* sys/fuchsia: update vmar syscalls.
In a previous zircon commit[0], the vmar related syscalls (like
`zx_vmar_map`, `zx_vmar_protect` and `zx_vmar_allocate`) changed the
order of their parameters, making putting the flags parameter as the
second parameter, and renaming it to "options".
This commit modifies vmars.txt so that it reflects the latest state of
the syscalls in zircon. I also modified the usage in
`executor/common_fuchsia.h`
I ran make extract, make generate and compiled syzkaller to test this
change.
[0]: https://fuchsia-review.googlesource.com/c/zircon/+/168060
* sys/fuchsia run make generate
This commit is just the result of running make generate after its
parent. This regenerates the definitions for the modified VMAR syscalls.
This commit is just a run of make extract + make generate with an up to
date fuchsia tree. This commit only updates the fidl definitions, there
are some other syscalls that had changed and need to be manually updated
(that will come in a future commit).
Squash of:
* Doc typo
* Ported some tun related functions.
* Copy vnet.txt from linux to openbsd.
* Simplified syz_emit_ethernet and stubbed out vnet.txt.
* Undo clang-format header sorting: headers are order sensitive.
* Uniquify tap devices by pid.
* clang-format off for includes
* Happier clang-format.
* Partially revert "Uniquify tap devices by pid."
Just rely on procid magic instead of getting it from a flag.
Trusty is a set of software components supporting
a Trusted Execution Environment (TEE) on mobile devices.
https://source.android.com/security/trusty
Add syscall descriptions and some boilerplate.
1. Extract consts on the latest linux tree.
2. Don't manually define O_TMPFILE/O_ACCMODE/_LINUX_CAPABILITY_VERSION_N,
they are defined in kernel headers.
3. Don't use CLOCK_SGI_CYCLE as clock id, it's not implemented.
* sys/openbsd: added minherit, extended/simplified mmap.
Added a script from anton_at_openbsd.org for regenerating syscalls.
Generated by ksh ./sys/openbsd/extract-openbsd.sh
* Undo whitespace change not passing on CI
* No need for magic script.
For floppy fuzzing you need to enable:
1) CONFIG_BLK_DEV_FD in your kernel configuration
2) "cmdline": " -fda FLOPPY.img " in syzkaller configuration
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Alexander Popov <alex.popov@linux.com>
Currently when we get target consts with target.ConstMap["name"]
during target initialization, we just get 0 for missing consts.
This is error-prone as we can mis-type a const, or a const may
be undefined only on some archs (as we have common unix code
shared between several OSes).
Check that all the consts are actually defined.
The check detects several violations, to fix them:
1. move mremap to linux as it's only defined on linux
2. move S_IFMT to openbsd, as it's only defined and used on openbsd
3. define missing MAP_ANONYMOUS for freebsd and netbsd
4. fix extract for netbsd
My test harness for this code performed some steps that are not
performed when syz-executor is invoked directy.
Specifcally, we need to operate from a directory under /data/data,
and have the correct UID/GID set as the owner of the directory.
My test harness now correctly sets these, all sandbox operations
succeed, and loop() is invoked.
The current memcg container seems to lead to lots of hangs/stalls.
Presumably the problem is with oom_score_adj and KASAN.
Executor process tree eats all memory and then the leaf process is killed
but the memory is not returned to memcg due to KASAN quarantine;
and the parent processes are protected from killing with oom_score_adj=-1000.
As the result the kernel locks up.
1. Don't use oom_score_adj=-1000. Instead bump leaf process score to 1000 (kill always).
2. Increase size of memcg to be larger than expected KASAN quarantine size.
This sucks a lot, but ebtables.h is now broken too on Debian 4.17:
ebtables.h: In function ‘ebt_entry_target* ebt_get_target(ebt_entry*)’:
ebtables.h:197:19: error: invalid conversion from ‘void*’ to ‘ebt_entry_target*’
Sometimes race conditions are reproduced by syz-execprog and are not
reproduced by the programs generated with syz-prog2c. In such cases
it's very helpful to know when exactly the fuzzing syscalls are executed.
Unfortunately, adding timestamps to the output of the original 'debug'
mode doesn't work. This mode provides very verbose output, which slows
down executor and breaks the repro.
So let's make the executor debug output less verbose and add
the timestamps.
Signed-off-by: Alexander Popov <alex.popov@linux.com>
Move debug_dump_data back to executor.cc.
debug_dump_data in common_linux.h does not play well
with pkg/csource debug stripping logic. It strips a large
random piece of code since it thinks debug_dump_data
definition is actually debug_dump_data call site.
Fix build after "executor: remove unused var flag_sandbox_privs".
Some variables/functions can't be static as they are unused on some OSes,
which produces unused warnings.
Currently we have a global fixed set of sandboxes,
which makes it hard to add new OS-specific ones
(all OSes need to updated to say that they don't
support this sandbox).
Let it each OS say what sandboxes it supports instead.
