* Revert "Revert "executor: add setuid sandbox for openbsd""
The problem is the low file descriptor limit.
This reverts commit 4093e33b13.
* executor/executor make sure the file descriptor limit is sufficient
Currently syz-runtest fails to start because -debug flag is defined
both in syz-runtest and ipcconfig.
But moving sandbox functions we prevent ipcconfig from being imported into syz-runtest.
Over time we relaxed parsing to handle all kinds of invalid programs
(excessive/missing args, wrong types, etc).
This is useful when reading old programs from corpus.
But this is harmful for e.g. reading test inputs as they can become arbitrary outdated.
For runtests which creates additional problem of executing not
what is actually written in the test (or at least what author meant).
Add strict parsing mode that does not tolerate any errors.
For now it just checks excessive syscall arguments.
Previously the config was generated directly, but testing multiple
configurations makes this cumbersome going forward. This makes
kernel_config a mandatory parameter.
This is needed for both tools/syz-db and tools/syz-trace2syz.
Also, remove code to resolve SHA1 collisions.
Also, don't set db version as we actually want to minimize
and smash these programs like anything else
(not minimizing nor smashing them is only useful during tool testing).
* build/openbsd: minor cleanup (use tuples instead of maps)
* Grammar nits in comments.
* Simplify openbsd.Create, will defer when there's more than one error exit.
* pkg/build: Support copying kernel into GCE image
* Simple test for openbsd image copy build.
* Cleanup in case something failed before.
* Support multi-processor VMs on GCE.
* More debug
* Reformat
* OpenBSD gce image needs to be raw.
* GC
* Force format to GNU directly on Go 1.10 or newer.
* Use vmType passed as a parameter inside openbsd.go
* gofmt
* more fmt
* Can't use GENERIC.mp just yet.
* capitalize
* Copyright
1. Use dashboard style.
2. Allow sorting of tables.
3. Show old crashes in grey.
4. Use tables instead of text output for more pages.
5. Show corpus inputs on a separate page to allow copy-pasting.
6. Use standard JS sorting instead of custom bubble sort (much faster).
7. Fix off-by one in table sorting.
Fixes#694
This patch add a new struct ProgInfo that for now holds info about each
call in a program []CallInfo, but in the future will be expanded with remote
coverage info. Update all the callers to use the new interface as well.
We started detecting all kernel reboots as corrupted,
because we considered that after any "Allocated" line
a stack trace should follow.
Kernel boot output now contains:
ima: Allocated hash algorithm: sha256
and there is no stack trace after that.
1. Refine stack trace regexps (we actually want to look for
"Allocated by task PID:" lines).
2. Don't check stacks if report format says that it
does not contain stacks.
Amusing that's another kernel failure mode that we are discovering after 3 years.
One can't even reliably understand when kernel has crashed.
I wonder if syzkaller never hit these, or just never recognized and reported them. We will see.
Don't even want to think about arm kernel output parsing.
* sys/fuchsia: update vmar syscalls.
In a previous zircon commit[0], the vmar related syscalls (like
`zx_vmar_map`, `zx_vmar_protect` and `zx_vmar_allocate`) changed the
order of their parameters, making putting the flags parameter as the
second parameter, and renaming it to "options".
This commit modifies vmars.txt so that it reflects the latest state of
the syscalls in zircon. I also modified the usage in
`executor/common_fuchsia.h`
I ran make extract, make generate and compiled syzkaller to test this
change.
[0]: https://fuchsia-review.googlesource.com/c/zircon/+/168060
* sys/fuchsia run make generate
This commit is just the result of running make generate after its
parent. This regenerates the definitions for the modified VMAR syscalls.
* pkg/compiler: Add error handler in `CollectUnused`.
This commit adds an error handler for the `CollectUnused` function. The
error handler just panics on any error, but is useful for debugging.
The error handler is used any time `comp` finds an error, and if it's
missing, it will panic due to a `nil` pointer dereference. At least now
we get a better understanding of the errors.
The only user of `CollectUnused` is `sys/fuchsia/fidlgen`, which is
failing now and will be fixed in a future commit.
The output message looks like this:
```
panic: could not collect unused nodes. fidl_net-stack.txt:110:15:
unknown type zx_chan_zircon_ethernet_Device_client
```
* pkg/compiler Better error handling in CollectUnused
This commit changes the default error handler for compiler to
`ast.LoggingHandler`, meaning that if `nil` is passed as an error
handler, `LoggingHandler` will be used instead.
`CollectUnused` now returns an error if any of the subfunctions produce errors.
`fidlgen` is the only caller of `CollectUnused`, and now checks for errors
as well.
* pkg/compiler Add tests for CollectUnused
This commit adds basic tests for the CollectUnused function. There's one
test that checks that it returns the right nodes, and another one that
makes sure that it returns errors when needed.
To make the test clearer, I had to add the error handler as an explicit
parameter in `CollectUnunsed`, instead of using the default one. This
avoid printing garbage in the logs. The `TestCollectUnusedError` function
uses a nopErrorHandler to avoid printing anything.
* pkg/compiler fix presubmit warnings
Squash of:
* Doc typo
* Ported some tun related functions.
* Copy vnet.txt from linux to openbsd.
* Simplified syz_emit_ethernet and stubbed out vnet.txt.
* Undo clang-format header sorting: headers are order sensitive.
* Uniquify tap devices by pid.
* clang-format off for includes
* Happier clang-format.
* Partially revert "Uniquify tap devices by pid."
Just rely on procid magic instead of getting it from a flag.
We can't cross-compile native binaries from just any OS to any other.
For most OSes we can do only native compilation.
Some can only be compiled from linux.
To date we avoided this problem completely (mostly assumed linux build OS).
Make this notion of what can build what explicit.
SSH keys are now included at the fx clean-build config.
A proper escape sequence looked weird so use a string literal to pass
that config.
Fixed some typos I found while debugging.
Hey--so I *don't* know a particularly efficient way to test syz-ci right
now.
There's no good config I can find for just running it locally, and I
couldn't find any good unit tests for this function in particular, and
running it manually on a ci server isn't super-appealing since I'd have
to clobber the configuration there to point to my repo instead of the
canonical repo, pull from there, etc.
Do you have any good ideas for testing this before it rolls out? In
particular I want the invocation to look exactly like:
./scripts/fx set x64 --packages garnet/packages/products/sshd --args 'extra_authorized_keys_file="//.ssh/authorized_keys"'
I thought I'd escaped it properly last time, but, since I couldn't test
it, clearly I goofed. I *think* this does the right thing but I'd love
a sanity check. Thanks!
* Needed to clean out the build on the main host. We switched to a
"petal" layout which required a complete rebuild.
* Update SSH interface. SSH keys have to be set at buildtime via
--args.
* Update fvm.blk location.
Sometimes the reorder_kernel error message is truncated causing the current
ignore pattern to fail. Instead, simply reject all lines containing
`reorder_kernel' in order to reduce noisy crash reports.
reportPrefixLen can become wrong after symbolization
if we symbolize any lines in the prefix.
Adjust reportPrefixLen during symbolization.
Automatic testing of this is problematic
because we would need to symbolize which requires
the object file with debug info.
Tested manually with syz-symbolize.
We don't need consistent image after reboot since we always reimage.
We know of some use cases that don't use journalling, but don't know
of any that use journalling.
My test harness for this code performed some steps that are not
performed when syz-executor is invoked directy.
Specifcally, we need to operate from a directory under /data/data,
and have the correct UID/GID set as the owner of the directory.
My test harness now correctly sets these, all sandbox operations
succeed, and loop() is invoked.
OpenBSD does not use "first line is title" convention,
so test that this is parsed properly.
Also test that multi-line fix/dup commands are properly parsed.
