aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitry Vyukov <dvyukov@google.com>2018-04-01 18:29:56 +0200
committerDmitry Vyukov <dvyukov@google.com>2018-04-01 18:29:56 +0200
commit99e3b0a7e8b3ba990fd3ff3e7d10cbd92b957b14 (patch)
tree8d907471cc6c69ab35516a80aea3975e759129b9
parent185ac3525e708353d3cae302277225aec1fde165 (diff)
sys/linux: add support for reading partition tables
Diffstat
-rw-r--r--executor/common_linux.h98
-rw-r--r--executor/syscalls_linux.h25
-rw-r--r--pkg/csource/csource.go3
-rw-r--r--pkg/csource/linux_common.go95
-rw-r--r--pkg/host/host_linux.go2
-rw-r--r--sys/linux/386.go7
-rw-r--r--sys/linux/amd64.go7
-rw-r--r--sys/linux/arm.go7
-rw-r--r--sys/linux/arm64.go7
-rw-r--r--sys/linux/filesystem.txt2
-rw-r--r--sys/linux/ppc64le.go7
-rw-r--r--tools/syz-imagegen/imagegen.go49
12 files changed, 271 insertions, 38 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h
index ef4c5ce1a..15e82961c 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -134,7 +134,7 @@
#if defined(SYZ_EXECUTOR) || defined(SYZ_ENABLE_CGROUPS)
#include <sys/mount.h>
#endif
-#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image)
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
#include <errno.h>
#include <fcntl.h>
#include <linux/loop.h>
@@ -802,7 +802,7 @@ static uintptr_t syz_genetlink_get_family_id(uintptr_t name)
}
#endif
-#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image)
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
extern unsigned long long procid;
struct fs_image_segment {
@@ -825,7 +825,99 @@ struct fs_image_segment {
#elif defined(__ppc64__) || defined(__PPC64__) || defined(__powerpc64__)
#define SYZ_memfd_create 360
#endif
+#endif
+
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_read_part_table)
+// syz_read_part_table(size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]])
+static uintptr_t syz_read_part_table(uintptr_t size, uintptr_t nsegs, uintptr_t segments)
+{
+ char loopname[64], linkname[64];
+ int loopfd, err = 0, res = -1;
+ uintptr_t i, j;
+ // See the comment in syz_mount_image.
+ struct fs_image_segment* segs = (struct fs_image_segment*)segments;
+ if (nsegs > IMAGE_MAX_SEGMENTS)
+ nsegs = IMAGE_MAX_SEGMENTS;
+ for (i = 0; i < nsegs; i++) {
+ if (segs[i].size > IMAGE_MAX_SIZE)
+ segs[i].size = IMAGE_MAX_SIZE;
+ segs[i].offset %= IMAGE_MAX_SIZE;
+ if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size)
+ segs[i].offset = IMAGE_MAX_SIZE - segs[i].size;
+ if (size < segs[i].offset + segs[i].offset)
+ size = segs[i].offset + segs[i].offset;
+ }
+ if (size > IMAGE_MAX_SIZE)
+ size = IMAGE_MAX_SIZE;
+ int memfd = syscall(SYZ_memfd_create, "syz_read_part_table", 0);
+ if (memfd == -1) {
+ err = errno;
+ goto error;
+ }
+ if (ftruncate(memfd, size)) {
+ err = errno;
+ goto error_close_memfd;
+ }
+ for (i = 0; i < nsegs; i++) {
+ if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) {
+ debug("syz_read_part_table: pwrite[%u] failed: %d\n", (int)i, errno);
+ }
+ }
+ snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
+ loopfd = open(loopname, O_RDWR);
+ if (loopfd == -1) {
+ err = errno;
+ goto error_close_memfd;
+ }
+ if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
+ if (errno != EBUSY) {
+ err = errno;
+ goto error_close_loop;
+ }
+ ioctl(loopfd, LOOP_CLR_FD, 0);
+ usleep(1000);
+ if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
+ err = errno;
+ goto error_close_loop;
+ }
+ }
+ struct loop_info64 info;
+ if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) {
+ err = errno;
+ goto error_clear_loop;
+ }
+#if defined(SYZ_EXECUTOR)
+ cover_reset(0);
+#endif
+ info.lo_flags |= LO_FLAGS_PARTSCAN;
+ if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) {
+ err = errno;
+ goto error_clear_loop;
+ }
+ res = 0;
+ // If we managed to parse some partitions, symlink them into our work dir.
+ for (i = 1, j = 0; i < 8; i++) {
+ snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i);
+ struct stat statbuf;
+ if (stat(loopname, &statbuf) == 0) {
+ snprintf(linkname, sizeof(linkname), "./file%d", (int)j++);
+ symlink(loopname, linkname);
+ }
+ }
+error_clear_loop:
+ ioctl(loopfd, LOOP_CLR_FD, 0);
+error_close_loop:
+ close(loopfd);
+error_close_memfd:
+ close(memfd);
+error:
+ errno = err;
+ return res;
+}
+#endif
+
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image)
//syz_mount_image(fs ptr[in, string[disk_filesystems]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[vfat_options]])
//fs_image_segment {
// data ptr[in, array[int8]]
@@ -1827,7 +1919,7 @@ static void loop()
if (mkdir(cwdbuf, 0777))
fail("failed to mkdir");
#endif
-#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_fs) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
char buf[64];
snprintf(buf, sizeof(buf), "/dev/loop%llu", procid);
int loopfd = open(buf, O_RDWR);
diff --git a/executor/syscalls_linux.h b/executor/syscalls_linux.h
index 4896bf3e5..3b76ab29f 100644
--- a/executor/syscalls_linux.h
+++ b/executor/syscalls_linux.h
@@ -2,11 +2,11 @@
#if defined(__i386__) || 0
#define GOARCH "386"
-#define SYZ_REVISION "7424a62ff2a634075d9352a6bf1ba14b9377cce8"
+#define SYZ_REVISION "95c0c5827460dd0db116e00429bad9d3fe5778de"
#define SYZ_PAGE_SIZE 4096
#define SYZ_NUM_PAGES 4096
#define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1678;
+unsigned syscall_count = 1679;
call_t syscalls[] = {
{"accept4", 364},
{"accept4$alg", 364},
@@ -1639,6 +1639,7 @@ call_t syscalls[] = {
{"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
{"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
{"syz_open_pts", 0, (syscall_t)syz_open_pts},
+ {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
{"tee", 315},
{"tgkill", 270},
{"time", 13},
@@ -1692,11 +1693,11 @@ call_t syscalls[] = {
#if defined(__x86_64__) || 0
#define GOARCH "amd64"
-#define SYZ_REVISION "f52cb963bdf72aed0f98688ac20cb16e40b3b2d3"
+#define SYZ_REVISION "14883eb285af454acfe15491ef6052eed4b8d77c"
#define SYZ_PAGE_SIZE 4096
#define SYZ_NUM_PAGES 4096
#define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1730;
+unsigned syscall_count = 1731;
call_t syscalls[] = {
{"accept", 43},
{"accept$alg", 43},
@@ -3381,6 +3382,7 @@ call_t syscalls[] = {
{"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
{"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
{"syz_open_pts", 0, (syscall_t)syz_open_pts},
+ {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
{"tee", 276},
{"tgkill", 234},
{"time", 201},
@@ -3434,11 +3436,11 @@ call_t syscalls[] = {
#if defined(__arm__) || 0
#define GOARCH "arm"
-#define SYZ_REVISION "3972faa5a8bbad692d1ecd42060d3a0876823259"
+#define SYZ_REVISION "f64917dfdea0e40f17c49a8c12080a688ebb9a4d"
#define SYZ_PAGE_SIZE 4096
#define SYZ_NUM_PAGES 4096
#define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1675;
+unsigned syscall_count = 1676;
call_t syscalls[] = {
{"accept", 285},
{"accept$alg", 285},
@@ -5070,6 +5072,7 @@ call_t syscalls[] = {
{"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
{"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
{"syz_open_pts", 0, (syscall_t)syz_open_pts},
+ {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
{"tee", 342},
{"tgkill", 268},
{"timer_create", 257},
@@ -5121,11 +5124,11 @@ call_t syscalls[] = {
#if defined(__aarch64__) || 0
#define GOARCH "arm64"
-#define SYZ_REVISION "527e225af73003b7222cbf51076b057e824248f6"
+#define SYZ_REVISION "6126db2a2079d8fe161c7d1e9c6179cf9a660b2d"
#define SYZ_PAGE_SIZE 4096
#define SYZ_NUM_PAGES 4096
#define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1659;
+unsigned syscall_count = 1660;
call_t syscalls[] = {
{"accept", 202},
{"accept$alg", 202},
@@ -6745,6 +6748,7 @@ call_t syscalls[] = {
{"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
{"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
{"syz_open_pts", 0, (syscall_t)syz_open_pts},
+ {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
{"tee", 77},
{"tgkill", 131},
{"timer_create", 107},
@@ -6792,11 +6796,11 @@ call_t syscalls[] = {
#if defined(__ppc64__) || defined(__PPC64__) || defined(__powerpc64__) || 0
#define GOARCH "ppc64le"
-#define SYZ_REVISION "40f069e17536ef2ffed3727cb6238f8ba8d003ef"
+#define SYZ_REVISION "f4f6f2409448b0704d85d908ec0968994157ae6a"
#define SYZ_PAGE_SIZE 4096
#define SYZ_NUM_PAGES 4096
#define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1649;
+unsigned syscall_count = 1650;
call_t syscalls[] = {
{"accept", 330},
{"accept$alg", 330},
@@ -8400,6 +8404,7 @@ call_t syscalls[] = {
{"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
{"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
{"syz_open_pts", 0, (syscall_t)syz_open_pts},
+ {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
{"tee", 284},
{"tgkill", 250},
{"time", 13},
diff --git a/pkg/csource/csource.go b/pkg/csource/csource.go
index 05bead91d..ddc108959 100644
--- a/pkg/csource/csource.go
+++ b/pkg/csource/csource.go
@@ -65,7 +65,8 @@ func Write(p *prog.Prog, opts Options) ([]byte, error) {
}
needProcID := opts.Procs > 1 || opts.EnableCgroups
for _, c := range p.Calls {
- if c.Meta.CallName == "syz_mount_image" {
+ if c.Meta.CallName == "syz_mount_image" ||
+ c.Meta.CallName == "syz_read_part_table" {
needProcID = true
}
}
diff --git a/pkg/csource/linux_common.go b/pkg/csource/linux_common.go
index 1646401da..48123035b 100644
--- a/pkg/csource/linux_common.go
+++ b/pkg/csource/linux_common.go
@@ -135,7 +135,7 @@ var commonHeaderLinux = `
#if defined(SYZ_EXECUTOR) || defined(SYZ_ENABLE_CGROUPS)
#include <sys/mount.h>
#endif
-#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image)
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
#include <errno.h>
#include <fcntl.h>
#include <linux/loop.h>
@@ -921,7 +921,7 @@ static uintptr_t syz_genetlink_get_family_id(uintptr_t name)
}
#endif
-#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image)
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
extern unsigned long long procid;
struct fs_image_segment {
@@ -944,7 +944,96 @@ struct fs_image_segment {
#elif defined(__ppc64__) || defined(__PPC64__) || defined(__powerpc64__)
#define SYZ_memfd_create 360
#endif
+#endif
+
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_read_part_table)
+static uintptr_t syz_read_part_table(uintptr_t size, uintptr_t nsegs, uintptr_t segments)
+{
+ char loopname[64], linkname[64];
+ int loopfd, err = 0, res = -1;
+ uintptr_t i, j;
+ struct fs_image_segment* segs = (struct fs_image_segment*)segments;
+ if (nsegs > IMAGE_MAX_SEGMENTS)
+ nsegs = IMAGE_MAX_SEGMENTS;
+ for (i = 0; i < nsegs; i++) {
+ if (segs[i].size > IMAGE_MAX_SIZE)
+ segs[i].size = IMAGE_MAX_SIZE;
+ segs[i].offset %= IMAGE_MAX_SIZE;
+ if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size)
+ segs[i].offset = IMAGE_MAX_SIZE - segs[i].size;
+ if (size < segs[i].offset + segs[i].offset)
+ size = segs[i].offset + segs[i].offset;
+ }
+ if (size > IMAGE_MAX_SIZE)
+ size = IMAGE_MAX_SIZE;
+ int memfd = syscall(SYZ_memfd_create, "syz_read_part_table", 0);
+ if (memfd == -1) {
+ err = errno;
+ goto error;
+ }
+ if (ftruncate(memfd, size)) {
+ err = errno;
+ goto error_close_memfd;
+ }
+ for (i = 0; i < nsegs; i++) {
+ if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) {
+ debug("syz_read_part_table: pwrite[%u] failed: %d\n", (int)i, errno);
+ }
+ }
+ snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
+ loopfd = open(loopname, O_RDWR);
+ if (loopfd == -1) {
+ err = errno;
+ goto error_close_memfd;
+ }
+ if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
+ if (errno != EBUSY) {
+ err = errno;
+ goto error_close_loop;
+ }
+ ioctl(loopfd, LOOP_CLR_FD, 0);
+ usleep(1000);
+ if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
+ err = errno;
+ goto error_close_loop;
+ }
+ }
+ struct loop_info64 info;
+ if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) {
+ err = errno;
+ goto error_clear_loop;
+ }
+#if defined(SYZ_EXECUTOR)
+ cover_reset(0);
+#endif
+ info.lo_flags |= LO_FLAGS_PARTSCAN;
+ if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) {
+ err = errno;
+ goto error_clear_loop;
+ }
+ res = 0;
+ for (i = 1, j = 0; i < 8; i++) {
+ snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i);
+ struct stat statbuf;
+ if (stat(loopname, &statbuf) == 0) {
+ snprintf(linkname, sizeof(linkname), "./file%d", (int)j++);
+ symlink(loopname, linkname);
+ }
+ }
+error_clear_loop:
+ ioctl(loopfd, LOOP_CLR_FD, 0);
+error_close_loop:
+ close(loopfd);
+error_close_memfd:
+ close(memfd);
+error:
+ errno = err;
+ return res;
+}
+#endif
+
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image)
static uintptr_t syz_mount_image(uintptr_t fs, uintptr_t dir, uintptr_t size, uintptr_t nsegs, uintptr_t segments, uintptr_t flags, uintptr_t opts)
{
char loopname[64];
@@ -2843,7 +2932,7 @@ static void loop()
if (mkdir(cwdbuf, 0777))
fail("failed to mkdir");
#endif
-#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_fs) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
char buf[64];
snprintf(buf, sizeof(buf), "/dev/loop%llu", procid);
int loopfd = open(buf, O_RDWR);
diff --git a/pkg/host/host_linux.go b/pkg/host/host_linux.go
index c99aba874..d5ab3a495 100644
--- a/pkg/host/host_linux.go
+++ b/pkg/host/host_linux.go
@@ -139,6 +139,8 @@ func isSupportedSyzkall(sandbox string, c *prog.Syscall) bool {
return true
case "syz_mount_image":
return sandbox != "setuid"
+ case "syz_read_part_table":
+ return sandbox == "none" && syscall.Getuid() == 0
}
panic("unknown syzkall: " + c.Name)
}
diff --git a/sys/linux/386.go b/sys/linux/386.go
index 07994d228..7e1645d84 100644
--- a/sys/linux/386.go
+++ b/sys/linux/386.go
@@ -23257,6 +23257,11 @@ var syscalls_386 = []*Syscall{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "fd", TypeSize: 4}},
&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "open_flags", FldName: "flags", TypeSize: 4}}, Vals: []uint64{0, 1, 2, 1024, 8192, 524288, 64, 16384, 65536, 128, 32768, 262144, 256, 131072, 2048, 2097152, 1052672, 512, 4194304}},
}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "ret", TypeSize: 4, ArgDir: 1}}},
+ {Name: "syz_read_part_table", CallName: "syz_read_part_table", Args: []Type{
+ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "size", TypeSize: 4}}},
+ &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "nsegs", TypeSize: 4}}, Buf: "segments"},
+ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "segments", TypeSize: 4}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "fs_image_segment"}}}},
+ }},
{NR: 315, Name: "tee", CallName: "tee", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdin", TypeSize: 4}},
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdout", TypeSize: 4}},
@@ -27825,4 +27830,4 @@ var consts_386 = []ConstValue{
{Name: "bpf_insn_load_imm_dw", Value: 24},
}
-const revision_386 = "7424a62ff2a634075d9352a6bf1ba14b9377cce8"
+const revision_386 = "95c0c5827460dd0db116e00429bad9d3fe5778de"
diff --git a/sys/linux/amd64.go b/sys/linux/amd64.go
index 999d80221..418156648 100644
--- a/sys/linux/amd64.go
+++ b/sys/linux/amd64.go
@@ -23888,6 +23888,11 @@ var syscalls_amd64 = []*Syscall{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "fd", TypeSize: 4}},
&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "open_flags", FldName: "flags", TypeSize: 8}}, Vals: []uint64{0, 1, 2, 1024, 8192, 524288, 64, 16384, 65536, 128, 32768, 262144, 256, 131072, 2048, 2097152, 1052672, 512, 4194304}},
}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "ret", TypeSize: 4, ArgDir: 1}}},
+ {Name: "syz_read_part_table", CallName: "syz_read_part_table", Args: []Type{
+ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "size", TypeSize: 8}}},
+ &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "nsegs", TypeSize: 8}}, Buf: "segments"},
+ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "segments", TypeSize: 8}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "fs_image_segment"}}}},
+ }},
{NR: 276, Name: "tee", CallName: "tee", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdin", TypeSize: 4}},
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdout", TypeSize: 4}},
@@ -28481,4 +28486,4 @@ var consts_amd64 = []ConstValue{
{Name: "bpf_insn_load_imm_dw", Value: 24},
}
-const revision_amd64 = "f52cb963bdf72aed0f98688ac20cb16e40b3b2d3"
+const revision_amd64 = "14883eb285af454acfe15491ef6052eed4b8d77c"
diff --git a/sys/linux/arm.go b/sys/linux/arm.go
index 8a68e0700..b0bfbe0ce 100644
--- a/sys/linux/arm.go
+++ b/sys/linux/arm.go
@@ -23081,6 +23081,11 @@ var syscalls_arm = []*Syscall{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "fd", TypeSize: 4}},
&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "open_flags", FldName: "flags", TypeSize: 4}}, Vals: []uint64{0, 1, 2, 1024, 8192, 524288, 64, 65536, 16384, 128, 131072, 262144, 256, 32768, 2048, 2097152, 1052672, 512, 4194304}},
}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "ret", TypeSize: 4, ArgDir: 1}}},
+ {Name: "syz_read_part_table", CallName: "syz_read_part_table", Args: []Type{
+ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "size", TypeSize: 4}}},
+ &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "nsegs", TypeSize: 4}}, Buf: "segments"},
+ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "segments", TypeSize: 4}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "fs_image_segment"}}}},
+ }},
{NR: 342, Name: "tee", CallName: "tee", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdin", TypeSize: 4}},
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdout", TypeSize: 4}},
@@ -27544,4 +27549,4 @@ var consts_arm = []ConstValue{
{Name: "bpf_insn_load_imm_dw", Value: 24},
}
-const revision_arm = "3972faa5a8bbad692d1ecd42060d3a0876823259"
+const revision_arm = "f64917dfdea0e40f17c49a8c12080a688ebb9a4d"
diff --git a/sys/linux/arm64.go b/sys/linux/arm64.go
index fd95f814e..714c0074d 100644
--- a/sys/linux/arm64.go
+++ b/sys/linux/arm64.go
@@ -23375,6 +23375,11 @@ var syscalls_arm64 = []*Syscall{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "fd", TypeSize: 4}},
&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "open_flags", FldName: "flags", TypeSize: 8}}, Vals: []uint64{0, 1, 2, 1024, 8192, 524288, 64, 65536, 16384, 128, 131072, 262144, 256, 32768, 2048, 2097152, 1052672, 512, 4194304}},
}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "ret", TypeSize: 4, ArgDir: 1}}},
+ {Name: "syz_read_part_table", CallName: "syz_read_part_table", Args: []Type{
+ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "size", TypeSize: 8}}},
+ &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "nsegs", TypeSize: 8}}, Buf: "segments"},
+ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "segments", TypeSize: 8}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "fs_image_segment"}}}},
+ }},
{NR: 77, Name: "tee", CallName: "tee", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdin", TypeSize: 4}},
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdout", TypeSize: 4}},
@@ -27863,4 +27868,4 @@ var consts_arm64 = []ConstValue{
{Name: "bpf_insn_load_imm_dw", Value: 24},
}
-const revision_arm64 = "527e225af73003b7222cbf51076b057e824248f6"
+const revision_arm64 = "6126db2a2079d8fe161c7d1e9c6179cf9a660b2d"
diff --git a/sys/linux/filesystem.txt b/sys/linux/filesystem.txt
index d8d1473da..0bcc7b598 100644
--- a/sys/linux/filesystem.txt
+++ b/sys/linux/filesystem.txt
@@ -8,6 +8,8 @@ umount2(path ptr[in, filename], flags flags[umount_flags])
filesystem = "sysfs", "rootfs", "ramfs", "tmpfs", "devtmpfs", "debugfs", "securityfs", "sockfs", "pipefs", "anon_inodefs", "devpts", "ext3", "ext2", "ext4", "hugetlbfs", "vfat", "ecryptfs", "fuseblk", "fuse", "rpc_pipefs", "nfs", "nfs4", "nfsd", "binfmt_misc", "autofs", "xfs", "jfs", "msdos", "ntfs", "minix", "hfs", "hfsplus", "qnx4", "ufs", "btrfs", "configfs", "ncpfs", "qnx6", "exofs", "befs", "vxfs", "gfs2", "gfs2meta", "fusectl", "bfs", "nsfs", "efs", "cifs", "efivarfs", "affs", "tracefs", "bdev", "ocfs2", "ocfs2_dlmfs", "hpfs", "proc", "afs", "reiserfs", "jffs2", "romfs", "aio", "sysv", "v7", "udf", "ceph", "pstore", "adfs", "9p", "hostfs", "squashfs", "cramfs", "iso9660", "coda", "nilfs2", "logfs", "overlay", "f2fs", "omfs", "ubifs", "openpromfs", "bpf", "cgroup", "cgroup2", "cpuset", "mqueue", "aufs", "selinuxfs"
+syz_read_part_table(size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]])
+
syz_mount_image$vfat(fs ptr[in, string["vfat"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[vfat_options]])
syz_mount_image$msdos(fs ptr[in, string["msdos"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[vfat_options]])
diff --git a/sys/linux/ppc64le.go b/sys/linux/ppc64le.go
index 12601910d..eb526a1bf 100644
--- a/sys/linux/ppc64le.go
+++ b/sys/linux/ppc64le.go
@@ -23121,6 +23121,11 @@ var syscalls_ppc64le = []*Syscall{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "fd", TypeSize: 4}},
&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "open_flags", FldName: "flags", TypeSize: 8}}, Vals: []uint64{0, 1, 2, 1024, 8192, 524288, 64, 131072, 16384, 128, 65536, 262144, 256, 32768, 2048, 2097152, 1052672, 512, 4194304}},
}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "ret", TypeSize: 4, ArgDir: 1}}},
+ {Name: "syz_read_part_table", CallName: "syz_read_part_table", Args: []Type{
+ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "size", TypeSize: 8}}},
+ &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "nsegs", TypeSize: 8}}, Buf: "segments"},
+ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "segments", TypeSize: 8}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "fs_image_segment"}}}},
+ }},
{NR: 284, Name: "tee", CallName: "tee", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdin", TypeSize: 4}},
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fdout", TypeSize: 4}},
@@ -27625,4 +27630,4 @@ var consts_ppc64le = []ConstValue{
{Name: "bpf_insn_load_imm_dw", Value: 24},
}
-const revision_ppc64le = "40f069e17536ef2ffed3727cb6238f8ba8d003ef"
+const revision_ppc64le = "f4f6f2409448b0704d85d908ec0968994157ae6a"
diff --git a/tools/syz-imagegen/imagegen.go b/tools/syz-imagegen/imagegen.go
index 24ea92789..ce8216512 100644
--- a/tools/syz-imagegen/imagegen.go
+++ b/tools/syz-imagegen/imagegen.go
@@ -1,7 +1,7 @@
// Copyright 2018 syzkaller project authors. All rights reserved.
// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
-// imagegen generates syz_mount_image calls from disk images.
+// imagegen generates syz_mount_image/syz_read_part_table calls from disk images.
package main
import (
@@ -41,7 +41,9 @@ func main() {
break
}
pos = (pos + *flagAlign - 1) & ^(*flagAlign - 1)
- segs = append(segs, Segment{offset, data[:pos]})
+ if pos != 0 {
+ segs = append(segs, Segment{offset, data[:pos]})
+ }
for pos < len(data) && data[pos] == 0 {
pos++
}
@@ -74,20 +76,35 @@ func main() {
fmt.Fprintf(os.Stderr, "restored data differs!\n")
os.Exit(1)
}
- syscallSuffix := *flagFS
- if syscallSuffix == "ext2" || syscallSuffix == "ext3" {
- syscallSuffix = "ext4"
- }
- fmt.Printf(`syz_mount_image$%v(&(0x7f0000000000)='%v\x00', &(0x7f0000000100)='./file0\x00', 0x%x, 0x%x, &(0x7f0000000200)=[`,
- syscallSuffix, *flagFS, len(data0), len(segs))
- addr := 0x7f0000010000
- for i, seg := range segs {
- if i != 0 {
- fmt.Printf(", ")
+ if *flagFS == "part" {
+ fmt.Printf(`syz_read_part_table(0x%x, 0x%x, &(0x7f0000000200)=[`,
+ len(data0), len(segs))
+ addr := 0x7f0000010000
+ for i, seg := range segs {
+ if i != 0 {
+ fmt.Printf(", ")
+ }
+ fmt.Printf(`{&(0x%x)="%v", 0x%x, 0x%x}`,
+ addr, hex.EncodeToString(seg.data), len(seg.data), seg.offset)
+ addr = (addr + len(seg.data) + 0xff) & ^0xff
+ }
+ fmt.Printf("])\n")
+ } else {
+ syscallSuffix := *flagFS
+ if syscallSuffix == "ext2" || syscallSuffix == "ext3" {
+ syscallSuffix = "ext4"
+ }
+ fmt.Printf(`syz_mount_image$%v(&(0x7f0000000000)='%v\x00', &(0x7f0000000100)='./file0\x00', 0x%x, 0x%x, &(0x7f0000000200)=[`,
+ syscallSuffix, *flagFS, len(data0), len(segs))
+ addr := 0x7f0000010000
+ for i, seg := range segs {
+ if i != 0 {
+ fmt.Printf(", ")
+ }
+ fmt.Printf(`{&(0x%x)="%v", 0x%x, 0x%x}`,
+ addr, hex.EncodeToString(seg.data), len(seg.data), seg.offset)
+ addr = (addr + len(seg.data) + 0xff) & ^0xff
}
- fmt.Printf(`{&(0x%x)="%v", 0x%x, 0x%x}`,
- addr, hex.EncodeToString(seg.data), len(seg.data), seg.offset)
- addr = (addr + len(seg.data) + 0xff) & ^0xff
+ fmt.Printf("], 0x0, &(0x%x))\n", addr)
}
- fmt.Printf("], 0x0, &(0x%x))\n", addr)
}
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-04-04 03:30:12 +0000