Commit Graph

4450 Commits

Author SHA1 Message Date
Dmitry Vyukov
61f4e7ee54 tools/syz-check: check amd64 and 386 at the same time
Update #590
2019-12-22 19:34:12 +01:00
Dmitry Vyukov
8b96726707 sys/linux: fix warnings in template definition
Update #590
2019-12-22 11:39:02 +01:00
Dmitry Vyukov
c5907f7c7a tools/syz-check: check templates
Also rename some netfilter types to eliminate massive amounts of template warnings.

Update #590
2019-12-22 11:19:49 +01:00
Dmitry Vyukov
1461be9d82 tools/syz-check: add some TODOs 2019-12-22 10:15:24 +01:00
Dmitry Vyukov
9b81e6bdb8 sys/linux: fix warning in dev_video4linux.txt
Update #590
2019-12-22 10:15:24 +01:00
Dmitry Vyukov
8fecec2eb0 sys/linux: another batch of warning fixes
The only remaining part now is dev_video4linux.txt

Update #590
2019-12-22 09:29:44 +01:00
Dmitry Vyukov
bfdfc2603c prog: don't fail decoding on non-default out args
We get them in cross-compilation test where an out const
arg has different values in different archs.
No reason to fail deserialization in that case, replace with default
arg instead.
2019-12-21 14:53:37 +01:00
Dmitry Vyukov
bc5869180f sys/linux: fix 240 warnings in descriptions
Sweeping fix of everything up to socket_netlink_route.txt.

Update #590
2019-12-20 16:45:35 +01:00
Dmitry Vyukov
f83f92fd5e tools/syz-check: inject description compilation warnings
Currently we print them as part of `make genereate`,
but nobody reads them, too much output each time.
Don't print them in `make generate` and instead
print in syz-check, the warn files are a good mechanism
to handle "known warnings".
2019-12-20 16:45:34 +01:00
Dmitry Vyukov
ae5ed0b140 pkg/compiler: fix bitfield layout bug
Fixes #1542

Found thanks to syz-check. Update #590
2019-12-20 16:45:34 +01:00
Dmitry Vyukov
4bba9fd162 pkg/compiler: fix alignment of string-formatted values
We used size as alignment, this is very wrong.

Found thanks to syz-check. Update #590
2019-12-20 16:45:34 +01:00
Dmitry Vyukov
5655dc58a9 executor: make syz_compare output more handy to use 2019-12-20 16:45:33 +01:00
Dmitry Vyukov
08f0467614 sys/test: and another set of bitfield tests
Just trying to get my head around it (and fix this in tests).

Update #1542
2019-12-20 16:45:33 +01:00
Dmitry Vyukov
9be5bbcf09 pkg/compiler: refactor struct layout
Combine markBitfields and addAlignment functions.
Fixing #1542 will require doing both at the same time,
they are not really independent.
Also remove the special case for packed structs,
pad them as part of the common procedure.
No functional changes.
2019-12-20 16:45:33 +01:00
Jouni Hogander
aa56acc6b7 pkg/cover: Fix PreviousInstructionPC for MIPS64LE
PC from the target is address of "jal __sanitizer_cov_trace_pc" + 8.
E.g. case below has address ffffffff80b4eec4 in PC

ffffffff80b4eebc:       jal     ffffffff80232080 <__sanitizer_cov_trace_pc>
ffffffff80b4eec0:       nop
ffffffff80b4eec4:       move    a1,s0
2019-12-20 15:07:10 +01:00
Andrey Konovalov
34011c05c4
Update setup_linux-host_qemu-vm_arm64-kernel.md 2019-12-20 13:58:14 +01:00
Dmitry Vyukov
e30cbdae48 sys/test: and another bitfield test
Just trying to get my head around it (and fix this in tests).

Update #1542
2019-12-19 20:00:44 +01:00
Dmitry Vyukov
20c6855484 prog: refactor bitfields representation
All callers of BitfieldMiddle just want static size (0 for middle).
Make it so: Size for middle bitfields just returns 0. Removes lots of if's.
Introduce Type.UnitSize, which now holds the underlying type for bitfields.
This will be needed to fix #1542 b/c even if UnitSize=4 for last bitfield
Size can be anywhere from 0 to 4 (not necessary equal to UnitSize due to overlapping).
2019-12-19 19:32:45 +01:00
Dmitry Vyukov
af9047c60a sys/linux: prohibit TIOCSSERIAL
Replace TIOCSSERIAL with TIOCGSERIAL.
TIOCSSERIAL can do nasty things under root, like causing writes to random memory
pretty much like /dev/mem, but this is also working as intended.
For details see:
https://groups.google.com/g/syzkaller-bugs/c/1rVENJf9P4U/m/QtGpapRxAgAJ
https://syzkaller.appspot.com/bug?extid=f4f1e871965064ae689e
TODO: TIOCSSERIAL does some other things that are not dangerous
and would be nice to test, if/when we can sanitize based on sandbox value
we could prohibit it only under sandbox=none.
2019-12-19 19:32:45 +01:00
Andrey Konovalov
fa392d3014 tools/create-image.sh: install tcpdump
It's quite useful for debugging network related stuff.
2019-12-19 18:52:51 +01:00
Andrey Konovalov
36650b4b2c
Update external_fuzzing_usb.md 2019-12-19 14:25:37 +01:00
Andrey Konovalov
a3bceb3706
Update external_fuzzing_usb.md 2019-12-19 14:24:17 +01:00
Dmitry Vyukov
79b211f74b sys/linux: fix caps test for new descriptions 2019-12-18 17:34:36 +01:00
Dmitry Vyukov
52395b6ee8 sys/test: add few other tests for tricky bitfields
Update #1542
2019-12-18 16:42:17 +01:00
Dmitry Vyukov
6a19144a4d pkg/ipc: don't use rate limiting for test os
It's not needed for test os and slows down pkg/runtest tests.
2019-12-18 16:35:53 +01:00
Dmitry Vyukov
73c3845438 pkg/compiler: fix incorrect alignment calculation for padding
We assumed that for ConstType alignment is equal to size,
which is perfectly reasonable for normal int8/16/32/64/ptr.
However, padding is also represented by ConstType of arbitrary size,
so if we added 157 bytes of padding that becomes alignment of
the padding field and as the result of the whole struct.
This affects very few structs, but quite radically and quite
important structs.

Discovered thanks to syz-check.

Update #590
2019-12-18 14:44:12 +01:00
Dmitry Vyukov
42dc692776 sys/linux: another batch of syz-check fixes
Update #590
2019-12-18 14:38:24 +01:00
Dmitry Vyukov
fa33c32796 tools/syz-check: don't print our/kernel field name twice if equal 2019-12-18 12:04:56 +01:00
Dmitry Vyukov
82b3c9dfee sys/linux: fix few bugs
Fix some descirptions disperancies with kernel and regenerate warnings on next-20191218.
2019-12-18 12:00:12 +01:00
Dmitry Vyukov
6462728414 tools/syz-check: print descriptions compilation errors
If one changes descriptions concurrently with re-running syz-check,
it's likely something won't compile first time. Print errors.
2019-12-18 11:58:49 +01:00
Dmitry Vyukov
240ba66ba8 dashboard/config: update upstream-kasan.config to next-20191218 2019-12-18 11:27:18 +01:00
Dmitry Vyukov
1b49002e79 tools/syz-check: don't print line numbers for warnings
Line numbers create huge diffs when lines change slightly.
That's very unhandy b/c we want to look at added/removed warnings.
2019-12-18 10:50:24 +01:00
Dmitry Vyukov
2f68adff0b sys/linux: support new split sound ioctls
Some sounds ioctls are now explicitly doubled for 32/64 bits. Support that.
Fix mips SOL_SOCKET issues by rearranging includes.
Improve few other fields.
2019-12-18 10:50:24 +01:00
Dmitry Vyukov
0d635f1100 sys/syz-extract: print less output
Don't print every file if extraction is successful.
This makes seeing errors harder as output for each arch takes
more than a single screen.
2019-12-18 10:50:21 +01:00
Dmitry Vyukov
8ab1308e06 pkg/gce: fix creation of non-preemptible E2 instances 2019-12-18 09:11:16 +01:00
Andrey Konovalov
f2fe0772a9 sys/linux: various descriptions fixes 2019-12-18 07:48:36 +01:00
Dmitry Vyukov
64ca0a3711 tools/syz-check: add description checking utility
syz-check parses vmlinux dwarf, extracts struct descriptions,
compares them with what we have (size, fields, alignment, etc)
and produces .warn files.
This is first raw version, it can be improved in a number of ways.
But it already helped to identify a critical issue #1542
and shows some wrong struct descriptions.

Update #590
2019-12-17 19:03:39 +01:00
Dmitry Vyukov
f950e82d47 prog: export RestoreLinks function
Allows to use compiled descriptions.
Will be useful for static checking utility.
2019-12-17 19:03:39 +01:00
Andrey Konovalov
a6bc9c88b9 dashboard/config: update USB config extraction
Currently the config extraction script can produce an incorrect result, when
one of the configs enables a particular config option, but some other one
doesn't. This change fixes the issue.
2019-12-17 16:27:24 +01:00
Siddharth Muralee
1af3875f3f pkg/build: Fix always true case 2019-12-17 15:02:51 +01:00
Dmitry Vyukov
7b9de469e6 sys/linux: regenerate consts
Regenerate on next-20191217.
Rename s/VMADDR_CID_RESERVED/VMADDR_CID_LOCAL/ as it was renamed in kernel.
2019-12-17 11:21:45 +01:00
Dmitry Vyukov
17273b73d6 sys/syz-extract: don't redefine __asm__ in ELF mode
This is not necessary since we build legit object file
for the target binary now. But this breaks mips with:

/linux/arch/mips/include/asm/thread_info.h:53:30: error: register name not specified for ‘__current_thread_info’
 register struct thread_info *__current_thread_info __asm__("$28");

So just remove the old hack.

Follow up to #1536
2019-12-17 11:15:08 +01:00
Jouni Hogander
2b31345f36 Autogenerated files for linux/mips64le
This patch adds all autogenerated files for linux/mips64le. Files are
generated by following commands:

make extract
bin/syz-extract -build -os=linux -arch=mips64le -sourcedir=linux
make generate
2019-12-17 11:10:52 +01:00
Jouni Hogander
24856513b2 sys/syz-extract: Add mips64le specific include paths
Couple of include paths are needed for syz-extract to work for
mips64ler2.
2019-12-17 11:10:52 +01:00
Jouni Hogander
07bfd71dac Implement basic support for MIPS64LE
Add basic stuff to enable MIPS64ELR2 target:
 - build
 - make extract
 - make generate
 - qemu execution
 - system call parsing from /proc/kallsyms
2019-12-17 11:10:52 +01:00
Dmitry Vyukov
d13d795888 tools/syz-runtest: debug all programs in debug mode 2019-12-16 19:37:38 +01:00
Dmitry Vyukov
f9ae583e77 executor: fix FUTEX_WAKE call
Amusingly we never passed number of threads to wake for FUTEX_WAKE.
It somehow worked reliably on linux (we just needed it to not be 0,
so presumably garbage in registers did it).
However, in gVisor every other syscall wasn't even started
(first syscall on a thread started, but second on the same worker
thread wasn't unable to start).
2019-12-16 19:37:38 +01:00
Dmitry Vyukov
f5963ab6ed sys/linux: add a test that files are writable 2019-12-16 19:37:38 +01:00
Andrey Konovalov
b80769fcdd dashboard/config: disable magic sysrq by default
Also don't try to enable GadgetFS, as it can't be enabled with Raw Gadget.
2019-12-16 16:49:11 +01:00
Andrey Konovalov
0ae38e4489 sys/linux: minor improvements for USB descriptions
1. Define endpoint maxpacket as flags with a few valid values.

2. Define bits of bmNetworkCapabilities.
2019-12-16 09:28:02 +01:00