executor: protect most of kcov region

We only write to the first page of kcov region. Protect the rest from the fuzzer.
author: Dmitry Vyukov <dvyukov@google.com> 2018-05-14 15:31:14 +0200
committer: Dmitry Vyukov <dvyukov@google.com> 2018-05-14 15:31:14 +0200
commit: 9467cacb1c3020e2a7ddd60b40dfbbf5a1733785 (patch)
tree: 776fe19506602db79f35ea98e363f0c859b5a49e /executor
parent: 364ad1502f0d9f4abcb42ab9ff5d5fbb84d9c576 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/executor/executor_linux.cc b/executor/executor_linux.cc
index 4b88946dd..2df74250c 100644
--- a/executor/executor_linux.cc
+++ b/executor/executor_linux.cc
@@ -144,11 +144,13 @@ void cover_open()
 		if (ioctl(th->cover_fd, kcov_init_trace, kCoverSize))
 			fail("cover init trace write failed");
 		size_t mmap_alloc_size = kCoverSize * (is_kernel_64_bit ? 8 : 4);
-		th->cover_data = (char*)mmap(NULL, mmap_alloc_size,
-					     PROT_READ | PROT_WRITE, MAP_SHARED, th->cover_fd, 0);
+		th->cover_data = (char*)mmap(NULL, mmap_alloc_size, PROT_READ, MAP_SHARED, th->cover_fd, 0);
 		th->cover_end = th->cover_data + mmap_alloc_size;
 		if (th->cover_data == MAP_FAILED)
 			fail("cover mmap failed");
+		// We only write to the first page, so protect the rest from fuzzer.
+		if (mprotect(th->cover_data, SYZ_PAGE_SIZE, PROT_READ | PROT_WRITE))
+			fail("cover mprotect failed");
 	}
 }
author	Dmitry Vyukov <dvyukov@google.com>	2018-05-14 15:31:14 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	2018-05-14 15:31:14 +0200
commit	9467cacb1c3020e2a7ddd60b40dfbbf5a1733785 (patch)
tree	776fe19506602db79f35ea98e363f0c859b5a49e /executor
parent	364ad1502f0d9f4abcb42ab9ff5d5fbb84d9c576 (diff)