diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2024-04-25 14:00:41 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-04-29 14:53:56 +0000 |
| commit | 88ec97282e185df0bdc0d760bcd5f0a2e4891362 (patch) | |
| tree | 95b6a8de04d1edcddd7526df75328c5da8c664df /pkg/host/syscalls.go | |
| parent | 337657e0d5b5c120b163c09fbcfc49ae5897cb39 (diff) | |
pkg/host: explicitly disable syz_execute_func
Disable the syscall in descriptions rather than in the code.
This makes it more visible for users that it's disabled,
and makes it less special (will not need to move this logic to host).
Also change the condition in syz-sysgen to be more precise,
otherwise syz_execute_func becomes unused function.
Diffstat (limited to 'pkg/host/syscalls.go')
| -rw-r--r-- | pkg/host/syscalls.go | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/pkg/host/syscalls.go b/pkg/host/syscalls.go index fd8acc4d1..cd49ded51 100644 --- a/pkg/host/syscalls.go +++ b/pkg/host/syscalls.go @@ -35,23 +35,6 @@ func DetectSupportedSyscalls(target *prog.Target, sandbox string, enabled map[*p case !enabled[c]: ok = false reason = "not in set of enabled calls" - case c.CallName == "syz_execute_func": - // syz_execute_func caused multiple problems: - // 1. First it lead to corpus explosion. The program used existing values in registers - // to pollute output area. We tried to zero registers (though, not reliably). - // 2. It lead to explosion again. The exact mechanics are unknown, here is one sample: - // syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4 - // 430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f44 - // 9f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464 - // 660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") - // 3. The code can also execute syscalls (and it is know to), but it's not subject to - // target.SanitizeCall. As the result it can do things that programs are not supposed to do. - // 4. Besides linux, corpus explosion also happens on freebsd and is clearly attributable - // to syz_execute_func based on corpus contents. Mechanics are also not known. - // It also did not cause finding of any new bugs (at least not that I know of). - // Let's disable it for now until we figure out how to resolve all these problems. - ok = false - reason = "always disabled for now" default: ok, reason = isSupported(c, target, sandbox) } |