diff options
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/bpf_trace.txt | 6 | ||||
| -rw-r--r-- | sys/linux/dev_snapshot.txt | 6 | ||||
| -rw-r--r-- | sys/linux/fs_ioctl_ext4.txt | 4 | ||||
| -rw-r--r-- | sys/linux/fs_ioctl_f2fs.txt | 2 | ||||
| -rw-r--r-- | sys/linux/sys.txt | 8 | ||||
| -rw-r--r-- | sys/linux/sys.txt.const | 1 |
6 files changed, 15 insertions, 12 deletions
diff --git a/sys/linux/bpf_trace.txt b/sys/linux/bpf_trace.txt index 9ee5334af..d358ca181 100644 --- a/sys/linux/bpf_trace.txt +++ b/sys/linux/bpf_trace.txt @@ -15,8 +15,10 @@ syz_btf_id_by_name$bpf_lsm(name ptr[in, string[bpf_lsm_func_names]]) bpf_lsm_btf bpf$BPF_PROG_WITH_BTFID_LOAD(cmd const[BPF_PROG_LOAD], arg ptr[in, bpf_prog_with_btfid], size len[arg]) fd_bpf_prog_with_btfid (timeout[500]) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(cmd const[BPF_PROG_LOAD], arg ptr[in, bpf_prog_raw_tracepoint], size len[arg]) fd_bpf_prog_raw_tracepoint (timeout[500]) -bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(cmd const[BPF_RAW_TRACEPOINT_OPEN], arg ptr[in, bpf_raw_tracepoint_unnamed], size len[arg]) fd_perf_base (timeout[500]) -bpf$BPF_RAW_TRACEPOINT_OPEN(cmd const[BPF_RAW_TRACEPOINT_OPEN], arg ptr[in, bpf_raw_tracepoint], size len[arg]) fd_perf_base (timeout[500]) +# BPF programs attached to random tracepoints can kill any process (including the executor runner process), +# leading to false "lost connection" crashes. So we enable them only in snapshot mode. +bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(cmd const[BPF_RAW_TRACEPOINT_OPEN], arg ptr[in, bpf_raw_tracepoint_unnamed], size len[arg]) fd_perf_base (snapshot, timeout[500]) +bpf$BPF_RAW_TRACEPOINT_OPEN(cmd const[BPF_RAW_TRACEPOINT_OPEN], arg ptr[in, bpf_raw_tracepoint], size len[arg]) fd_perf_base (snapshot, timeout[500]) bpf_prog_with_btfid [ bpf_lsm bpf_lsm_prog diff --git a/sys/linux/dev_snapshot.txt b/sys/linux/dev_snapshot.txt index 0d06459c4..435727192 100644 --- a/sys/linux/dev_snapshot.txt +++ b/sys/linux/dev_snapshot.txt @@ -11,9 +11,9 @@ openat$snapshot(fd const[AT_FDCWD], file ptr[in, string["/dev/snapshot"]], flags write$snapshot(fd fd_snapshot, buffer ptr[in, array[int8]], len bytesize[buffer]) read$snapshot(fd fd_snapshot, buffer ptr[out, array[int8]], len bytesize[buffer]) -# These are disabled because they can easily kill the machine. -ioctl$SNAPSHOT_FREEZE(fd fd_snapshot, cmd const[SNAPSHOT_FREEZE]) (disabled) -ioctl$SNAPSHOT_POWER_OFF(fd fd_snapshot, cmd const[SNAPSHOT_POWER_OFF]) (disabled) +# These are enabled only in snapshot mode because they can easily kill the machine. +ioctl$SNAPSHOT_FREEZE(fd fd_snapshot, cmd const[SNAPSHOT_FREEZE]) (snapshot) +ioctl$SNAPSHOT_POWER_OFF(fd fd_snapshot, cmd const[SNAPSHOT_POWER_OFF]) (snapshot) ioctl$SNAPSHOT_UNFREEZE(fd fd_snapshot, cmd const[SNAPSHOT_UNFREEZE]) ioctl$SNAPSHOT_CREATE_IMAGE(fd fd_snapshot, cmd const[SNAPSHOT_CREATE_IMAGE], arg ptr[out, int32]) diff --git a/sys/linux/fs_ioctl_ext4.txt b/sys/linux/fs_ioctl_ext4.txt index 7993d7cf7..c883ce8fb 100644 --- a/sys/linux/fs_ioctl_ext4.txt +++ b/sys/linux/fs_ioctl_ext4.txt @@ -24,13 +24,13 @@ ext4_checkpoint_flags = EXT4_IOC_CHECKPOINT_FLAG_DISCARD, EXT4_IOC_CHECKPOINT_FL # EXT4_IOC_SHUTDOWN on root fs effectively brings the machine down in weird ways. # Fortunately, the value does not conflict with any other ioctl commands for now. -ioctl$EXT4_IOC_SHUTDOWN(fd fd, cmd const[EXT4_IOC_SHUTDOWN]) (disabled) +ioctl$EXT4_IOC_SHUTDOWN(fd fd, cmd const[EXT4_IOC_SHUTDOWN]) (snapshot) # EXT4_IOC_RESIZE_FS on root fs can shrink it to 0 (or whatever is the minimum size) # and then creation of new temp dirs for tests will fail. # TODO: not necessary for sandbox=namespace as it tests in a tmpfs # and/or if we mount tmpfs for sandbox=none (#971). -ioctl$EXT4_IOC_RESIZE_FS(fd fd, cmd const[EXT4_IOC_RESIZE_FS]) (disabled) +ioctl$EXT4_IOC_RESIZE_FS(fd fd, cmd const[EXT4_IOC_RESIZE_FS]) (snapshot) ext4_new_group_input { group int32 diff --git a/sys/linux/fs_ioctl_f2fs.txt b/sys/linux/fs_ioctl_f2fs.txt index c89496eff..10dfbbb39 100644 --- a/sys/linux/fs_ioctl_f2fs.txt +++ b/sys/linux/fs_ioctl_f2fs.txt @@ -33,7 +33,7 @@ ioctl$F2FS_IOC_COMPRESS_FILE(fd fd, cmd const[F2FS_IOC_COMPRESS_FILE], arg const # F2FS_IOC_SHUTDOWN on root fs effectively brings the machine down in weird ways. # Fortunately, the value does not conflict with any other ioctl commands for now. -ioctl$F2FS_IOC_SHUTDOWN(fd fd, cmd const[F2FS_IOC_SHUTDOWN], args ptr[in, flags[f2fs_shutdown_flag, int32]]) (disabled) +ioctl$F2FS_IOC_SHUTDOWN(fd fd, cmd const[F2FS_IOC_SHUTDOWN], args ptr[in, flags[f2fs_shutdown_flag, int32]]) (snapshot) f2fs_gc_range { sync bool32 diff --git a/sys/linux/sys.txt b/sys/linux/sys.txt index 947be41ab..7f7db60a1 100644 --- a/sys/linux/sys.txt +++ b/sys/linux/sys.txt @@ -262,8 +262,8 @@ ioctl$FIOCLEX(fd fd, cmd const[FIOCLEX]) ioctl$FIONCLEX(fd fd, cmd const[FIONCLEX]) ioctl$FITHAW(fd fd, cmd const[FITHAW]) -# FIFREEZE is disabled because it can easily kill the machine. -ioctl$FIFREEZE(fd fd, cmd const[FIFREEZE]) (disabled) +# FIFREEZE is enabled in sandbox mode only because it can easily kill the machine. +ioctl$FIFREEZE(fd fd, cmd const[FIFREEZE]) (snapshot) fcntl$dupfd(fd fd, cmd flags[fcntl_dupfd], arg fd) fd fcntl$getflags(fd fd, cmd flags[fcntl_getflags]) @@ -544,8 +544,8 @@ waitid(which flags[waitid_which], pid pid, infop ptr[out, siginfo, opt], options waitid$P_PIDFD(which const[P_PIDFD], pidfd fd_pidfd, infop ptr[out, siginfo, opt], options flags[wait_options], ru ptr[out, rusage, opt]) wait4(pid pid, status ptr[out, int32, opt], options flags[wait_options], ru ptr[out, rusage, opt]) times(buf ptr[out, tms]) -# Can send signals to all processes (pid=-1). -#kill(pid pid, sig signalno) +# Can send signals to all processes (pid=-1) so it's enabled only in snapshot mode. +kill(pid pid, sig signalno) (snapshot) set_thread_area(info ptr[in, user_desc]) get_thread_area(info ptr[in, user_desc]) diff --git a/sys/linux/sys.txt.const b/sys/linux/sys.txt.const index ba024ae99..0fd1acc76 100644 --- a/sys/linux/sys.txt.const +++ b/sys/linux/sys.txt.const @@ -700,6 +700,7 @@ __NR_ioprio_get = 31, 386:290, amd64:252, arm:315, mips64le:5274, ppc64le:274, s __NR_ioprio_set = 30, 386:289, amd64:251, arm:314, mips64le:5273, ppc64le:273, s390x:282 __NR_kcmp = 272, 386:349, amd64:312, arm:378, mips64le:5306, ppc64le:354, s390x:343 __NR_kexec_load = 104, 386:283, amd64:246, arm:347, mips64le:5270, ppc64le:268, s390x:277 +__NR_kill = 37, amd64:62, arm64:riscv64:129, mips64le:5060 __NR_lchown = 16, amd64:94, arm64:riscv64:???, mips64le:5092, s390x:198 __NR_link = 9, amd64:86, arm64:riscv64:???, mips64le:5084 __NR_linkat = 37, 386:303, amd64:265, arm:330, mips64le:5255, ppc64le:294, s390x:296 |