diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2018-08-30 21:10:38 -0700 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2018-08-30 21:45:04 -0700 |
| commit | a4718693a3d9fcabb02299b2ec07c19d8208c539 (patch) | |
| tree | 4646830d734816c5d6ab7bd5f71338ce3f9b1b54 | |
| parent | 4239b99abbcccac9104facbf2b040a5af4ffe1b1 (diff) | |
sys/linux: add syz_execute_func
The function executes random code.
Update #310
39 files changed, 253 insertions, 106 deletions
diff --git a/executor/common.h b/executor/common.h index 5dbb7f7b9..15b279956 100644 --- a/executor/common.h +++ b/executor/common.h @@ -364,6 +364,15 @@ static uint16 csum_inet_digest(struct csum_inet* csum) } #endif +#if SYZ_EXECUTOR || __NR_syz_execute_func +// syz_execute_func(text ptr[in, text[taget]]) +static long syz_execute_func(long text) +{ + ((void (*)(void))(text))(); + return 0; +} +#endif + #if GOOS_akaros #include "common_akaros.h" #elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd diff --git a/executor/common_linux.h b/executor/common_linux.h index b59633273..40b06f9fe 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -36,13 +36,13 @@ static void event_set(event_t* ev) if (ev->state) fail("event already set"); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); - syscall(SYS_futex, &ev->state, FUTEX_WAKE); + syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) - syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, 0); + syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) @@ -59,7 +59,7 @@ static int event_timedwait(event_t* ev, uint64 timeout) struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; - syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, &ts); + syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; now = current_time_ms(); diff --git a/executor/defs.h b/executor/defs.h index 07558cdcf..3a6edd3af 100644 --- a/executor/defs.h +++ b/executor/defs.h @@ -5,7 +5,7 @@ #if GOARCH_amd64 #define GOARCH "amd64" -#define SYZ_REVISION "44785e2dac3e0f922841ab905a8c4e7838585083" +#define SYZ_REVISION "f9824f5b26bc0ee36bc1e6debd6e8a8d6eee33ab" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 0 #define SYZ_PAGE_SIZE 4096 @@ -20,7 +20,7 @@ #if GOARCH_amd64 #define GOARCH "amd64" -#define SYZ_REVISION "89eac40a68a14ffc0af9fc9b181147236b82d00b" +#define SYZ_REVISION "06d50288c46275b56218cab0097fcb71a7f0f80e" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 4096 @@ -35,7 +35,7 @@ #if GOARCH_amd64 #define GOARCH "amd64" -#define SYZ_REVISION "2a5cb64c987696cb8bdf1d6d9561c04993cf3299" +#define SYZ_REVISION "ee62749ce0e69fd29de1864a220e909a18613438" #define SYZ_EXECUTOR_USES_FORK_SERVER 0 #define SYZ_EXECUTOR_USES_SHMEM 0 #define SYZ_PAGE_SIZE 4096 @@ -45,7 +45,7 @@ #if GOARCH_arm64 #define GOARCH "arm64" -#define SYZ_REVISION "974ef513ae535d2b92308edd342169a59b596cd4" +#define SYZ_REVISION "80d5b2ce01d8c9deca31efaa1a61da313eaa44e6" #define SYZ_EXECUTOR_USES_FORK_SERVER 0 #define SYZ_EXECUTOR_USES_SHMEM 0 #define SYZ_PAGE_SIZE 4096 @@ -60,7 +60,7 @@ #if GOARCH_386 #define GOARCH "386" -#define SYZ_REVISION "73c32691841967fea34cade58340298a0a6e34a3" +#define SYZ_REVISION "cf409e12bbb8bef7899f39295b0b6d69d318af8d" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 4096 @@ -70,7 +70,7 @@ #if GOARCH_amd64 #define GOARCH "amd64" -#define SYZ_REVISION "26712f7e003ed8690f47cf5edb70bd3eb94766c1" +#define SYZ_REVISION "3efd822501eed7b0536ca7f8ba2b7720b9f6bab3" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 4096 @@ -80,7 +80,7 @@ #if GOARCH_arm #define GOARCH "arm" -#define SYZ_REVISION "f155a0335de7dec3226189d25e230ba9889ff0ef" +#define SYZ_REVISION "d64ccba4ff5f75614cce9e04b971a39e735578b2" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 4096 @@ -90,7 +90,7 @@ #if GOARCH_arm64 #define GOARCH "arm64" -#define SYZ_REVISION "1fd22f27ba905dec42b576344dd6c58c011de140" +#define SYZ_REVISION "33b760e03637540176d75bef5357cc5b147afabe" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 4096 @@ -100,7 +100,7 @@ #if GOARCH_ppc64le #define GOARCH "ppc64le" -#define SYZ_REVISION "cfee5c1892c53b104910906c54ef416def23581b" +#define SYZ_REVISION "17f888e873bc99a49d971c80b87ddad7d8291e82" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 4096 @@ -115,7 +115,7 @@ #if GOARCH_amd64 #define GOARCH "amd64" -#define SYZ_REVISION "c05720ceb16e651f6ae9addd1f5be83497d861e3" +#define SYZ_REVISION "741d8f94955b7b371dee88f03db02ab85d5a9384" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 4096 @@ -130,7 +130,7 @@ #if GOARCH_amd64 #define GOARCH "amd64" -#define SYZ_REVISION "f1bde02bbb60bf849ed61dda9a552900891199ef" +#define SYZ_REVISION "b7a0cb1d6df43d07bd4ab11d2c4b1a2e1c046ac1" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 4096 @@ -145,7 +145,7 @@ #if GOARCH_32_fork_shmem #define GOARCH "32_fork_shmem" -#define SYZ_REVISION "d09983a8bb4f2ccd0e303191862d170b5b636bd8" +#define SYZ_REVISION "4225c1e93671306efa6a41958a6d553aed7e8cf7" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 4096 @@ -155,7 +155,7 @@ #if GOARCH_32_shmem #define GOARCH "32_shmem" -#define SYZ_REVISION "8d0f255b4d310c70d0e7d65ac8e5c6c3032a9e14" +#define SYZ_REVISION "ae161a1d8e44b101412b6f8d8fdde3a6ce553e55" #define SYZ_EXECUTOR_USES_FORK_SERVER 0 #define SYZ_EXECUTOR_USES_SHMEM 1 #define SYZ_PAGE_SIZE 8192 @@ -165,7 +165,7 @@ #if GOARCH_64 #define GOARCH "64" -#define SYZ_REVISION "3a71e90e1d9f2ae8b0cbfa9e76a429a74ca2ce90" +#define SYZ_REVISION "6ffded136a7c445ee912402759cc9f71c3add37a" #define SYZ_EXECUTOR_USES_FORK_SERVER 0 #define SYZ_EXECUTOR_USES_SHMEM 0 #define SYZ_PAGE_SIZE 4096 @@ -175,7 +175,7 @@ #if GOARCH_64_fork #define GOARCH "64_fork" -#define SYZ_REVISION "39c2288dd1c825ce7a587f946cfc91e0e453cf5e" +#define SYZ_REVISION "ef850b63cd75f943301e586db069812cc63ac259" #define SYZ_EXECUTOR_USES_FORK_SERVER 1 #define SYZ_EXECUTOR_USES_SHMEM 0 #define SYZ_PAGE_SIZE 8192 @@ -190,7 +190,7 @@ #if GOARCH_amd64 #define GOARCH "amd64" -#define SYZ_REVISION "f2b48fb82a68b0cb24b2ab9638add66deb9542dd" +#define SYZ_REVISION "7f58e6832b5d8674b8a77505e6eb0fa213781c23" #define SYZ_EXECUTOR_USES_FORK_SERVER 0 #define SYZ_EXECUTOR_USES_SHMEM 0 #define SYZ_PAGE_SIZE 4096 diff --git a/executor/executor_akaros.h b/executor/executor_akaros.h index 566781c2e..e60e7cfc6 100644 --- a/executor/executor_akaros.h +++ b/executor/executor_akaros.h @@ -13,7 +13,7 @@ static void os_init(int argc, char** argv, void* data, size_t data_size) { program_name = argv[0]; if (argc == 2 && strcmp(argv[1], "child") == 0) { - if (mmap(data, data_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data) + if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data) fail("mmap of data segment failed"); child(); } diff --git a/executor/executor_bsd.h b/executor/executor_bsd.h index 565a0bb3d..5bb192d8c 100644 --- a/executor/executor_bsd.h +++ b/executor/executor_bsd.h @@ -17,7 +17,7 @@ static void os_init(int argc, char** argv, void* data, size_t data_size) { - if (mmap(data, data_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data) + if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data) fail("mmap of data segment failed"); // Some minimal sandboxing. diff --git a/executor/executor_linux.h b/executor/executor_linux.h index 2eab98560..c7af48144 100644 --- a/executor/executor_linux.h +++ b/executor/executor_linux.h @@ -25,7 +25,7 @@ static void os_init(int argc, char** argv, void* data, size_t data_size) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); is_kernel_64_bit = detect_kernel_bitness(); - if (mmap(data, data_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data) + if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data) fail("mmap of data segment failed"); } diff --git a/executor/syscalls.h b/executor/syscalls.h index b86f53c87..44d46ea59 100644 --- a/executor/syscalls.h +++ b/executor/syscalls.h @@ -201,6 +201,7 @@ const call_t syscalls[] = { {"send_event", 39}, {"stat", 105}, {"symlink", 114}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"tap_fds", 126}, {"tcgetattr", 141}, {"umask", 109}, @@ -471,6 +472,7 @@ const call_t syscalls[] = { {"symlink", 57}, {"symlinkat", 502}, {"sync", 36}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"truncate", 479}, {"unlink", 10}, {"unlinkat", 503}, @@ -542,6 +544,7 @@ const call_t syscalls[] = { {"symlink", 0, (syscall_t)symlink}, {"symlinkat", 0, (syscall_t)symlinkat}, {"sync", 0, (syscall_t)sync}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_future_time", 0, (syscall_t)syz_future_time}, {"syz_job_default", 0, (syscall_t)syz_job_default}, {"syz_mmap", 0, (syscall_t)syz_mmap}, @@ -789,6 +792,7 @@ const call_t syscalls[] = { {"symlink", 0, (syscall_t)symlink}, {"symlinkat", 0, (syscall_t)symlinkat}, {"sync", 0, (syscall_t)sync}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_future_time", 0, (syscall_t)syz_future_time}, {"syz_job_default", 0, (syscall_t)syz_job_default}, {"syz_mmap", 0, (syscall_t)syz_mmap}, @@ -2932,6 +2936,7 @@ const call_t syscalls[] = { {"sysinfo", 116}, {"syslog", 103}, {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res}, {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res}, {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id}, @@ -5152,6 +5157,7 @@ const call_t syscalls[] = { {"sysinfo", 99}, {"syslog", 103}, {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res}, {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res}, {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id}, @@ -7330,6 +7336,7 @@ const call_t syscalls[] = { {"sysinfo", 116}, {"syslog", 103}, {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res}, {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res}, {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id}, @@ -9483,6 +9490,7 @@ const call_t syscalls[] = { {"sysinfo", 179}, {"syslog", 116}, {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res}, {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res}, {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id}, @@ -11513,6 +11521,7 @@ const call_t syscalls[] = { {"sysinfo", 116}, {"syslog", 103}, {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res}, {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res}, {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id}, @@ -11920,6 +11929,7 @@ const call_t syscalls[] = { {"symlink", 57}, {"symlinkat", 470}, {"sync", 36}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"truncate", 200}, {"unlink", 10}, {"unlinkat", 471}, @@ -12152,6 +12162,7 @@ const call_t syscalls[] = { {"symlink", 57}, {"symlinkat", 324}, {"sync", 36}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_open_pts", 0, (syscall_t)syz_open_pts}, {"truncate", 200}, {"unlink", 10}, @@ -12174,6 +12185,7 @@ const call_t syscalls[] = { const call_t syscalls[] = { {"syz_compare", 0, (syscall_t)syz_compare}, {"syz_errno", 0, (syscall_t)syz_errno}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_mmap", 0, (syscall_t)syz_mmap}, }; @@ -12183,6 +12195,7 @@ const call_t syscalls[] = { const call_t syscalls[] = { {"syz_compare", 0, (syscall_t)syz_compare}, {"syz_errno", 0, (syscall_t)syz_errno}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_mmap", 0, (syscall_t)syz_mmap}, }; @@ -12214,6 +12227,7 @@ const call_t syscalls[] = { {"serialize1", 0}, {"syz_compare", 0, (syscall_t)syz_compare}, {"syz_errno", 0, (syscall_t)syz_errno}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_mmap", 0, (syscall_t)syz_mmap}, {"test", 0}, {"test$align0", 0}, @@ -12310,6 +12324,7 @@ const call_t syscalls[] = { const call_t syscalls[] = { {"syz_compare", 0, (syscall_t)syz_compare}, {"syz_errno", 0, (syscall_t)syz_errno}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"syz_mmap", 0, (syscall_t)syz_mmap}, }; @@ -15215,6 +15230,7 @@ const call_t syscalls[] = { {"setsockopt", 0, (syscall_t)setsockopt}, {"sndPlaySoundA", 0, (syscall_t)sndPlaySoundA}, {"socket", 0, (syscall_t)socket}, + {"syz_execute_func", 0, (syscall_t)syz_execute_func}, {"timeBeginPeriod", 0, (syscall_t)timeBeginPeriod}, {"timeEndPeriod", 0, (syscall_t)timeEndPeriod}, {"timeGetDevCaps", 0, (syscall_t)timeGetDevCaps}, diff --git a/pkg/compiler/types.go b/pkg/compiler/types.go index f4452baee..777920f57 100644 --- a/pkg/compiler/types.go +++ b/pkg/compiler/types.go @@ -407,11 +407,13 @@ var typeText = &typeDesc{ var typeArgTextType = &typeArg{ Kind: kindIdent, - Names: []string{"x86_real", "x86_16", "x86_32", "x86_64", "arm64"}, + Names: []string{"target", "x86_real", "x86_16", "x86_32", "x86_64", "arm64"}, } func genTextType(t *ast.Type) prog.TextKind { switch t.Ident { + case "target": + return prog.TextTarget case "x86_real": return prog.TextX86Real case "x86_16": diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index 49fc2ffe8..714269f1a 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -349,6 +349,14 @@ static uint16 csum_inet_digest(struct csum_inet* csum) } #endif +#if SYZ_EXECUTOR || __NR_syz_execute_func +static long syz_execute_func(long text) +{ + ((void (*)(void))(text))(); + return 0; +} +#endif + #if GOOS_akaros #include <ros/syscall.h> @@ -712,13 +720,13 @@ static void event_set(event_t* ev) if (ev->state) fail("event already set"); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); - syscall(SYS_futex, &ev->state, FUTEX_WAKE); + syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) - syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, 0); + syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) @@ -735,7 +743,7 @@ static int event_timedwait(event_t* ev, uint64 timeout) struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; - syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, &ts); + syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; now = current_time_ms(); diff --git a/pkg/host/host.go b/pkg/host/host.go index 6394dd4a0..d048b2ade 100644 --- a/pkg/host/host.go +++ b/pkg/host/host.go @@ -21,7 +21,13 @@ func DetectSupportedSyscalls(target *prog.Target, sandbox string) ( return supported, unsupported, nil } for _, c := range target.Syscalls { - ok, reason := isSupported(c, sandbox) + ok, reason := false, "" + switch c.CallName { + case "syz_execute_func": + ok = true + default: + ok, reason = isSupported(c, sandbox) + } if ok { supported[c] = true } else { diff --git a/pkg/host/host_linux.go b/pkg/host/host_linux.go index dd3e146c4..3386113ee 100644 --- a/pkg/host/host_linux.go +++ b/pkg/host/host_linux.go @@ -205,6 +205,8 @@ func isSupportedSyzkall(sandbox string, c *prog.Syscall) (bool, string) { return isSupportedFilesystem(fstype) case "syz_read_part_table": return onlySandboxNone(sandbox) + case "syz_execute_func": + return true, "" } panic("unknown syzkall: " + c.Name) } diff --git a/prog/rand.go b/prog/rand.go index 7f5597f82..23b4afcfa 100644 --- a/prog/rand.go +++ b/prog/rand.go @@ -326,6 +326,12 @@ func (r *randGen) createResource(s *state, res *ResourceType) (arg Arg, calls [] func (r *randGen) generateText(kind TextKind) []byte { switch kind { + case TextTarget: + if r.target.Arch == "amd64" || r.target.Arch == "386" { + cfg := createTargetIfuzzConfig(r.target) + return ifuzz.Generate(cfg, r.Rand) + } + fallthrough case TextArm64: // Just a stub, need something better. text := make([]byte, 50) @@ -341,6 +347,12 @@ func (r *randGen) generateText(kind TextKind) []byte { func (r *randGen) mutateText(kind TextKind, text []byte) []byte { switch kind { + case TextTarget: + if r.target.Arch == "amd64" || r.target.Arch == "386" { + cfg := createTargetIfuzzConfig(r.target) + return ifuzz.Mutate(cfg, r.Rand, text) + } + fallthrough case TextArm64: return mutateData(r, text, 40, 60) default: @@ -349,6 +361,32 @@ func (r *randGen) mutateText(kind TextKind, text []byte) []byte { } } +func createTargetIfuzzConfig(target *Target) *ifuzz.Config { + cfg := &ifuzz.Config{ + Len: 10, + Priv: false, + Exec: true, + MemRegions: []ifuzz.MemRegion{ + {Start: target.DataOffset, Size: target.NumPages * target.PageSize}, + }, + } + for _, p := range target.SpecialPointers { + cfg.MemRegions = append(cfg.MemRegions, ifuzz.MemRegion{ + Start: p & ^target.PageSize, Size: p & ^target.PageSize + target.PageSize, + }) + } + switch target.Arch { + case "amd64": + cfg.Mode = ifuzz.ModeLong64 + case "386": + cfg.Mode = ifuzz.ModeProt32 + default: + panic("unknown text kind") + } + return cfg + +} + func createIfuzzConfig(kind TextKind) *ifuzz.Config { cfg := &ifuzz.Config{ Len: 10, @@ -377,6 +415,8 @@ func createIfuzzConfig(kind TextKind) *ifuzz.Config { cfg.Mode = ifuzz.ModeProt32 case TextX86bit64: cfg.Mode = ifuzz.ModeLong64 + default: + panic("unknown text kind") } return cfg } diff --git a/prog/types.go b/prog/types.go index 3bb2fdbb4..1ce94b6f0 100644 --- a/prog/types.go +++ b/prog/types.go @@ -342,7 +342,8 @@ const ( type TextKind int const ( - TextX86Real TextKind = iota + TextTarget TextKind = iota + TextX86Real TextX86bit16 TextX86bit32 TextX86bit64 diff --git a/sys/akaros/gen/amd64.go b/sys/akaros/gen/amd64.go index 52089bc66..36f528698 100644 --- a/sys/akaros/gen/amd64.go +++ b/sys/akaros/gen/amd64.go @@ -1305,6 +1305,9 @@ var syscalls_amd64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "new_l", TypeSize: 8}}, Buf: "new"}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {NR: 126, Name: "tap_fds", CallName: "tap_fds", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "tap_reqs", TypeSize: 8}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "fd_tap_req"}}}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "nr_reqs", TypeSize: 8}}, Buf: "tap_reqs"}, @@ -1526,4 +1529,4 @@ var consts_amd64 = []ConstValue{ {Name: "WUNTRACED", Value: 2}, } -const revision_amd64 = "44785e2dac3e0f922841ab905a8c4e7838585083" +const revision_amd64 = "f9824f5b26bc0ee36bc1e6debd6e8a8d6eee33ab" diff --git a/sys/akaros/sys.txt b/sys/akaros/sys.txt index 07fe3609d..c7a02faab 100644 --- a/sys/akaros/sys.txt +++ b/sys/akaros/sys.txt @@ -16,6 +16,8 @@ include <termios.h> resource fd[int32]: 0xffffffffffffffff, AT_FDCWD resource pid[int32]: 0, 0xffffffffffffffff +syz_execute_func(text ptr[in, text[target]]) + openat(fromfd fd[opt], path ptr[in, filename], path_l len[path], oflag flags[open_flags], mode flags[open_mode]) fd read(fd fd, buf buffer[out], count len[buf]) write(fd fd, buf buffer[in], count len[buf]) diff --git a/sys/freebsd/gen/amd64.go b/sys/freebsd/gen/amd64.go index 192053c73..5de2ea7bd 100644 --- a/sys/freebsd/gen/amd64.go +++ b/sys/freebsd/gen/amd64.go @@ -1876,6 +1876,9 @@ var syscalls_amd64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, }}, {NR: 36, Name: "sync", CallName: "sync"}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {NR: 479, Name: "truncate", CallName: "truncate", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "file", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "len", TypeSize: 8}}}, @@ -2443,4 +2446,4 @@ var consts_amd64 = []ConstValue{ {Name: "WUNTRACED", Value: 2}, } -const revision_amd64 = "89eac40a68a14ffc0af9fc9b181147236b82d00b" +const revision_amd64 = "06d50288c46275b56218cab0097fcb71a7f0f80e" diff --git a/sys/freebsd/sys.txt b/sys/freebsd/sys.txt index 28b486dcd..cf1dd960e 100644 --- a/sys/freebsd/sys.txt +++ b/sys/freebsd/sys.txt @@ -19,6 +19,8 @@ include <sys/wait.h> include <linux/linux.h> include <compat/linux/linux_event.h> +syz_execute_func(text ptr[in, text[target]]) + pipe(pipefd ptr[out, pipefd]) sendfile(fdout fd, fdin fd, off ptr[inout, fileoff[int64], opt], count int64) diff --git a/sys/fuchsia/gen/amd64.go b/sys/fuchsia/gen/amd64.go index d489c9238..421955818 100644 --- a/sys/fuchsia/gen/amd64.go +++ b/sys/fuchsia/gen/amd64.go @@ -1647,6 +1647,9 @@ var syscalls_amd64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, }}, {Name: "sync", CallName: "sync"}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_future_time", CallName: "syz_future_time", Args: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "when", TypeSize: 8}}, Kind: 2, RangeEnd: 1}, }, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_time", FldName: "ret", TypeSize: 8, ArgDir: 1}}}, @@ -2571,8 +2574,8 @@ var syscalls_amd64 = []*Syscall{ {Name: "zx_process_start", CallName: "zx_process_start", Args: []Type{ &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_process", FldName: "process", TypeSize: 4}}, &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "thread", TypeSize: 4}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}}, }}, @@ -2643,8 +2646,8 @@ var syscalls_amd64 = []*Syscall{ }}, {Name: "zx_thread_start", CallName: "zx_thread_start", Args: []Type{ &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "handle", TypeSize: 4}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}}, }}, @@ -2985,4 +2988,4 @@ var consts_amd64 = []ConstValue{ {Name: "fuchsia_io_SeekOrigin_Start"}, } -const revision_amd64 = "2a5cb64c987696cb8bdf1d6d9561c04993cf3299" +const revision_amd64 = "ee62749ce0e69fd29de1864a220e909a18613438" diff --git a/sys/fuchsia/gen/arm64.go b/sys/fuchsia/gen/arm64.go index 460544bab..e6eb6fdb6 100644 --- a/sys/fuchsia/gen/arm64.go +++ b/sys/fuchsia/gen/arm64.go @@ -1647,6 +1647,9 @@ var syscalls_arm64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, }}, {Name: "sync", CallName: "sync"}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_future_time", CallName: "syz_future_time", Args: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "when", TypeSize: 8}}, Kind: 2, RangeEnd: 1}, }, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_time", FldName: "ret", TypeSize: 8, ArgDir: 1}}}, @@ -2571,8 +2574,8 @@ var syscalls_arm64 = []*Syscall{ {Name: "zx_process_start", CallName: "zx_process_start", Args: []Type{ &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_process", FldName: "process", TypeSize: 4}}, &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "thread", TypeSize: 4}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}}, }}, @@ -2643,8 +2646,8 @@ var syscalls_arm64 = []*Syscall{ }}, {Name: "zx_thread_start", CallName: "zx_thread_start", Args: []Type{ &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "handle", TypeSize: 4}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}}, }}, @@ -2985,4 +2988,4 @@ var consts_arm64 = []ConstValue{ {Name: "fuchsia_io_SeekOrigin_Start"}, } -const revision_arm64 = "974ef513ae535d2b92308edd342169a59b596cd4" +const revision_arm64 = "80d5b2ce01d8c9deca31efaa1a61da313eaa44e6" diff --git a/sys/fuchsia/processes.txt b/sys/fuchsia/processes.txt index c6f51c3d2..835edbb1e 100644 --- a/sys/fuchsia/processes.txt +++ b/sys/fuchsia/processes.txt @@ -6,7 +6,7 @@ include <zircon/syscalls.h> resource zx_process[zx_task] zx_process_create(job zx_job, name ptr[in, string], name_len len[name], options const[0], proc_handle ptr[out, zx_process], vmar_handle ptr[out, zx_vmar]) -zx_process_start(process zx_process, thread zx_thread, entry intptr, stack intptr, arg1 const[0], arg2 const[0]) +zx_process_start(process zx_process, thread zx_thread, entry ptr[in, text[target]], stack ptr[out, array[int8]], arg1 const[0], arg2 const[0]) zx_process_read_memory(process zx_process, vaddr ptr[out, int8], buffer ptr[out, array[int8]], len len[buffer], actual ptr[out, intptr]) # TODO: temporary disabled as it crashes kernel left and right. # zx_process_write_memory(process zx_process, vaddr ptr[out, int8], buffer ptr[in, array[int8]], len len[buffer], actual ptr[out, intptr]) diff --git a/sys/fuchsia/sys.txt b/sys/fuchsia/sys.txt index 3ed323799..1fb885f03 100644 --- a/sys/fuchsia/sys.txt +++ b/sys/fuchsia/sys.txt @@ -6,6 +6,8 @@ include <zircon/syscalls.h> include <ddk/driver.h> +syz_execute_func(text ptr[in, text[target]]) + # Provided by sysroot (include/ddk/driver.h) resource zx_root_resource[zx_handle] get_root_resource() zx_root_resource diff --git a/sys/fuchsia/threads.txt b/sys/fuchsia/threads.txt index ef4831e03..7947703d9 100644 --- a/sys/fuchsia/threads.txt +++ b/sys/fuchsia/threads.txt @@ -7,7 +7,7 @@ include <zircon/syscalls/debug.h> resource zx_thread[zx_task] zx_thread_create(process zx_process, name ptr[in, string], name_len len[name], options const[0], out ptr[out, zx_thread]) -zx_thread_start(handle zx_thread, entry intptr, stack intptr, arg1 const[0], arg2 const[0]) +zx_thread_start(handle zx_thread, entry ptr[in, text[target]], stack ptr[out, array[int8]], arg1 const[0], arg2 const[0]) zx_thread_exit() # Note: kind corresponds to ZX_THREAD_STATE_REGSET0..9 constants. zx_thread_read_state(handle zx_thread, kind int32[0:9], buffer ptr[out, array[int64]], len bytesize[buffer], actual ptr[out, int32]) diff --git a/sys/linux/gen/386.go b/sys/linux/gen/386.go index c9b1148c4..56fc496f4 100644 --- a/sys/linux/gen/386.go +++ b/sys/linux/gen/386.go @@ -8026,7 +8026,7 @@ var structDescs_386 = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 12}, Fields: []Type{ @@ -8037,22 +8037,22 @@ var structDescs_386 = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 16}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 32}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 64}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 8}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{ @@ -16399,18 +16399,18 @@ var structDescs_386 = []*KeyedStruct{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "dxferp", TypeSize: 4}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "iovec[out, array[int8]]"}}}}, }}}, {Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 24}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 4}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true}, &StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 4}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 4}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 24, ArgDir: 1}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 4, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true}, &StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 4, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 4, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 4}}}, @@ -32865,6 +32865,9 @@ var syscalls_386 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}}, &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 4, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}}, @@ -40480,4 +40483,4 @@ var consts_386 = []ConstValue{ {Name: "bpf_insn_load_imm_dw", Value: 24}, } -const revision_386 = "73c32691841967fea34cade58340298a0a6e34a3" +const revision_386 = "cf409e12bbb8bef7899f39295b0b6d69d318af8d" diff --git a/sys/linux/gen/amd64.go b/sys/linux/gen/amd64.go index a2f69b322..89311786a 100644 --- a/sys/linux/gen/amd64.go +++ b/sys/linux/gen/amd64.go @@ -8141,7 +8141,7 @@ var structDescs_amd64 = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 24}, Fields: []Type{ @@ -8152,22 +8152,22 @@ var structDescs_amd64 = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 16}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 32}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 64}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 8}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{ @@ -16663,16 +16663,16 @@ var structDescs_amd64 = []*KeyedStruct{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "unused2", TypeSize: 8}}}, }}}, {Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32, ArgDir: 1}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 8}}}, @@ -33534,6 +33534,9 @@ var syscalls_amd64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}}, &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 8, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}}, @@ -41174,4 +41177,4 @@ var consts_amd64 = []ConstValue{ {Name: "bpf_insn_load_imm_dw", Value: 24}, } -const revision_amd64 = "26712f7e003ed8690f47cf5edb70bd3eb94766c1" +const revision_amd64 = "3efd822501eed7b0536ca7f8ba2b7720b9f6bab3" diff --git a/sys/linux/gen/arm.go b/sys/linux/gen/arm.go index 154b05117..270ec0ceb 100644 --- a/sys/linux/gen/arm.go +++ b/sys/linux/gen/arm.go @@ -7901,7 +7901,7 @@ var structDescs_arm = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 12}, Fields: []Type{ @@ -7912,22 +7912,22 @@ var structDescs_arm = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 16}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 32}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 64}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 12}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 8}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{ @@ -16280,18 +16280,18 @@ var structDescs_arm = []*KeyedStruct{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "unused2", TypeSize: 4}}}, }}}, {Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 24}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 4}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true}, &StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 4}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 4}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 24, ArgDir: 1}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 4, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true}, &StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 4, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 4, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 4}}}, @@ -32792,6 +32792,9 @@ var syscalls_arm = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}}, &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 4, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}}, @@ -40346,4 +40349,4 @@ var consts_arm = []ConstValue{ {Name: "bpf_insn_load_imm_dw", Value: 24}, } -const revision_arm = "f155a0335de7dec3226189d25e230ba9889ff0ef" +const revision_arm = "d64ccba4ff5f75614cce9e04b971a39e735578b2" diff --git a/sys/linux/gen/arm64.go b/sys/linux/gen/arm64.go index 1cb4587bb..d37ef5ba9 100644 --- a/sys/linux/gen/arm64.go +++ b/sys/linux/gen/arm64.go @@ -7999,7 +7999,7 @@ var structDescs_arm64 = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 24}, Fields: []Type{ @@ -8010,22 +8010,22 @@ var structDescs_arm64 = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 16}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 32}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 64}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 8}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{ @@ -16480,16 +16480,16 @@ var structDescs_arm64 = []*KeyedStruct{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "unused2", TypeSize: 8}}}, }}}, {Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32, ArgDir: 1}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 8}}}, @@ -33037,6 +33037,9 @@ var syscalls_arm64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}}, &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 8, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}}, @@ -40568,4 +40571,4 @@ var consts_arm64 = []ConstValue{ {Name: "bpf_insn_load_imm_dw", Value: 24}, } -const revision_arm64 = "1fd22f27ba905dec42b576344dd6c58c011de140" +const revision_arm64 = "33b760e03637540176d75bef5357cc5b147afabe" diff --git a/sys/linux/gen/ppc64le.go b/sys/linux/gen/ppc64le.go index cbfc8f3ec..384002896 100644 --- a/sys/linux/gen/ppc64le.go +++ b/sys/linux/gen/ppc64le.go @@ -7977,7 +7977,7 @@ var structDescs_ppc64le = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 24}, Fields: []Type{ @@ -7988,22 +7988,22 @@ var structDescs_ppc64le = []*KeyedStruct{ }}}, {Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 16}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 32}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 64}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 24}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 8}, - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"}, }}}, {Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{ @@ -16362,16 +16362,16 @@ var structDescs_ppc64le = []*KeyedStruct{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "dxferp", TypeSize: 8}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "iovec[out, array[int8]]"}}}}, }}}, {Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32, ArgDir: 1}, Fields: []Type{ - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, &StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8, ArgDir: 1}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}}, {Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{ &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 8}}}, @@ -31411,6 +31411,9 @@ var syscalls_ppc64le = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}}, &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 8, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}}, @@ -37924,4 +37927,4 @@ var consts_ppc64le = []ConstValue{ {Name: "bpf_insn_load_imm_dw", Value: 24}, } -const revision_ppc64le = "cfee5c1892c53b104910906c54ef416def23581b" +const revision_ppc64le = "17f888e873bc99a49d971c80b87ddad7d8291e82" diff --git a/sys/linux/sys.txt b/sys/linux/sys.txt index def19a7bd..cbb9ecbc5 100644 --- a/sys/linux/sys.txt +++ b/sys/linux/sys.txt @@ -60,6 +60,8 @@ resource fd_dir[fd] type signalno int32[0:65] +syz_execute_func(text ptr[in, text[target]]) + open(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd # Just so that we have something that creates fd_dir resources. open$dir(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd_dir @@ -734,11 +736,10 @@ rlimit { } sigaction { -# TODO: function pointers need special support - handler intptr + handler ptr[in, text[target]] mask sigset flags flags[sigaction_flags, intptr] - restor intptr + restor ptr[in, text[target]] } tms { diff --git a/sys/netbsd/gen/amd64.go b/sys/netbsd/gen/amd64.go index cd7cdcd03..ece51bee1 100644 --- a/sys/netbsd/gen/amd64.go +++ b/sys/netbsd/gen/amd64.go @@ -1251,6 +1251,9 @@ var syscalls_amd64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, }}, {NR: 36, Name: "sync", CallName: "sync"}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {NR: 200, Name: "truncate", CallName: "truncate", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "file", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "len", TypeSize: 8}}}, @@ -1677,4 +1680,4 @@ var consts_amd64 = []ConstValue{ {Name: "WUNTRACED", Value: 2}, } -const revision_amd64 = "c05720ceb16e651f6ae9addd1f5be83497d861e3" +const revision_amd64 = "741d8f94955b7b371dee88f03db02ab85d5a9384" diff --git a/sys/netbsd/sys.txt b/sys/netbsd/sys.txt index fd02a09e8..aff757d26 100644 --- a/sys/netbsd/sys.txt +++ b/sys/netbsd/sys.txt @@ -16,6 +16,8 @@ include <time.h> include <signal.h> include <sys/wait.h> +syz_execute_func(text ptr[in, text[target]]) + pipe(pipefd ptr[out, pipefd]) stat(file ptr[in, filename], statbuf ptr[out, stat]) diff --git a/sys/openbsd/gen/amd64.go b/sys/openbsd/gen/amd64.go index 3ecb31c0a..4e7acb920 100644 --- a/sys/openbsd/gen/amd64.go +++ b/sys/openbsd/gen/amd64.go @@ -1456,6 +1456,9 @@ var syscalls_amd64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, }}, {NR: 36, Name: "sync", CallName: "sync"}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_open_pts", CallName: "syz_open_pts", Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "ret", TypeSize: 4, ArgDir: 1}}}, {NR: 200, Name: "truncate", CallName: "truncate", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "file", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, @@ -1877,4 +1880,4 @@ var consts_amd64 = []ConstValue{ {Name: "WUNTRACED", Value: 2}, } -const revision_amd64 = "f1bde02bbb60bf849ed61dda9a552900891199ef" +const revision_amd64 = "b7a0cb1d6df43d07bd4ab11d2c4b1a2e1c046ac1" diff --git a/sys/openbsd/sys.txt b/sys/openbsd/sys.txt index e071ea9c4..c05a17acf 100644 --- a/sys/openbsd/sys.txt +++ b/sys/openbsd/sys.txt @@ -16,6 +16,8 @@ include <time.h> include <signal.h> include <sys/wait.h> +syz_execute_func(text ptr[in, text[target]]) + pipe(pipefd ptr[out, pipefd]) stat(file ptr[in, filename], statbuf ptr[out, stat]) diff --git a/sys/test/gen/32_fork_shmem.go b/sys/test/gen/32_fork_shmem.go index 4b6fd369e..55a629b00 100644 --- a/sys/test/gen/32_fork_shmem.go +++ b/sys/test/gen/32_fork_shmem.go @@ -38,6 +38,9 @@ var syscalls_32_fork_shmem = []*Syscall{ {Name: "syz_errno", CallName: "syz_errno", Args: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_mmap", CallName: "syz_mmap", Args: []Type{ &VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "addr", TypeSize: 4}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 4}}, Buf: "addr"}, @@ -51,4 +54,4 @@ var consts_32_fork_shmem = []ConstValue{ {Name: "ONLY_32BITS_CONST", Value: 1}, } -const revision_32_fork_shmem = "d09983a8bb4f2ccd0e303191862d170b5b636bd8" +const revision_32_fork_shmem = "4225c1e93671306efa6a41958a6d553aed7e8cf7" diff --git a/sys/test/gen/32_shmem.go b/sys/test/gen/32_shmem.go index 2e26dbb58..dfa8a8398 100644 --- a/sys/test/gen/32_shmem.go +++ b/sys/test/gen/32_shmem.go @@ -38,6 +38,9 @@ var syscalls_32_shmem = []*Syscall{ {Name: "syz_errno", CallName: "syz_errno", Args: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_mmap", CallName: "syz_mmap", Args: []Type{ &VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "addr", TypeSize: 4}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 4}}, Buf: "addr"}, @@ -51,4 +54,4 @@ var consts_32_shmem = []ConstValue{ {Name: "ONLY_32BITS_CONST", Value: 1}, } -const revision_32_shmem = "8d0f255b4d310c70d0e7d65ac8e5c6c3032a9e14" +const revision_32_shmem = "ae161a1d8e44b101412b6f8d8fdde3a6ce553e55" diff --git a/sys/test/gen/64.go b/sys/test/gen/64.go index 017ad5bda..08fcdd966 100644 --- a/sys/test/gen/64.go +++ b/sys/test/gen/64.go @@ -601,6 +601,9 @@ var syscalls_64 = []*Syscall{ {Name: "syz_errno", CallName: "syz_errno", Args: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_mmap", CallName: "syz_mmap", Args: []Type{ &VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "addr", TypeSize: 8}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 8}}, Buf: "addr"}, @@ -843,19 +846,19 @@ var syscalls_64 = []*Syscall{ &UnionType{Key: StructKey{Name: "union_arg"}, FldName: "a0"}, }}, {Name: "test$text_x86_16", CallName: "test", Args: []Type{ - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", TypeSize: 8}}, Buf: "a0"}, }}, {Name: "test$text_x86_32", CallName: "test", Args: []Type{ - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", TypeSize: 8}}, Buf: "a0"}, }}, {Name: "test$text_x86_64", CallName: "test", Args: []Type{ - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", TypeSize: 8}}, Buf: "a0"}, }}, {Name: "test$text_x86_real", CallName: "test", Args: []Type{ - &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", TypeSize: 8}}, Buf: "a0"}, }}, {Name: "test$type_confusion1", CallName: "test", Args: []Type{ @@ -908,4 +911,4 @@ var consts_64 = []ConstValue{ {Name: "SYS_unsupported"}, } -const revision_64 = "3a71e90e1d9f2ae8b0cbfa9e76a429a74ca2ce90" +const revision_64 = "6ffded136a7c445ee912402759cc9f71c3add37a" diff --git a/sys/test/gen/64_fork.go b/sys/test/gen/64_fork.go index 95171623b..cf1b5beb9 100644 --- a/sys/test/gen/64_fork.go +++ b/sys/test/gen/64_fork.go @@ -38,6 +38,9 @@ var syscalls_64_fork = []*Syscall{ {Name: "syz_errno", CallName: "syz_errno", Args: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_mmap", CallName: "syz_mmap", Args: []Type{ &VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "addr", TypeSize: 8}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 8}}, Buf: "addr"}, @@ -50,4 +53,4 @@ var consts_64_fork = []ConstValue{ {Name: "IPPROTO_UDP", Value: 17}, } -const revision_64_fork = "39c2288dd1c825ce7a587f946cfc91e0e453cf5e" +const revision_64_fork = "ef850b63cd75f943301e586db069812cc63ac259" diff --git a/sys/test/test.txt b/sys/test/test.txt index 2fef80acb..8a79d5935 100644 --- a/sys/test/test.txt +++ b/sys/test/test.txt @@ -3,6 +3,8 @@ # Syscalls used in syzkaller tests. +syz_execute_func(text ptr[in, text[target]]) + test() # Integer types. diff --git a/sys/windows/gen/amd64.go b/sys/windows/gen/amd64.go index 445fc3d01..04f6ba6bf 100644 --- a/sys/windows/gen/amd64.go +++ b/sys/windows/gen/amd64.go @@ -14272,6 +14272,9 @@ var syscalls_amd64 = []*Syscall{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "type", TypeSize: 4}}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "protocol", TypeSize: 4}}}, }}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "timeBeginPeriod", CallName: "timeBeginPeriod", Args: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "uPeriod", TypeSize: 4}}}, }}, @@ -14615,4 +14618,4 @@ var consts_amd64 = []ConstValue{ {Name: "WRITE_OWNER", Value: 524288}, } -const revision_amd64 = "f2b48fb82a68b0cb24b2ab9638add66deb9542dd" +const revision_amd64 = "7f58e6832b5d8674b8a77505e6eb0fa213781c23" diff --git a/sys/windows/sys.txt b/sys/windows/sys.txt index 2bbb492ad..a25b3b9c3 100644 --- a/sys/windows/sys.txt +++ b/sys/windows/sys.txt @@ -6,6 +6,8 @@ include <windows.h> resource HANDLE[intptr]: INVALID_HANDLE_VALUE resource hFile[HANDLE] +syz_execute_func(text ptr[in, text[target]]) + CloseHandle(hObject HANDLE) CreateFileA(lpFileName ptr[in, filename], dwDesiredAccess flags[file_access_rights], dwShareMode flags[file_share_mode], lpSecurityAttributes ptr[in, SECURITY_ATTRIBUTES, opt], dwCreationDisposition flags[file_create_disposition], dwFlagsAndAttributes flags[file_attributes], hTemplateFile HANDLE[opt]) hFile VirtualAlloc(lpAddress vma, dwSize len[lpAddress], flAllocationType flags[allocation_type], flProtect flags[protect_flags]) |