when the fuzzer is preempted.
If the fuzzer is preempted, extractError returns nil,
which makes appendOutput return nil as well,
which makes the main loop continue as if no crash/preemption happened.
It will exit, but only after 5 min "no output" timeout.
Most likley the output will still contain the preemption message,
so no "no output" will be reported, but the additional 5 min wait
is unnecessary.
|
|
It's likely we don't have any new signal every 0.5 seconds,
so don't iterate the sync map and append if we have no signal.
|
|
Flatrpc flags are passed in RPC execution requests,
so to avoid conversions and duplicate set of flags
use flatrpc flags in pkg/ipc directly.
|
|
Flatbuffers compiler generates slices of pointers for these types,
so return slices of pointers to avoid converting the whole slice.
|
|
We don't need the full priority queue functionality anymore. For our
purposes it's enough to only enforce the order between the elements of
different sub-queues.
|
|
Use a simpler implementation.
Don't assume the nested Source may be nil.
|
|
We don't support them in syz-manager.
|
|
Return a new queue.Source from the machine check callback.
|
|
For now, only ProgTypes is enough.
|
|
There's no need in duplicating the signal, coverage, hints flags.
|
|
If syz-runtest wants several runs, it will pass it as an option for C
code generation.
|
|
Mark some requests as Important. The Retry() layer will give them one
more chance even if they were not executed due to a VM crash.
For now, the only important requests are related to triage, candidates
and pkg/vminfo tests.
Add tests for retry.go.
|
|
There's no need to wait until all results have been completed to print
them.
|
|
There's no need to duplicate the execution mechanisms.
|
|
Use the same interfaces as the fuzzer.
Now syz-manager no longer needs to treat machine check executions
differently.
|
|
|
|
Make Result statuses more elaborate.
Instead of retrying inputs directly in rpc.go, extract this logic to a
separate entity in pkg/fuzzer/queue.
|
|
Instead of relying on a fuzzer-internal priority queue, utilize
stackable layers of request-generating steps.
Move the functionality to a separate pkg/fuzzer/queue package.
The pkg/fuzzer/queue package can be reused to add extra processing
layers on top of the fuzzing and to combine machine checking and fuzzing
execution pipelines.
|
|
It will be much simpler to return wait time in start executing message.
Then we don't need a separate message and don't need the count.
|
|
We needed it in the old RPC b/c messages could have been delivered
out-of-order, so we could not receive executing info when execution
is completed. With the new RPC out-of-order delivery can't happen.
|
|
It will require fewer casts, currently it's passed as []byte.
|
|
Feature checking procedure is split into 2 phases:
1. syz-fuzzer invokes "syz-executor setup feature" for each feature one-by-one,
and checks if executor does not fail.
Executor can also return a special "this feature does not need custom setup",
this allows to not call setup of these features in each new VM.
2. pkg/vminfo runs a simple program with ipc.ExecOpts specific for a concrete feature,
e.g. for wifi injection it will try to run a program with wifi feature enabled,
if setup of the feature fails, executor should also exit with an error.
For coverage features we also additionally check that we actually got coverage.
Then pkg/vminfo combines results of these 2 checks into final result.
syz-execprog now also uses vminfo package and mimics the same checking procedure.
Update #1541
|
|
Do two exec hints to only leave stable comparison argument pairs.
In local experiments, it allows to reduce their count by 30-40% (on
average).
|
|
Update the list of device type flags to match that of Linux 6.9
|
|
Make the following changes for extraction to succeed:
- drop the KVM API constants for features removed in 6.9;
- hardcode the three TUNNEL_*_OPT constants that cannot be extracted due to a header change;
- hardcode the HCI_OP_* constants removed in 99fca36c8b412 ("Bluetooth: HCI: Remove HCI_AMP support");
- hardcode the L2CAP_* constants removed in e7b02296fb40 ("Bluetooth: Remove BT_HS");
- hardcode LANDLOCK_ACCESS_FS_IOCTL_DEV until it hits upstream.
|
|
Signed-off-by: Andrei Vagin <avagin@google.com>
|
|
There's still a risk of a race between the pointer overwriting and
accesses to the embedded object.
Let's use an internal replace() method instead.
|
|
logProgram() may race with Request.Done(), in which case the request
producer (fuzzer.Fuzzer) may well have already mutated a previously
executed prog.Prog instance.
|
|
|
|
|
|
|
|
The test becomes very restrictive in cases when custom descriptions are
present.
Let's only check for the filesystems we expect to see.
|
|
|
|
|
|
otherwise it panics:
panic: interface conversion: net.Conn is *net.UnixConn, not *net.TCPConn
Fixes: 610f2a54d02f ("pkg/rpctype: prepare for not using for target communication")
Signed-off-by: Andrei Vagin <avagin@google.com>
|
|
gVisor doesn't implement binfmt file system.
Fixes: 229488b413d4 ("executor: consistently fail on feature setup")
Signed-off-by: Andrei Vagin <avagin@google.com>
|
|
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.172.0 to 0.178.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.172.0...v0.178.0)
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
common_usb.h is included by both common_linux.h and common_netbsd.h.
The current version may fail to replace one of these common_usb.h,
if say common_linux.h is already replaced, but common_netbsd.h is not yet.
Make the replacement algorithm more robust and just replace everything
on each iteration until we can't replace anything anymore.
Fixes #4783
|
|
|
|
We don't want to download mockery every time.
|
|
We don't want to download mockery every time.
|
|
For some reason it started to consistently timeout on CI
(got 3 failures in a row). Disable it under race detector.
|
|
This shouldn't be needed now.
After copying files we need to regenerate syzkaller descriptions,
but all make steps that build Go binaries already depend on "descriptions" target.
We also need to update executor/common_ext.h for C repros,
but after switching to go:embed, this shuold be handled automatically as well.
|
|
go:embed is a more modern way to do this and it does
not require a special Makefile step.
Since go:embed cannot use paths that contains "..",
the actual embeding is moved to executor package.
|
|
Move the test from executor to pkg/ipc to prevent import cycle
in the next change.
pkg/ipc looks like the most reasonable place for it (besides executor),
it already builds executor binary.
The test cannot be moved to pkg/csource b/c it will create csource<->ipc cycle.
|
|
|