From fcfad4ffcf3aa3ecced8298f5816649b800ecd26 Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@google.com>
Date: Sat, 21 May 2022 09:54:29 -0700
Subject: ipc: add magic in a call reply

When a shared memory is used, the executor can corrupt reply messages,
so let's add magic to detect such cases.

It is an attempt to debug issues like this one:
https://syzkaller.appspot.com/bug?id=faca64c3182e9f130ca94b7931dd771be390ef67

Signed-off-by: Andrei Vagin <avagin@google.com>
---
 executor/executor.cc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'executor/executor.cc')

diff --git a/executor/executor.cc b/executor/executor.cc
index 058e90b15..475c89378 100644
--- a/executor/executor.cc
+++ b/executor/executor.cc
@@ -329,6 +329,7 @@ const uint32 call_flag_fault_injected = 1 << 3;
 
 struct call_reply {
 	execute_reply header;
+	uint32 magic;
 	uint32 call_index;
 	uint32 call_num;
 	uint32 reserrno;
@@ -1104,6 +1105,7 @@ void write_call_output(thread_t* th, bool finished)
 			      (th->fault_injected ? call_flag_fault_injected : 0);
 	}
 #if SYZ_EXECUTOR_USES_SHMEM
+	write_output(kOutMagic);
 	write_output(th->call_index);
 	write_output(th->call_num);
 	write_output(reserrno);
@@ -1148,6 +1150,7 @@ void write_call_output(thread_t* th, bool finished)
 	reply.header.magic = kOutMagic;
 	reply.header.done = 0;
 	reply.header.status = 0;
+	reply.magic = kOutMagic;
 	reply.call_index = th->call_index;
 	reply.call_num = th->call_num;
 	reply.reserrno = reserrno;
-- 
cgit mrf-deployment