All callers of BitfieldMiddle just want static size (0 for middle).
Make it so: Size for middle bitfields just returns 0. Removes lots of if's.
Introduce Type.UnitSize, which now holds the underlying type for bitfields.
This will be needed to fix#1542 b/c even if UnitSize=4 for last bitfield
Size can be anywhere from 0 to 4 (not necessary equal to UnitSize due to overlapping).
We assumed that for ConstType alignment is equal to size,
which is perfectly reasonable for normal int8/16/32/64/ptr.
However, padding is also represented by ConstType of arbitrary size,
so if we added 157 bytes of padding that becomes alignment of
the padding field and as the result of the whole struct.
This affects very few structs, but quite radically and quite
important structs.
Discovered thanks to syz-check.
Update #590
Some sounds ioctls are now explicitly doubled for 32/64 bits. Support that.
Fix mips SOL_SOCKET issues by rearranging includes.
Improve few other fields.
syz-check parses vmlinux dwarf, extracts struct descriptions,
compares them with what we have (size, fields, alignment, etc)
and produces .warn files.
This is first raw version, it can be improved in a number of ways.
But it already helped to identify a critical issue #1542
and shows some wrong struct descriptions.
Update #590
Currently the config extraction script can produce an incorrect result, when
one of the configs enables a particular config option, but some other one
doesn't. This change fixes the issue.
This is not necessary since we build legit object file
for the target binary now. But this breaks mips with:
/linux/arch/mips/include/asm/thread_info.h:53:30: error: register name not specified for ‘__current_thread_info’
register struct thread_info *__current_thread_info __asm__("$28");
So just remove the old hack.
Follow up to #1536
This patch adds all autogenerated files for linux/mips64le. Files are
generated by following commands:
make extract
bin/syz-extract -build -os=linux -arch=mips64le -sourcedir=linux
make generate
Amusingly we never passed number of threads to wake for FUTEX_WAKE.
It somehow worked reliably on linux (we just needed it to not be 0,
so presumably garbage in registers did it).
However, in gVisor every other syscall wasn't even started
(first syscall on a thread started, but second on the same worker
thread wasn't unable to start).
Add tests for issue #1542
The correct results are obtained with the following program:
struct foo {
unsigned char f0;
unsigned int f1:4;
unsigned short f2:4;
};
struct bar {
char f0;
struct foo foo;
};
int main() {
struct bar y;
memset(&y, 0, sizeof(y));
y.f0 = 0x12;
y.foo.f0 = 0x34;
y.foo.f1 = 0x56;
y.foo.f2 = 0x78;
int i;
for (i = 0; i < sizeof(y); i++)
printf("%02x", ((unsigned char*)&y)[i]);
printf("\n");
}
If you try to run git-using tests while the GIT_DIR environment variable
(and GIT_WORK_TREE, etc) happens to be set, the tests are going to do fun
and exciting things on a repository that isn't the test repository it tries
to set up.
As it turns out, if you try to run "make test" using git rebase -x, you'll
end up with GIT_DIR set to the syzkaller tree. Hilarity ensues.
Unset GIT_DIR, GIT_WORK_TREE and a few other environment variables when
invoking git - that way it'll default to looking at the working directory
that we have given it, which is what we expect.
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
We used to report the newest crash long time ago.
Then we switched to preserving the crash across reporting
stages b/c what reaches next stage may be not what was
sent upstream in the previous one.
However, it seems to cause more problems now than it solves.
Crash classification become much better + some backlog
of bugs was clearer, so we don't have that may glued bugs.
However, in some cases we report notoriously old crashes
which is bad. Switch to the newest crash agian.
Let's see how this works now.
1. Extract multiple error lines (up to 10).
Gives more complete picture, maybe the first one
is not the most indicative one.
2. Replace weird unicode quotes with normal quotes.
These may be mishandled by some systems that don't understand utf-8.
Build with some gcc's fails:
In file included from executor/executor.cc:133:0:
executor/common_linux.h: In function ‘long int syz_read_part_table(long unsigned int, long unsigned int, long int)’:
executor/common.h:117:15: error: ignoring return value of ‘ssize_t pwrite(int, const void*, size_t, __off_t)’, declared with attribute warn_unused_result [-Werror=unused-result]
__VA_ARGS__; \
^
executor/common_linux.h:1279:3: note: in expansion of macro ‘NONFAILING’
NONFAILING(pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset));
^
executor/common_linux.h: In function ‘long int syz_mount_image(long int, long int, long unsigned int, long unsigned int, long int, long int, long int)’:
executor/common.h:117:15: error: ignoring return value of ‘ssize_t pwrite(int, const void*, size_t, __off_t)’, declared with attribute warn_unused_result [-Werror=unused-result]
__VA_ARGS__; \
^
executor/common_linux.h:1364:3: note: in expansion of macro ‘NONFAILING’
NONFAILING(pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset));
^
cc1plus: all warnings being treated as errors
1. It always crashed in cover_reset when coverage is disabled.
2. Use NONFAILING when accessing image segments.
3. Give it additional 100 ms as it may be slow.
4. Add a test for syz_mount_image.
