aboutsummaryrefslogtreecommitdiffstats
path: root/executor
diff options
context:
space:
mode:
Diffstat (limited to 'executor')
-rw-r--r--executor/common_linux.h10
-rw-r--r--executor/executor.h108
-rw-r--r--executor/syscalls_freebsd.h2
-rw-r--r--executor/syscalls_linux.h10
-rw-r--r--executor/syscalls_netbsd.h2
-rw-r--r--executor/syscalls_test.h20
6 files changed, 98 insertions, 54 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h
index b99c5f9c9..a3fdb2dcb 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -8,6 +8,7 @@
#endif
#include <endian.h>
+#include <stdio.h>
#include <sys/syscall.h>
#include <unistd.h>
#if defined(SYZ_EXECUTOR) || defined(SYZ_THREADED) || defined(SYZ_COLLIDE)
@@ -19,7 +20,6 @@
#include <errno.h>
#include <signal.h>
#include <stdarg.h>
-#include <stdio.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <time.h>
@@ -37,7 +37,6 @@
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
-#include <stdio.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/time.h>
@@ -70,7 +69,6 @@
#include <net/if_arp.h>
#include <stdarg.h>
#include <stdbool.h>
-#include <stdio.h>
#include <stdlib.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
@@ -86,24 +84,20 @@
#include <fcntl.h>
#include <stdarg.h>
#include <stdbool.h>
-#include <stdio.h>
#include <sys/stat.h>
#endif
#if defined(SYZ_EXECUTOR) || defined(__NR_syz_open_dev) || defined(__NR_syz_open_procfs)
#include <fcntl.h>
-#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#endif
#if defined(SYZ_EXECUTOR) || defined(__NR_syz_fuse_mount) || defined(__NR_syz_fuseblk_mount)
#include <fcntl.h>
-#include <stdio.h>
#include <sys/stat.h>
#include <sys/sysmacros.h>
#endif
#if defined(SYZ_EXECUTOR) || defined(__NR_syz_open_pts)
#include <fcntl.h>
-#include <stdio.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#endif
@@ -113,7 +107,6 @@
#include <linux/kvm.h>
#include <stdarg.h>
#include <stddef.h>
-#include <stdio.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#endif
@@ -138,7 +131,6 @@
#include <errno.h>
#include <fcntl.h>
#include <linux/loop.h>
-#include <stdio.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/stat.h>
diff --git a/executor/executor.h b/executor/executor.h
index 0bb0ea2cf..d3632ae43 100644
--- a/executor/executor.h
+++ b/executor/executor.h
@@ -36,6 +36,12 @@ const uint64 arg_result = 1;
const uint64 arg_data = 2;
const uint64 arg_csum = 3;
+const uint64 binary_format_native = 0;
+const uint64 binary_format_bigendian = 1;
+const uint64 binary_format_strdec = 2;
+const uint64 binary_format_strhex = 3;
+const uint64 binary_format_stroct = 4;
+
const uint64 no_copyout = -1;
enum sandbox_type {
@@ -186,9 +192,9 @@ uint32* write_output(uint32 v);
void write_completed(uint32 completed);
uint64 read_input(uint64** input_posp, bool peek = false);
uint64 read_arg(uint64** input_posp);
-uint64 read_const_arg(uint64** input_posp, uint64* size_p, uint64* bf_off_p, uint64* bf_len_p);
+uint64 read_const_arg(uint64** input_posp, uint64* size_p, uint64* bf, uint64* bf_off_p, uint64* bf_len_p);
uint64 read_result(uint64** input_posp);
-void copyin(char* addr, uint64 val, uint64 size, uint64 bf_off, uint64 bf_len);
+void copyin(char* addr, uint64 val, uint64 size, uint64 bf, uint64 bf_off, uint64 bf_len);
bool copyout(char* addr, uint64 size, uint64* res);
void cover_open();
void cover_enable(thread_t* th);
@@ -341,15 +347,17 @@ retry:
uint64 typ = read_input(&input_pos);
switch (typ) {
case arg_const: {
- uint64 size, bf_off, bf_len;
- uint64 arg = read_const_arg(&input_pos, &size, &bf_off, &bf_len);
- copyin(addr, arg, size, bf_off, bf_len);
+ uint64 size, bf, bf_off, bf_len;
+ uint64 arg = read_const_arg(&input_pos, &size, &bf, &bf_off, &bf_len);
+ copyin(addr, arg, size, bf, bf_off, bf_len);
break;
}
case arg_result: {
- uint64 size = read_input(&input_pos);
+ uint64 meta = read_input(&input_pos);
+ uint64 size = meta & 0xff;
+ uint64 bf = meta >> 8;
uint64 val = read_result(&input_pos);
- copyin(addr, val, size, 0, 0);
+ copyin(addr, val, size, bf, 0, 0);
break;
}
case arg_data: {
@@ -367,9 +375,8 @@ retry:
uint64 csum_kind = read_input(&input_pos);
switch (csum_kind) {
case arg_csum_inet: {
- if (size != 2) {
+ if (size != 2)
fail("inet checksum must be 2 bytes, not %llu", size);
- }
debug("calculating checksum for %p\n", csum_addr);
struct csum_inet csum;
csum_inet_init(&csum);
@@ -398,7 +405,7 @@ retry:
}
uint16 csum_value = csum_inet_digest(&csum);
debug("writing inet checksum %hx to %p\n", csum_value, csum_addr);
- copyin(csum_addr, csum_value, 2, 0, 0);
+ copyin(csum_addr, csum_value, 2, binary_format_native, 0, 0);
break;
}
default:
@@ -754,24 +761,47 @@ static bool dedup(uint32 sig)
return false;
}
-void copyin(char* addr, uint64 val, uint64 size, uint64 bf_off, uint64 bf_len)
+void copyin(char* addr, uint64 val, uint64 size, uint64 bf, uint64 bf_off, uint64 bf_len)
{
- NONFAILING(switch (size) {
- case 1:
- STORE_BY_BITMASK(uint8, addr, val, bf_off, bf_len);
- break;
- case 2:
- STORE_BY_BITMASK(uint16, addr, val, bf_off, bf_len);
- break;
- case 4:
- STORE_BY_BITMASK(uint32, addr, val, bf_off, bf_len);
- break;
- case 8:
- STORE_BY_BITMASK(uint64, addr, val, bf_off, bf_len);
- break;
- default:
- fail("copyin: bad argument size %llu", size);
- });
+ if (bf != binary_format_native && (bf_off != 0 || bf_len != 0))
+ fail("bitmask for string format %llu/%llu", bf_off, bf_len);
+ switch (bf) {
+ case binary_format_native:
+ NONFAILING(switch (size) {
+ case 1:
+ STORE_BY_BITMASK(uint8, addr, val, bf_off, bf_len);
+ break;
+ case 2:
+ STORE_BY_BITMASK(uint16, addr, val, bf_off, bf_len);
+ break;
+ case 4:
+ STORE_BY_BITMASK(uint32, addr, val, bf_off, bf_len);
+ break;
+ case 8:
+ STORE_BY_BITMASK(uint64, addr, val, bf_off, bf_len);
+ break;
+ default:
+ fail("copyin: bad argument size %llu", size);
+ });
+ break;
+ case binary_format_strdec:
+ if (size != 20)
+ fail("bad strdec size %llu", size);
+ NONFAILING(sprintf((char*)addr, "%020llu", val));
+ break;
+ case binary_format_strhex:
+ if (size != 18)
+ fail("bad strhex size %llu", size);
+ NONFAILING(sprintf((char*)addr, "0x%016llx", val));
+ break;
+ case binary_format_stroct:
+ if (size != 23)
+ fail("bad stroct size %llu", size);
+ NONFAILING(sprintf((char*)addr, "%023llo", val));
+ break;
+ default:
+ fail("unknown binary format %llu", bf);
+ }
}
bool copyout(char* addr, uint64 size, uint64* res)
@@ -802,11 +832,19 @@ uint64 read_arg(uint64** input_posp)
uint64 typ = read_input(input_posp);
switch (typ) {
case arg_const: {
- uint64 size, bf_off, bf_len;
- return read_const_arg(input_posp, &size, &bf_off, &bf_len);
+ uint64 size, bf, bf_off, bf_len;
+ uint64 val = read_const_arg(input_posp, &size, &bf, &bf_off, &bf_len);
+ if (bf != binary_format_native)
+ fail("bad argument binary format %llu", bf);
+ if (bf_off != 0 || bf_len != 0)
+ fail("bad argument bitfield %llu/%llu", bf_off, bf_len);
+ return val;
}
case arg_result: {
- read_input(input_posp); // size
+ uint64 meta = read_input(input_posp);
+ uint64 bf = meta >> 8;
+ if (bf != binary_format_native)
+ fail("bad result argument format %llu", bf);
return read_result(input_posp);
}
default:
@@ -814,17 +852,18 @@ uint64 read_arg(uint64** input_posp)
}
}
-uint64 read_const_arg(uint64** input_posp, uint64* size_p, uint64* bf_off_p, uint64* bf_len_p)
+uint64 read_const_arg(uint64** input_posp, uint64* size_p, uint64* bf_p, uint64* bf_off_p, uint64* bf_len_p)
{
uint64 meta = read_input(input_posp);
uint64 val = read_input(input_posp);
*size_p = meta & 0xff;
- bool be = meta & (1 << 8);
+ uint64 bf = (meta >> 8) & 0xff;
*bf_off_p = (meta >> 16) & 0xff;
*bf_len_p = (meta >> 24) & 0xff;
uint64 pid_stride = meta >> 32;
val += pid_stride * procid;
- if (be) {
+ if (bf == binary_format_bigendian) {
+ bf = binary_format_native;
switch (*size_p) {
case 2:
val = htobe16(val);
@@ -836,9 +875,10 @@ uint64 read_const_arg(uint64** input_posp, uint64* size_p, uint64* bf_off_p, uin
val = htobe64(val);
break;
default:
- fail("bad big-endian int size %d", (int)*size_p);
+ fail("bad big-endian int size %llu", *size_p);
}
}
+ *bf_p = bf;
return val;
}
diff --git a/executor/syscalls_freebsd.h b/executor/syscalls_freebsd.h
index 8131d6045..f50c2fc7d 100644
--- a/executor/syscalls_freebsd.h
+++ b/executor/syscalls_freebsd.h
@@ -2,7 +2,7 @@
#if defined(__x86_64__) || 0
#define GOARCH "amd64"
-#define SYZ_REVISION "977887b29dc5f436046cd99cf1d6fc2a661e2e77"
+#define SYZ_REVISION "fd7de83a3ebf8e454b041bbfe7513ed4a139d44d"
#define SYZ_EXECUTOR_USES_FORK_SERVER true
#define SYZ_EXECUTOR_USES_SHMEM true
#define SYZ_PAGE_SIZE 4096
diff --git a/executor/syscalls_linux.h b/executor/syscalls_linux.h
index cb86c9fe6..be00d5f42 100644
--- a/executor/syscalls_linux.h
+++ b/executor/syscalls_linux.h
@@ -2,7 +2,7 @@
#if defined(__i386__) || 0
#define GOARCH "386"
-#define SYZ_REVISION "89120897f965d81dda2424ee8f4de61d675b3a0a"
+#define SYZ_REVISION "abe91701009699b416d21dfb78e885f3e8c221c3"
#define SYZ_EXECUTOR_USES_FORK_SERVER true
#define SYZ_EXECUTOR_USES_SHMEM true
#define SYZ_PAGE_SIZE 4096
@@ -2044,7 +2044,7 @@ const call_t syscalls[] = {
#if defined(__x86_64__) || 0
#define GOARCH "amd64"
-#define SYZ_REVISION "cc46ade4cca54c85961decd614d4d62ccceab02a"
+#define SYZ_REVISION "06c3998f782443d4a7cba5903032fb542d094d4e"
#define SYZ_EXECUTOR_USES_FORK_SERVER true
#define SYZ_EXECUTOR_USES_SHMEM true
#define SYZ_PAGE_SIZE 4096
@@ -4138,7 +4138,7 @@ const call_t syscalls[] = {
#if defined(__arm__) || 0
#define GOARCH "arm"
-#define SYZ_REVISION "cd646409311be12e935251543ee6c9fb00c07bf7"
+#define SYZ_REVISION "bc6b7742f47f750741e4be87bbdb49a3f5332d95"
#define SYZ_EXECUTOR_USES_FORK_SERVER true
#define SYZ_EXECUTOR_USES_SHMEM true
#define SYZ_PAGE_SIZE 4096
@@ -6188,7 +6188,7 @@ const call_t syscalls[] = {
#if defined(__aarch64__) || 0
#define GOARCH "arm64"
-#define SYZ_REVISION "0a388ae8da39f06f93f9dc2dceb437be93c57511"
+#define SYZ_REVISION "74ab87999aec68e5daff6eb71e2ff5610ea5c4fa"
#define SYZ_EXECUTOR_USES_FORK_SERVER true
#define SYZ_EXECUTOR_USES_SHMEM true
#define SYZ_PAGE_SIZE 4096
@@ -8210,7 +8210,7 @@ const call_t syscalls[] = {
#if defined(__ppc64__) || defined(__PPC64__) || defined(__powerpc64__) || 0
#define GOARCH "ppc64le"
-#define SYZ_REVISION "df3267ccf2ff05e4e78d2c2aa7e18fd924603fd5"
+#define SYZ_REVISION "8250afa17af5035248b66b60794303ffa52f480c"
#define SYZ_EXECUTOR_USES_FORK_SERVER true
#define SYZ_EXECUTOR_USES_SHMEM true
#define SYZ_PAGE_SIZE 4096
diff --git a/executor/syscalls_netbsd.h b/executor/syscalls_netbsd.h
index 083e2ef22..b9a62b1b7 100644
--- a/executor/syscalls_netbsd.h
+++ b/executor/syscalls_netbsd.h
@@ -2,7 +2,7 @@
#if defined(__x86_64__) || 0
#define GOARCH "amd64"
-#define SYZ_REVISION "06c0b32b546c6ae12f28b30331f8fac32b0a81bf"
+#define SYZ_REVISION "cea6c87ab1f9e36df1927913a619e71cd29abcbf"
#define SYZ_EXECUTOR_USES_FORK_SERVER true
#define SYZ_EXECUTOR_USES_SHMEM true
#define SYZ_PAGE_SIZE 4096
diff --git a/executor/syscalls_test.h b/executor/syscalls_test.h
index 0e5cf32c7..2e7a82fbb 100644
--- a/executor/syscalls_test.h
+++ b/executor/syscalls_test.h
@@ -2,16 +2,22 @@
#if 0
#define GOARCH "32"
-#define SYZ_REVISION "a76874ba311d847b933d888f21392a7d837f1dce"
+#define SYZ_REVISION "17f0e197820547caba2ae18c65c67a5ed775a9c5"
#define SYZ_EXECUTOR_USES_FORK_SERVER false
#define SYZ_EXECUTOR_USES_SHMEM false
#define SYZ_PAGE_SIZE 8192
#define SYZ_NUM_PAGES 2048
#define SYZ_DATA_OFFSET 536870912
-#define SYZ_SYSCALL_COUNT 100
+#define SYZ_SYSCALL_COUNT 106
const call_t syscalls[] = {
{"foo$any0", 0, (syscall_t)foo},
{"foo$anyres", 0, (syscall_t)foo},
+ {"foo$fmt0", 0, (syscall_t)foo},
+ {"foo$fmt1", 0, (syscall_t)foo},
+ {"foo$fmt2", 0, (syscall_t)foo},
+ {"foo$fmt3", 0, (syscall_t)foo},
+ {"foo$fmt4", 0, (syscall_t)foo},
+ {"foo$fmt5", 0, (syscall_t)foo},
{"mutate0", 0, (syscall_t)mutate0},
{"mutate1", 0, (syscall_t)mutate1},
{"mutate2", 0, (syscall_t)mutate2},
@@ -116,16 +122,22 @@ const call_t syscalls[] = {
#if 0
#define GOARCH "64"
-#define SYZ_REVISION "2bae1e3049afe17220914a995ab078c5510e19f3"
+#define SYZ_REVISION "61f15ef8197569e37704fff170d17ff7164f5fae"
#define SYZ_EXECUTOR_USES_FORK_SERVER false
#define SYZ_EXECUTOR_USES_SHMEM false
#define SYZ_PAGE_SIZE 4096
#define SYZ_NUM_PAGES 4096
#define SYZ_DATA_OFFSET 536870912
-#define SYZ_SYSCALL_COUNT 100
+#define SYZ_SYSCALL_COUNT 106
const call_t syscalls[] = {
{"foo$any0", 0, (syscall_t)foo},
{"foo$anyres", 0, (syscall_t)foo},
+ {"foo$fmt0", 0, (syscall_t)foo},
+ {"foo$fmt1", 0, (syscall_t)foo},
+ {"foo$fmt2", 0, (syscall_t)foo},
+ {"foo$fmt3", 0, (syscall_t)foo},
+ {"foo$fmt4", 0, (syscall_t)foo},
+ {"foo$fmt5", 0, (syscall_t)foo},
{"mutate0", 0, (syscall_t)mutate0},
{"mutate1", 0, (syscall_t)mutate1},
{"mutate2", 0, (syscall_t)mutate2},
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 00:52:33 +0000