Split sockaddr_xdp for bind.
Bind accepts another sock_xdp in addr.
Without the split getsockaddr "can" create sock_xdp's
because it returns generic sockaddr which contains
all addresses, including sockaddr_xdp, which in turn
contains sock_xdp.
Currently a call that both accepts and creates a resource
self-justifies itself and thus is always enabled.
A good example is accept call. Accepts are always self-enable
and thus enable all other syscalls that work with the socket.
Calculate TransitivelyEnabledCalls in the opposite direction
to resolve this. Start with empty set of enable syscalls,
then enable syscalls that don't accept any resources,
then enable syscalls that accept resources created by the
previous batch of syscalls, and so on.
This prevents self-enablement of accept.
We did not handle quoted-printable because mime package handles it.
But we can have a non-mime email in quoted-printable.
Simply handle it always, it's not hard.
Currently host feature detection/setup code is spread
across platform-independent fuzzer code, pkg/host, pkg/ipc
and executor.
Move this all into pkg/host and show readable info
about features on manager start.
Fixes#46
Strictly saying, we may not get the connection when
the fuzzer process exits. The accepting goroutine
may have not been scheduled yet.
For the connection for up to 10 seconds.
We now check for manager-fuzzer-executor commit mismatch (see Manager.Check).
But in some cases commit mismatch is not detected gracefully, and instead
leads to panics in fuzzer. Namely, when -enabled_syscalls fuzzer flag includes
large syscalls numbers, so large that they are no present at all in the an old
revision that fuzzer uses, in such case fuzzer panics.
Notify manager about invalid calls instead.
Fixes#464
Currently one needs to switch between config_stub.go and prod
config back and forth on every deployment. This is very
inconvinient. Rework config, so that switching is not necessary.
bug.LastTime is updated on every crash, even if we don't save it.
As the result we did not save recent crashes for popular bugs at all.
Fix this by introducing bug.LastSavedCrash.
We see some crashes that suggest corruption of the syscall number:
invalid command number 1296 (errno 11)
invalid command number 107 (errno 110)
Make the table and the number constant to prevent corruption.
This will harden non-root programs from kernel side, but not
root-only ones. Helps also to increase coverage a bit since
syzkaller generates programs for both cases.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
