Currently we only generate either valid user-space pointers or NULL.
Extend NULL to a set of special pointers that we will use in programs.
All targets now contain 3 special values:
- NULL
- 0xfffffffffffffff (invalid kernel pointer)
- 0x999999999999999 (non-canonical address)
Each target can add additional special pointers on top of this.
Also generate NULL/special pointers for non-opt ptr's.
This restriction was always too restrictive. We may want to generate
them with very low probability, but we do want to generate them.
Also change pointers to NULL/special during mutation
(but still not in the opposite direction).
TestSerializeDeserializeRandom fails from time to time
because program is different after we serialize/deserialize it.
Turns out openbsd SanitizeCall is not idempotent.
Add a test for this and disable the logic for now.
* create a response handle structure for each FIDL method
* generate zx_channel_write for requests having no response
* generate zx_channel_read for events (no request but just response)
* translate FIDL union types to syzkaller union types
(see fuchsia_io_ObjectInfoHandles)
We forgot to mount binfmt_misc. Mount it. Add a test.
Increase per-call timeout, otherwise last execve timesout.
Fix csource waiting for call completion at the end of program.
Support checking "blocked"/"unfinished" flags for calls.
Support test constanints, e.g. "requires: threaded" or "requires: -sandbox=setuid".
Some improvements in tools/syz-runtest.
Update #603
If the test process is not dying after 100ms,
abort all fuse connections in the system.
This gets rid at least of simple fuse deadlocks,
let's see how well this works in all cases.
The tool is run as:
$ syz-runtest -config manager.config
This runs all programs from sys/*/test/* in different modes
on actual VMs and checks results.
Fixes#603
Add syz_errno syscall which sets errno to the argument,
and add a test with different errno values.
This mostly tests the testing infrastructure itself.
Add syz_compare syscall which compare two blobs,
this can be used for testing of argument memory layout.
Implement syz_mmap and fix Makefile to allow building syz-execprog for test OS.
Useful for debugging.
Update #603
Package runtest is a driver for end-to-end testing of syzkaller programs.
It tests program execution via both executor and csource,
with different sandboxes and execution modes (threaded, repeated, etc).
It can run test OS programs locally via run_test.go
and all other real OS programs via tools/syz-runtest
which uses manager config to wind up VMs.
Test programs are located in sys/*/test/* files.
Update #603
Currently target binaries contain support for all OS/arch combinations.
However, obviously a fuchsia target binary won't test windows.
For target binaries we need support only for a single target
(with the exception of 386/arm target in amd64/arm64 binaries).
So compile in only _the_ target into target binaries.
This reduces akaros/amd64 fuzzer binary from 33 to 7 MB
and execprog from 28 to 2 MB.
Make as much code as possible shared between all OSes.
In particular main is now common across all OSes.
Make more code shared between executor and csource
(in particular, loop function and threaded execution logic).
Also make loop and threaded logic shared across all OSes.
Make more posix/unix code shared across OSes
(e.g. signal handling, pthread creation, etc).
Plus other changes along similar lines.
Also support test OS in executor (based on portable posix)
and add 4 arches that cover all execution modes
(fork server/no fork server, shmem/no shmem).
This change paves way for testing of executor code
and allows to preserve consistency across OSes and executor/csource.
Add interface specified policies for IFLA_LINKINFO. I only added the
interfaces we create in initial setup. Remain other types of interfaces
in the TODO list.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
