sys/linux: add syz_execute_func

The function executes random code.

Update #310

4 files changed, 23 insertions, 5 deletions

diff --git a/pkg/compiler/types.go b/pkg/compiler/types.go
index f4452baee..777920f57 100644
--- a/pkg/compiler/types.go
+++ b/pkg/compiler/types.go
@@ -407,11 +407,13 @@ var typeText = &typeDesc{
 
 var typeArgTextType = &typeArg{
 	Kind:  kindIdent,
-	Names: []string{"x86_real", "x86_16", "x86_32", "x86_64", "arm64"},
+	Names: []string{"target", "x86_real", "x86_16", "x86_32", "x86_64", "arm64"},
 }
 
 func genTextType(t *ast.Type) prog.TextKind {
 	switch t.Ident {
+	case "target":
+		return prog.TextTarget
 	case "x86_real":
 		return prog.TextX86Real
 	case "x86_16":
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index 49fc2ffe8..714269f1a 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -349,6 +349,14 @@ static uint16 csum_inet_digest(struct csum_inet* csum)
 }
 #endif
 
+#if SYZ_EXECUTOR || __NR_syz_execute_func
+static long syz_execute_func(long text)
+{
+	((void (*)(void))(text))();
+	return 0;
+}
+#endif
+
 #if GOOS_akaros
 
 #include <ros/syscall.h>
@@ -712,13 +720,13 @@ static void event_set(event_t* ev)
 	if (ev->state)
 		fail("event already set");
 	__atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE);
-	syscall(SYS_futex, &ev->state, FUTEX_WAKE);
+	syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG);
 }
 
 static void event_wait(event_t* ev)
 {
 	while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
-		syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, 0);
+		syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0);
 }
 
 static int event_isset(event_t* ev)
@@ -735,7 +743,7 @@ static int event_timedwait(event_t* ev, uint64 timeout)
 		struct timespec ts;
 		ts.tv_sec = remain / 1000;
 		ts.tv_nsec = (remain % 1000) * 1000 * 1000;
-		syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, &ts);
+		syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts);
 		if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED))
 			return 1;
 		now = current_time_ms();
diff --git a/pkg/host/host.go b/pkg/host/host.go
index 6394dd4a0..d048b2ade 100644
--- a/pkg/host/host.go
+++ b/pkg/host/host.go
@@ -21,7 +21,13 @@ func DetectSupportedSyscalls(target *prog.Target, sandbox string) (
 		return supported, unsupported, nil
 	}
 	for _, c := range target.Syscalls {
-		ok, reason := isSupported(c, sandbox)
+		ok, reason := false, ""
+		switch c.CallName {
+		case "syz_execute_func":
+			ok = true
+		default:
+			ok, reason = isSupported(c, sandbox)
+		}
 		if ok {
 			supported[c] = true
 		} else {
diff --git a/pkg/host/host_linux.go b/pkg/host/host_linux.go
index dd3e146c4..3386113ee 100644
--- a/pkg/host/host_linux.go
+++ b/pkg/host/host_linux.go
@@ -205,6 +205,8 @@ func isSupportedSyzkall(sandbox string, c *prog.Syscall) (bool, string) {
 		return isSupportedFilesystem(fstype)
 	case "syz_read_part_table":
 		return onlySandboxNone(sandbox)
+	case "syz_execute_func":
+		return true, ""
 	}
 	panic("unknown syzkall: " + c.Name)
 }