syz-extract was removing certain prefixes from syscall names, but this
caused some problems:
- freebsd* prefixes are for compatibility syscalls when the syscall ABI
has changed. For instance, we have both fstat() and
freebsd11_fstat(), and it is desirable to fuzz them both.
- Stripping prefixes may leave us with undefined SYS_ constants. This
resulted in some test failures in pkg/csource, which emitted code
referencing SYS_semctl when it should have been SYS___semctl.
Fix the problem by updating syscall descriptions to match the names
given by the FreeBSD kernel. Add some new descriptions for
compatibility syscalls, fix the mknodat() description (dev_t is now 64
bits wide on FreeBSD), and remove mknod$loop, which appears to be
Linux-specific.
We don't specify trailing unused args for some syscalls
(e.g. ioctl that does not use its arg).
Executor always filled tailing unsed args with 0's
but pkg/csource didn't. Some such syscalls actually
check that the unsed arg is 0 and as the result failed with C repro.
We could statically check and eliminate all such cases,
but it turns out the warning fires in 1500+ cases:
a3ace5a63f/gistfile1.txt
So instead fill such args with 0's in pkg/csource too.
As suggested by Dmitry us a better description of the msg_flags
field, which is only used to provide information from the
kernel to the application for recvmsg() calls. This means that
the value provided is basically ignored.
* OpebBSD: remove socketpair() for AF_INET and AF_INET6.
socketpair() is only supported on AF_UNIX.
* NetBSD: remove socketpair() for AF_INET and AF_INET6.
socketpair() is only supported for AF_UNIX.
* FreeBSD: remove socketpair() for AF_INET and AF_INET6.
socketpair() only supports AF_UNIX.
* Linux: remove socketpair for AF_INET and AF_INET6.
socketpair only supports AF_UNIX.
* Autogenerated files.
These are manually generated for all platforms you are not
running on. FreeBSD in this case.
* executor: rebase.
* sys/freebsd: rebase.
* sys/linux: use AF_UNIX based socketpair for nbd.
This was suggested by Dmitry.
Fixes#845
Currently when we get target consts with target.ConstMap["name"]
during target initialization, we just get 0 for missing consts.
This is error-prone as we can mis-type a const, or a const may
be undefined only on some archs (as we have common unix code
shared between several OSes).
Check that all the consts are actually defined.
The check detects several violations, to fix them:
1. move mremap to linux as it's only defined on linux
2. move S_IFMT to openbsd, as it's only defined and used on openbsd
3. define missing MAP_ANONYMOUS for freebsd and netbsd
4. fix extract for netbsd
Currently target binaries contain support for all OS/arch combinations.
However, obviously a fuchsia target binary won't test windows.
For target binaries we need support only for a single target
(with the exception of 386/arm target in amd64/arm64 binaries).
So compile in only _the_ target into target binaries.
This reduces akaros/amd64 fuzzer binary from 33 to 7 MB
and execprog from 28 to 2 MB.
Move generated files to gen subdir. This allows to:
1. Rebuild init.go without rebuilding generated code.
2. Excluding generated files from gometalinter checking.
This makes faster and consume less memory.
Update #538
1. mmap all memory always, without explicit mmap calls in the program.
This makes lots of things much easier and removes lots of code.
Makes mmap not a special syscall and allows to fuzz without mmap enabled.
2. Change address assignment algorithm.
Current algorithm allocates unmapped addresses too frequently
and allows collisions between arguments of a single syscall.
The new algorithm analyzes actual allocations in the program
and places new arguments at unused locations.
This is mostly copied form linux.
We probably need better support for sharing descriptions
between multiple OSes. But there are lots of differences,
so this is not trivial.
