sys/linux: add support for reading partition tables

author: Dmitry Vyukov <dvyukov@google.com> 2018-04-01 18:29:56 +0200
committer: Dmitry Vyukov <dvyukov@google.com> 2018-04-01 18:29:56 +0200
commit: 99e3b0a7e8b3ba990fd3ff3e7d10cbd92b957b14 (patch)
tree: 8d907471cc6c69ab35516a80aea3975e759129b9 /executor
parent: 185ac3525e708353d3cae302277225aec1fde165 (diff)
2 files changed, 110 insertions, 13 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h
index ef4c5ce1a..15e82961c 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -134,7 +134,7 @@
 #if defined(SYZ_EXECUTOR) || defined(SYZ_ENABLE_CGROUPS)
 #include <sys/mount.h>
 #endif
-#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image)
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/loop.h>
@@ -802,7 +802,7 @@ static uintptr_t syz_genetlink_get_family_id(uintptr_t name)
 }
 #endif
 
-#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image)
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
 extern unsigned long long procid;
 
 struct fs_image_segment {
@@ -825,7 +825,99 @@ struct fs_image_segment {
 #elif defined(__ppc64__) || defined(__PPC64__) || defined(__powerpc64__)
 #define SYZ_memfd_create 360
 #endif
+#endif
+
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_read_part_table)
+// syz_read_part_table(size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]])
+static uintptr_t syz_read_part_table(uintptr_t size, uintptr_t nsegs, uintptr_t segments)
+{
+	char loopname[64], linkname[64];
+	int loopfd, err = 0, res = -1;
+	uintptr_t i, j;
+	// See the comment in syz_mount_image.
+	struct fs_image_segment* segs = (struct fs_image_segment*)segments;
 
+	if (nsegs > IMAGE_MAX_SEGMENTS)
+		nsegs = IMAGE_MAX_SEGMENTS;
+	for (i = 0; i < nsegs; i++) {
+		if (segs[i].size > IMAGE_MAX_SIZE)
+			segs[i].size = IMAGE_MAX_SIZE;
+		segs[i].offset %= IMAGE_MAX_SIZE;
+		if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size)
+			segs[i].offset = IMAGE_MAX_SIZE - segs[i].size;
+		if (size < segs[i].offset + segs[i].offset)
+			size = segs[i].offset + segs[i].offset;
+	}
+	if (size > IMAGE_MAX_SIZE)
+		size = IMAGE_MAX_SIZE;
+	int memfd = syscall(SYZ_memfd_create, "syz_read_part_table", 0);
+	if (memfd == -1) {
+		err = errno;
+		goto error;
+	}
+	if (ftruncate(memfd, size)) {
+		err = errno;
+		goto error_close_memfd;
+	}
+	for (i = 0; i < nsegs; i++) {
+		if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) {
+			debug("syz_read_part_table: pwrite[%u] failed: %d\n", (int)i, errno);
+		}
+	}
+	snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
+	loopfd = open(loopname, O_RDWR);
+	if (loopfd == -1) {
+		err = errno;
+		goto error_close_memfd;
+	}
+	if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
+		if (errno != EBUSY) {
+			err = errno;
+			goto error_close_loop;
+		}
+		ioctl(loopfd, LOOP_CLR_FD, 0);
+		usleep(1000);
+		if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
+			err = errno;
+			goto error_close_loop;
+		}
+	}
+	struct loop_info64 info;
+	if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) {
+		err = errno;
+		goto error_clear_loop;
+	}
+#if defined(SYZ_EXECUTOR)
+	cover_reset(0);
+#endif
+	info.lo_flags |= LO_FLAGS_PARTSCAN;
+	if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) {
+		err = errno;
+		goto error_clear_loop;
+	}
+	res = 0;
+	// If we managed to parse some partitions, symlink them into our work dir.
+	for (i = 1, j = 0; i < 8; i++) {
+		snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i);
+		struct stat statbuf;
+		if (stat(loopname, &statbuf) == 0) {
+			snprintf(linkname, sizeof(linkname), "./file%d", (int)j++);
+			symlink(loopname, linkname);
+		}
+	}
+error_clear_loop:
+	ioctl(loopfd, LOOP_CLR_FD, 0);
+error_close_loop:
+	close(loopfd);
+error_close_memfd:
+	close(memfd);
+error:
+	errno = err;
+	return res;
+}
+#endif
+
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image)
 //syz_mount_image(fs ptr[in, string[disk_filesystems]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[vfat_options]])
 //fs_image_segment {
 //	data	ptr[in, array[int8]]
@@ -1827,7 +1919,7 @@ static void loop()
 		if (mkdir(cwdbuf, 0777))
 			fail("failed to mkdir");
 #endif
-#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_fs) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
+#if defined(SYZ_EXECUTOR) || defined(__NR_syz_mount_image) || defined(__NR_syz_read_part_table)
 		char buf[64];
 		snprintf(buf, sizeof(buf), "/dev/loop%llu", procid);
 		int loopfd = open(buf, O_RDWR);
diff --git a/executor/syscalls_linux.h b/executor/syscalls_linux.h
index 4896bf3e5..3b76ab29f 100644
--- a/executor/syscalls_linux.h
+++ b/executor/syscalls_linux.h
@@ -2,11 +2,11 @@
 
 #if defined(__i386__) || 0
 #define GOARCH "386"
-#define SYZ_REVISION "7424a62ff2a634075d9352a6bf1ba14b9377cce8"
+#define SYZ_REVISION "95c0c5827460dd0db116e00429bad9d3fe5778de"
 #define SYZ_PAGE_SIZE 4096
 #define SYZ_NUM_PAGES 4096
 #define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1678;
+unsigned syscall_count = 1679;
 call_t syscalls[] = {
     {"accept4", 364},
     {"accept4$alg", 364},
@@ -1639,6 +1639,7 @@ call_t syscalls[] = {
     {"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
     {"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
     {"syz_open_pts", 0, (syscall_t)syz_open_pts},
+    {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
     {"tee", 315},
     {"tgkill", 270},
     {"time", 13},
@@ -1692,11 +1693,11 @@ call_t syscalls[] = {
 
 #if defined(__x86_64__) || 0
 #define GOARCH "amd64"
-#define SYZ_REVISION "f52cb963bdf72aed0f98688ac20cb16e40b3b2d3"
+#define SYZ_REVISION "14883eb285af454acfe15491ef6052eed4b8d77c"
 #define SYZ_PAGE_SIZE 4096
 #define SYZ_NUM_PAGES 4096
 #define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1730;
+unsigned syscall_count = 1731;
 call_t syscalls[] = {
     {"accept", 43},
     {"accept$alg", 43},
@@ -3381,6 +3382,7 @@ call_t syscalls[] = {
     {"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
     {"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
     {"syz_open_pts", 0, (syscall_t)syz_open_pts},
+    {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
     {"tee", 276},
     {"tgkill", 234},
     {"time", 201},
@@ -3434,11 +3436,11 @@ call_t syscalls[] = {
 
 #if defined(__arm__) || 0
 #define GOARCH "arm"
-#define SYZ_REVISION "3972faa5a8bbad692d1ecd42060d3a0876823259"
+#define SYZ_REVISION "f64917dfdea0e40f17c49a8c12080a688ebb9a4d"
 #define SYZ_PAGE_SIZE 4096
 #define SYZ_NUM_PAGES 4096
 #define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1675;
+unsigned syscall_count = 1676;
 call_t syscalls[] = {
     {"accept", 285},
     {"accept$alg", 285},
@@ -5070,6 +5072,7 @@ call_t syscalls[] = {
     {"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
     {"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
     {"syz_open_pts", 0, (syscall_t)syz_open_pts},
+    {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
     {"tee", 342},
     {"tgkill", 268},
     {"timer_create", 257},
@@ -5121,11 +5124,11 @@ call_t syscalls[] = {
 
 #if defined(__aarch64__) || 0
 #define GOARCH "arm64"
-#define SYZ_REVISION "527e225af73003b7222cbf51076b057e824248f6"
+#define SYZ_REVISION "6126db2a2079d8fe161c7d1e9c6179cf9a660b2d"
 #define SYZ_PAGE_SIZE 4096
 #define SYZ_NUM_PAGES 4096
 #define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1659;
+unsigned syscall_count = 1660;
 call_t syscalls[] = {
     {"accept", 202},
     {"accept$alg", 202},
@@ -6745,6 +6748,7 @@ call_t syscalls[] = {
     {"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
     {"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
     {"syz_open_pts", 0, (syscall_t)syz_open_pts},
+    {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
     {"tee", 77},
     {"tgkill", 131},
     {"timer_create", 107},
@@ -6792,11 +6796,11 @@ call_t syscalls[] = {
 
 #if defined(__ppc64__) || defined(__PPC64__) || defined(__powerpc64__) || 0
 #define GOARCH "ppc64le"
-#define SYZ_REVISION "40f069e17536ef2ffed3727cb6238f8ba8d003ef"
+#define SYZ_REVISION "f4f6f2409448b0704d85d908ec0968994157ae6a"
 #define SYZ_PAGE_SIZE 4096
 #define SYZ_NUM_PAGES 4096
 #define SYZ_DATA_OFFSET 536870912
-unsigned syscall_count = 1649;
+unsigned syscall_count = 1650;
 call_t syscalls[] = {
     {"accept", 330},
     {"accept$alg", 330},
@@ -8400,6 +8404,7 @@ call_t syscalls[] = {
     {"syz_open_dev$vcsn", 0, (syscall_t)syz_open_dev},
     {"syz_open_procfs", 0, (syscall_t)syz_open_procfs},
     {"syz_open_pts", 0, (syscall_t)syz_open_pts},
+    {"syz_read_part_table", 0, (syscall_t)syz_read_part_table},
     {"tee", 284},
     {"tgkill", 250},
     {"time", 13},
author	Dmitry Vyukov <dvyukov@google.com>	2018-04-01 18:29:56 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	2018-04-01 18:29:56 +0200
commit	99e3b0a7e8b3ba990fd3ff3e7d10cbd92b957b14 (patch)
tree	8d907471cc6c69ab35516a80aea3975e759129b9 /executor
parent	185ac3525e708353d3cae302277225aec1fde165 (diff)