diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2018-12-07 12:48:59 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2018-12-07 12:56:38 +0100 |
| commit | eada53b810e964b4a71c20ab023020f281855fe9 (patch) | |
| tree | 2bbe4b59b3867ab531a3ea1e0dcc72e089892c50 | |
| parent | 9e8a45fe27025af392abd366d8d31a9be4661ea9 (diff) | |
tools/syz-trace2syz/proggen: fix vma allocation
There are 2 bugs:
1. We always allocate 1 page, even if use more.
2. VMA addresses are not aligned, so most mmap-like functions fail with EINVAL.
The added test currently panics with "unaligned vma address".
| -rw-r--r-- | prog/target.go | 6 | ||||
| -rw-r--r-- | tools/syz-trace2syz/proggen/proggen.go | 2 | ||||
| -rw-r--r-- | tools/syz-trace2syz/proggen/proggen_test.go | 10 |
3 files changed, 17 insertions, 1 deletions
diff --git a/prog/target.go b/prog/target.go index f99c45c5b..56fbb860d 100644 --- a/prog/target.go +++ b/prog/target.go @@ -264,6 +264,12 @@ func (pg *ProgGen) Allocate(size uint64) uint64 { return pg.ma.alloc(nil, size) } +func (pg *ProgGen) AllocateVMA(npages uint64) uint64 { + psize := pg.target.PageSize + addr := pg.ma.alloc(nil, (npages+1)*psize) + return (addr + psize - 1) & ^(psize - 1) +} + func (pg *ProgGen) Finalize() (*Prog, error) { if err := pg.p.validate(); err != nil { return nil, err diff --git a/tools/syz-trace2syz/proggen/proggen.go b/tools/syz-trace2syz/proggen/proggen.go index 967167fe9..a1394d057 100644 --- a/tools/syz-trace2syz/proggen/proggen.go +++ b/tools/syz-trace2syz/proggen/proggen.go @@ -167,7 +167,7 @@ func genVma(syzType *prog.VmaType, _ parser.IrType, ctx *Context) prog.Arg { if syzType.RangeBegin != 0 || syzType.RangeEnd != 0 { npages = syzType.RangeEnd } - return prog.MakeVmaPointerArg(syzType, ctx.pg.Allocate(ctx.Target.PageSize), npages) + return prog.MakeVmaPointerArg(syzType, ctx.pg.AllocateVMA(npages), npages) } func genArray(syzType *prog.ArrayType, traceType parser.IrType, ctx *Context) prog.Arg { diff --git a/tools/syz-trace2syz/proggen/proggen_test.go b/tools/syz-trace2syz/proggen/proggen_test.go index 1e7a5f3a6..8f56de2d5 100644 --- a/tools/syz-trace2syz/proggen/proggen_test.go +++ b/tools/syz-trace2syz/proggen/proggen_test.go @@ -62,6 +62,16 @@ func TestParseTraceBasic(t *testing.T) { } } +func TestParseVMA(t *testing.T) { + test := `pipe({0x0, 0x1}) = 0 + shmget(0x0, 0x1, 0x2, 0x3) = 0` + p := parseSingleTrace(t, test) + expectedSeq := "pipe-shmget" + if p.String() != expectedSeq { + t.Fatalf("expected: %s != %s", expectedSeq, p.String()) + } +} + func TestParseTraceInnerResource(t *testing.T) { test := `pipe([5,6]) = 0 write(6, "\xff\xff\xfe\xff", 4) = 4` |