Add a regex for syscall symbol extraction on ppc64le. ppc64le doesn't have
any special arch prefix.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Right now syz-fuzzer does a search through /proc/kallsyms for each syscall
to check whether it's supported. Do one search instead and save the results
to a map. This speeds up syscall detection ~60 times when testing arm64 kernel
on x86. Also add another search pattern for arm64 and add some logging.
* Revert "Revert "executor: add setuid sandbox for openbsd""
The problem is the low file descriptor limit.
This reverts commit 4093e33b13.
* executor/executor make sure the file descriptor limit is sufficient
EBUSY is returned when KMEMLEAK is in fact turned off,
not when scanning is already turned off.
That can't be recovered.
So instead check that we can write to the file in the check
function and give useful diagnostics.
Rewind kmemleak fd before reading it second time,
otherwise we will read truncated reports.
Auto-learn what leak reports we've already seen
and ignore them in future. This is required because
there are some false positives and some fire too frequently.
So now we will hit each leak only once per manager run,
but we still will try to reproduce them.
executor: add support for android_untrusted_app sandbox
This adds a new sandbox type, 'android_untrusted_app', which restricts
syz-executor to the privileges which are available to third-party applications,
e.g. those installed from the Google Play store.
In particular, this uses the UID space reserved for applications (instead of
the 'setuid' sandbox, which uses the traditional 'nobody' user / 65534)
as well as a set of groups which the Android-specific kernels are aware of,
and finally ensures that the SELinux context is set appropriately.
Dependencies on libselinux are avoided by manually implementing the few
functions that are needed to change the context of the current process,
and arbitrary files. The underlying mechanisms are relatively simple.
Fixesgoogle/syzkaller#643
Test: make presubmit
Bug: http://b/112900774
We have fallback coverage implmentation for freebsd.
1. It's broken after some recent changes.
2. We need it for fuchsia, windows, akaros, linux too.
3. It's painful to work with C code.
Move fallback coverage to ipc package,
fix it and provide for all OSes.
Currently host feature detection/setup code is spread
across platform-independent fuzzer code, pkg/host, pkg/ipc
and executor.
Move this all into pkg/host and show readable info
about features on manager start.
Fixes#46
The new pseudo syscall allows opening sockets that can only
be created in init net namespace (BLUETOOTH, NFC, LLC).
Use it to open these sockets.
Unfortunately this only works with sandbox none at the moment.
The problem is that setns of a network namespace requires CAP_SYS_ADMIN
in the target namespace, and we've lost all privs in the init namespace
during creation of a user namespace.
