sys/linux: prohibit SNAPSHOT_FREEZE

SNAPSHOT_FREEZE freezes all processes and leaves the machine dead.
author: Dmitry Vyukov <dvyukov@google.com> 2019-01-06 17:39:32 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2019-01-06 17:39:32 +0100
commit: ee332608e9ebc1d77675662fd8511ff94fd49acd (patch)
tree: ff65a4d4c8ce5e5f6760f598de11816f331ff390 /sys/linux
parent: 07e1c797765f68124859f864ae9ab6e86975a1a0 (diff)
12 files changed, 37 insertions, 6 deletions
diff --git a/sys/linux/gen/386.go b/sys/linux/gen/386.go
index f12231d23..56739d7fb 100644
--- a/sys/linux/gen/386.go
+++ b/sys/linux/gen/386.go
@@ -43589,6 +43589,8 @@ var consts_386 = []ConstValue{
 	{Name: "SIOCX25SENDCALLACCPT", Value: 35305},
 	{Name: "SIOCX25SFACILITIES", Value: 35299},
 	{Name: "SIOCX25SSUBSCRIP", Value: 35297},
+	{Name: "SNAPSHOT_FREEZE", Value: 13057},
+	{Name: "SNAPSHOT_UNFREEZE", Value: 13058},
 	{Name: "SNDCTL_TMR_CONTINUE", Value: 21508},
 	{Name: "SNDCTL_TMR_METRONOME", Value: 1074025479},
 	{Name: "SNDCTL_TMR_SELECT", Value: 1074025480},
@@ -46323,4 +46325,4 @@ var consts_386 = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_386 = "0b8b18153bf3e112969a92c18c6852dd3ec32aed"
+const revision_386 = "d0fd3fdd82a32728ac18d6bef467709633b2d170"
diff --git a/sys/linux/gen/amd64.go b/sys/linux/gen/amd64.go
index 31d8ddffc..bf5d9b1a6 100644
--- a/sys/linux/gen/amd64.go
+++ b/sys/linux/gen/amd64.go
@@ -44354,6 +44354,8 @@ var consts_amd64 = []ConstValue{
 	{Name: "SIOCX25SENDCALLACCPT", Value: 35305},
 	{Name: "SIOCX25SFACILITIES", Value: 35299},
 	{Name: "SIOCX25SSUBSCRIP", Value: 35297},
+	{Name: "SNAPSHOT_FREEZE", Value: 13057},
+	{Name: "SNAPSHOT_UNFREEZE", Value: 13058},
 	{Name: "SNDCTL_TMR_CONTINUE", Value: 21508},
 	{Name: "SNDCTL_TMR_METRONOME", Value: 1074025479},
 	{Name: "SNDCTL_TMR_SELECT", Value: 1074025480},
@@ -47113,4 +47115,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_amd64 = "74c8a46e8881784d3c05d2958991827edb812738"
+const revision_amd64 = "6a0daeb52f444a447e8a4e8b7d910beee162a429"
diff --git a/sys/linux/gen/arm.go b/sys/linux/gen/arm.go
index 468cf8b8e..afdf03e5d 100644
--- a/sys/linux/gen/arm.go
+++ b/sys/linux/gen/arm.go
@@ -43429,6 +43429,8 @@ var consts_arm = []ConstValue{
 	{Name: "SIOCX25SENDCALLACCPT", Value: 35305},
 	{Name: "SIOCX25SFACILITIES", Value: 35299},
 	{Name: "SIOCX25SSUBSCRIP", Value: 35297},
+	{Name: "SNAPSHOT_FREEZE", Value: 13057},
+	{Name: "SNAPSHOT_UNFREEZE", Value: 13058},
 	{Name: "SNDCTL_TMR_CONTINUE", Value: 21508},
 	{Name: "SNDCTL_TMR_METRONOME", Value: 1074025479},
 	{Name: "SNDCTL_TMR_SELECT", Value: 1074025480},
@@ -46162,4 +46164,4 @@ var consts_arm = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_arm = "efd63d806626af202831392e272313cd8a6ed149"
+const revision_arm = "ec20c4b8448d2c8d137faa2b8241fe2a3352b197"
diff --git a/sys/linux/gen/arm64.go b/sys/linux/gen/arm64.go
index 1b15d9637..61cc06a02 100644
--- a/sys/linux/gen/arm64.go
+++ b/sys/linux/gen/arm64.go
@@ -43753,6 +43753,8 @@ var consts_arm64 = []ConstValue{
 	{Name: "SIOCX25SENDCALLACCPT", Value: 35305},
 	{Name: "SIOCX25SFACILITIES", Value: 35299},
 	{Name: "SIOCX25SSUBSCRIP", Value: 35297},
+	{Name: "SNAPSHOT_FREEZE", Value: 13057},
+	{Name: "SNAPSHOT_UNFREEZE", Value: 13058},
 	{Name: "SNDCTL_TMR_CONTINUE", Value: 21508},
 	{Name: "SNDCTL_TMR_METRONOME", Value: 1074025479},
 	{Name: "SNDCTL_TMR_SELECT", Value: 1074025480},
@@ -46471,4 +46473,4 @@ var consts_arm64 = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_arm64 = "d5ff510b64488e830d28225ecbb0f39f6c91fb4a"
+const revision_arm64 = "16500cf53c6e5300b353f1273d744bb95e971efd"
diff --git a/sys/linux/gen/ppc64le.go b/sys/linux/gen/ppc64le.go
index 21b3432c0..5d9f95818 100644
--- a/sys/linux/gen/ppc64le.go
+++ b/sys/linux/gen/ppc64le.go
@@ -42054,6 +42054,8 @@ var consts_ppc64le = []ConstValue{
 	{Name: "SIOCX25SENDCALLACCPT", Value: 35305},
 	{Name: "SIOCX25SFACILITIES", Value: 35299},
 	{Name: "SIOCX25SSUBSCRIP", Value: 35297},
+	{Name: "SNAPSHOT_FREEZE", Value: 536883969},
+	{Name: "SNAPSHOT_UNFREEZE", Value: 536883970},
 	{Name: "SNDCTL_TMR_CONTINUE", Value: 536892420},
 	{Name: "SNDCTL_TMR_METRONOME", Value: 2147767303},
 	{Name: "SNDCTL_TMR_SELECT", Value: 2147767304},
@@ -43829,4 +43831,4 @@ var consts_ppc64le = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_ppc64le = "2fdcd443045495b8b9a58f75296652d86530db67"
+const revision_ppc64le = "f8640e48ef6a1bdd4d952bf06085fe942c32389b"
diff --git a/sys/linux/init.go b/sys/linux/init.go
index ce317e626..c5e4c810c 100644
--- a/sys/linux/init.go
+++ b/sys/linux/init.go
@@ -21,6 +21,8 @@ func InitTarget(target *prog.Target) {
 		SYSLOG_ACTION_SIZE_UNREAD: target.GetConst("SYSLOG_ACTION_SIZE_UNREAD"),
 		FIFREEZE:                  target.GetConst("FIFREEZE"),
 		FITHAW:                    target.GetConst("FITHAW"),
+		SNAPSHOT_FREEZE:           target.GetConst("SNAPSHOT_FREEZE"),
+		SNAPSHOT_UNFREEZE:         target.GetConst("SNAPSHOT_UNFREEZE"),
 		EXT4_IOC_SHUTDOWN:         target.GetConst("EXT4_IOC_SHUTDOWN"),
 		EXT4_IOC_MIGRATE:          target.GetConst("EXT4_IOC_MIGRATE"),
 		FAN_OPEN_PERM:             target.GetConst("FAN_OPEN_PERM"),
@@ -104,6 +106,8 @@ type arch struct {
 	SYSLOG_ACTION_SIZE_UNREAD uint64
 	FIFREEZE                  uint64
 	FITHAW                    uint64
+	SNAPSHOT_FREEZE           uint64
+	SNAPSHOT_UNFREEZE         uint64
 	EXT4_IOC_SHUTDOWN         uint64
 	EXT4_IOC_MIGRATE          uint64
 	FAN_OPEN_PERM             uint64
@@ -146,6 +150,10 @@ func (arch *arch) sanitizeCall(c *prog.Call) {
 		if uint64(uint32(cmd.Val)) == arch.FIFREEZE {
 			cmd.Val = arch.FITHAW
 		}
+		// SNAPSHOT_FREEZE freezes all processes and leaves the machine dead.
+		if uint64(uint32(cmd.Val)) == arch.SNAPSHOT_FREEZE {
+			cmd.Val = arch.SNAPSHOT_UNFREEZE
+		}
 		// EXT4_IOC_SHUTDOWN on root fs effectively brings the machine down in weird ways.
 		// Fortunately, the value does not conflict with any other ioctl commands for now.
 		if uint64(uint32(cmd.Val)) == arch.EXT4_IOC_SHUTDOWN {
diff --git a/sys/linux/sys.txt b/sys/linux/sys.txt
index 8b675517b..2deeedae6 100644
--- a/sys/linux/sys.txt
+++ b/sys/linux/sys.txt
@@ -53,6 +53,7 @@ include <linux/membarrier.h>
 include <uapi/linux/kcov.h>
 include <uapi/linux/membarrier.h>
 include <uapi/linux/capability.h>
+include <uapi/linux/suspend_ioctls.h>
 
 resource fd[int32]: -1, AT_FDCWD
 resource fd_dir[fd]
@@ -472,7 +473,6 @@ syz_open_dev$media(dev ptr[in, string["/dev/media#"]], id intptr, flags flags[op
 openat$null(fd const[AT_FDCWD], file ptr[in, string["/dev/null"]], flags flags[open_flags], mode const[0]) fd
 openat$zero(fd const[AT_FDCWD], file ptr[in, string["/dev/zero"]], flags flags[open_flags], mode const[0]) fd
 openat$full(fd const[AT_FDCWD], file ptr[in, string["/dev/full"]], flags flags[open_flags], mode const[0]) fd
-openat$snapshot(fd const[AT_FDCWD], file ptr[in, string["/dev/snapshot"]], flags flags[open_flags], mode const[0]) fd
 openat$vga_arbiter(fd const[AT_FDCWD], file ptr[in, string["/dev/vga_arbiter"]], flags flags[open_flags], mode const[0]) fd
 openat$rtc(fd const[AT_FDCWD], file ptr[in, string["/dev/rtc0"]], flags flags[open_flags], mode const[0]) fd
 openat$rfkill(fd const[AT_FDCWD], file ptr[in, string["/dev/rfkill"]], flags flags[open_flags], mode const[0]) fd
@@ -503,6 +503,9 @@ openat$btrfs_control(fd const[AT_FDCWD], file ptr[in, string["/dev/btrfs-control
 openat$ubi_ctrl(fd const[AT_FDCWD], file ptr[in, string["/dev/ubi_ctrl"]], flags flags[open_flags], mode const[0]) fd
 openat$cachefiles(fd const[AT_FDCWD], file ptr[in, string["/dev/cachefiles"]], flags flags[open_flags], mode const[0]) fd
 
+openat$snapshot(fd const[AT_FDCWD], file ptr[in, string["/dev/snapshot"]], flags flags[open_flags], mode const[0]) fd
+_ = SNAPSHOT_FREEZE, SNAPSHOT_UNFREEZE
+
 pipefd {
 	rfd	fd
 	wfd	fd
diff --git a/sys/linux/sys_386.const b/sys/linux/sys_386.const
index 32580b5ae..bffec1278 100644
--- a/sys/linux/sys_386.const
+++ b/sys/linux/sys_386.const
@@ -503,6 +503,8 @@ SIGINFO_SIZE = 128
 SIG_BLOCK = 0
 SIG_SETMASK = 2
 SIG_UNBLOCK = 1
+SNAPSHOT_FREEZE = 13057
+SNAPSHOT_UNFREEZE = 13058
 SPLICE_F_GIFT = 8
 SPLICE_F_MORE = 4
 SPLICE_F_MOVE = 1
diff --git a/sys/linux/sys_amd64.const b/sys/linux/sys_amd64.const
index de7ef1836..a85e52ddb 100644
--- a/sys/linux/sys_amd64.const
+++ b/sys/linux/sys_amd64.const
@@ -503,6 +503,8 @@ SIGINFO_SIZE = 128
 SIG_BLOCK = 0
 SIG_SETMASK = 2
 SIG_UNBLOCK = 1
+SNAPSHOT_FREEZE = 13057
+SNAPSHOT_UNFREEZE = 13058
 SPLICE_F_GIFT = 8
 SPLICE_F_MORE = 4
 SPLICE_F_MOVE = 1
diff --git a/sys/linux/sys_arm.const b/sys/linux/sys_arm.const
index 772ee250a..0fafba993 100644
--- a/sys/linux/sys_arm.const
+++ b/sys/linux/sys_arm.const
@@ -503,6 +503,8 @@ SIGINFO_SIZE = 128
 SIG_BLOCK = 0
 SIG_SETMASK = 2
 SIG_UNBLOCK = 1
+SNAPSHOT_FREEZE = 13057
+SNAPSHOT_UNFREEZE = 13058
 SPLICE_F_GIFT = 8
 SPLICE_F_MORE = 4
 SPLICE_F_MOVE = 1
diff --git a/sys/linux/sys_arm64.const b/sys/linux/sys_arm64.const
index 15c043fa2..41966fc33 100644
--- a/sys/linux/sys_arm64.const
+++ b/sys/linux/sys_arm64.const
@@ -503,6 +503,8 @@ SIGINFO_SIZE = 128
 SIG_BLOCK = 0
 SIG_SETMASK = 2
 SIG_UNBLOCK = 1
+SNAPSHOT_FREEZE = 13057
+SNAPSHOT_UNFREEZE = 13058
 SPLICE_F_GIFT = 8
 SPLICE_F_MORE = 4
 SPLICE_F_MOVE = 1
diff --git a/sys/linux/sys_ppc64le.const b/sys/linux/sys_ppc64le.const
index 87320a69d..ef8a126b6 100644
--- a/sys/linux/sys_ppc64le.const
+++ b/sys/linux/sys_ppc64le.const
@@ -503,6 +503,8 @@ SIGINFO_SIZE = 128
 SIG_BLOCK = 0
 SIG_SETMASK = 2
 SIG_UNBLOCK = 1
+SNAPSHOT_FREEZE = 536883969
+SNAPSHOT_UNFREEZE = 536883970
 SPLICE_F_GIFT = 8
 SPLICE_F_MORE = 4
 SPLICE_F_MOVE = 1
author	Dmitry Vyukov <dvyukov@google.com>	2019-01-06 17:39:32 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2019-01-06 17:39:32 +0100
commit	ee332608e9ebc1d77675662fd8511ff94fd49acd (patch)
tree	ff65a4d4c8ce5e5f6760f598de11816f331ff390 /sys/linux
parent	07e1c797765f68124859f864ae9ab6e86975a1a0 (diff)