aboutsummaryrefslogtreecommitdiffstats
path: root/pkg/host
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/host')
-rw-r--r--pkg/host/host_akaros.go2
-rw-r--r--pkg/host/host_freebsd.go2
-rw-r--r--pkg/host/host_fuchsia.go2
-rw-r--r--pkg/host/host_linux.go47
-rw-r--r--pkg/host/host_linux_test.go4
-rw-r--r--pkg/host/host_netbsd.go2
-rw-r--r--pkg/host/host_windows.go2
7 files changed, 30 insertions, 31 deletions
diff --git a/pkg/host/host_akaros.go b/pkg/host/host_akaros.go
index 6c3fbb6d3..91ee49a7d 100644
--- a/pkg/host/host_akaros.go
+++ b/pkg/host/host_akaros.go
@@ -10,7 +10,7 @@ import (
)
// DetectSupportedSyscalls returns list on supported syscalls on host.
-func DetectSupportedSyscalls(target *prog.Target) (map[*prog.Syscall]bool, error) {
+func DetectSupportedSyscalls(target *prog.Target, sandbox string) (map[*prog.Syscall]bool, error) {
supported := make(map[*prog.Syscall]bool)
for _, c := range target.Syscalls {
supported[c] = true
diff --git a/pkg/host/host_freebsd.go b/pkg/host/host_freebsd.go
index d2745e376..39e8655c4 100644
--- a/pkg/host/host_freebsd.go
+++ b/pkg/host/host_freebsd.go
@@ -8,7 +8,7 @@ import (
)
// DetectSupportedSyscalls returns list on supported syscalls on host.
-func DetectSupportedSyscalls(target *prog.Target) (map[*prog.Syscall]bool, error) {
+func DetectSupportedSyscalls(target *prog.Target, sandbox string) (map[*prog.Syscall]bool, error) {
supported := make(map[*prog.Syscall]bool)
for _, c := range target.Syscalls {
supported[c] = true
diff --git a/pkg/host/host_fuchsia.go b/pkg/host/host_fuchsia.go
index 37cf8b847..b145961df 100644
--- a/pkg/host/host_fuchsia.go
+++ b/pkg/host/host_fuchsia.go
@@ -10,7 +10,7 @@ import (
)
// DetectSupportedSyscalls returns list on supported syscalls on host.
-func DetectSupportedSyscalls(target *prog.Target) (map[*prog.Syscall]bool, error) {
+func DetectSupportedSyscalls(target *prog.Target, sandbox string) (map[*prog.Syscall]bool, error) {
supported := make(map[*prog.Syscall]bool)
for _, c := range target.Syscalls {
supported[c] = true
diff --git a/pkg/host/host_linux.go b/pkg/host/host_linux.go
index fd3dc5bb8..57ce3e79e 100644
--- a/pkg/host/host_linux.go
+++ b/pkg/host/host_linux.go
@@ -17,7 +17,7 @@ import (
)
// DetectSupportedSyscalls returns list on supported syscalls on host.
-func DetectSupportedSyscalls(target *prog.Target) (map[*prog.Syscall]bool, error) {
+func DetectSupportedSyscalls(target *prog.Target, sandbox string) (map[*prog.Syscall]bool, error) {
// There are 3 possible strategies:
// 1. Executes all syscalls with presumably invalid arguments and check for ENOprog.
// But not all syscalls are safe to execute. For example, pause will hang,
@@ -31,23 +31,20 @@ func DetectSupportedSyscalls(target *prog.Target) (map[*prog.Syscall]bool, error
kallsyms, _ := ioutil.ReadFile("/proc/kallsyms")
supported := make(map[*prog.Syscall]bool)
for _, c := range target.Syscalls {
- if isSupported(kallsyms, c) {
+ if isSupported(sandbox, kallsyms, c) {
supported[c] = true
}
}
return supported, nil
}
-func isSupported(kallsyms []byte, c *prog.Syscall) bool {
+func isSupported(sandbox string, kallsyms []byte, c *prog.Syscall) bool {
if strings.HasPrefix(c.CallName, "syz_") {
- return isSupportedSyzkall(c)
+ return isSupportedSyzkall(sandbox, c)
}
if strings.HasPrefix(c.Name, "socket$") {
return isSupportedSocket(c)
}
- if strings.HasPrefix(c.Name, "open$") {
- return isSupportedOpen(c)
- }
if strings.HasPrefix(c.Name, "openat$") {
return isSupportedOpenAt(c)
}
@@ -69,7 +66,7 @@ var kallsymsMap = map[string]string{
"umount2": "umount",
}
-func isSupportedSyzkall(c *prog.Syscall) bool {
+func isSupportedSyzkall(sandbox string, c *prog.Syscall) bool {
switch c.CallName {
case "syz_open_dev":
if _, ok := c.Args[0].(*prog.ConstType); ok {
@@ -81,7 +78,7 @@ func isSupportedSyzkall(c *prog.Syscall) bool {
if !ok {
panic("first open arg is not a pointer to string const")
}
- if syscall.Getuid() != 0 {
+ if syscall.Getuid() != 0 || sandbox == "setuid" {
return false
}
var check func(dev string) bool
@@ -102,15 +99,21 @@ func isSupportedSyzkall(c *prog.Syscall) bool {
case "syz_open_pts":
return true
case "syz_fuse_mount":
+ if syscall.Getuid() != 0 || sandbox == "setuid" {
+ return false
+ }
return osutil.IsExist("/dev/fuse")
case "syz_fuseblk_mount":
- return osutil.IsExist("/dev/fuse") && syscall.Getuid() == 0
+ if syscall.Getuid() != 0 || sandbox == "setuid" {
+ return false
+ }
+ return osutil.IsExist("/dev/fuse")
case "syz_emit_ethernet", "syz_extract_tcp_res":
fd, err := syscall.Open("/dev/net/tun", syscall.O_RDWR, 0)
if err == nil {
syscall.Close(fd)
}
- return err == nil && syscall.Getuid() == 0
+ return err == nil
case "syz_kvm_setup_cpu":
switch c.Name {
case "syz_kvm_setup_cpu$x86":
@@ -118,6 +121,15 @@ func isSupportedSyzkall(c *prog.Syscall) bool {
case "syz_kvm_setup_cpu$arm64":
return runtime.GOARCH == "arm64"
}
+ case "syz_init_net_socket":
+ // Unfortunately this only works with sandbox none at the moment.
+ // The problem is that setns of a network namespace requires CAP_SYS_ADMIN
+ // in the target namespace, and we've lost all privs in the init namespace
+ // during creation of a user namespace.
+ if syscall.Getuid() != 0 || sandbox != "none" {
+ return false
+ }
+ return isSupportedSocket(c)
}
panic("unknown syzkall: " + c.Name)
}
@@ -125,7 +137,6 @@ func isSupportedSyzkall(c *prog.Syscall) bool {
func isSupportedSocket(c *prog.Syscall) bool {
af, ok := c.Args[0].(*prog.ConstType)
if !ok {
- println(c.Name)
panic("socket family is not const")
}
fd, err := syscall.Socket(int(af.Val), 0, 0)
@@ -135,18 +146,6 @@ func isSupportedSocket(c *prog.Syscall) bool {
return err != syscall.ENOSYS && err != syscall.EAFNOSUPPORT
}
-func isSupportedOpen(c *prog.Syscall) bool {
- fname, ok := extractStringConst(c.Args[0])
- if !ok {
- return true
- }
- fd, err := syscall.Open(fname, syscall.O_RDONLY, 0)
- if fd != -1 {
- syscall.Close(fd)
- }
- return err == nil
-}
-
func isSupportedOpenAt(c *prog.Syscall) bool {
fname, ok := extractStringConst(c.Args[1])
if !ok {
diff --git a/pkg/host/host_linux_test.go b/pkg/host/host_linux_test.go
index e32fe09cc..9deda69bc 100644
--- a/pkg/host/host_linux_test.go
+++ b/pkg/host/host_linux_test.go
@@ -21,7 +21,7 @@ func TestLog(t *testing.T) {
t.Fatal(err)
}
// Dump for manual inspection.
- supp, err := DetectSupportedSyscalls(target)
+ supp, err := DetectSupportedSyscalls(target, "none")
if err != nil {
t.Skipf("skipping: %v", err)
}
@@ -54,7 +54,7 @@ func TestSupportedSyscalls(t *testing.T) {
if err != nil {
t.Fatal(err)
}
- supp, err := DetectSupportedSyscalls(target)
+ supp, err := DetectSupportedSyscalls(target, "none")
if err != nil {
t.Skipf("skipping: %v", err)
}
diff --git a/pkg/host/host_netbsd.go b/pkg/host/host_netbsd.go
index d2745e376..39e8655c4 100644
--- a/pkg/host/host_netbsd.go
+++ b/pkg/host/host_netbsd.go
@@ -8,7 +8,7 @@ import (
)
// DetectSupportedSyscalls returns list on supported syscalls on host.
-func DetectSupportedSyscalls(target *prog.Target) (map[*prog.Syscall]bool, error) {
+func DetectSupportedSyscalls(target *prog.Target, sandbox string) (map[*prog.Syscall]bool, error) {
supported := make(map[*prog.Syscall]bool)
for _, c := range target.Syscalls {
supported[c] = true
diff --git a/pkg/host/host_windows.go b/pkg/host/host_windows.go
index d2745e376..39e8655c4 100644
--- a/pkg/host/host_windows.go
+++ b/pkg/host/host_windows.go
@@ -8,7 +8,7 @@ import (
)
// DetectSupportedSyscalls returns list on supported syscalls on host.
-func DetectSupportedSyscalls(target *prog.Target) (map[*prog.Syscall]bool, error) {
+func DetectSupportedSyscalls(target *prog.Target, sandbox string) (map[*prog.Syscall]bool, error) {
supported := make(map[*prog.Syscall]bool)
for _, c := range target.Syscalls {
supported[c] = true
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 07:13:26 +0000