sys/linux: add syz_execute_func

The function executes random code. Update #310
author: Dmitry Vyukov <dvyukov@google.com> 2018-08-30 21:10:38 -0700
committer: Dmitry Vyukov <dvyukov@google.com> 2018-08-30 21:45:04 -0700
commit: a4718693a3d9fcabb02299b2ec07c19d8208c539 (patch)
tree: 4646830d734816c5d6ab7bd5f71338ce3f9b1b54 /sys/fuchsia
parent: 4239b99abbcccac9104facbf2b040a5af4ffe1b1 (diff)
5 files changed, 20 insertions, 12 deletions
diff --git a/sys/fuchsia/gen/amd64.go b/sys/fuchsia/gen/amd64.go
index d489c9238..421955818 100644
--- a/sys/fuchsia/gen/amd64.go
+++ b/sys/fuchsia/gen/amd64.go
@@ -1647,6 +1647,9 @@ var syscalls_amd64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 	}},
 	{Name: "sync", CallName: "sync"},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_future_time", CallName: "syz_future_time", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "when", TypeSize: 8}}, Kind: 2, RangeEnd: 1},
 	}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_time", FldName: "ret", TypeSize: 8, ArgDir: 1}}},
@@ -2571,8 +2574,8 @@ var syscalls_amd64 = []*Syscall{
 	{Name: "zx_process_start", CallName: "zx_process_start", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_process", FldName: "process", TypeSize: 4}},
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "thread", TypeSize: 4}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}},
 	}},
@@ -2643,8 +2646,8 @@ var syscalls_amd64 = []*Syscall{
 	}},
 	{Name: "zx_thread_start", CallName: "zx_thread_start", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "handle", TypeSize: 4}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}},
 	}},
@@ -2985,4 +2988,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "fuchsia_io_SeekOrigin_Start"},
 }
 
-const revision_amd64 = "2a5cb64c987696cb8bdf1d6d9561c04993cf3299"
+const revision_amd64 = "ee62749ce0e69fd29de1864a220e909a18613438"
diff --git a/sys/fuchsia/gen/arm64.go b/sys/fuchsia/gen/arm64.go
index 460544bab..e6eb6fdb6 100644
--- a/sys/fuchsia/gen/arm64.go
+++ b/sys/fuchsia/gen/arm64.go
@@ -1647,6 +1647,9 @@ var syscalls_arm64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 	}},
 	{Name: "sync", CallName: "sync"},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_future_time", CallName: "syz_future_time", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "when", TypeSize: 8}}, Kind: 2, RangeEnd: 1},
 	}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_time", FldName: "ret", TypeSize: 8, ArgDir: 1}}},
@@ -2571,8 +2574,8 @@ var syscalls_arm64 = []*Syscall{
 	{Name: "zx_process_start", CallName: "zx_process_start", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_process", FldName: "process", TypeSize: 4}},
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "thread", TypeSize: 4}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}},
 	}},
@@ -2643,8 +2646,8 @@ var syscalls_arm64 = []*Syscall{
 	}},
 	{Name: "zx_thread_start", CallName: "zx_thread_start", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "handle", TypeSize: 4}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}},
 	}},
@@ -2985,4 +2988,4 @@ var consts_arm64 = []ConstValue{
 	{Name: "fuchsia_io_SeekOrigin_Start"},
 }
 
-const revision_arm64 = "974ef513ae535d2b92308edd342169a59b596cd4"
+const revision_arm64 = "80d5b2ce01d8c9deca31efaa1a61da313eaa44e6"
diff --git a/sys/fuchsia/processes.txt b/sys/fuchsia/processes.txt
index c6f51c3d2..835edbb1e 100644
--- a/sys/fuchsia/processes.txt
+++ b/sys/fuchsia/processes.txt
@@ -6,7 +6,7 @@ include <zircon/syscalls.h>
 resource zx_process[zx_task]
 
 zx_process_create(job zx_job, name ptr[in, string], name_len len[name], options const[0], proc_handle ptr[out, zx_process], vmar_handle ptr[out, zx_vmar])
-zx_process_start(process zx_process, thread zx_thread, entry intptr, stack intptr, arg1 const[0], arg2 const[0])
+zx_process_start(process zx_process, thread zx_thread, entry ptr[in, text[target]], stack ptr[out, array[int8]], arg1 const[0], arg2 const[0])
 zx_process_read_memory(process zx_process, vaddr ptr[out, int8], buffer ptr[out, array[int8]], len len[buffer], actual ptr[out, intptr])
 # TODO: temporary disabled as it crashes kernel left and right.
 # zx_process_write_memory(process zx_process, vaddr ptr[out, int8], buffer ptr[in, array[int8]], len len[buffer], actual ptr[out, intptr])
diff --git a/sys/fuchsia/sys.txt b/sys/fuchsia/sys.txt
index 3ed323799..1fb885f03 100644
--- a/sys/fuchsia/sys.txt
+++ b/sys/fuchsia/sys.txt
@@ -6,6 +6,8 @@
 include <zircon/syscalls.h>
 include <ddk/driver.h>
 
+syz_execute_func(text ptr[in, text[target]])
+
 # Provided by sysroot (include/ddk/driver.h)
 resource zx_root_resource[zx_handle]
 get_root_resource() zx_root_resource
diff --git a/sys/fuchsia/threads.txt b/sys/fuchsia/threads.txt
index ef4831e03..7947703d9 100644
--- a/sys/fuchsia/threads.txt
+++ b/sys/fuchsia/threads.txt
@@ -7,7 +7,7 @@ include <zircon/syscalls/debug.h>
 resource zx_thread[zx_task]
 
 zx_thread_create(process zx_process, name ptr[in, string], name_len len[name], options const[0], out ptr[out, zx_thread])
-zx_thread_start(handle zx_thread, entry intptr, stack intptr, arg1 const[0], arg2 const[0])
+zx_thread_start(handle zx_thread, entry ptr[in, text[target]], stack ptr[out, array[int8]], arg1 const[0], arg2 const[0])
 zx_thread_exit()
 # Note: kind corresponds to ZX_THREAD_STATE_REGSET0..9 constants.
 zx_thread_read_state(handle zx_thread, kind int32[0:9], buffer ptr[out, array[int64]], len bytesize[buffer], actual ptr[out, int32])
author	Dmitry Vyukov <dvyukov@google.com>	2018-08-30 21:10:38 -0700
committer	Dmitry Vyukov <dvyukov@google.com>	2018-08-30 21:45:04 -0700
commit	a4718693a3d9fcabb02299b2ec07c19d8208c539 (patch)
tree	4646830d734816c5d6ab7bd5f71338ce3f9b1b54 /sys/fuchsia
parent	4239b99abbcccac9104facbf2b040a5af4ffe1b1 (diff)