executor: query globs in the test program context

We query globs for 2 reasons:
1. Expand glob types in syscall descriptions.
2. Dynamic file probing for automatic descriptions generation.

In both of these contexts are are interested in files
that will be present during test program execution
(rather than normal unsandboxed execution).
For example, some files may not be accessible to test programs
after pivot root. On the other hand, we create and link
some additional files for the test program that don't
normally exist.

Add a new request type for querying of globs that are
executed in the test program context.

2 files changed, 36 insertions, 3 deletions

diff --git a/tools/syz-diff/diff.go b/tools/syz-diff/diff.go
index a7609fb2a..3707867ae 100644
--- a/tools/syz-diff/diff.go
+++ b/tools/syz-diff/diff.go
@@ -310,8 +310,7 @@ func (kc *kernelContext) BugFrames() (leaks, races []string) {
 	return nil, nil
 }
 
-func (kc *kernelContext) MachineChecked(_ *flatrpc.InfoRequestRawT, features flatrpc.Feature,
-	syscalls map[*prog.Syscall]bool) queue.Source {
+func (kc *kernelContext) MachineChecked(features flatrpc.Feature, syscalls map[*prog.Syscall]bool) queue.Source {
 	if len(syscalls) == 0 {
 		log.Fatalf("all system calls are disabled")
 	}
diff --git a/tools/syz-execprog/execprog.go b/tools/syz-execprog/execprog.go
index 9d7f082ed..4ab808ad0 100644
--- a/tools/syz-execprog/execprog.go
+++ b/tools/syz-execprog/execprog.go
@@ -53,6 +53,7 @@ var (
 	flagDebug      = flag.Bool("debug", false, "debug output from executor")
 	flagSlowdown   = flag.Int("slowdown", 1, "execution slowdown caused by emulation/instrumentation")
 	flagUnsafe     = flag.Bool("unsafe", false, "use unsafe program deserialization mode")
+	flagGlob       = flag.String("glob", "", "run glob expansion request")
 
 	// The in the stress mode resembles simple unguided fuzzer.
 	// This mode can be used as an intermediate step when porting syzkaller to a new OS,
@@ -138,7 +139,7 @@ func main() {
 	}
 
 	progs := loadPrograms(target, flag.Args())
-	if !*flagStress && len(progs) == 0 {
+	if *flagGlob == "" && !*flagStress && len(progs) == 0 {
 		flag.Usage()
 		os.Exit(1)
 	}
@@ -147,6 +148,7 @@ func main() {
 		target:    target,
 		done:      done,
 		progs:     progs,
+		globs:     strings.Split(*flagGlob, ":"),
 		rs:        rand.NewSource(time.Now().UnixNano()),
 		coverFile: *flagCoverFile,
 		output:    *flagOutput,
@@ -191,6 +193,7 @@ type Context struct {
 	target      *prog.Target
 	done        func()
 	progs       []*prog.Prog
+	globs       []string
 	defaultOpts flatrpc.ExecOpts
 	choiceTable *prog.ChoiceTable
 	logMu       sync.Mutex
@@ -217,6 +220,18 @@ func (ctx *Context) machineChecked(features flatrpc.Feature, syscalls map[*prog.
 }
 
 func (ctx *Context) Next() *queue.Request {
+	if *flagGlob != "" {
+		idx := int(ctx.resultIndex.Add(1) - 1)
+		if idx >= len(ctx.globs) {
+			return nil
+		}
+		req := &queue.Request{
+			Type:        flatrpc.RequestTypeGlob,
+			GlobPattern: ctx.globs[idx],
+		}
+		req.OnDone(ctx.doneGlob)
+		return req
+	}
 	var p *prog.Prog
 	if ctx.stress {
 		p = ctx.createStressProg()
@@ -246,6 +261,25 @@ func (ctx *Context) Next() *queue.Request {
 	return req
 }
 
+func (ctx *Context) doneGlob(req *queue.Request, res *queue.Result) bool {
+	if res.Status == queue.Success {
+		files := res.GlobFiles()
+		ctx.logMu.Lock()
+		fmt.Printf("glob %q expanded to %v files\n", req.GlobPattern, len(files))
+		for _, file := range files {
+			fmt.Printf("\t%q\n", file)
+		}
+		ctx.logMu.Unlock()
+	} else {
+		fmt.Printf("request failed: %v (%v)\n%s\n", res.Status, res.Err, res.Output)
+	}
+	completed := int(ctx.completed.Add(1))
+	if completed >= len(ctx.globs) {
+		ctx.done()
+	}
+	return true
+}
+
 func (ctx *Context) Done(req *queue.Request, res *queue.Result) bool {
 	if res.Info != nil {
 		ctx.printCallResults(res.Info)