They were necessary when they were the source of constant values
extracted from kernel code (hard to do). Now constants are checked-in
separately, and these large files can be easily regenerated with 'make generate'.
Now they are only a source of large uninteresting diffs in commits.
Remove them.
Unify and factor out VM monitoring loop used in syz-manager and syz-repro.
This allows syz-repro to detect all the same bugs (e.g. "no output", "lost connection", etc).
And also just deduplicates code.
Now crashes dir contains 1 subdirectory per unique crash type.
Each subdirectory contains 'description' file with a unique string identifying
the crash type (e.g. "KASAN: slab-out-of-bounds Read of size 2 in bit_putcs"),
and up to 100 logN and reportN files with raw crash log (as before) and
post processed kernel oops message.
Currently to add a new resource one needs to modify multiple source files,
which complicates descirption of new system calls.
Move resource descriptions from source code to text desciptions.
This splits generation process into two phases:
1. Extract values of constants from linux kernel sources.
2. Generate Go code.
Constant values are checked in.
The advantage is that the second phase is now completely independent
from linux source files, kernel version, presence of headers for
particular drivers, etc. This allows to change what Go code we generate
any time without access to all kernel headers (which in future won't be
limited to only upstream headers).
Constant extraction process does require proper kernel sources,
but this can be done only once by the person who added the driver
and has access to the required sources. Then the constant values
are checked in for others to use.
Consant extraction process is per-file/per-arch. That is,
if I am adding a driver that is not present upstream and that
works only on a single arch, I will check in constants only for
that driver and for that arch.
Ignore SIGSEGV/SIGBUS during copyin/copyout of arguments.
The memory may not be addressable. The ignoring allows to
pass partially-addressable input data to kernel.
It's unclear if it's a good idea or not yet.
If "image" is set to "9p" in config file,
qemu VM will create a minimalistic image based
on readonly-mapped host filesystem.
The main things that we need are working sshd and ssh-keygen.
/tmp, /etc/, /var, /root are remounted as tmpfs.
ioctl(FIFREEZE) renders machine dead.
FIFREEZE is an interesting thing, and we could test it
in namespace (?) or on manually mounted file systems (?).
But that will require more complex handling.
Disable it until we have that logic.
mknod of char/block devices can do all kinds of nasty stuff
(read/write to IO ports, kernel memory, etc).
Disable it for now.
Rebooting only confuses syz-manager as it thinks that it's the same
dirty instance. Let syz-manager recreate the VM from scratch instead.
-display=none does not disable graphics subsystem which may be useful for fuzzing.
It also seems to be newer than -nographics.
Addresses that trigger SIGSEGV does not seem to uncover any bugs.
But they crash executor preventing programs from being executed.
Lower probability of generating addresses that lead to SIGSEGVs.
