diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2025-02-04 12:13:23 +0100 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2025-02-04 14:54:37 +0000 |
| commit | 39e250d27f8ab094fbf992d5569eec06d5eb7a10 (patch) | |
| tree | 8042010882b865338e364b018fb1b64144a462fd /executor/executor_linux.h | |
| parent | 44c01590d11f09b1689d02f6c3e26ab9d1b9dbb2 (diff) | |
executor: favor MAP_FIXED_NOREPLACE over MAP_FIXED
MAP_FIXED_NOREPLACE allows to fail early if we happened to overlap with
an existing memory mapping. It should help detects bugs #5674 at an
earlier stage, before it led to memory corruptions.
MAP_FIXED_NOREPLACE is supported from Linux 4.17, which is okay for all
syzkaller use cases on syzbot.
There's no such option for some of the supported OSes, so set it
depending on the configuration we're building for.
Diffstat (limited to 'executor/executor_linux.h')
| -rw-r--r-- | executor/executor_linux.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/executor/executor_linux.h b/executor/executor_linux.h index e952e6ea9..9784700ba 100644 --- a/executor/executor_linux.h +++ b/executor/executor_linux.h @@ -59,13 +59,13 @@ static void os_init(int argc, char** argv, char* data, size_t data_size) // One observed case before: executor had a mapping above the data mapping (output region), // while C repros did not have that mapping above, as the result in one case VMA had next link, // while in the other it didn't and it caused a bug to not reproduce with the C repro. - void* got = mmap(data - SYZ_PAGE_SIZE, SYZ_PAGE_SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); + void* got = mmap(data - SYZ_PAGE_SIZE, SYZ_PAGE_SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE | MAP_FIXED_EXCLUSIVE, -1, 0); if (data - SYZ_PAGE_SIZE != got) failmsg("mmap of left data PROT_NONE page failed", "want %p, got %p", data - SYZ_PAGE_SIZE, got); - got = mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); + got = mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED_EXCLUSIVE, -1, 0); if (data != got) failmsg("mmap of data segment failed", "want %p, got %p", data, got); - got = mmap(data + data_size, SYZ_PAGE_SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); + got = mmap(data + data_size, SYZ_PAGE_SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE | MAP_FIXED_EXCLUSIVE, -1, 0); if (data + data_size != got) failmsg("mmap of right data PROT_NONE page failed", "want %p, got %p", data + data_size, got); |