executor: don't pass uncompressed zlib size

This will allow us to mutate the image size.

Fixes #3527

1 files changed, 10 insertions, 17 deletions

diff --git a/executor/common_linux.h b/executor/common_linux.h
index 40d2ad894..8ca854c9e 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -2897,7 +2897,7 @@ static long syz_genetlink_get_family_id(volatile long name, volatile long sock_a
 // creating and initializing the underlying file backing the loop device and
 // returns the fds to the file and device.
 // Returns 0 on success, -1 otherwise.
-static int setup_loop_device(long unsigned size, long unsigned compressed_size, unsigned char* data, const char* loopname, int* memfd_p, int* loopfd_p)
+static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* memfd_p, int* loopfd_p)
 {
 	int err = 0, loopfd = -1;
 	int memfd = syscall(__NR_memfd_create, "syzkaller", 0);
@@ -2905,12 +2905,7 @@ static int setup_loop_device(long unsigned size, long unsigned compressed_size,
 		err = errno;
 		goto error;
 	}
-	if (ftruncate(memfd, size)) {
-		err = errno;
-		goto error_close_memfd;
-	}
-
-	if (puff_zlib_to_file(data, compressed_size, memfd, size)) {
+	if (puff_zlib_to_file(data, size, memfd)) {
 		err = errno;
 		debug("setup_loop_device: could not decompress data: %d\n", errno);
 		goto error_close_memfd;
@@ -2949,15 +2944,15 @@ error:
 #endif
 
 #if SYZ_EXECUTOR || __NR_syz_read_part_table
-// syz_read_part_table(size intptr, size_compressed len[img], img ptr[in, compressed_image])
-static long syz_read_part_table(volatile unsigned long size, volatile unsigned long compressed_size, volatile long image)
+// syz_read_part_table(size len[img], img ptr[in, compressed_image])
+static long syz_read_part_table(volatile unsigned long size, volatile long image)
 {
 	unsigned char* data = (unsigned char*)image;
 	int err = 0, res = -1, loopfd = -1, memfd = -1;
 	char loopname[64];
 
 	snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
-	if (setup_loop_device(size, compressed_size, data, loopname, &memfd, &loopfd) == -1)
+	if (setup_loop_device(data, size, loopname, &memfd, &loopfd) == -1)
 		return -1;
 
 	struct loop_info64 info;
@@ -3003,25 +2998,23 @@ error_clear_loop:
 // syz_mount_image(
 // 	fs ptr[in, string[fs]],
 // 	dir ptr[in, filename],
-// 	size intptr,
-// 	size_compressed len[img],
 // 	flags flags[mount_flags],
 // 	opts ptr[in, fs_options],
 // 	chdir bool8,
+// 	size len[img],
 // 	img ptr[in, compressed_image]
 // ) fd_dir
 static long syz_mount_image(
     volatile long fsarg,
     volatile long dir,
-    volatile unsigned long size,
-    volatile unsigned long compressed_size,
     volatile long flags,
     volatile long optsarg,
     volatile long change_dir,
+    volatile unsigned long size,
     volatile long image)
 {
 	unsigned char* data = (unsigned char*)image;
-	int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!compressed_size;
+	int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!size;
 	char* mount_opts = (char*)optsarg;
 	char* target = (char*)dir;
 	char* fs = (char*)fsarg;
@@ -3033,7 +3026,7 @@ static long syz_mount_image(
 		// filesystem image.
 		memset(loopname, 0, sizeof(loopname));
 		snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
-		if (setup_loop_device(size, compressed_size, data, loopname, &memfd, &loopfd) == -1)
+		if (setup_loop_device(data, size, loopname, &memfd, &loopfd) == -1)
 			return -1;
 		source = loopname;
 	}
@@ -3058,7 +3051,7 @@ static long syz_mount_image(
 		// and if two parallel executors mounts fs with the same uuid, second mount fails.
 		strcat(opts, ",nouuid");
 	}
-	debug("syz_mount_image: size=%llu compressed_size=%llu loop='%s' dir='%s' fs='%s' flags=%llu opts='%s'\n", (uint64)size, (uint64)compressed_size, loopname, target, fs, (uint64)flags, opts);
+	debug("syz_mount_image: size=%llu loop='%s' dir='%s' fs='%s' flags=%llu opts='%s'\n", (uint64)size, loopname, target, fs, (uint64)flags, opts);
 #if SYZ_EXECUTOR
 	cover_reset(0);
 #endif