Yet another root only knob that can cause the syz-execprog process to
panic[1]. Greg is currently working on sanitizing sysctl integer knobs
in the OpenBSD kernel. This will improve the situation but preventing
fiddling with this knob is a good call anyway.
While here, restructure the code a bit making it easier to add sysctl
neutralizers.
[1] https://syzkaller.appspot.com/bug?id=40bcbbeb244998dfc4eeec90b8f8bce372882211
We generally use the newer C99 var declarations combined with initialization because:
- declarations are more local, reduced scope
- fewer lines of code
- less potential for using uninit vars and other bugs
However, we have some relic code from times when we did not understand
if we need to stick with C89 or not. Also some external contributions
that don't follow style around.
Add a static check for C89-style declarations and fix existing precedents.
Akaros toolchain uses -std=gnu89 (or something) and does not allow
variable declarations inside of for init statement. And we can't switch
it to -std=c99 because Akaros headers are C89 themselves.
So in common.h we need to declare loop counters outside of for.
We now have 8 arches for Linux and .const files
produce lots of noise in PRs and lots of diffs.
If 3 .txt files are touched, the PR will have 24 .const files,
which will be intermixed with .txt files.
Frequently const values are equal across arches,
and even if they don't spreading a single value
across 8 files is inconvinient.
Merge all 8 *_arch.const files into a single .const file.
See the test for details of the new format.
The old format is still parsed for now,
we can't update all OSes at once.
For Linux this reduces number of const files/lines
from 1288/96599 to 158/11603.
Fixes#1983
With commit 50e21c6be6188f42 ("executor/linux: dump mount information when
failed to open kcov file"), we got an unexpected result.
/sys/kernel/ does not exist despite /sys/ exists.
/proc/mounts cannot be opened despite /proc/ exists.
If sysfs is not mounted on /sys/ and proc is not mounted on /proc/ ,
maybe other filesystems (e.g. devtmpfs, cgroup) are not mounted as well.
Let's dump "/", "/proc/" and "/sys/", and then mount /proc/ and dump /proc/mounts .
Commit 43f1389ddccb58a4 ("Makefile: enable clang-tidy in presubmit tests")
added clang-tidy to only tools/docker/env/Dockerfile file. We should try to
explicitly install clang-tidy in Makefile for those who don't use docker.
/bin/sh: 1: clang-tidy: not found
(...snipped...)
Makefile:250: recipe for target 'tidy' failed
make[2]: *** [tidy] Error 127
make[2]: *** Waiting for unfinished jobs....
(...snipped...)
Makefile:269: recipe for target 'presubmit_smoke' failed
make[1]: *** [presubmit_smoke] Error 2
Makefile:264: recipe for target 'presubmit' failed
make: *** [presubmit] Error 2
There are many "lost connection to test machine (5)" reports where the
testing terminated due to ENOENT upon open("/sys/kernel/debug/kcov").
Since some testcase might be unintendedly modifying mount information,
let's start from checking whether/how mount is broken.
This commit might be reverted after the cause is identified and fixed.
freebsd/386 requires a non-default DataOffset value. Since it is
currently the only platform with this constraint, just add a special
case for that when initializing target parameters.
We added initialize_vhci to all sandboxes so that we don't have
unused function warnings. We assumed it will fail silently,
but it fails loudly and crashes the whole machine on init,
so no fuzzing can happen with sandboxes other than none.
Initialize vhci earlier while we still have CAP_ADMIN.
As a nice side effect we now don't need to use syz_init_net_socket.
syz-executor uses a heuristic to help fail closed if an invalid access
might corrupt the output region. This heuristic fails on FreeBSD, where
SIGBUS is delievered with si_addr equal to address of the faulting
instruction, rather than 0 when the fault address cannot be determined
(e.g., an amd64 protection fault). Always handle SIGBUS quietly on
FreeBSD.
This fixes pkg/runtest tests for sys/test/test/nonfailing.
We've had some problems where the default SYZ_DATA_OFFSET collides with
a mapping created by the C runtime. MAP_EXCL ensures that mmap() will
fail in this case, so such problems become a bit easier to diagnose.
This commit includes the following changes:
* executor: add a new syz_btf_id_by_name psuedo-syscall
* sys/linux: add descriptions for BPF LSM subsystem
* sys/linux: add instructions on how to dump vmlinux and install
bpftool
* sys/linux/test: add tests for the new psuedo-syscall
* pkg/host: add support detection for the new psuedo-syscall
* pkg/runtest: skip the coverage test when invoking the new
psuedo-syscall
Update #533.
Move the test from pkg/csource to executor/
in order to be able to (1) run it on *.cc files,
(2) run on unprocessed *.h files, (3) produce line numbers.
Add a check for missed space after //.
Regression introduced in commit cb93dc6a ("pkg/report: flag short
uvm_fault reports as corrupted") causing some valid reports to be
flagged as corrupted.
This reverts commit 02034dac31a9c4dfecfa163f445ef1921c442268.
It seems that the new IRQ state tracking code that just landed in the
kernel breaks KCSAN more severely than I thought. Let disable lockdep
with KCSAN again until it is properly fixed.
We currently check from github.event.pull_request.base.sha
to github.event.pull_request.head.sha, but they may be in
different branches if the PR commits are branched not from
the latest master HEAD (at the time of PR creation).
Then GH will create a merge commit, and the range we try
to check is not valid.
Check github.event.pull_request.commits commits backwards
from github.event.pull_request.head.sha commit.
Use a map: (string => func) instead of a switch for pseudo-syscalls
names. This reduces isSupportedSyzkall() cyclomatic complexity and
makes the linter happy.
In the KCSAN config, enable KCSAN_VERBOSE to generate better reports,
that include the locks held and the IRQ trace events for each thread.
The option requires PROVE_LOCKING, which comes with some performance
cost.
1. We don't generally use /* */ block comments,
few precedents we have are inconsistent with the rest of the code.
2. pkg/csource does not strip them from the resulting code.
Remove the cases we have and add a test to prevent new ones being added.
If a resource is never used as an input, it is not useful.
It's effectively the same as using an integer.
Detect such cases, they are quite confusing.
Fix all existing errors in descriptions.
This uncovered some interesting bugs as well,
e.g. use of a completely unrelated fd subtype after copy-paste
(while the resource that was supposed to be used there is completely unused).
