diff options
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/binfmt.txt | 32 | ||||
| -rw-r--r-- | sys/linux/binfmt.txt.const | 4 | ||||
| -rw-r--r-- | sys/linux/sys.txt | 6 | ||||
| -rw-r--r-- | sys/linux/test/binfmt | 15 |
4 files changed, 40 insertions, 17 deletions
diff --git a/sys/linux/binfmt.txt b/sys/linux/binfmt.txt index 3e86ab61a..d0e6b7b23 100644 --- a/sys/linux/binfmt.txt +++ b/sys/linux/binfmt.txt @@ -3,15 +3,33 @@ include <uapi/linux/a.out.h> include <uapi/linux/elf.h> +include <linux/fcntl.h> -execve(file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]]) -execveat(dirfd fd_dir, file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]], flags flags[at_flags]) +resource fd_binfmt[fd] +resource ptr_binfmt_file[intptr] -write$binfmt_script(fd fd, data ptr[in, binfmt_script], len bytesize[data]) -write$binfmt_misc(fd fd, data ptr[in, binfmt_misc], len bytesize[data]) -write$binfmt_aout(fd fd, data ptr[in, binfmt_aout], len bytesize[data]) -write$binfmt_elf32(fd fd, data ptr[in, binfmt_elf32], len bytesize[data]) -write$binfmt_elf64(fd fd, data ptr[in, binfmt_elf64], len bytesize[data]) +syz_create_resource$binfmt(file ptr[in, filename]) ptr_binfmt_file + +execve(file ptr[in, filename], argv ptr[in, argv_array], envp ptr[in, argv_array]) +execveat(dirfd fd_dir, file ptr[in, filename], argv ptr[in, argv_array], envp ptr[in, argv_array], flags flags[at_flags]) +execveat$binfmt(dirfd fd_dir, file ptr_binfmt_file, argv ptr[in, argv_array], envp ptr[in, argv_array], flags flags[at_flags]) + +openat$binfmt(fd const[AT_FDCWD], file ptr_binfmt_file, flags const[BINFMT_OPEN_FLAGS], mode const[0x1ff]) fd_binfmt + +write$binfmt_script(fd fd_binfmt, data ptr[in, binfmt_script], len bytesize[data]) +write$binfmt_misc(fd fd_binfmt, data ptr[in, binfmt_misc], len bytesize[data]) +write$binfmt_aout(fd fd_binfmt, data ptr[in, binfmt_aout], len bytesize[data]) +write$binfmt_elf32(fd fd_binfmt, data ptr[in, binfmt_elf32], len bytesize[data]) +write$binfmt_elf64(fd fd_binfmt, data ptr[in, binfmt_elf64], len bytesize[data]) + +close$binfmt(fd fd_binfmt) + +define BINFMT_OPEN_FLAGS O_WRONLY | O_CREAT + +argv_array { + args array[ptr[in, string]] + z const[0, intptr] +} [packed] binfmt_script { hdr stringnoz["#! "] diff --git a/sys/linux/binfmt.txt.const b/sys/linux/binfmt.txt.const index f87766baf..e9acd5aad 100644 --- a/sys/linux/binfmt.txt.const +++ b/sys/linux/binfmt.txt.const @@ -1,5 +1,7 @@ # Code generated by syz-sysgen. DO NOT EDIT. arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x +AT_FDCWD = 18446744073709551516 +BINFMT_OPEN_FLAGS = 65, mips64le:257 ELF32_PHDR_SIZE = 32 ELF64_PHDR_SIZE = 56 EM_386 = 3 @@ -21,6 +23,8 @@ PT_SHLIB = 5 PT_TLS = 7 QMAGIC = 204 ZMAGIC = 267 +__NR_close = 6, amd64:3, arm64:riscv64:57, mips64le:5003 __NR_execve = 11, amd64:59, arm64:riscv64:221, mips64le:5057 __NR_execveat = 281, 386:358, amd64:322, arm:387, mips64le:5316, ppc64le:362, s390x:354 +__NR_openat = 56, 386:295, amd64:257, arm:322, mips64le:5247, ppc64le:286, s390x:288 __NR_write = 4, amd64:1, arm64:riscv64:64, mips64le:5001 diff --git a/sys/linux/sys.txt b/sys/linux/sys.txt index 4ee926fd6..a9fbd3f72 100644 --- a/sys/linux/sys.txt +++ b/sys/linux/sys.txt @@ -462,9 +462,9 @@ sysfs$3(option const[3]) statfs(path ptr[in, filename], buf buffer[out]) fstatfs(fd fd, buf buffer[out]) -uselib(lib ptr[in, filename]) -init_module(mod ptr[in, string], len len[mod], args ptr[in, string]) -finit_module(fd fd, args ptr[in, string], flags flags[finit_module_flags]) +uselib(lib ptr_binfmt_file) +init_module(mod ptr[in, binfmt_elf64], len len[mod], args ptr[in, string]) +finit_module(fd fd_binfmt, args ptr[in, string], flags flags[finit_module_flags]) delete_module(name ptr[in, string], flags flags[delete_module_flags]) kexec_load(entry intptr, nr_segments len[segments], segments ptr[in, array[kexec_segment]], flags flags[kexec_load_flags]) syslog(cmd flags[syslog_cmd], buf ptr[out, array[int8], opt], len len[buf]) diff --git a/sys/linux/test/binfmt b/sys/linux/test/binfmt index 8998c6226..617d75cfe 100644 --- a/sys/linux/test/binfmt +++ b/sys/linux/test/binfmt @@ -1,16 +1,17 @@ # Tests for binfmt_misc. # Executor setups binfmt_misc with ./file0 interpreter for files with byte 0x01 at offset 0. -execveat(0xffffffffffffff9c, &AUTO='./file1\x00', &AUTO=[0x0], &AUTO=[0x0], 0x0) # ENOENT -r0 = openat(0xffffffffffffff9c, &AUTO='./file1\x00', 0x42, 0x1ff) +r3 = syz_create_resource$binfmt(&AUTO='./file1\x00') +execveat$binfmt(0xffffffffffffff9c, r3, &AUTO={[], 0x0}, &AUTO={[], 0x0}, 0x0) # ENOENT +r0 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) close(r0) -execveat(0xffffffffffffff9c, &AUTO='./file1\x00', &AUTO=[0x0], &AUTO=[0x0], 0x0) # ENOEXEC -r1 = openat(0xffffffffffffff9c, &AUTO='./file1\x00', 0x2, 0x0) +execveat$binfmt(0xffffffffffffff9c, r3, &AUTO={[], 0x0}, &AUTO={[], 0x0}, 0x0) # ENOEXEC +r1 = openat$binfmt(0xffffffffffffff9c, r3, 0x2, 0x0) write(r1, &AUTO="01010101", 0x4) close(r1) -execveat(0xffffffffffffff9c, &AUTO='./file1\x00', &AUTO=[0x0], &AUTO=[0x0], 0x0) # ENOENT +execveat$binfmt(0xffffffffffffff9c, r3, &AUTO={[], 0x0}, &AUTO={[], 0x0}, 0x0) # ENOENT r2 = openat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x42, 0x0) close(r2) -execveat(0xffffffffffffff9c, &AUTO='./file1\x00', &AUTO=[0x0], &AUTO=[0x0], 0x0) # EACCES +execveat$binfmt(0xffffffffffffff9c, r3, &AUTO={[], 0x0}, &AUTO={[], 0x0}, 0x0) # EACCES fchmodat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x1ff) -execveat(0xffffffffffffff9c, &AUTO='./file1\x00', &AUTO=[0x0], &AUTO=[0x0], 0x0) # ENOEXEC +execveat$binfmt(0xffffffffffffff9c, r3, &AUTO={[], 0x0}, &AUTO={[], 0x0}, 0x0) # ENOEXEC |