Commit Graph

4468 Commits

Author SHA1 Message Date
Dmitry Vyukov
46869e3ee2 pkg/csource: detect common mistakes in the common executor header 2019-11-28 10:30:27 +01:00
Jiri Pirko
97264cb1f3 executor: Add debug message in case devlink namespace move fails
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
2019-11-28 10:10:57 +01:00
Jiri Pirko
e8c04ab052 executor: Fix value of DEVLINK_ATTR_NETNS_FD
During kernel -net and -next-next trees merge, the value got moved.
Fix it.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
2019-11-28 10:10:57 +01:00
Shiyu Sun
d496d44718 sys/windows/sys.txt: use bool32 instead of int32[0:1] 2019-11-28 10:01:41 +01:00
Shiyu Sun
ba2dd280e6 sys/linux/socket.txt: add more description for socket ioctls 2019-11-28 10:01:41 +01:00
Shiyu Sun
2e2ab0c725 sys/linux: more update to current linux-next 2019-11-28 10:01:41 +01:00
Dmitry Vyukov
861a5980df dashboard/config: disable CONFIG_DEBUG_INFO_BTF
CONFIG_DEBUG_INFO_BTF started breaking build,
see details in add comments.
2019-11-28 09:32:06 +01:00
Dmitry Vyukov
0d63f89cab syz-ci: allow enabling bisect cause and fix jobs separately
Some backport-only kernels may only be interested in fix bisections.
Allow enabling these separately.
2019-11-27 16:40:04 +01:00
Dmitry Vyukov
4cea005389 syz-ci: TODO 2019-11-27 14:26:14 +01:00
Dmitry Vyukov
6f7be11fa1 dashboard/app: don't report bisections pointing to release commits
They should have been detected by "same binary" logic.
But the problem is that we may use different compilers
for different commits and they switch exactly at release commits.
So we can build the release with a differnet compiler than the
rest of commits and then obviously it won't be "same binary".
Detect release commits separately.

Update #1271
2019-11-27 14:05:14 +01:00
Dmitry Vyukov
9f5fd6fe1a pkg/bisect: fix some off-by-ones
3/4 added tests currently fail.
The problem is that we don't collect results
from initial bisection range detection.
As the result we won't detect "same binary"
for release and first commit in a release.

Update #1271
2019-11-27 12:37:52 +01:00
Andrei Vagin
5a38f3f066 sys/linux: describe PTRACE_PEEKSIGINFO
Signed-off-by: Andrei Vagin <avagin@gmail.com>
2019-11-27 09:35:58 +01:00
Dmitry Vyukov
1048481f27 prog: extend panic messages
We see this panic firing sometimes. Print the actual arg.
2019-11-26 14:29:58 +01:00
Dmitry Vyukov
dfb91eacc4 pkg/ipc: fix potential nil deref
We've got the following crash:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x7d30ba]
goroutine 75 [running]:
github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc000c68cb0, 0xc0001a4d20, 0xc00147a000, 0x1f28, 0x200000, 0x0, 0x0, 0xc00170a000, 0x1000000, 0x1000000, ...)
        /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:783 +0x7ca
github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc0002de240, 0xc0001a4d20, 0xc016c2f440, 0x11, 0xc00019c7e0, 0x40, 0x1, 0xc016b6f590, 0x30, 0xc01615cc40)
        /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:280 +0x104
main.(*Proc).executeRaw(0xc0012a45c0, 0xc0001a4d20, 0xc016c2f440, 0x1, 0x0)
        /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x1f3
main.(*Proc).execute(0xc0012a45c0, 0xc0001a4d20, 0xc016c2f440, 0x0, 0x1, 0x1)
        /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x6a
main.(*Proc).loop(0xc0012a45c0)
        /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:101 +0x4df
created by main.main
        /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x1153

err can be nil even if hang=true in case of a narrow race:
we decided to kill the process, but it finished successfully meanwhile.
2019-11-26 14:16:57 +01:00
Christian Brauner
bc992c0ee4 sys/linux: add new arguments to struct clone_args for clone3()
Linux v5.5 extends struct clone_args for clone3() by two additional
parameters:

@set_tid:      Pointer to an array of type *pid_t. The size
               of the array is defined using @set_tid_size.
               This array is used to select PIDs/TIDs for
               newly created processes. The first element in
               this defines the PID in the most nested PID
               namespace. Each additional element in the array
               defines the PID in the parent PID namespace of
               the original PID namespace. If the array has
               less entries than the number of currently
               nested PID namespaces only the PIDs in the
               corresponding namespaces are set.
@set_tid_size: This defines the size of the array referenced
               in @set_tid. This cannot be larger than the
               kernel's limit of nested PID namespaces.

Cc: Adrian Reber <areber@redhat.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-11-26 13:07:43 +01:00
Eric Biggers
f72ffd024d sys/linux/fscrypt.txt: add FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64
This flag is new in 5.5.

Also add a link to the fscrypt API documentation.
2019-11-26 11:34:30 +01:00
Andrei Vagin
2649e7ccc4 Call initialize_devlink_ports only when a device has been created
gVisor doesn't support netdevsim and NETLINK_GENERIC and
without this fix, sys-executor always fails:

E openat(AT_FDCWD, /sys/bus/netdevsim/new_device, ...)
X openat(AT_FDCWD, /sys/bus/netdevsim/new_device, ...) = 0x0 errno=2
E socket(AF_NETLINK, SOCK_RAW|0x0, NETLINK_GENERIC)
X socket(AF_NETLINK, SOCK_RAW|0x0, NETLINK_GENERIC) = 0x0 errno=93
E write(0x2 host:[3], "socket(AF_NETLINK) failed\n", 0x1a)
X write(0x2 host:[3], ..., 0x1a) = 0x1a (2.767µs)
E write(0x2 host:[3], " (errno 93)\n", 0xc)
X write(0x2 host:[3], ..., 0xc) = 0xc (2.729µs)
E exit_group(0x43)
X exit_group(0x43) = 0x0 (900ns)

Cc: Jiri Pirko <jiri@mellanox.com>
Fixes: f350e2dc1f ("executor: rename devlink port netdevices to defined names")
Signed-off-by: Andrei Vagin <avagin@google.com>
2019-11-26 10:07:31 +01:00
Eric Biggers
f746151a93 sys/linux/init_alg.go: add new algorithms
Add new crypto algorithms from linux-next (future v5.5):

- BLAKE2b and BLAKE2s
- "-arm" implementations of ChaCha and XChaCha
- "-arm" and "-neon" implementations of Poly1305
2019-11-25 20:23:10 +01:00
Dmitry Vyukov
6bfd3dd23b sys/linux: update to current linux-next
Regenerate consts on linux-next next-20191125.
DEVLINK_ATTR_NETNS_* consts were chifted by 1.
__BPF_FUNC_MAX_ID increased as usual.
CRYPTO_ALG_TYPE_BLKCIPHER, CRYPTO_ALG_TYPE_ABLKCIPHER were removed,
replace them with CRYPTO_ALG_TYPE_SKCIPHER.
2019-11-25 14:30:28 +01:00
Dmitry Vyukov
371caf7733 pkg/build: make linux implement binary signer
We were almost there...

Update #1271
2019-11-25 10:29:35 +01:00
Shiyu Sun
598ca6c8b8 docs:update syscall_descriptions.md
Add detailed instructions to run syz-extract
2019-11-22 09:42:11 +01:00
Dmitry Vyukov
0199dc9d8c sys/linux: add a NEED comment 2019-11-22 09:40:46 +01:00
Denis Efremov
e89749efe8 sys/linux: run "make generate" for smack
Signed-off-by: Denis Efremov <efremov@linux.com>
2019-11-22 09:14:41 +01:00
Denis Efremov
dd653133d5 sys/linux: extract constants for smack.txt
Signed-off-by: Denis Efremov <efremov@linux.com>
2019-11-22 09:14:41 +01:00
Denis Efremov
159175a74a sys/linux: update smack descriptions
Add descriptions for /sys/fs/smackfs/* interfaces.

Signed-off-by: Denis Efremov <efremov@linux.com>
2019-11-22 09:14:41 +01:00
Shiyu Sun
8098ea0f33 docs: update syscall_descriptions.md and contributing.md
Add suggestions for running make install_prerequisites.
2019-11-20 09:54:55 +01:00
Dmitry Vyukov
12be8ffc87
docs: clarify what tree should be used for make extract
Clarify what tree should be used for make extract for Linux.
2019-11-20 09:41:50 +01:00
Matthew Dempsky
f4b7ed0781 tools/fuchsia: remove custom Go toolchain scripts
These used to be required to build Fuchsia's Go toolchain to build
syz-fuzzer to run on Fuchsia. However, Fuchsia now uses HostFuzzer
mode, so only syz-executor (written in C) needs to run on Fuchsia; all
Go code runs on the Host OS (currently Linux).
2019-11-19 17:20:14 -08:00
Andrey Konovalov
b7a277d2ba executor: extend USB debug messages
When USB_DEBUG is enabled, syzkaller crashes on unknown USB requests.
This helps to find missing descriptions for particular USB classes.
2019-11-19 15:33:25 +01:00
Denis Efremov
e9c47538a4 executor: add missing includes
stdbool.h is required by initialize_devlink_ports(): true define.
fcntl.h is required by initialize_devlink_pci(): O_RDONLY define.

Signed-off-by: Denis Efremov <efremov@linux.com>
2019-11-19 11:38:19 +01:00
Jann Horn
432c7650d5 pkg/report: generalize general protection fault pattern
An upcoming patch for Linux will change the error reporting pattern for
general protection faults such that the colon doesn't necessarily come
immediately after the string "general protection fault" (see
https://lore.kernel.org/lkml/20191118142144.GC6363@zn.tnic/).
Change the pattern in syzkaller before that happens.

Note that this is not necessarily the final format; in particular, the
ordering of the KASAN note and the "general protection fault" line might
swap.
2019-11-19 08:07:30 +01:00
Dmitry Vyukov
5bc702124e pkg/bisect: add more logging for build signatures
It seems that some signatures that should be equal are not
(or something else is going on). Add some logging for transparency.
2019-11-18 18:23:01 +01:00
Dmitry Vyukov
b436ffb77d pkg/build: produce more deterministic linux binaries
There are few more dynamic variables related to kernel release tagging.
Set these to known deterministic values.
2019-11-18 17:39:09 +01:00
Shiyu Sun
1daed50ac3 docs: update syscall_descriptions.md
Clarify that 'make generate' should update syscall description
revision.
2019-11-18 09:15:26 +01:00
Dmitry Vyukov
d5696d5192 pkg/ipc: always chmod the work dir
There is little reason in not doing the chown for sandbox=none.
Simpler and can actually increase coverage if the test program
setuid's itself (since it's root under sandbox=none).
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
8825ff8ff2 pkg/runtest: shrink if condition 2019-11-16 09:58:54 +01:00
Dmitry Vyukov
587cec15e2 pkg/host: add Features.Supported
To reduce diff in future changes. Currently no-op.
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
a129861adb pkg/ipc: move target characteristics out of config flags
They don't belong there, executor does not know about them.
In preparation for future changes.
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
aa27601f9e pkg/host: rename some features
Rename some features in preparation for subsequent changes
which will align names across the code base.
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
157653cfe7 pkg/csource: rename some options
Rename some options in preparation for subsequent changes
which will align names across the code base.
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
690740b4a4 executor: refactor sandbox flags
In preparation for future changes.
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
a6e3054436 executor: rename some macros
Rename some macros in preparation for subsequent changes
which will align names across the code base.
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
ca13dd2ab5 pkg/csoruce: test that executor does not mis-spell any of the SYZ_* macros 2019-11-16 09:58:54 +01:00
Dmitry Vyukov
2ac1d00f55 executor: rename some flags
Rename some flags in preparation for subsequent changes
which will align names across the code base.
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
531b5368e2 executor: remove pointless macro checks
common_bsd.h is used for 3 OSes, so checking if it's
any of these 3 OSes is pointless. Remove these checks.
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
8d85129b3c pkg/host: split files into syscalls/features
pkg/host does 2 things: detects supported syscalls and supported features.
There is enough code for each for a separate file.
2019-11-16 09:58:54 +01:00
Dmitry Vyukov
b5c36524a2 sys/targets: add HostFuzzer flag
Move HostFuzzer from vm/qemu.
It's needed in a number of other packages
and strictly saying is not specific to qemu
(it just happened that both fuchsia and akaros only support qemu).
2019-11-16 09:58:54 +01:00
Jiri Pirko
cdac920beb executor: consider NLMSG_DONE type in netlink_send_ext()
In case the dump is empty, NLMSG_DONE type message is received from
kernel right away. Count with this and return 0. Set the reply_len to 0.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Fixes: f350e2dc1f ("executor: rename devlink port netdevices to defined names")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
2019-11-15 15:58:48 +01:00
Andrey Konovalov
90f3b019e4 executor, pkg/host: update usb raw-gadget interface
The patches are being upstreamed and the interface has changed.
2019-11-15 14:53:30 +01:00
Andrey Konovalov
be7a4ab6d8 tools/syz-usbgen: update patch to dump usb ids
The patch doesn't properly work on some kernels, some ids might not be printed.
2019-11-15 14:45:46 +01:00