executor: introduce syz_pidfd_open()

This kernel interface provides access to fds of other processes, which is readily abused by the fuzzer to mangle parent syz-executor fds. Pid=1 is the parent syz-executor process when PID namespace is created. Sanitize it in the new syz_pidfd_open() pseudo-syscall. We could not patch the argument in sys/linux/init.go because the first argument is a resource.
author: Aleksandr Nogikh <nogikh@google.com> 2023-12-18 11:58:39 +0100
committer: Aleksandr Nogikh <nogikh@google.com> 2023-12-19 00:16:19 +0000
commit: 3ad490ea48468e50fe91f6f6b2ca4cbc74d924bf (patch)
tree: d6960156ac4fcbeb908fbbbba79c8716d8e47172 /pkg/host
parent: 924661f4beda6a647079237cc843df44626fc44b (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/host/syscalls_linux.go b/pkg/host/syscalls_linux.go
index b1bcbfb8b..d59fe491b 100644
--- a/pkg/host/syscalls_linux.go
+++ b/pkg/host/syscalls_linux.go
@@ -327,6 +327,7 @@ var syzkallSupport = map[string]func(*prog.Syscall, *prog.Target, string) (bool,
 	"syz_clone3":                  alwaysSupported,
 	"syz_pkey_set":                isSyzPkeySetSupported,
 	"syz_socket_connect_nvme_tcp": isSyzSocketConnectNvmeTCPSupported,
+	"syz_pidfd_open":              alwaysSupported,
 }
 
 func isSupportedSyzkall(c *prog.Syscall, target *prog.Target, sandbox string) (bool, string) {
author	Aleksandr Nogikh <nogikh@google.com>	2023-12-18 11:58:39 +0100
committer	Aleksandr Nogikh <nogikh@google.com>	2023-12-19 00:16:19 +0000
commit	3ad490ea48468e50fe91f6f6b2ca4cbc74d924bf (patch)
tree	d6960156ac4fcbeb908fbbbba79c8716d8e47172 /pkg/host
parent	924661f4beda6a647079237cc843df44626fc44b (diff)