diff options
| author | Dylan Yudaken <dyudaken@gmail.com> | 2023-07-25 20:34:02 +0100 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2023-07-30 13:35:50 +0000 |
| commit | 84487a6f58dad25a72c356bd8a8ba455a87ae663 (patch) | |
| tree | 560f827e12c98e0cc17412b3a869f56319622bb7 /pkg/csource | |
| parent | 458a107b4b78803973245909f1f3ab19081ca63b (diff) | |
sys/io_uring, executor/common_linux: remove sqes_index in syz_io_uring_submit
This parameter barely increases coverage since the tail is always set
to the entry that is written, but it does increase the complexity of
the api and seems to reduce coverage when I run it locally.
Remove it.
Diffstat (limited to 'pkg/csource')
| -rw-r--r-- | pkg/csource/generated.go | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index 019cd1582..8399a441a 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -4463,6 +4463,10 @@ static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long uint32 sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(0, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE, fd_io_uring, IORING_OFF_SQES); + uint32* array = (uint32*)((uintptr_t)*ring_ptr_out + setup_params->sq_off.array); + for (uint32 index = 0; index < entries; index++) + array[index] = index; + return fd_io_uring; } @@ -4470,26 +4474,19 @@ static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long #if SYZ_EXECUTOR || __NR_syz_io_uring_submit -static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) +static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; + char* sqe = (char*)a2; - uint32 sqes_index = (uint32)a3; - - uint32 sq_ring_entries = *(uint32*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); - uint32 cq_ring_entries = *(uint32*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); - uint32 sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; - if (sq_ring_entries) - sqes_index %= sq_ring_entries; - char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; - memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); + uint32 sq_ring_mask = *(uint32*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32* sq_tail_ptr = (uint32*)(ring_ptr + SQ_TAIL_OFFSET); uint32 sq_tail = *sq_tail_ptr & sq_ring_mask; + char* sqe_dest = sqes_ptr + sq_tail * SIZEOF_IO_URING_SQE; + memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32 sq_tail_next = *sq_tail_ptr + 1; - uint32* sq_array = (uint32*)(ring_ptr + sq_array_off); - *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } |