From 413b991c26fa3ffadb04c4fe199dc3d1e1560232 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 7 May 2020 15:34:43 +0200
Subject: syz-fuzzer: add more checks for disabled syscalls

We are seeing some panics that say that some disabled
syscalls somehow get into corpus.
I don't see where/how this can happen.
Add a check to syz-fuzzer to panic whenever we execute
a program with disabled syscall. Hopefull the panic
stack will shed some light.
Also add a check in manager as the last defence line
so that bad programs don't get into the corpus.
---
 prog/prio.go | 6 +++---
 prog/rand.go | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'prog')

diff --git a/prog/prio.go b/prog/prio.go
index ccdab7bda..3a3f31b63 100644
--- a/prog/prio.go
+++ b/prog/prio.go
@@ -254,7 +254,7 @@ func (target *Target) BuildChoiceTable(corpus []*Prog, enabled map[*Syscall]bool
 	return &ChoiceTable{target, run, enabledCalls}
 }
 
-func (ct *ChoiceTable) enabled(call int) bool {
+func (ct *ChoiceTable) Enabled(call int) bool {
 	return ct.runs[call] != nil
 }
 
@@ -262,13 +262,13 @@ func (ct *ChoiceTable) choose(r *rand.Rand, bias int) int {
 	if bias < 0 {
 		bias = ct.calls[r.Intn(len(ct.calls))].ID
 	}
-	if !ct.enabled(bias) {
+	if !ct.Enabled(bias) {
 		panic("bias to disabled syscall")
 	}
 	run := ct.runs[bias]
 	x := r.Intn(run[len(run)-1]) + 1
 	res := sort.SearchInts(run, x)
-	if !ct.enabled(res) {
+	if !ct.Enabled(res) {
 		panic("selected disabled syscall")
 	}
 	return res
diff --git a/prog/rand.go b/prog/rand.go
index 019745161..b3d10cf42 100644
--- a/prog/rand.go
+++ b/prog/rand.go
@@ -379,7 +379,7 @@ func (r *randGen) createResource(s *state, res *ResourceType, dir Dir) (arg Arg,
 	// TODO: reduce priority of less specialized ctors.
 	var metas []*Syscall
 	for _, meta := range metas0 {
-		if s.ct.enabled(meta.ID) {
+		if s.ct.Enabled(meta.ID) {
 			metas = append(metas, meta)
 		}
 	}
-- 
cgit mrf-deployment