syzkaller

mirror of https://github.com/reactos/syzkaller.git synced 2024-11-28 05:40:26 +00:00

History

Victor Chibotaru 1336586b42 executor, fuzzer: change the way Syzkaller opens the KCOV device We have implemented a new version of KCOV, which is able to dump comparison operands' data, obtained from Clang's instrumentation hooks __sanitizer_cov_trace_cmp[1248], __sanitizer_cov_trace_const_cmp[1248] and __sanitizer_cov_trace_switch. Current KCOV implementation can work in two modes: "Dump only the PCs" or "Dump only comparisons' data". Mode selection is done by the following series of calls: fd = open(KCOV_PATH, ...); // works as previous ioctl(fd, KCOV_INIT_TRACE, ...); // works as previous mmap(fd, ...); // works as previous ioctl(fd, KCOV_ENABLE, mode); // mode = KCOV_MODE_TRACE_CMP or mode = KCOV_MODE_TRACE_PC Note that this new interface is backwards compatible, as old KCOV devices will just return -EINVAL for the last ioctl. This way we can distinguish if the KCOV device is able to dump the comparisons. Main changes in this commit: 1. Fuzzer now checks at startup which type (new/old) of KCOV device is running. 2. Executor now receives an additional flag, which indicates if executor should read the comparisons data from KCOV. The flag works on per-call basis, so executor can collect PCs or Comps for each individual syscall.	2017-08-30 18:40:14 +02:00
..
rpc.go	pkg/rpctype: from from rpctype	2017-06-17 14:41:15 +02:00
rpctype.go	executor, fuzzer: change the way Syzkaller opens the KCOV device	2017-08-30 18:40:14 +02:00

Victor Chibotaru 1336586b42 executor, fuzzer: change the way Syzkaller opens the KCOV device

We have implemented a new version of KCOV, which is able to dump
comparison operands' data, obtained from Clang's instrumentation hooks
__sanitizer_cov_trace_cmp[1248], __sanitizer_cov_trace_const_cmp[1248]
and __sanitizer_cov_trace_switch.

Current KCOV implementation can work in two modes: "Dump only the PCs"
or "Dump only comparisons' data". Mode selection is done by the
following series of calls:

fd = open(KCOV_PATH, ...); // works as previous
ioctl(fd, KCOV_INIT_TRACE, ...); // works as previous
mmap(fd, ...); // works as previous
ioctl(fd, KCOV_ENABLE, mode);
// mode = KCOV_MODE_TRACE_CMP or mode = KCOV_MODE_TRACE_PC

Note that this new interface is backwards compatible, as old KCOV
devices will just return -EINVAL for the last ioctl. This way we can
distinguish if the KCOV device is able to dump the comparisons.

Main changes in this commit:
    1. Fuzzer now checks at startup which type (new/old) of KCOV device
is running.
    2. Executor now receives an additional flag, which indicates if
executor should read the comparisons data from KCOV. The flag works on
per-call basis, so executor can collect PCs or Comps for each
individual syscall.

2017-08-30 18:40:14 +02:00

rpc.go

pkg/rpctype: from from rpctype

2017-06-17 14:41:15 +02:00

rpctype.go

executor, fuzzer: change the way Syzkaller opens the KCOV device

2017-08-30 18:40:14 +02:00