For floppy fuzzing you need to enable:
1) CONFIG_BLK_DEV_FD in your kernel configuration
2) "cmdline": " -fda FLOPPY.img " in syzkaller configuration
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Alexander Popov <alex.popov@linux.com>
Currently when we get target consts with target.ConstMap["name"]
during target initialization, we just get 0 for missing consts.
This is error-prone as we can mis-type a const, or a const may
be undefined only on some archs (as we have common unix code
shared between several OSes).
Check that all the consts are actually defined.
The check detects several violations, to fix them:
1. move mremap to linux as it's only defined on linux
2. move S_IFMT to openbsd, as it's only defined and used on openbsd
3. define missing MAP_ANONYMOUS for freebsd and netbsd
4. fix extract for netbsd
This avoids the issue of "android" not having any registered configurations
or syscalls / ioctls / etc, when built with GOOS=android.
This occurs when building in Google3, since --config=android_arm64 selects
the Android toolchain.
Anytime we're running `make extract/generate` with Fuchsia as a target, we
probably want to update FIDL descriptions too, so we don't fall behind
what upstream is up to.
This includes generate_fidl as part of the `make extract` workflow.
Also, corrects fidlgenPath to properly find the path for ARM targets (we
only have host_x64 right now).
We used to use gcc for test OS, but this is linux-specific.
Other OSes may use c++ or clang as main compiler, so use whatever
is the default for the host OS.
Update #712
After generating syscall description for fidl files using fidlgen, prune
all unused structs using the exact same mechanism used by the compiler's
check for unused structs. This allows the FIDL compiler to support
modular compilation; it does not need to have global knowledge of
whether each struct is used or not.
Add simple fuchsia program, the one that is run during image testing.
Fix csource errno printing for fuchsia.
Fix creation of executable files (chmod is not implemented on fuchsia).
Check that we get signal/coverage from all syscalls.
On OpenBSD, the vnode type for a device node of type S_IFMT is interpreted as
VBAD. Such vnodes often causes assertion failures inside kernel producing noisy
crashes. The goal of the OpenBSD specific SanitizeCall() is to prevent such
device nodes from being created. The S_IFMT constant is a mask covering all
possible device types, thus covering both character and block devices. Therefore
when the fuzzer generates a mknod{,at}() syscall with the S_IFMT type we cannot
known if the intent was to create a block or character device. Therefore
simplify the code to create a character device under such circumstances.
The observed failure is caused by the interaction between the OpenBSD specific
SanitizeCall() and the Unix one. The Unix sanitizer will not modify the mode
argument if it contains the S_IFMT mask. But on the second invocation when the
mode no longer contains S_IFMT it would modify it, causing a different program
to be produced. Therefore only delegate to the Unix sanitizer if the syscall is
not equal to mknod{,at}().
Regression introduces in commit b771b17e ("Add mandatory OpenBSD bits (#689)").
Currently we only generate either valid user-space pointers or NULL.
Extend NULL to a set of special pointers that we will use in programs.
All targets now contain 3 special values:
- NULL
- 0xfffffffffffffff (invalid kernel pointer)
- 0x999999999999999 (non-canonical address)
Each target can add additional special pointers on top of this.
Also generate NULL/special pointers for non-opt ptr's.
This restriction was always too restrictive. We may want to generate
them with very low probability, but we do want to generate them.
Also change pointers to NULL/special during mutation
(but still not in the opposite direction).
TestSerializeDeserializeRandom fails from time to time
because program is different after we serialize/deserialize it.
Turns out openbsd SanitizeCall is not idempotent.
Add a test for this and disable the logic for now.
* create a response handle structure for each FIDL method
* generate zx_channel_write for requests having no response
* generate zx_channel_read for events (no request but just response)
* translate FIDL union types to syzkaller union types
(see fuchsia_io_ObjectInfoHandles)
