diff options
| author | Necip Fazil Yildiran <necip@google.com> | 2020-07-29 07:36:25 +0000 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-07-29 13:44:49 +0200 |
| commit | cbca8e0f043495ea2332604d8ce066891710e861 (patch) | |
| tree | cf7eb1825cd4133c77d9ce8c4697190baa21b755 /sys/linux/io_uring.txt | |
| parent | a3d497bf6ccc7141b66ada4b01a05068a09b31c3 (diff) | |
executor: added syz_io_uring_setup to wrap both setup and mmap
It is hard for the fuzzer to generate correct programs using mmap calls
with fuzzer-provided mmap length. This wrapper ensures correct length
computation.
Diffstat (limited to 'sys/linux/io_uring.txt')
| -rw-r--r-- | sys/linux/io_uring.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/linux/io_uring.txt b/sys/linux/io_uring.txt index a2d384319..f4de4a0a9 100644 --- a/sys/linux/io_uring.txt +++ b/sys/linux/io_uring.txt @@ -16,6 +16,11 @@ resource ioring_personality_id[int16] define IORING_MAX_ENTRIES 32768 define IORING_MAX_CQ_ENTRIES (2 * IORING_MAX_ENTRIES) +# First does the setup calling io_uring_setup, than calls mmap to map the ring and +# the sqes. It is hard for the fuzzer to generate correct programs using mmap calls +# with fuzzer-provided mmap length. This wrapper ensures correct length computation. +syz_io_uring_setup(entries int32[1:IORING_MAX_ENTRIES], params ptr[inout, io_uring_params], addr_ring vma, addr_sqes vma, ring_ptr ptr[out, ring_ptr], sqes_ptr ptr[out, sqes_ptr]) fd_io_uring + io_uring_setup(entries int32[1:IORING_MAX_ENTRIES], params ptr[inout, io_uring_params]) fd_io_uring io_uring_enter(fd fd_io_uring, to_submit int32[0:IORING_MAX_ENTRIES], min_complete int32[0:IORING_MAX_CQ_ENTRIES], flags flags[io_uring_enter_flags], sigmask ptr[in, sigset_t], size len[sigmask]) io_uring_register$IORING_REGISTER_BUFFERS(fd fd_io_uring, opcode const[IORING_REGISTER_BUFFERS], arg ptr[in, array[iovec_out]], nr_args len[arg]) |