Surround the main data mapping with PROT_NONE pages to make virtual address layout more consistent
across different configurations (static/non-static build) and C repros.
One observed case before: executor had a mapping above the data mapping (output region),
while C repros did not have that mapping above, as the result in one case VMA had next link,
while in the other it didn't and it caused a bug to not reproduce with the C repro.
The bug that reproduces only with the mapping above:
https://lkml.org/lkml/2020/4/17/819
In some configurations tun_frags_enabled ends up being unused
with a compiler warning and failed build.
Remove mode code if ENABLE_NAPI_FRAGS is not enabled.
We did it for caching purposes, but now
(1) go command caches everything anyway,
(2) we use custom tags and flags, so result
of go install is not reused anyway.
Make MakeMmap return more than 1 call.
This is a preparation for future changes.
Also remove addr/size as they are effectively
always the same and can be inferred from the target
(will also conflict with the future changes).
Also rename to MakeDataMmap to better represent
the new purpose: it's just some arbitrary mmap,
but rather mapping of the data segment.
Turns out the mmap protection get out of sync
between executor and C reproducers.
C reproducers missed PROT_EXEC.
Add PROT_EXEC for linux, freebsd and akaros.
pkg/ipc has this logic for executor binary as well.
Allows to run e.g. executor under strace as:
syz-execprog -executor "/bin/strace -o /tmp/log /bin/syz-executor" prog
On the current linux-next:
f19bb13a0eaf0034a603e3b54a7c3a50faf6821e (next-20200414)
EXT4_EOFBLOCKS_FL was removed by 4337ecd1fe997d2b2135b4434caaccdb47c10c06
ARM does not support KVM anymore, removed by 541ad0150ca4 ("arm: Remove 32bit KVM host support").
Fixes#1676
pkg/vcs/vcs.go:186:2: var `gitSshRepoRe` should be `gitSSHRepoRe`
gitSshRepoRe = regexp.MustCompile(`^(git|ssh|http|https|ftp|ftps)@[a-zA-Z0-9-_]+(\.[a-zA-Z0-9-_]+)+(:[a-zA-Z0-9-_]+)?(/[a-zA-Z0-9-_./]+)?(/)?$`)
^
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
The feature gets enabled when /dev/raw-gadget is present and accessible.
With this feature enabled, executor will do chmod 0666 /dev/raw-gadget on
startup, which makes it possible to do USB fuzzing in setuid and namespace
sandboxes. There should be no backwards compatibility issues with syz
reproducers that don't explicitly enable this feature, as they currently only
work in none sandbox.
We want to check if the original crash reproducer was generated is
reproduced. We need to generate syzkaller style crash report on
reproducer log and check if hash matches with the original hash.
This patch adds outdir flags to syz-symbolize and stores crashes found
from given log into it.
This is ugly but without this go test hangs with:
panic: Metadata fetch failed for 'instance/attributes/gae_backend_version':
Get http://metadata/computeMetadata/v1/instance/attributes/gae_backend_version:
dial tcp: lookup metadata on 127.0.0.1:53: no such host
It's unclear what's the proper fix for this.
It used to work for me for ridiculous reasons only:
somebody provided metadata host which returned errors,
but since nobody cares what's in the returned response
and no error checking whatsoever, it somehow did not crash...
Using Debian Stretch image in combination with android-5.4 kernel results
in eth0 being renamed to e.g. enp0s4 by virtio_net driver, which breaks
our startup scripts. Disable network interface renaming via a kernel
commandline argument.
The previous commit "pkg/report: handle cases when whole stack is questionable"
mishandles frames that start with [PC] prefix before " ? ".
Restore that part.
