sys/linux/fs_fuse.txt: define FUSE request id as a resource

Currently fuse_in.unique and fuse_out.unique are not linked by any
dependency chain. This causes the majority of the replies to the kernel
to be dropped because not referring to a previously sent request.
By defining them as a resource, we push the fuzzer in the right
direction (i.e., try to respond using a previously issued unique value).
The read syscall has been updated accordingly, it now expects and parses
a fuse_in header and some additional data.

4 files changed, 21 insertions, 8 deletions

diff --git a/sys/linux/dev_usbmon.txt.const b/sys/linux/dev_usbmon.txt.const
index fb350394f..25225841c 100644
--- a/sys/linux/dev_usbmon.txt.const
+++ b/sys/linux/dev_usbmon.txt.const
@@ -1,8 +1,8 @@
 # Code generated by syz-sysgen. DO NOT EDIT.
 arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x
-BUFF_MAX = 1228800
-BUFF_MIN = 8192
-CHUNK_SIZE = 4096
+BUFF_MAX = 1228800, ppc64le:1245184
+BUFF_MIN = 8192, ppc64le:65536
+CHUNK_SIZE = 4096, ppc64le:65536
 MON_IOCG_STATS = 2148045315, mips64le:ppc64le:1074303491
 MON_IOCH_MFLUSH = 37384, mips64le:ppc64le:536908296
 MON_IOCQ_RING_SIZE = 37381, mips64le:ppc64le:536908293
@@ -12,7 +12,7 @@ MON_IOCX_GET = 1075352070, 386:arm:1074565638, mips64le:ppc64le:2149093894
 MON_IOCX_GETX = 1075352074, 386:arm:1074565642, mips64le:ppc64le:2149093898
 MON_IOCX_MFETCH = 3222311431, 386:arm:3222049287
 MON_IOC_MAGIC = 146
-PAGE_SIZE = 4096
+PAGE_SIZE = 4096, ppc64le:65536
 SETUP_LEN = 8
 __NR_ioctl = 54, amd64:16, arm64:riscv64:29, mips64le:5015
 __NR_mmap = 90, 386:arm:192, amd64:9, arm64:riscv64:222, mips64le:5009
diff --git a/sys/linux/fs_fuse.txt b/sys/linux/fs_fuse.txt
index c2bccccdd..856f3b7cd 100644
--- a/sys/linux/fs_fuse.txt
+++ b/sys/linux/fs_fuse.txt
@@ -6,14 +6,16 @@ include <linux/stat.h>
 include <uapi/linux/fuse.h>
 include <uapi/linux/fcntl.h>
 
+resource fuse_unique[int64]
 resource fd_fuse[fd]
 
 openat$fuse(fd const[AT_FDCWD], file ptr[in, string["/dev/fuse"]], flags const[O_RDWR], mode const[0]) fd_fuse
 openat$cuse(fd const[AT_FDCWD], file ptr[in, string["/dev/cuse"]], flags const[O_RDWR], mode const[0]) fd_fuse
 ioctl$FUSE_DEV_IOC_CLONE(fd fd_fuse, cmd const[FUSE_DEV_IOC_CLONE], arg ptr[in, fd_fuse])
-read$FUSE(fd fd_fuse, buf ptr[out, array[int8, 4096]], len len[buf])
 
 mount$fuse(src const[0], dst ptr[in, filename], type ptr[in, string["fuse"]], flags flags[mount_flags], opts ptr[in, fuse_options])
+type read_buffer array[int8, FUSE_MIN_READ_BUFFER]
+read$FUSE(fd fd_fuse, buf ptr[out, fuse_in[read_buffer]], len len[buf])
 mount$fuseblk(src ptr[in, string["/dev/loop0"]], dst ptr[in, filename], type ptr[in, string["fuseblk"]], flags flags[mount_flags], opts ptr[in, fuse_options])
 
 write$FUSE_INTERRUPT(fd fd_fuse, arg ptr[in, fuse_out[void]], len bytesize[arg])
@@ -41,7 +43,6 @@ write$FUSE_NOTIFY_DELETE(fd fd_fuse, arg ptr[in, fuse_notify[FUSE_NOTIFY_DELETE,
 
 type fuse_ino int64[0:6]
 type fuse_gen int64[0:3]
-type fuse_unique int64[1:8]
 
 type fuse_notify[MSG, PAYLOAD] {
 	len	len[parent, int32]
@@ -50,6 +51,17 @@ type fuse_notify[MSG, PAYLOAD] {
 	payload	PAYLOAD
 } [packed]
 
+type fuse_in[PAYLOAD] {
+	len	len[parent, int32]
+	opcode	int32
+	unique	fuse_unique
+	uid	uid
+	gid	gid
+	pid	pid
+	padding	int32
+	payload	PAYLOAD
+} [packed]
+
 type fuse_out[PAYLOAD] {
 	len	len[parent, int32]
 	err	flags[fuse_errors, int32]
diff --git a/sys/linux/fs_fuse.txt.const b/sys/linux/fs_fuse.txt.const
index 408de1c12..13044a2de 100644
--- a/sys/linux/fs_fuse.txt.const
+++ b/sys/linux/fs_fuse.txt.const
@@ -26,6 +26,7 @@ FUSE_IOCTL_RETRY = 4
 FUSE_KERNEL_MINOR_VERSION = 31
 FUSE_KERNEL_VERSION = 7
 FUSE_MAX_PAGES = 4194304
+FUSE_MIN_READ_BUFFER = 8192
 FUSE_NOTIFY_DELETE = 6
 FUSE_NOTIFY_INVAL_ENTRY = 3
 FUSE_NOTIFY_INVAL_INODE = 2
diff --git a/sys/linux/test/fuse_deadlock b/sys/linux/test/fuse_deadlock
index b83a94056..2b41b1e15 100644
--- a/sys/linux/test/fuse_deadlock
+++ b/sys/linux/test/fuse_deadlock
@@ -4,8 +4,8 @@
 mkdirat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x0)
 r0 = openat$fuse(0xffffffffffffff9c, &AUTO='/dev/fuse\x00', 0x2, 0x0)
 mount$fuse(0x0, &AUTO='./file0\x00', &AUTO='fuse\x00', 0x0, &AUTO={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0x0}, 0x2c, {'group_id', 0x3d, 0x0}, 0x2c, {[], [], 0x0}})
-read$FUSE(r0, &AUTO=""/4096, AUTO)
+read$FUSE(r0, &AUTO={AUTO, 0x0, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, ""/8192}, AUTO)
 pread64(r0, &AUTO=""/236, AUTO, 0x0) # blocked
-write$FUSE_INIT(r0, &AUTO={AUTO, 0x0, 0x1, {AUTO, AUTO, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, AUTO)
+write$FUSE_INIT(r0, &AUTO={AUTO, 0x0, r1, {AUTO, AUTO, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, AUTO)
 mkdirat(0xffffffffffffff9c, &AUTO='./file0/file0\x00', 0x0) # unfinished
 write$FUSE_NOTIFY_INVAL_ENTRY(r0, &AUTO={AUTO, 0x3, 0x0, {0x1, AUTO, 0x0, 'group_id', 0x0}}, AUTO) # unfinished