From d2f63c9b494cffdb8e2a2d3bc9ad682b417a501e Mon Sep 17 00:00:00 2001
From: mspecter <mikespecter@gmail.com>
Date: Tue, 11 Jun 2019 06:06:50 -0400
Subject: pkg/host: improve openat check

* Add support for non-obvious open commands

* Adding Michael Specter to CONTRIBUTORS

* update

* /pkg/host/host_linux.go: leverage .txt for OpenAt

Allows users to specify OpenAt flags. Currently, Syzkaller will
automatically attempt to open device nodes at startup, and ignore
descriptions that do not exist. Unfortunately, Syzkaller only opens with
read-only permissions, and some device drivers will
return -EINVAL or likewise if the correct flags are not specified.
---
 pkg/host/host_linux.go | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

(limited to 'pkg')

diff --git a/pkg/host/host_linux.go b/pkg/host/host_linux.go
index 67ca37047..b4b83d188 100644
--- a/pkg/host/host_linux.go
+++ b/pkg/host/host_linux.go
@@ -312,18 +312,32 @@ func isSupportedSocket(c *prog.Syscall) (bool, string) {
 }
 
 func isSupportedOpenAt(c *prog.Syscall) (bool, string) {
+	var fd int
+	var err error
+
 	fname, ok := extractStringConst(c.Args[1])
 	if !ok || len(fname) == 0 || fname[0] != '/' {
 		return true, ""
 	}
-	fd, err := syscall.Open(fname, syscall.O_RDONLY, 0)
-	if fd != -1 {
-		syscall.Close(fd)
+
+	modes := []int{syscall.O_RDONLY, syscall.O_WRONLY, syscall.O_RDWR}
+
+	// Attempt to extract flags from the syscall description
+	if mode, ok := c.Args[2].(*prog.ConstType); ok {
+		modes = []int{int(mode.Val)}
 	}
-	if err != nil {
-		return false, fmt.Sprintf("open(%v) failed: %v", fname, err)
+
+	for _, mode := range modes {
+		fd, err = syscall.Open(fname, mode, 0)
+		if fd != -1 {
+			syscall.Close(fd)
+		}
+		if err == nil {
+			return true, ""
+		}
 	}
-	return true, ""
+
+	return false, fmt.Sprintf("open(%v) failed: %v", fname, err)
 }
 
 func isSupportedMount(c *prog.Syscall, sandbox string) (bool, string) {
-- 
cgit mrf-deployment