From fcfad4ffcf3aa3ecced8298f5816649b800ecd26 Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@google.com>
Date: Sat, 21 May 2022 09:54:29 -0700
Subject: ipc: add magic in a call reply

When a shared memory is used, the executor can corrupt reply messages,
so let's add magic to detect such cases.

It is an attempt to debug issues like this one:
https://syzkaller.appspot.com/bug?id=faca64c3182e9f130ca94b7931dd771be390ef67

Signed-off-by: Andrei Vagin <avagin@google.com>
---
 pkg/ipc/ipc.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'pkg/ipc')

diff --git a/pkg/ipc/ipc.go b/pkg/ipc/ipc.go
index 6b25d4af4..d930b756b 100644
--- a/pkg/ipc/ipc.go
+++ b/pkg/ipc/ipc.go
@@ -338,6 +338,9 @@ func (env *Env) parseOutput(p *prog.Prog, opts *ExecOpts) (*ProgInfo, error) {
 		reply := *(*callReply)(unsafe.Pointer(&out[0]))
 		out = out[unsafe.Sizeof(callReply{}):]
 		var inf *CallInfo
+		if reply.magic != outMagic {
+			return nil, fmt.Errorf("bad reply magic 0x%x", reply.magic)
+		}
 		if reply.index != extraReplyIndex {
 			if int(reply.index) >= len(info.Calls) {
 				return nil, fmt.Errorf("bad call %v index %v/%v", i, reply.index, len(info.Calls))
@@ -532,6 +535,7 @@ type executeReply struct {
 }
 
 type callReply struct {
+	magic      uint32
 	index      uint32 // call index in the program
 	num        uint32 // syscall number (for cross-checking)
 	errno      uint32
-- 
cgit mrf-deployment