From 8cc0c5c595cd14fb40a0052bbedd7ff3e96f64c8 Mon Sep 17 00:00:00 2001 From: Hrutvik Kanabar Date: Thu, 27 Oct 2022 14:27:38 +0000 Subject: sys/linux, tools/syz-imagegen: update `syz_mount_image` to use `compressed_image` Rather than accepting "segments", `syz_mount_image` now accepts a compressed image. Since this is already a corpus-breaking change, also rearrange the arguments so that the image is at the end. This makes it easier to inspect what the other arguments are set to. We need to increase the timeout associated with `syz_mount_image`, as decompression and execution take a little longer. 5000ms should be very generous. This commit updates the descriptions and the `syz-imagegen` tool. The executor, seed images, and asset saving will be updated in future commits. --- prog/minimization_test.go | 4 +- sys/linux/filesystem.txt | 104 +++++++++++++++++++---------------------- sys/linux/filesystem.txt.const | 2 +- sys/linux/fs_fuse.txt | 2 +- tools/syz-imagegen/imagegen.go | 91 +++++++----------------------------- 5 files changed, 70 insertions(+), 133 deletions(-) diff --git a/prog/minimization_test.go b/prog/minimization_test.go index 93ccdc7bb..bf67dc3e9 100644 --- a/prog/minimization_test.go +++ b/prog/minimization_test.go @@ -231,13 +231,13 @@ func TestMinimize(t *testing.T) { // Ensure `no_minimize` calls are untouched. { "linux", "amd64", - "syz_mount_image$ext4(&(0x7f0000000000)='ext4\\x00', &(0x7f0000000100)='./file0\\x00', 0x40000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)='test\\x00'/32, 0x20, 0x400}], 0x0, &(0x7f0000010020), 0x1)\n", + "syz_mount_image$ext4(&(0x7f0000000000)='ext4\\x00', &(0x7f0000000100)='./file0\\x00', 0x40000, 0x15, 0x0, &(0x7f0000010020), 0x1, &(0x7f0000000200)=\"$eJwqrqzKTszJSS0CBAAA//8TyQPi\")\n", 0, func(p *Prog, callIndex int) bool { // Anything is allowed except removing a call. return len(p.Calls) > 0 }, - "syz_mount_image$ext4(&(0x7f0000000000)='ext4\\x00', &(0x7f0000000100)='./file0\\x00', 0x40000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)='test\\x00'/32, 0x20, 0x400}], 0x0, &(0x7f0000010020), 0x1)\n", + "syz_mount_image$ext4(&(0x7f0000000000)='ext4\\x00', &(0x7f0000000100)='./file0\\x00', 0x40000, 0x15, 0x0, &(0x7f0000010020), 0x1, &(0x7f0000000200)=\"$eJwqrqzKTszJSS0CBAAA//8TyQPi\")\n", 0, }, } diff --git a/sys/linux/filesystem.txt b/sys/linux/filesystem.txt index 2c251e719..bf34faacc 100644 --- a/sys/linux/filesystem.txt +++ b/sys/linux/filesystem.txt @@ -86,65 +86,59 @@ loop_filename { z const[0, int8] } [packed] -syz_read_part_table(size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]]) - -define SYZ_MOUNT_IMAGE_TIMEOUT 50 - -syz_mount_image$vfat(fs ptr[in, string["vfat"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[vfat_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$msdos(fs ptr[in, string["msdos"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[msdos_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$bfs(fs ptr[in, string["bfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$xfs(fs ptr[in, string["xfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[xfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$minix(fs ptr[in, string["minix"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$reiserfs(fs ptr[in, string["reiserfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[reiserfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$hfs(fs ptr[in, string["hfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[hfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$hfsplus(fs ptr[in, string["hfsplus"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[hfsplus_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$iso9660(fs ptr[in, string["iso9660"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[iso9660_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$gfs2(fs ptr[in, string["gfs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[gfs2_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$jfs(fs ptr[in, string["jfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[jfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$btrfs(fs ptr[in, string["btrfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[btrfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ntfs(fs ptr[in, string["ntfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[ntfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ntfs3(fs ptr[in, string["ntfs3"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[ntfs3_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ext4(fs ptr[in, string[ext4_types]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[ext4_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$f2fs(fs ptr[in, string["f2fs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[f2fs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ocfs2(fs ptr[in, string["ocfs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$nfs(fs ptr[in, string["nfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$nfs4(fs ptr[in, string["nfs4"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$erofs(fs ptr[in, string["erofs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[erofs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$exfat(fs ptr[in, string["exfat"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[exfat_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$afs(fs ptr[in, string["afs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[afs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$cramfs(fs ptr[in, string["cramfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$romfs(fs ptr[in, string["romfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$zonefs(fs ptr[in, string["zonefs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[zonefs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$efs(fs ptr[in, string["efs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$jffs2(fs ptr[in, string["jffs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[jffs2_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$nilfs2(fs ptr[in, string["nilfs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[nilfs2_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ubifs(fs ptr[in, string["ubifs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[ubifs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$squashfs(fs ptr[in, string["squashfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$udf(fs ptr[in, string["udf"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[udf_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_read_part_table(size intptr, size_compressed len[img], img ptr[in, compressed_image]) (no_generate, no_minimize) + +define SYZ_MOUNT_IMAGE_TIMEOUT 4000 + +syz_mount_image$vfat(fs ptr[in, string["vfat"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[vfat_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$msdos(fs ptr[in, string["msdos"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[msdos_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$bfs(fs ptr[in, string["bfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$xfs(fs ptr[in, string["xfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[xfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$minix(fs ptr[in, string["minix"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$reiserfs(fs ptr[in, string["reiserfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[reiserfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$hfs(fs ptr[in, string["hfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[hfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$hfsplus(fs ptr[in, string["hfsplus"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[hfsplus_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$iso9660(fs ptr[in, string["iso9660"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[iso9660_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$gfs2(fs ptr[in, string["gfs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[gfs2_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$jfs(fs ptr[in, string["jfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[jfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$btrfs(fs ptr[in, string["btrfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[btrfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ntfs(fs ptr[in, string["ntfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[ntfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ntfs3(fs ptr[in, string["ntfs3"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[ntfs3_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ext4(fs ptr[in, string[ext4_types]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[ext4_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$f2fs(fs ptr[in, string["f2fs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[f2fs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ocfs2(fs ptr[in, string["ocfs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$nfs(fs ptr[in, string["nfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$nfs4(fs ptr[in, string["nfs4"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$erofs(fs ptr[in, string["erofs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[erofs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$exfat(fs ptr[in, string["exfat"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[exfat_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$afs(fs ptr[in, string["afs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[afs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$cramfs(fs ptr[in, string["cramfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$romfs(fs ptr[in, string["romfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$zonefs(fs ptr[in, string["zonefs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[zonefs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$efs(fs ptr[in, string["efs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$jffs2(fs ptr[in, string["jffs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[jffs2_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$nilfs2(fs ptr[in, string["nilfs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[nilfs2_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ubifs(fs ptr[in, string["ubifs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[ubifs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$squashfs(fs ptr[in, string["squashfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$udf(fs ptr[in, string["udf"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[udf_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) # TODO: add mount options for the following file systems. -syz_mount_image$adfs(fs ptr[in, string["adfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$affs(fs ptr[in, string["affs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$pvfs2(fs ptr[in, string["pvfs2"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$befs(fs ptr[in, string["befs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$vxfs(fs ptr[in, string["vxfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$omfs(fs ptr[in, string["omfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$hpfs(fs ptr[in, string["hpfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$qnx4(fs ptr[in, string["qnx4"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$qnx6(fs ptr[in, string["qnx6"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$sysv(fs ptr[in, string["sysv"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$ufs(fs ptr[in, string["ufs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$gfs2meta(fs ptr[in, string["gfs2meta"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) -syz_mount_image$v7(fs ptr[in, string["v7"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$adfs(fs ptr[in, string["adfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$affs(fs ptr[in, string["affs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$pvfs2(fs ptr[in, string["pvfs2"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$befs(fs ptr[in, string["befs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$vxfs(fs ptr[in, string["vxfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$omfs(fs ptr[in, string["omfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$hpfs(fs ptr[in, string["hpfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$qnx4(fs ptr[in, string["qnx4"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$qnx6(fs ptr[in, string["qnx6"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$sysv(fs ptr[in, string["sysv"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$ufs(fs ptr[in, string["ufs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$gfs2meta(fs ptr[in, string["gfs2meta"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) +syz_mount_image$v7(fs ptr[in, string["v7"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[stringnoz]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) # Note: tmpfs does not need an image, but we use this in tests. -syz_mount_image$tmpfs(fs ptr[in, string["tmpfs"]], dir ptr[in, filename], size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fs_options[tmpfs_options]], chdir bool8) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) - -fs_image_segment { - data ptr[in, array[int8]] - size len[data, intptr] - offset intptr -} +syz_mount_image$tmpfs(fs ptr[in, string["tmpfs"]], dir ptr[in, filename], size intptr, size_compressed len[img], flags flags[mount_flags], opts ptr[in, fs_options[tmpfs_options]], chdir bool8, img ptr[in, compressed_image]) fd_dir (timeout[SYZ_MOUNT_IMAGE_TIMEOUT], no_generate, no_minimize) type fs_options[ELEMS] { elems array[fs_opt_elem[ELEMS]] diff --git a/sys/linux/filesystem.txt.const b/sys/linux/filesystem.txt.const index f6cbdb675..aae530c7e 100644 --- a/sys/linux/filesystem.txt.const +++ b/sys/linux/filesystem.txt.const @@ -56,7 +56,7 @@ MS_SYNCHRONOUS = 16 MS_UNBINDABLE = 131072 OPEN_TREE_CLOEXEC = 524288 OPEN_TREE_CLONE = 1 -SYZ_MOUNT_IMAGE_TIMEOUT = 50 +SYZ_MOUNT_IMAGE_TIMEOUT = 4000 UMOUNT_NOFOLLOW = 8 __NR_fsconfig = 431, mips64le:5431 __NR_fsmount = 432, mips64le:5432 diff --git a/sys/linux/fs_fuse.txt b/sys/linux/fs_fuse.txt index f7d78c1c3..3f209988d 100644 --- a/sys/linux/fs_fuse.txt +++ b/sys/linux/fs_fuse.txt @@ -41,7 +41,7 @@ write$FUSE_NOTIFY_STORE(fd fd_fuse, arg ptr[in, fuse_notify[FUSE_NOTIFY_STORE, f write$FUSE_NOTIFY_RETRIEVE(fd fd_fuse, arg ptr[in, fuse_notify[FUSE_NOTIFY_RETRIEVE, fuse_notify_retrieve_out]], len bytesize[arg]) write$FUSE_NOTIFY_DELETE(fd fd_fuse, arg ptr[in, fuse_notify[FUSE_NOTIFY_DELETE, fuse_notify_delete_out]], len bytesize[arg]) -syz_mount_image$fuse(fs ptr[in, string["fuse"]], dir ptr[in, filename], size const[0], nsegs const[0], segments ptr[in, array[fs_image_segment]], flags flags[mount_flags], opts ptr[in, fuse_options], chdir bool8) fd_dir (no_generate, no_minimize) +syz_mount_image$fuse(fs ptr[in, string["fuse"]], dir ptr[in, filename], size const[0], size_compressed const[0], flags flags[mount_flags], opts ptr[in, fuse_options], chdir bool8, img ptr[in, compressed_image]) fd_dir (no_generate, no_minimize) syz_fuse_handle_req(fd fd_fuse, buf ptr[in, read_buffer], len bytesize[buf], res ptr[in, syz_fuse_req_out]) type fuse_ino int64[0:6] diff --git a/tools/syz-imagegen/imagegen.go b/tools/syz-imagegen/imagegen.go index 5f120b29d..367e7d8b0 100644 --- a/tools/syz-imagegen/imagegen.go +++ b/tools/syz-imagegen/imagegen.go @@ -14,7 +14,6 @@ package main import ( "bytes" - "encoding/hex" "errors" "flag" "fmt" @@ -692,10 +691,11 @@ func (image *Image) generateSize() error { } image.hash = crc32.ChecksumIEEE(data) - segments := calculateSegments(data) - // Write out image *with* change of directory. - out := writeImage(image, len(data), segments, true) + out, err := writeImage(image, data, true) + if err != nil { + return fmt.Errorf("failed to write image: %v", err) + } p, err := image.target.Deserialize(out, prog.Strict) if err != nil { @@ -767,85 +767,28 @@ func runCmd(cmd string, args ...string) ([]byte, error) { return osutil.RunCmd(10*time.Minute, "", cmd, args...) } -func writeImage(image *Image, length int, segments []Segment, chdir bool) []byte { +func writeImage(image *Image, data []byte, chdir bool) ([]byte, error) { buf := new(bytes.Buffer) fmt.Fprintf(buf, "# Code generated by tools/syz-imagegen. DO NOT EDIT.\n") fmt.Fprintf(buf, "# requires: manual\n\n") fmt.Fprintf(buf, "# %v\n\n", image) - fmt.Fprintf(buf, `syz_mount_image$%v(&(0x7f0000000000)='%v\x00', &(0x7f0000000100)='./file0\x00',`+ - ` 0x%x, 0x%x, &(0x7f0000000200)=[`, - image.fs.Name, image.fs.Name, length, len(segments)) - addr := 0x7f0000010000 - for i, seg := range segments { - if i != 0 { - fmt.Fprintf(buf, ", ") - } - fmt.Fprintf(buf, `{&(0x%x)="%v", 0x%x, 0x%x}`, - addr, hex.EncodeToString(seg.data), len(seg.data), seg.offset) - addr += len(seg.data) - } + compressedData := prog.Compress(data) + b64Data := prog.EncodeB64(compressedData) chdirAsInt := 0 if chdir { chdirAsInt = 1 } - fmt.Fprintf(buf, "], 0x0, &(0x%x), 0x%x)\n", addr, chdirAsInt) - return buf.Bytes() -} - -type Segment struct { - offset int - data []byte -} + fmt.Fprintf(buf, `syz_mount_image$%v(&AUTO='%v\x00', &AUTO='./file0\x00',`+ + ` 0x%x, AUTO, 0x0, &AUTO, 0x%x, &AUTO="$`, + image.fs.Name, image.fs.Name, len(data), chdirAsInt) + buf.Write(b64Data) + fmt.Fprintf(buf, "\")\n") -func calculateSegments(data []byte) []Segment { - const ( - skip = 32 // min zero bytes to skip - align = 32 // non-zero block alignment - ) - data0 := data - zeros := make([]byte, skip+align) - var segs []Segment - offset := 0 - for len(data) != 0 { - pos := bytes.Index(data, zeros) - if pos == -1 { - segs = append(segs, Segment{offset, data}) - break - } - pos = (pos + align - 1) & ^(align - 1) - if pos != 0 { - segs = append(segs, Segment{offset, data[:pos]}) - } - for pos < len(data) && data[pos] == 0 { - pos++ - } - pos = pos & ^(align - 1) - offset += pos - data = data[pos:] - } - if false { - // self-test. - restored := make([]byte, len(data0)) - for _, seg := range segs { - copy(restored[seg.offset:], seg.data) - } - if !bytes.Equal(data0, restored) { - panic("restored data differs!") - } - } - return segs + return buf.Bytes(), nil } // TODO: also generate syz_read_part_table tests: -// fmt.Printf(`syz_read_part_table(0x%x, 0x%x, &(0x7f0000000200)=[`, -// len(data0), len(segs)) -// addr := 0x7f0000010000 -// for i, seg := range segs { -// if i != 0 { -// fmt.Printf(", ") -// } -// fmt.Printf(`{&(0x%x)="%v", 0x%x, 0x%x}`, -// addr, hex.EncodeToString(seg.data), len(seg.data), seg.offset) -// addr = (addr + len(seg.data) + 0xff) & ^0xff -// } -// fmt.Printf("])\n") +// fmt.Fprintf(buf, `syz_read_part_table(0x%x, 0x%x, &AUTO="$`, +// len(data), len(compressedData)) +// buf.Write(b64Data) +// fmt.Fprintf(buf, "\")\n") -- cgit mrf-deployment