Add -B/usr/lib32 to 386 build flags.
The story behind -B/usr/lib32 is not completely clear, but it helps in some cases.
For context see discussion in https://github.com/google/syzkaller/pull/1202
Providing additional info, especially regarding syscall arguments, in reproducers
can be helpful. An example is device numbers passed to mknod(2).
This commit introduces an optional annotate function on a per target basis.
Example for the OpenBSD target:
$ cat prog.in
mknod(0x0, 0x0, 0x4503)
getpid()
$ syz-prog2c -prog prog.in
int main(void)
{
syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x1012, -1, 0, 0);
syscall(SYS_mknod, 0, 0, 0x4503); /* major = 69, minor = 3 */
syscall(SYS_getpid);
return 0;
}
Consolidating FIDL library build mappings in one place, so that it can
be used from extraction, and script invoking fidlgen. This also makes
code clearer, and provides a more natural path for evolutions / dealing
with oddities.
Minor doc update post fx command changes.
A const can be used as array size. Then if the const is not present
on all arches, compiler will produce an error about 0-sized-array.
There is no easy way to work around this for a user.
Use value of 1 for missing consts. It's just a bit safer.
Using a build tag to exclude files for golangci-lint
reduces memory consumption (it does not parse them).
The naive attempt with skip-dirs did not work.
So add codeanalysis build tag and use it in auto-generated files.
Update #977
Now that we have the len path expressions we can fix the TODO
in btf descriptions to properly specify offsets of btf sections.
Also add proper descriptions for btf type section
and few other minor things around.
This is especially problematic for file descriptors referring to tty/pty
devices since it can cause the SSH connection to the VM to die.
The ambition here is reduce the number of "lost connection/no output" failures
at the cost of limiting the coverage of chflags(2).
This is done via a custom Kconfiglib based script, that allows to merge
in all USB configs from a provided one into the current. The script finds
and enabled all USB configs and their dependencies.
make extract recently broke for powerpc on linux-next with:
include/uapi/linux/byteorder/big_endian.h:6:2: error: #error "Unsupported endianness, check your toolchain"
#error "Unsupported endianness, check your toolchain"
Turns out we always built ppc64le headers as big-endian.
First, kernel was configured as BE.
Then, we used gcc to build an executable program for host
and on x86 gcc does not define __LITTLE_ENDIAN__ so kernel
thought that the toolchain is BE too.
Configure kernel as LE and define __LITTLE_ENDIAN__.
This actually changes values of some consts,
but fortunately just few of them.
Due to missing padding arguments, stack garbage could end up being used as
actual arguments. More reading for the curious[1].
While here, add missing descriptions for pread and pwrite.
[1] https://flak.tedunangst.com/post/syzkaller-found-a-bug
Most probably limited to input validation for now. In the future, it
could be extended to provide a bootable kernel during vm create (/bsd)
and turn vmid into a proper resource.
The OpenBSD VMs on GCE does support vmm(4).
* sys/fuchsia: update all syscalls.
This commit modifies all the existing syscalls definitions to match more
closely the documentation in the Fuchsia repo.
* run make extract && make generate
This commits implements 4 syzcalls: syz_usb_connect, syz_usb_io_control,
syz_usb_ep_write and syz_usb_disconnect. Those syzcalls are used to emit USB
packets through a custom GadgetFS-like interface (currently exposed at
/sys/kernel/debug/usb-fuzzer), which requires special kernel patches.
USB fuzzing support is quite basic, as it mostly covers only the USB device
enumeration process. Even though the syz_usb_ep_write syzcall does allow to
communicate with USB endpoints after the device has been enumerated, no
coverage is collected from that code yet.
This commit adds syzkaller descriptions for USB fuzzing. The descriptions in
vusb.txt are written manually and cover different kinds of USB descriptors.
The descriptions in init_vusb_ids.go are generated automanitally by the
syz-usbgen tool and contain the vendor, device and some other IDs that
map to different USB drivers.
Ptr type has special handling of direction (pointers are always input).
But buffer type missed this special case all the time.
Make buffer less special by aliasing to the ptr[array[int8]] type.
As the result buffer type can't have optional trailing "opt" attribute
because we don't have such support for templates yet.
Change such cases to use ptr type directly.
Fixes#1097
