From 24857b29bc28753137e73565e8f9c26e67bf0770 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Tue, 22 Nov 2022 17:08:47 +0100 Subject: executor: don't pass uncompressed zlib size This will allow us to mutate the image size. Fixes #3527 --- executor/common_linux.h | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) (limited to 'executor/common_linux.h') diff --git a/executor/common_linux.h b/executor/common_linux.h index 40d2ad894..8ca854c9e 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -2897,7 +2897,7 @@ static long syz_genetlink_get_family_id(volatile long name, volatile long sock_a // creating and initializing the underlying file backing the loop device and // returns the fds to the file and device. // Returns 0 on success, -1 otherwise. -static int setup_loop_device(long unsigned size, long unsigned compressed_size, unsigned char* data, const char* loopname, int* memfd_p, int* loopfd_p) +static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); @@ -2905,12 +2905,7 @@ static int setup_loop_device(long unsigned size, long unsigned compressed_size, err = errno; goto error; } - if (ftruncate(memfd, size)) { - err = errno; - goto error_close_memfd; - } - - if (puff_zlib_to_file(data, compressed_size, memfd, size)) { + if (puff_zlib_to_file(data, size, memfd)) { err = errno; debug("setup_loop_device: could not decompress data: %d\n", errno); goto error_close_memfd; @@ -2949,15 +2944,15 @@ error: #endif #if SYZ_EXECUTOR || __NR_syz_read_part_table -// syz_read_part_table(size intptr, size_compressed len[img], img ptr[in, compressed_image]) -static long syz_read_part_table(volatile unsigned long size, volatile unsigned long compressed_size, volatile long image) +// syz_read_part_table(size len[img], img ptr[in, compressed_image]) +static long syz_read_part_table(volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); - if (setup_loop_device(size, compressed_size, data, loopname, &memfd, &loopfd) == -1) + if (setup_loop_device(data, size, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; @@ -3003,25 +2998,23 @@ error_clear_loop: // syz_mount_image( // fs ptr[in, string[fs]], // dir ptr[in, filename], -// size intptr, -// size_compressed len[img], // flags flags[mount_flags], // opts ptr[in, fs_options], // chdir bool8, +// size len[img], // img ptr[in, compressed_image] // ) fd_dir static long syz_mount_image( volatile long fsarg, volatile long dir, - volatile unsigned long size, - volatile unsigned long compressed_size, volatile long flags, volatile long optsarg, volatile long change_dir, + volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; - int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!compressed_size; + int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; @@ -3033,7 +3026,7 @@ static long syz_mount_image( // filesystem image. memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); - if (setup_loop_device(size, compressed_size, data, loopname, &memfd, &loopfd) == -1) + if (setup_loop_device(data, size, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } @@ -3058,7 +3051,7 @@ static long syz_mount_image( // and if two parallel executors mounts fs with the same uuid, second mount fails. strcat(opts, ",nouuid"); } - debug("syz_mount_image: size=%llu compressed_size=%llu loop='%s' dir='%s' fs='%s' flags=%llu opts='%s'\n", (uint64)size, (uint64)compressed_size, loopname, target, fs, (uint64)flags, opts); + debug("syz_mount_image: size=%llu loop='%s' dir='%s' fs='%s' flags=%llu opts='%s'\n", (uint64)size, loopname, target, fs, (uint64)flags, opts); #if SYZ_EXECUTOR cover_reset(0); #endif -- cgit mrf-deployment