diff options
| author | Hrutvik Kanabar <hrutvik@google.com> | 2022-09-07 09:12:47 +0000 |
|---|---|---|
| committer | Aleksandr Nogikh <wp32pw@gmail.com> | 2022-09-13 17:27:56 +0200 |
| commit | 988628d10c15f7387c830d883a12a4b6f0fac901 (patch) | |
| tree | 11176befa1704fed71186c057df89bf9ac524bc5 /pkg/csource | |
| parent | df924ba40c5a88541acf63d6aa4ae561619a9745 (diff) | |
sys/linux, tools/syz-imagegen: allow `syz_mount_image` to change directory
Add a boolean argument to the `syz_mount_image` pseudo-syscall. When
this is true, `syz_mount_image` will change directory to the mountpoint
after mounting the image passed.
Experimentation suggests that to reproduce many non-`ext4` filesystem
bugs, it is sufficient to mount the filesystem within an `ext4`-based VM
and then change directory to the mountpoint before executing code.
This change aims to increase the probability that a mount operation will
be succeeded by the corresponding change in directory, and so increase
the probability of finding non-`ext4` bugs.
We also have to update the `syz-imagegen` tool. Now it generates seed
`syz_mount_image` calls with change of directory enabled. The previous
behaviour (i.e. no change of directory) will be recovered by use of
existing corpuses and fuzzing the change-of-directory argument.
The next commit will regenerate all `syz_mount_image` seeds.
Diffstat (limited to 'pkg/csource')
| -rw-r--r-- | pkg/csource/generated.go | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index e8f34b576..86a4b91d8 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -6285,7 +6285,7 @@ error_clear_loop: #include <stddef.h> #include <string.h> #include <sys/mount.h> -static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) +static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg, volatile long change_dir) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; @@ -6332,6 +6332,14 @@ static long syz_mount_image(volatile long fsarg, volatile long dir, volatile uns if (res == -1) { debug("syz_mount_image > open error: %d\n", errno); err = errno; + goto error_clear_loop; + } + if (change_dir) { + res = chdir(target); + if (res == -1) { + debug("syz_mount_image > chdir error: %d\n", errno); + err = errno; + } } error_clear_loop: |