From b458f2c1a61c78e2004be6b4ef60b45fb81bd684 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Mon, 13 Jul 2020 16:24:56 +0200 Subject: executor: wrap all syscalls into NONFAILING Currently we sprinkle NONFAILING all over pseudo-syscall code, around all individual accesses to fuzzer-generated pointers. This is tedious manual work and subject to errors. Wrap execute_syscall invocation with NONFAILING in execute_call once instead. Then we can remove NONFAILING from all pseudo-syscalls and never get back to this. Potential downsides: (1) this is coarser-grained and we will skip whole syscall on invalid pointer, but this is how normal syscalls work as well, so should not be a problem; (2) we will skip any clean up (closing of files, etc) as well; but this may be fine as well (programs can perfectly leave open file descriptors as well). Update #1918 --- executor/executor.cc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'executor') diff --git a/executor/executor.cc b/executor/executor.cc index 1e7625d7e..ccbdb1aa0 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -1088,8 +1088,11 @@ void execute_call(thread_t* th) if (flag_coverage) cover_reset(&th->cov); - errno = 0; - th->res = execute_syscall(call, th->args); + // For pseudo-syscalls and user-space functions NONFAILING can abort before assigning to th->res. + // Arrange for res = -1 and errno = EFAULT result for such case. + th->res = -1; + errno = EFAULT; + NONFAILING(th->res = execute_syscall(call, th->args)); th->reserrno = errno; if (th->res == -1 && th->reserrno == 0) th->reserrno = EINVAL; // our syz syscalls may misbehave -- cgit mrf-deployment