diff options
| -rw-r--r-- | prog/minimization_test.go | 4 | ||||
| -rw-r--r-- | sys/linux/filesystem.txt | 104 | ||||
| -rw-r--r-- | sys/linux/filesystem.txt.const | 2 | ||||
| -rw-r--r-- | sys/linux/fs_fuse.txt | 2 | ||||
| -rw-r--r-- | tools/syz-imagegen/imagegen.go | 91 |
5 files changed, 70 insertions, 133 deletions
diff --git a/prog/minimization_test.go b/prog/minimization_test.go index 93ccdc7bb..bf67dc3e9 100644 --- a/prog/minimization_test.go +++ b/prog/minimization_test.go @@ -231,13 +231,13 @@ func TestMinimize(t *testing.T) { // Ensure `no_minimize` calls are untouched. { "linux", "amd64", - "syz_mount_image$ext4(&(0x7f0000000000)='ext4\\x00', &(0x7f0000000100)='./file0\\x00', 0x40000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)='test\\x00'/32, 0x20, 0x400}], 0x0, &(0x7f0000010020), 0x1)\n", + "syz_mount_image$ext4(&(0x7f0000000000)='ext4\\x00', &(0x7f0000000100)='./file0\\x00', 0x40000, 0x15, 0x0, &(0x7f0000010020), 0x1, &(0x7f0000000200)=\"$eJwqrqzKTszJSS0CBAAA//8TyQPi\")\n", 0, func(p *Prog, callIndex int) bool { // Anything is allowed except removing a call. return len(p.Calls) > 0 }, - "syz_mount_image$ext4(&(0x7f0000000000)='ext4\\x00', &(0x7f0000000100)='./file0\\x00', 0x40000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)='test\\x00'/32, 0x20, 0x400}], 0x0, &(0x7f0000010020), 0x1)\n", + "syz_mount_image$ext4(&(0x7f0000000000)='ext4\\x00', &(0x7f0000000100)='./file0\\x00', 0x40000, 0x15, 0x0, &(0x7f0000010020), 0x1, &(0x7f0000000200)=\"$eJwqrqzKTszJSS0CBAAA//8TyQPi\")\n", 0, }, } diff --git a/sys/linux/filesystem.txt b/sys/linux/filesystem.txt index 2c251e719..bf34faacc 100644 --- a/sys/linux/filesystem.txt +++ b/sys/linux/filesystem.txt @@ -86,65 +86,59 @@ loop_filename { z const[0, int8] } [packed] -syz_read_part_table(size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]]) - -define SYZ_MOUNT_IMAGE_TIMEOUT 50 - -syz_mount_image$vfat(fs ptr[in, string["vfat"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[vfat_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$msdos(fs ptr[in, string["msdos"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[msdos_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$bfs(fs ptr[in, string["bfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$xfs(fs ptr[in, string["xfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[xfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$minix(fs ptr[in, string["minix"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$reiserfs(fs ptr[in, string["reiserfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[reiserfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$hfs(fs ptr[in, string["hfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[hfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$hfsplus(fs ptr[in, string["hfsplus"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[hfsplus_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$iso9660(fs ptr[in, string["iso9660"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[iso9660_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$gfs2(fs ptr[in, string["gfs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[gfs2_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$jfs(fs ptr[in, string["jfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[jfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$btrfs(fs ptr[in, string["btrfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[btrfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ntfs(fs ptr[in, string["ntfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[ntfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ntfs3(fs ptr[in, string["ntfs3"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[ntfs3_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ext4(fs ptr[in, string[ext4_types]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[ext4_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$f2fs(fs ptr[in, string["f2fs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[f2fs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ocfs2(fs ptr[in, string["ocfs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$nfs(fs ptr[in, string["nfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$nfs4(fs ptr[in, string["nfs4"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$erofs(fs ptr[in, string["erofs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[erofs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$exfat(fs ptr[in, string["exfat"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[exfat_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$afs(fs ptr[in, string["afs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[afs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$cramfs(fs ptr[in, string["cramfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$romfs(fs ptr[in, string["romfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$zonefs(fs ptr[in, string["zonefs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[zonefs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$efs(fs ptr[in, string["efs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$jffs2(fs ptr[in, string["jffs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[jffs2_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$nilfs2(fs ptr[in, string["nilfs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[nilfs2_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ubifs(fs ptr[in, string["ubifs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[ubifs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$squashfs(fs ptr[in, string["squashfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$udf(fs ptr[in, string["udf"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[udf_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_read_part_table(size intptr, size_compressed len[img], img ptr[in, compressed_image]) (no_generate, no_minimize) + +define SYZ_MOUNT_IMAGE_TIMEOUT 4000 + +syz_mount_image$vfat(fs ptr[in, string["vfat"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[vfat_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$msdos(fs ptr[in, string["msdos"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[msdos_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$bfs(fs ptr[in, string["bfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$xfs(fs ptr[in, string["xfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[xfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$minix(fs ptr[in, string["minix"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$reiserfs(fs ptr[in, string["reiserfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[reiserfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$hfs(fs ptr[in, string["hfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[hfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$hfsplus(fs ptr[in, string["hfsplus"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[hfsplus_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$iso9660(fs ptr[in, string["iso9660"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[iso9660_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$gfs2(fs ptr[in, string["gfs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[gfs2_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$jfs(fs ptr[in, string["jfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[jfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$btrfs(fs ptr[in, string["btrfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[btrfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ntfs(fs ptr[in, string["ntfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[ntfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ntfs3(fs ptr[in, string["ntfs3"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[ntfs3_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ext4(fs ptr[in, string[ext4_types]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[ext4_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$f2fs(fs ptr[in, string["f2fs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[f2fs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ocfs2(fs ptr[in, string["ocfs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$nfs(fs ptr[in, string["nfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$nfs4(fs ptr[in, string["nfs4"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$erofs(fs ptr[in, string["erofs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[erofs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$exfat(fs ptr[in, string["exfat"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[exfat_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$afs(fs ptr[in, string["afs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[afs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$cramfs(fs ptr[in, string["cramfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$romfs(fs ptr[in, string["romfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$zonefs(fs ptr[in, string["zonefs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[zonefs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$efs(fs ptr[in, string["efs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$jffs2(fs ptr[in, string["jffs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[jffs2_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$nilfs2(fs ptr[in, string["nilfs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[nilfs2_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ubifs(fs ptr[in, string["ubifs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[ubifs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$squashfs(fs ptr[in, string["squashfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$udf(fs ptr[in, string["udf"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[udf_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) # TODO: add mount options for the following file systems. -syz_mount_image$adfs(fs ptr[in, string["adfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$affs(fs ptr[in, string["affs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$pvfs2(fs ptr[in, string["pvfs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$befs(fs ptr[in, string["befs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$vxfs(fs ptr[in, string["vxfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$omfs(fs ptr[in, string["omfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$hpfs(fs ptr[in, string["hpfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$qnx4(fs ptr[in, string["qnx4"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$qnx6(fs ptr[in, string["qnx6"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$sysv(fs ptr[in, string["sysv"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ufs(fs ptr[in, string["ufs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$gfs2meta(fs ptr[in, string["gfs2meta"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$v7(fs ptr[in, string["v7"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$adfs(fs ptr[in, string["adfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$affs(fs ptr[in, string["affs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$pvfs2(fs ptr[in, string["pvfs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$befs(fs ptr[in, string["befs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$vxfs(fs ptr[in, string["vxfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$omfs(fs ptr[in, string["omfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$hpfs(fs ptr[in, string["hpfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$qnx4(fs ptr[in, string["qnx4"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$qnx6(fs ptr[in, string["qnx6"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$sysv(fs ptr[in, string["sysv"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ufs(fs ptr[in, string["ufs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$gfs2meta(fs ptr[in, string["gfs2meta"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$v7(fs ptr[in, string["v7"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) # Note: tmpfs does not need an image, but we use this in tests. -syz_mount_image$tmpfs(fs ptr[in, string["tmpfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[tmpfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) - -fs_image_segment { - data ptr[in, array[int8]] - size len[data, intptr] - offset intptr -} +syz_mount_image$tmpfs(fs ptr[in, string["tmpfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[tmpfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) type fs_options[ELEMS] { elems array[fs_opt_elem[ELEMS]] diff --git a/sys/linux/filesystem.txt.const b/sys/linux/filesystem.txt.const index f6cbdb675..aae530c7e 100644 --- a/sys/linux/filesystem.txt.const +++ b/sys/linux/filesystem.txt.const @@ -56,7 +56,7 @@ MS_SYNCHRONOUS = 16 MS_UNBINDABLE = 131072 OPEN_TREE_CLOEXEC = 524288 OPEN_TREE_CLONE = 1 -SYZ_MOUNT_IMAGE_TIMEOUT = 50 +SYZ_MOUNT_IMAGE_TIMEOUT = 4000 UMOUNT_NOFOLLOW = 8 __NR_fsconfig = 431, mips64le:5431 __NR_fsmount = 432, mips64le:5432 diff --git a/sys/linux/fs_fuse.txt b/sys/linux/fs_fuse.txt index f7d78c1c3..3f209988d 100644 --- a/sys/linux/fs_fuse.txt +++ b/sys/linux/fs_fuse.txt @@ -41,7 +41,7 @@ write$FUSE_NOTIFY_STORE(fd fd_fuse, arg ptr[in, fuse_notify[FUSE_NOTIFY_STORE, f write$FUSE_NOTIFY_RETRIEVE(fd fd_fuse, arg ptr[in, fuse_notify[FUSE_NOTIFY_RETRIEVE, fuse_notify_retrieve_out]], len bytesize[arg]) write$FUSE_NOTIFY_DELETE(fd fd_fuse, arg ptr[in, fuse_notify[FUSE_NOTIFY_DELETE, fuse_notify_delete_out]], len bytesize[arg]) -syz_mount_image$fuse(fs ptr[in, string["fuse"]], dir ptr[in, filename], size const[0], nsegs const[0], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fuse_options], chdir bool8) fd_dir (no_generate, no_minimize) +syz_mount_image$fuse(fs ptr[in, string["fuse"]], dir ptr[in, filename], size const[0], size_compressed const[0], flags flags[mount_flags], opts ptr[in, fuse_options], chdir bool8, img ptr[in, compressed_image]) fd_dir (no_generate, no_minimize) syz_fuse_handle_req(fd fd_fuse, buf ptr[in, read_buffer], len bytesize[buf], res ptr[in, syz_fuse_req_out]) type fuse_ino int64[0:6] diff --git a/tools/syz-imagegen/imagegen.go b/tools/syz-imagegen/imagegen.go index 5f120b29d..367e7d8b0 100644 --- a/tools/syz-imagegen/imagegen.go +++ b/tools/syz-imagegen/imagegen.go @@ -14,7 +14,6 @@ package main import ( "bytes" - "encoding/hex" "errors" "flag" "fmt" @@ -692,10 +691,11 @@ func (image *Image) generateSize() error { } image.hash = crc32.ChecksumIEEE(data) - segments := calculateSegments(data) - // Write out image *with* change of directory. - out := writeImage(image, len(data), segments, true) + out, err := writeImage(image, data, true) + if err != nil { + return fmt.Errorf("failed to write image: %v", err) + } p, err := image.target.Deserialize(out, prog.Strict) if err != nil { @@ -767,85 +767,28 @@ func runCmd(cmd string, args ...string) ([]byte, error) { return osutil.RunCmd(10*time.Minute, "", cmd, args...) } -func writeImage(image *Image, length int, segments []Segment, chdir bool) []byte { +func writeImage(image *Image, data []byte, chdir bool) ([]byte, error) { buf := new(bytes.Buffer) fmt.Fprintf(buf, "# Code generated by tools/syz-imagegen. DO NOT EDIT.\n") fmt.Fprintf(buf, "# requires: manual\n\n") fmt.Fprintf(buf, "# %v\n\n", image) - fmt.Fprintf(buf, `syz_mount_image$%v(&(0x7f0000000000)='%v\x00', &(0x7f0000000100)='./file0\x00',`+ - ` 0x%x, 0x%x, &(0x7f0000000200)=[`, - image.fs.Name, image.fs.Name, length, len(segments)) - addr := 0x7f0000010000 - for i, seg := range segments { - if i != 0 { - fmt.Fprintf(buf, ", ") - } - fmt.Fprintf(buf, `{&(0x%x)="%v", 0x%x, 0x%x}`, - addr, hex.EncodeToString(seg.data), len(seg.data), seg.offset) - addr += len(seg.data) - } + compressedData := prog.Compress(data) + b64Data := prog.EncodeB64(compressedData) chdirAsInt := 0 if chdir { chdirAsInt = 1 } - fmt.Fprintf(buf, "], 0x0, &(0x%x), 0x%x)\n", addr, chdirAsInt) - return buf.Bytes() -} - -type Segment struct { - offset int - data []byte -} + fmt.Fprintf(buf, `syz_mount_image$%v(&AUTO='%v\x00', &AUTO='./file0\x00',`+ + ` 0x%x, AUTO, 0x0, &AUTO, 0x%x, &AUTO="$`, + image.fs.Name, image.fs.Name, len(data), chdirAsInt) + buf.Write(b64Data) + fmt.Fprintf(buf, "\")\n") -func calculateSegments(data []byte) []Segment { - const ( - skip = 32 // min zero bytes to skip - align = 32 // non-zero block alignment - ) - data0 := data - zeros := make([]byte, skip+align) - var segs []Segment - offset := 0 - for len(data) != 0 { - pos := bytes.Index(data, zeros) - if pos == -1 { - segs = append(segs, Segment{offset, data}) - break - } - pos = (pos + align - 1) & ^(align - 1) - if pos != 0 { - segs = append(segs, Segment{offset, data[:pos]}) - } - for pos < len(data) && data[pos] == 0 { - pos++ - } - pos = pos & ^(align - 1) - offset += pos - data = data[pos:] - } - if false { - // self-test. - restored := make([]byte, len(data0)) - for _, seg := range segs { - copy(restored[seg.offset:], seg.data) - } - if !bytes.Equal(data0, restored) { - panic("restored data differs!") - } - } - return segs + return buf.Bytes(), nil } // TODO: also generate syz_read_part_table tests: -// fmt.Printf(`syz_read_part_table(0x%x, 0x%x, &(0x7f0000000200)=[`, -// len(data0), len(segs)) -// addr := 0x7f0000010000 -// for i, seg := range segs { -// if i != 0 { -// fmt.Printf(", ") -// } -// fmt.Printf(`{&(0x%x)="%v", 0x%x, 0x%x}`, -// addr, hex.EncodeToString(seg.data), len(seg.data), seg.offset) -// addr = (addr + len(seg.data) + 0xff) & ^0xff -// } -// fmt.Printf("])\n") +// fmt.Fprintf(buf, `syz_read_part_table(0x%x, 0x%x, &AUTO="$`, +// len(data), len(compressedData)) +// buf.Write(b64Data) +// fmt.Fprintf(buf, "\")\n") |