diff options
Diffstat (limited to 'executor')
| -rw-r--r-- | executor/executor.cc | 6 | ||||
| -rw-r--r-- | executor/syscalls.h | 92 |
2 files changed, 98 insertions, 0 deletions
diff --git a/executor/executor.cc b/executor/executor.cc index ed7648934..432b72557 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -364,6 +364,12 @@ thread_t* schedule_call(int n, int call_index, int call_num, uint64_t num_args, case __NR_syz_fuse_mount: case __NR_syz_fuseblk_mount: root = true; + default: + // Lots of dri ioctls require root. + // There are some generic permission checks that hopefully don't contain bugs, + // so let's just execute all them under root. + if (strncmp(syscalls[call_num].name, "ioctl$DRM", sizeof("ioctl$DRM")) == 0) + root = true; } // Find a spare thread to execute the call. diff --git a/executor/syscalls.h b/executor/syscalls.h index e6881ebf8..b079ea04a 100644 --- a/executor/syscalls.h +++ b/executor/syscalls.h @@ -640,6 +640,8 @@ call_t syscalls[] = { {"write$fuse_notify_store", 1}, {"write$fuse_notify_retrieve", 1}, {"syz_open_dev$dri", 1000001}, + {"syz_open_dev$dricontrol", 1000001}, + {"syz_open_dev$drirender", 1000001}, {"ioctl$DRM_IOCTL_VERSION", 16}, {"ioctl$DRM_IOCTL_GET_UNIQUE", 16}, {"ioctl$DRM_IOCTL_GET_MAGIC", 16}, @@ -650,6 +652,50 @@ call_t syscalls[] = { {"ioctl$DRM_IOCTL_GET_CAP", 16}, {"ioctl$DRM_IOCTL_SET_CLIENT_CAP", 16}, {"ioctl$DRM_IOCTL_SET_VERSION", 16}, + {"ioctl$DRM_IOCTL_SET_UNIQUE", 16}, + {"ioctl$DRM_IOCTL_AUTH_MAGIC", 16}, + {"ioctl$DRM_IOCTL_ADD_MAP", 16}, + {"ioctl$DRM_IOCTL_RM_MAP", 16}, + {"ioctl$DRM_IOCTL_SET_SAREA_CTX", 16}, + {"ioctl$DRM_IOCTL_GET_SAREA_CTX", 16}, + {"ioctl$DRM_IOCTL_SET_MASTER", 16}, + {"ioctl$DRM_IOCTL_DROP_MASTER", 16}, + {"ioctl$DRM_IOCTL_ADD_CTX", 16}, + {"ioctl$DRM_IOCTL_RM_CTX", 16}, + {"ioctl$DRM_IOCTL_GET_CTX", 16}, + {"ioctl$DRM_IOCTL_SWITCH_CTX", 16}, + {"ioctl$DRM_IOCTL_NEW_CTX", 16}, + {"ioctl$DRM_IOCTL_RES_CTX", 16}, + {"ioctl$DRM_IOCTL_LOCK", 16}, + {"ioctl$DRM_IOCTL_UNLOCK", 16}, + {"ioctl$DRM_IOCTL_ADD_BUFS", 16}, + {"ioctl$DRM_IOCTL_MARK_BUFS", 16}, + {"ioctl$DRM_IOCTL_INFO_BUFS", 16}, + {"ioctl$DRM_IOCTL_MAP_BUFS", 16}, + {"ioctl$DRM_IOCTL_FREE_BUFS", 16}, + {"ioctl$DRM_IOCTL_DMA", 16}, + {"ioctl$DRM_IOCTL_CONTROL", 16}, + {"ioctl$DRM_IOCTL_AGP_ACQUIRE", 16}, + {"ioctl$DRM_IOCTL_AGP_RELEASE", 16}, + {"ioctl$DRM_IOCTL_AGP_ENABLE", 16}, + {"ioctl$DRM_IOCTL_AGP_INFO", 16}, + {"ioctl$DRM_IOCTL_AGP_ALLOC", 16}, + {"ioctl$DRM_IOCTL_AGP_FREE", 16}, + {"ioctl$DRM_IOCTL_AGP_BIND", 16}, + {"ioctl$DRM_IOCTL_AGP_UNBIND", 16}, + {"ioctl$DRM_IOCTL_SG_ALLOC", 16}, + {"ioctl$DRM_IOCTL_SG_FREE", 16}, + {"ioctl$DRM_IOCTL_WAIT_VBLANK", 16}, + {"ioctl$DRM_IOCTL_MODESET_CTL", 16}, + {"ioctl$DRM_IOCTL_GEM_CLOSE", 16}, + {"ioctl$DRM_IOCTL_GEM_FLINK", 16}, + {"ioctl$DRM_IOCTL_GEM_OPEN", 16}, + {"ioctl$DRM_IOCTL_MODE_GETRESOURCES", 16}, + {"ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD", 16}, + {"ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE", 16}, + {"ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES", 16}, + {"ioctl$DRM_IOCTL_MODE_GETCRTC", 16}, + {"ioctl$DRM_IOCTL_MODE_SETCRTC", 16}, {"open$kdbus", 2}, {"ioctl$kdbus_bus_make", 16}, {"ioctl$kdbus_ep_make", 16}, @@ -1544,6 +1590,8 @@ call_t syscalls[] = { {"write$fuse_notify_store", 64}, {"write$fuse_notify_retrieve", 64}, {"syz_open_dev$dri", 1000001}, + {"syz_open_dev$dricontrol", 1000001}, + {"syz_open_dev$drirender", 1000001}, {"ioctl$DRM_IOCTL_VERSION", 29}, {"ioctl$DRM_IOCTL_GET_UNIQUE", 29}, {"ioctl$DRM_IOCTL_GET_MAGIC", 29}, @@ -1554,6 +1602,50 @@ call_t syscalls[] = { {"ioctl$DRM_IOCTL_GET_CAP", 29}, {"ioctl$DRM_IOCTL_SET_CLIENT_CAP", 29}, {"ioctl$DRM_IOCTL_SET_VERSION", 29}, + {"ioctl$DRM_IOCTL_SET_UNIQUE", 29}, + {"ioctl$DRM_IOCTL_AUTH_MAGIC", 29}, + {"ioctl$DRM_IOCTL_ADD_MAP", 29}, + {"ioctl$DRM_IOCTL_RM_MAP", 29}, + {"ioctl$DRM_IOCTL_SET_SAREA_CTX", 29}, + {"ioctl$DRM_IOCTL_GET_SAREA_CTX", 29}, + {"ioctl$DRM_IOCTL_SET_MASTER", 29}, + {"ioctl$DRM_IOCTL_DROP_MASTER", 29}, + {"ioctl$DRM_IOCTL_ADD_CTX", 29}, + {"ioctl$DRM_IOCTL_RM_CTX", 29}, + {"ioctl$DRM_IOCTL_GET_CTX", 29}, + {"ioctl$DRM_IOCTL_SWITCH_CTX", 29}, + {"ioctl$DRM_IOCTL_NEW_CTX", 29}, + {"ioctl$DRM_IOCTL_RES_CTX", 29}, + {"ioctl$DRM_IOCTL_LOCK", 29}, + {"ioctl$DRM_IOCTL_UNLOCK", 29}, + {"ioctl$DRM_IOCTL_ADD_BUFS", 29}, + {"ioctl$DRM_IOCTL_MARK_BUFS", 29}, + {"ioctl$DRM_IOCTL_INFO_BUFS", 29}, + {"ioctl$DRM_IOCTL_MAP_BUFS", 29}, + {"ioctl$DRM_IOCTL_FREE_BUFS", 29}, + {"ioctl$DRM_IOCTL_DMA", 29}, + {"ioctl$DRM_IOCTL_CONTROL", 29}, + {"ioctl$DRM_IOCTL_AGP_ACQUIRE", 29}, + {"ioctl$DRM_IOCTL_AGP_RELEASE", 29}, + {"ioctl$DRM_IOCTL_AGP_ENABLE", 29}, + {"ioctl$DRM_IOCTL_AGP_INFO", 29}, + {"ioctl$DRM_IOCTL_AGP_ALLOC", 29}, + {"ioctl$DRM_IOCTL_AGP_FREE", 29}, + {"ioctl$DRM_IOCTL_AGP_BIND", 29}, + {"ioctl$DRM_IOCTL_AGP_UNBIND", 29}, + {"ioctl$DRM_IOCTL_SG_ALLOC", 29}, + {"ioctl$DRM_IOCTL_SG_FREE", 29}, + {"ioctl$DRM_IOCTL_WAIT_VBLANK", 29}, + {"ioctl$DRM_IOCTL_MODESET_CTL", 29}, + {"ioctl$DRM_IOCTL_GEM_CLOSE", 29}, + {"ioctl$DRM_IOCTL_GEM_FLINK", 29}, + {"ioctl$DRM_IOCTL_GEM_OPEN", 29}, + {"ioctl$DRM_IOCTL_MODE_GETRESOURCES", 29}, + {"ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD", 29}, + {"ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE", 29}, + {"ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES", 29}, + {"ioctl$DRM_IOCTL_MODE_GETCRTC", 29}, + {"ioctl$DRM_IOCTL_MODE_SETCRTC", 29}, {"open$kdbus", -1}, {"ioctl$kdbus_bus_make", 29}, {"ioctl$kdbus_ep_make", 29}, |