From deb0e69e1028ba3152631c3f1d2fac98c12e33a5 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Mon, 11 Jun 2018 10:02:51 +0200 Subject: executor: always use errors=continue when mounting ext2/3/4 For ext2/3/4 we have to have errors=continue because the image can contain errors=panic flag and can legally crash kernel. Fixes #599 --- executor/common_linux.h | 26 +++++++++++++++++++++----- executor/syscalls_linux.h | 10 +++++----- 2 files changed, 26 insertions(+), 10 deletions(-) (limited to 'executor') diff --git a/executor/common_linux.h b/executor/common_linux.h index ae83e5d46..fe7458d3a 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -953,9 +953,9 @@ error: // size len[data, intptr] // offset intptr //} -static uintptr_t syz_mount_image(uintptr_t fs, uintptr_t dir, uintptr_t size, uintptr_t nsegs, uintptr_t segments, uintptr_t flags, uintptr_t opts) +static uintptr_t syz_mount_image(uintptr_t fsarg, uintptr_t dir, uintptr_t size, uintptr_t nsegs, uintptr_t segments, uintptr_t flags, uintptr_t optsarg) { - char loopname[64]; + char loopname[64], fs[32], opts[256]; int loopfd, err = 0, res = -1; uintptr_t i; // Strictly saying we ought to do a nonfailing copyout of segments into a local var. @@ -1010,12 +1010,28 @@ static uintptr_t syz_mount_image(uintptr_t fs, uintptr_t dir, uintptr_t size, ui } } mkdir((char*)dir, 0777); - NONFAILING(if (strcmp((char*)fs, "iso9660") == 0) flags |= MS_RDONLY); - debug("syz_mount_image: size=%llu segs=%llu loop='%s' dir='%s' fs='%s' opts='%s'\n", (uint64)size, (uint64)nsegs, loopname, (char*)dir, (char*)fs, (char*)opts); + memset(fs, 0, sizeof(fs)); + NONFAILING(strncpy(fs, (char*)fsarg, sizeof(fs) - 1)); + memset(opts, 0, sizeof(opts)); + // Leave some space for the additional options we append below. + NONFAILING(strncpy(opts, (char*)optsarg, sizeof(opts) - 32)); + if (strcmp(fs, "iso9660") == 0) { + flags |= MS_RDONLY; + } else if (strncmp(fs, "ext", 3) == 0) { + // For ext2/3/4 we have to have errors=continue because the image + // can contain errors=panic flag and can legally crash kernel. + if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) + strcat(opts, ",errors=continue"); + } else if (strcmp(fs, "xfs") == 0) { + // For xfs we need nouuid because xfs has a global uuids table + // and if two parallel executors mounts fs with the same uuid, second mount fails. + strcat(opts, ",nouuid"); + } + debug("syz_mount_image: size=%llu segs=%llu loop='%s' dir='%s' fs='%s' flags=%llu opts='%s'\n", (uint64)size, (uint64)nsegs, loopname, (char*)dir, fs, (uint64)flags, opts); #if defined(SYZ_EXECUTOR) cover_reset(0); #endif - if (mount(loopname, (char*)dir, (char*)fs, flags, (char*)opts)) { + if (mount(loopname, (char*)dir, fs, flags, opts)) { err = errno; goto error_clear_loop; } diff --git a/executor/syscalls_linux.h b/executor/syscalls_linux.h index ec63fee02..bf11f6440 100644 --- a/executor/syscalls_linux.h +++ b/executor/syscalls_linux.h @@ -2,7 +2,7 @@ #if defined(__i386__) || 0 #define GOARCH "386" -#define SYZ_REVISION "eda3de1125f0e93ef7b53a4612abbf97269305da" +#define SYZ_REVISION "955b3b5300af8efd38b4f547a3f09ad5fe151dbb" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 @@ -1979,7 +1979,7 @@ const call_t syscalls[] = { #if defined(__x86_64__) || 0 #define GOARCH "amd64" -#define SYZ_REVISION "272b01a3b16d0c410493224a23f0e9513c21aad5" +#define SYZ_REVISION "7097498c6946c1eb9722af2ad0538f54e559ac58" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 @@ -4008,7 +4008,7 @@ const call_t syscalls[] = { #if defined(__arm__) || 0 #define GOARCH "arm" -#define SYZ_REVISION "b13a1e650be47cd4a9cc00ddb999fdfd4382e3fa" +#define SYZ_REVISION "6b6722dfc791e76f8e5ea43bb5ed38f3cabaa311" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 @@ -5993,7 +5993,7 @@ const call_t syscalls[] = { #if defined(__aarch64__) || 0 #define GOARCH "arm64" -#define SYZ_REVISION "8f35ff6320416fc8d2dd77a773e6331b63cb6c8e" +#define SYZ_REVISION "c62a27e289c952463593743f46ab30695095ad93" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 @@ -7951,7 +7951,7 @@ const call_t syscalls[] = { #if defined(__ppc64__) || defined(__PPC64__) || defined(__powerpc64__) || 0 #define GOARCH "ppc64le" -#define SYZ_REVISION "e0d23caf525ff9f06001b9586ae733b13ba454da" +#define SYZ_REVISION "4d1d8966c4e9be19a8def1df7840f085c1e49434" #define SYZ_PAGE_SIZE 4096 #define SYZ_NUM_PAGES 4096 #define SYZ_DATA_OFFSET 536870912 -- cgit mrf-deployment