Documentation
¶
Overview ¶
Copyright 2025 syzkaller project authors. All rights reserved. Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
Copyright 2025 syzkaller project authors. All rights reserved. Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
Package kfuzztest exposes functions discovering KFuzzTest test cases from a vmlinux binary and parsing them into syzkaller-compatible formats. The general flow includes:
- Creating an Extractor that extracts these test cases from the binary
- Creating a Builder that takes the extractor's output and returns some compatible encoding of the test cases that were discovered
Copyright 2025 syzkaller project authors. All rights reserved. Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
Index ¶
- Constants
- func ActivateKFuzzTargets(target *prog.Target, vmlinuxPath string) ([]*prog.Syscall, error)
- func ExtractDescription(vmlinuxPath string) (string, error)
- func GetInputFilepath(testName string) string
- func GetTestName(syscall *prog.Syscall) (string, bool)
- type AnnotationAttribute
- type Builder
- type ConstraintType
- type ExtractAllResult
- type Extractor
- type KFuzzTestData
- type SyzAnnotation
- type SyzConstraint
- type SyzField
- type SyzFunc
- type SyzStruct
Constants ¶
const KfuzzTestTargetPrefix string = syzKfuzzTestRun + "$"
Common prefix that all discriminated syz_kfuzztest_run pseudo-syscalls share.
Variables ¶
This section is empty.
Functions ¶
func ActivateKFuzzTargets ¶
ActivateKFuzzTargets extracts all KFuzzTest targets from a vmlinux binary and extends a target with the discovered pseudo-syscalls.
func ExtractDescription ¶
ExtractDescription returns a syzlang description of all discovered KFuzzTest targets, or an error on failure.
func GetInputFilepath ¶
Types ¶
type AnnotationAttribute ¶
type AnnotationAttribute uint8
const ( AttributeLen AnnotationAttribute = iota AttributeString AttributeArray )
func (AnnotationAttribute) String ¶
func (a AnnotationAttribute) String() string
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
func NewBuilder ¶
func NewBuilder( funcs []SyzFunc, structs []SyzStruct, constraints []SyzConstraint, annotations []SyzAnnotation, ) *Builder
func (*Builder) EmitSyzlangDescription ¶
type ConstraintType ¶
type ConstraintType uint8
const ( ExpectEq ConstraintType = iota ExpectNe ExpectLt ExpectLe ExpectGt ExpectGe ExpectInRange )
func (ConstraintType) String ¶
func (c ConstraintType) String() string
type ExtractAllResult ¶
type ExtractAllResult struct {
VMLinuxPath string
Funcs []SyzFunc
Structs []SyzStruct
Constraints []SyzConstraint
Annotations []SyzAnnotation
}
func (*ExtractAllResult) String ¶
func (e *ExtractAllResult) String() string
type Extractor ¶
type Extractor struct {
// contains filtered or unexported fields
}
Extractor's job is to extract all information relevant to KFuzzTest from a VMlinux binary.
func NewExtractor ¶
func (*Extractor) ExtractAll ¶
func (e *Extractor) ExtractAll() (ExtractAllResult, error)
type KFuzzTestData ¶
type KFuzzTestData struct {
Description string
Calls []*prog.Syscall
Resources []*prog.ResourceDesc
Types []prog.Type
}
func ExtractData ¶
func ExtractData(vmlinuxPath string) (KFuzzTestData, error)
ExtractData extracts KFuzzTest data from a vmlinux binary. The return value of this call is cached so that it can be safely called multiple times without incurring a new scan of a vmlinux image. NOTE: the implementation assumes the existence of only one vmlinux image per process, i.e. no attempt is made to distinguish different vmlinux images based on their path.
type SyzAnnotation ¶
type SyzAnnotation struct {
InputType string
FieldName string
LinkedFieldName string
Attribute AnnotationAttribute
}
type SyzConstraint ¶
type SyzConstraint struct {
InputType string
FieldName string
Value1 uintptr
Value2 uintptr
ConstraintType
}
Source Files