diff options
| author | Vikram Narayanan <vikram186@gmail.com> | 2021-10-27 00:52:34 -0700 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2021-11-18 14:32:23 +0100 |
| commit | 31a30fc092d1c25b565a00465f075408677e8c54 (patch) | |
| tree | f3f552eeb093c0a0663263f12824f3648bde5cf6 /sys/linux | |
| parent | 985076f2cce88f048e83459b99954a86a3f50cf5 (diff) | |
sys/linux: neutralize ioctl for /dev/msr
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/init.go | 14 | ||||
| -rw-r--r-- | sys/linux/init_test.go | 13 |
2 files changed, 25 insertions, 2 deletions
diff --git a/sys/linux/init.go b/sys/linux/init.go index 24d978381..88bfe919e 100644 --- a/sys/linux/init.go +++ b/sys/linux/init.go @@ -48,8 +48,10 @@ func InitTarget(target *prog.Target) { TIOCSSERIAL: target.GetConst("TIOCSSERIAL"), TIOCGSERIAL: target.GetConst("TIOCGSERIAL"), // These are not present on all arches. - ARCH_SET_FS: target.ConstMap["ARCH_SET_FS"], - ARCH_SET_GS: target.ConstMap["ARCH_SET_GS"], + ARCH_SET_FS: target.ConstMap["ARCH_SET_FS"], + ARCH_SET_GS: target.ConstMap["ARCH_SET_GS"], + X86_IOC_RDMSR_REGS: target.ConstMap["X86_IOC_RDMSR_REGS"], + X86_IOC_WRMSR_REGS: target.ConstMap["X86_IOC_WRMSR_REGS"], } target.MakeDataMmap = targets.MakePosixMmap(target, true, true) @@ -158,6 +160,8 @@ type arch struct { USB_MAJOR uint64 TIOCSSERIAL uint64 TIOCGSERIAL uint64 + X86_IOC_RDMSR_REGS uint64 + X86_IOC_WRMSR_REGS uint64 } func (arch *arch) neutralize(c *prog.Call) { @@ -284,6 +288,12 @@ func (arch *arch) neutralizeIoctl(c *prog.Call) { // and would be nice to test, if/when we can neutralize based on sandbox value // we could prohibit it only under sandbox=none. cmd.Val = arch.TIOCGSERIAL + case arch.X86_IOC_WRMSR_REGS: + // Enabling X86_IOC_WRMSR_REGS would cause havoc as it can write to any MSR registers + // and there are a lot of things that could go wrong. + // TODO: Ideally, it would be great if we can have a restricted set of inputs for this + // such that we can write values only from that set. + cmd.Val = arch.X86_IOC_RDMSR_REGS } } diff --git a/sys/linux/init_test.go b/sys/linux/init_test.go index 201ce762b..ed4cf03a1 100644 --- a/sys/linux/init_test.go +++ b/sys/linux/init_test.go @@ -132,5 +132,18 @@ syz_open_dev$tty1(0xc, 0x4, 0x4) syz_open_dev$tty1(0xc, 0x4, 0x1) `, }, + { + In: `syz_open_dev$MSR(0x0, 0x0, 0x0)`, + }, + { + In: ` +ioctl$X86_IOC_RDMSR_REGS(0xa, 0xc02063a0, 0x0) +ioctl$X86_IOC_RDMSR_REGS(0xa, 0xc02063a1, 0x0) +`, + Out: ` +ioctl$X86_IOC_RDMSR_REGS(0xa, 0xc02063a0, 0x0) +ioctl$X86_IOC_RDMSR_REGS(0xa, 0xc02063a0, 0x0) +`, + }, }) } |