From dfd3394d42ddd333c68cf355273b312da8c65a51 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Tue, 2 Apr 2019 13:43:46 +0200
Subject: executor: try to prevent machine outbreak

The fuzzer gained control over host machines again with something like:

syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0d5e57c3c3b7d95a91914e424a2664f0ff065b460f343030062e67660f50e900004681e400000100440fe531feabc4aba39d6c450754ddea420fae9972b571112d02")

Let's see if perturbing syz_execute_func a bit and wiping registers
will stop the outbreak.
---
 pkg/csource/generated.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'pkg')

diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index a41a64a62..facd7543f 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -364,7 +364,13 @@ static uint16 csum_inet_digest(struct csum_inet* csum)
 #if SYZ_EXECUTOR || __NR_syz_execute_func
 static long syz_execute_func(volatile long text)
 {
-	((void (*)(void))(text))();
+	volatile long p[8] = {0};
+	(void)p;
+#if GOARCH_amd64
+	asm volatile("" ::"r"(0l), "r"(1l), "r"(2l), "r"(3l), "r"(4l), "r"(5l), "r"(6l),
+		     "r"(7l), "r"(8l), "r"(9l), "r"(10l), "r"(11l), "r"(12l), "r"(13l));
+#endif
+	NONFAILING(((void (*)(void))(text))());
 	return 0;
 }
 #endif
-- 
cgit mrf-deployment