Currently we print them as part of `make genereate`,
but nobody reads them, too much output each time.
Don't print them in `make generate` and instead
print in syz-check, the warn files are a good mechanism
to handle "known warnings".
All callers of BitfieldMiddle just want static size (0 for middle).
Make it so: Size for middle bitfields just returns 0. Removes lots of if's.
Introduce Type.UnitSize, which now holds the underlying type for bitfields.
This will be needed to fix#1542 b/c even if UnitSize=4 for last bitfield
Size can be anywhere from 0 to 4 (not necessary equal to UnitSize due to overlapping).
We assumed that for ConstType alignment is equal to size,
which is perfectly reasonable for normal int8/16/32/64/ptr.
However, padding is also represented by ConstType of arbitrary size,
so if we added 157 bytes of padding that becomes alignment of
the padding field and as the result of the whole struct.
This affects very few structs, but quite radically and quite
important structs.
Discovered thanks to syz-check.
Update #590
Some sounds ioctls are now explicitly doubled for 32/64 bits. Support that.
Fix mips SOL_SOCKET issues by rearranging includes.
Improve few other fields.
syz-check parses vmlinux dwarf, extracts struct descriptions,
compares them with what we have (size, fields, alignment, etc)
and produces .warn files.
This is first raw version, it can be improved in a number of ways.
But it already helped to identify a critical issue #1542
and shows some wrong struct descriptions.
Update #590
This is not necessary since we build legit object file
for the target binary now. But this breaks mips with:
/linux/arch/mips/include/asm/thread_info.h:53:30: error: register name not specified for ‘__current_thread_info’
register struct thread_info *__current_thread_info __asm__("$28");
So just remove the old hack.
Follow up to #1536
This patch adds all autogenerated files for linux/mips64le. Files are
generated by following commands:
make extract
bin/syz-extract -build -os=linux -arch=mips64le -sourcedir=linux
make generate
Add tests for issue #1542
The correct results are obtained with the following program:
struct foo {
unsigned char f0;
unsigned int f1:4;
unsigned short f2:4;
};
struct bar {
char f0;
struct foo foo;
};
int main() {
struct bar y;
memset(&y, 0, sizeof(y));
y.f0 = 0x12;
y.foo.f0 = 0x34;
y.foo.f1 = 0x56;
y.foo.f2 = 0x78;
int i;
for (i = 0; i < sizeof(y); i++)
printf("%02x", ((unsigned char*)&y)[i]);
printf("\n");
}
1. It always crashed in cover_reset when coverage is disabled.
2. Use NONFAILING when accessing image segments.
3. Give it additional 100 ms as it may be slow.
4. Add a test for syz_mount_image.
This commit adds a new attribute to syzkaller targets that tells
syzkaller how to invoke the syz-executor command.
Some systems, like Fuchsia, are now building syz-executor as part of the
build, and there is no need to copy it over, or to run it from `/tmp`.
In fact, that might stop working at some time in the future in Fuchsia.
All places that used to copy syz-executor into the target machine will
now check for the SyzExecutorCmd flag, and won't copy it if the flag is
set.
Syzkaller binaries are built in C mode even if they are c++ binaries.
Recent clang version (clang++-10) consider this an error/warning,
causing issues during build time.
Change-Id: Ia6d1ab46597efc42772c1c7a63188c3c04a729a7
Enable /dev/tty{1-6}. These seem to be special.
Few first connected to framebuffers. But the rest
seem to be different from e.g. tty20 anyway.
Also /dev/tty is different from the rest.
/dev/ttyS3 and /dev/ttyprintk are different.
Properly pair BSD pty terminals.
Add a second mode that extracts constant values from
ELF object, instead of running the executable.
This allows to not (1) link binaries, (2) use proper cross-compiler.
It finally fixes 386/arm extracts for my distro.
Hopefully not makes things worse for others,
should generally be safer/more reliable.
The current mode is left b/c I can't test all OSes,
windows binaries are not ELF, so we may need it anyway.
But later we may switch more OSes to this new mode
if they break (fuchsia?).
On my Debian gcc -m32 is hopelessly broken.
Using clang fixes at least arch 386.
Arch arm is still broken b/c clang does not like
some of kernel arm inline assemly constraints.
It's /dev/watch_queue not /dev/fd_watch_queue.
Don't know if it was renamed, or alwys wrong, but does not matter much,
now it's /dev/watch_queue.
Also attach v4l ioctls to /dev/swradio,radio,vbi,cec.
It seems that _some_ of them are applicable to these devices as well.
Linux v5.5 extends struct clone_args for clone3() by two additional
parameters:
@set_tid: Pointer to an array of type *pid_t. The size
of the array is defined using @set_tid_size.
This array is used to select PIDs/TIDs for
newly created processes. The first element in
this defines the PID in the most nested PID
namespace. Each additional element in the array
defines the PID in the parent PID namespace of
the original PID namespace. If the array has
less entries than the number of currently
nested PID namespaces only the PIDs in the
corresponding namespaces are set.
@set_tid_size: This defines the size of the array referenced
in @set_tid. This cannot be larger than the
kernel's limit of nested PID namespaces.
Cc: Adrian Reber <areber@redhat.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Add new crypto algorithms from linux-next (future v5.5):
- BLAKE2b and BLAKE2s
- "-arm" implementations of ChaCha and XChaCha
- "-arm" and "-neon" implementations of Poly1305
Regenerate consts on linux-next next-20191125.
DEVLINK_ATTR_NETNS_* consts were chifted by 1.
__BPF_FUNC_MAX_ID increased as usual.
CRYPTO_ALG_TYPE_BLKCIPHER, CRYPTO_ALG_TYPE_ABLKCIPHER were removed,
replace them with CRYPTO_ALG_TYPE_SKCIPHER.
Move HostFuzzer from vm/qemu.
It's needed in a number of other packages
and strictly saying is not specific to qemu
(it just happened that both fuchsia and akaros only support qemu).
The port-based exception APIs have been deprecated on Fuchsia and will
be removed shortly. Delete them from the syscall definitions and
modify the Fuchsia executor to use the new channel-based APIs instead.
In case there is a fixed pci devlink handle "pci/pci/0000:00:10.0"
on the system (initial network namespace), it is moved to a working
network namespace.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Update #533
This patch update tca_polices by adding new polices TCA_POLICE_RATE64
and TCA_POLICE_PEAKRATE64
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Update #533
In this patch I added new classes: cake, cbs, fq_codel, mq, mqprio,
multiq, netem, prio, red, sfb, sfq, skbprio, taprio, tbf, ingress,
clsact.
These classes has Qdisc_class_ops in kernel, but no netlink parameters.
So we can testing them by just calling them directly.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Update #533
Don't know why I didn't add tcm__pad in tcm_info structure
at the begining. But let's fix it now.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
When generating a USB config, disable USB symbols that are disabled in the
base config, as they might have been enabled when some of the dependecies
got enabled.
Due to issues with ASLR + ASan on ppc64le (see #1446), add the -no-pie
flag to the test target so tests will pass.
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
It was reported that binder isn't covered when using syzkaller on a real
Android device, since the binder device names are different. Update the
descriptions to know about the real-world device names too.
- For v5.4: new ioctls FS_IOC_ADD_ENCRYPTION_KEY,
FS_IOC_REMOVE_ENCRYPTION_KEY, FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS,
FS_IOC_GET_ENCRYPTION_KEY_STATUS, and FS_IOC_GET_ENCRYPTION_POLICY_EX.
- For v5.4: FS_IOC_SET_ENCRYPTION_POLICY now accepts an
fscrypt_policy_v2 argument in addition to the original fscrypt_policy
which is now called fscrypt_policy_v1.
- For v5.4: the fscrypt definitions were moved to a new header
<linux/fscrypt.h>, and some constants were given new FSCRYPT_* names
instead of FS_*. Handle this, and to keep things organized similarly
move the syzkaller descriptions to a new file fscrypt.txt.
- For v5.0: remove the removed Speck modes and add Adiantum.
- For v5.0: add the DIRECT_KEY encryption policy flag.
Also fix the argument types for FS_IOC_GET_ENCRYPTION_POLICY and
FS_IOC_GET_ENCRYPTION_PWSALT, which had been mixed up.
The BPF template currently only defines helper calls. BPF function calls
(bpf-to-bpf calls) are however supported in Linux since v4.16.
This patch defines bpf-to-bpf calls in the template.
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
A new BPF instruction that allows lookup-free map value accesses was added
in Linux v5.2, with commit d8eca5b ("bpf: implement lookup-free direct
value access for maps"). It enables direct access to map values without
having to call a BPF helper. It is currently used to implement global
variable support.
This commit adds support for that new instruction.
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
bNumEndpoints is defined as len[endpoints]. This initially assumed that
endpoints is an array, which is not the case for descriptions for
particular USB classes. Improve it by defining a new template for interfaces
and passing in a value range for bNumEndpoints for these cases.
