1. Account for the fact that go can be already in path.
2. Unset GOROOT in case it is set already.
3. export variables (not sure how it worked for me).
syz-manager always passes explicit value for the flag.
syz-stress does not need coverage.
The only real user is syz-execprog. syz-execprog already
forces coverage with -coverfile is given. Coverage is harmful
for external users trying to reproduce reported bugs.
For the remaining cases of syzkaller developers running
syz-execprog on KCOV-enabled kernel, the flag can be given
manually if really needed.
Fixes#554
syz-manager used to silently transitively disable syscalls
for which input resources can't be created.
This caused lots of confusion, or worse, users did not notice
that syzkaller does not actually test what they want.
Fail loudly with a readable explanation when a syscall
explicitly enabled in enable_syscalls is actually disabled.
Note: this requires to slightly change enable/disable_syscalls
matching logic. Previously "foo" would match "foo" and all "foo$BAR",
now it matches only "foo". But "foo*" can be used to match all
disciminations.
1. Create ifindex_team, because TEAM_ATTR_TEAM_IFINDEX must
always point to a team device.
2. Remove output only attributes like team_attr_item_port, TEAM_ATTR_LIST_PORT,
TEAM_ATTR_OPTION_CHANGED.
3. Restructure team_nl_option_policy: we always want TEAM_ATTR_OPTION_NAME/TYPE/DATA
+ optionally TEAM_ATTR_OPTION_ARRAY_INDEX and TEAM_ATTR_OPTION_PORT_IFINDEX.
4. Provide specialized team_nl_option_policy_per_port and team_nl_option_policy_array.
5. Make team_attr_option varlen.
6. Remove unnecessary indirection via team_attr_list_option/team_attr_list_port.
7. Fix data type for bpf_hash_func and lb_tx_hash_to_port_mapping.
There is no point in using sancov,
it does not do anything other than transforming
binary format to a useful text format.
Write out text format directly.
Make the required changes to the BSD executor file to interface with
FreeBSD's kernel coverage implementation. This will allow coverage to be
used when running syzkaller on this platform.
Now file names become:
string[filename]
with a possibility of using other string features:
stringnoz[filename]
string[filename, CONST_SIZE]
and filename is left as type alias as it is commonly used:
type filename string[filename]
At some point extract for linux/arm started to fail with:
extracting from key.txt
failed to run compiler: exit status 1
/tmp/ccT6o7iZ.s: Assembler messages:
/tmp/ccT6o7iZ.s:4: Error: unknown pseudo-op: `.syntax'
This is caused by arch/arm/include/asm/unified.h:
__asm__(".syntax unified");
Ignore all __asm__ directives as we are cross compiling.
Use big-endian match/replace for both blobs and ints.
Sometimes we have unmarked blobs (no little/big-endian info);
for ANYBLOBs we intentionally lose all marking;
but even for marked ints we may need this too.
Consider that kernel code does not convert the data
(i.e. not ntohs(pkt->proto) == ETH_P_BATMAN),
but instead converts the constant (i.e. pkt->proto == htons(ETH_P_BATMAN)).
In such case we will see dynamic operand that does not
match what we have in the program.
Type "none" is a special case for debugging/development when manager
does not start any VMs, but instead you start them manually
and start syz-fuzzer there.
SYS_memfd_create define produces warning in scource
if system headers already contain the definition (we strip all ifdefs!).
The same is true for CLONE_NEWCGROUP but we just never hit it yet.
Also fix format string for 32 bits.
Also fix potential uninit var in csource, and a missing new line.
Turns out creating a cgroup per test is too expensive.
Moreover, it leads to hanged tasks as cgroup destruction
is asynchronous and overloads kernel work queues.
Create only a single cgroup per proc, but restrict
descriptions to mess with that single group,
instead test processes create own nested cgroups for messing.
