From b960f108b3f88019e196293e2d507a9bf9d0e132 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Fri, 21 Oct 2022 09:56:39 +0200 Subject: executor: better errors for failed mmaps A fixed-address mmap can fail completely or return a different address. Log what it was. Based on: https://groups.google.com/g/syzkaller/c/lto00RwlDIQ --- executor/executor_linux.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'executor/executor_linux.h') diff --git a/executor/executor_linux.h b/executor/executor_linux.h index 3f422f6f2..54246bda9 100644 --- a/executor/executor_linux.h +++ b/executor/executor_linux.h @@ -58,12 +58,15 @@ static void os_init(int argc, char** argv, char* data, size_t data_size) // One observed case before: executor had a mapping above the data mapping (output region), // while C repros did not have that mapping above, as the result in one case VMA had next link, // while in the other it didn't and it caused a bug to not reproduce with the C repro. - if (mmap(data - SYZ_PAGE_SIZE, SYZ_PAGE_SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data - SYZ_PAGE_SIZE) - fail("mmap of left data PROT_NONE page failed"); - if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data) - fail("mmap of data segment failed"); - if (mmap(data + data_size, SYZ_PAGE_SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data + data_size) - fail("mmap of right data PROT_NONE page failed"); + void* got = mmap(data - SYZ_PAGE_SIZE, SYZ_PAGE_SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); + if (data - SYZ_PAGE_SIZE != got) + failmsg("mmap of left data PROT_NONE page failed", "want %p, got %p", data - SYZ_PAGE_SIZE, got); + got = mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); + if (data != got) + failmsg("mmap of data segment failed", "want %p, got %p", data, got); + got = mmap(data + data_size, SYZ_PAGE_SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); + if (data + data_size != got) + failmsg("mmap of right data PROT_NONE page failed", "want %p, got %p", data + data_size, got); } static intptr_t execute_syscall(const call_t* c, intptr_t a[kMaxArgs]) -- cgit mrf-deployment