From a4718693a3d9fcabb02299b2ec07c19d8208c539 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Thu, 30 Aug 2018 21:10:38 -0700 Subject: sys/linux: add syz_execute_func The function executes random code. Update #310 --- sys/fuchsia/gen/amd64.go | 13 ++++++++----- sys/fuchsia/gen/arm64.go | 13 ++++++++----- sys/fuchsia/processes.txt | 2 +- sys/fuchsia/sys.txt | 2 ++ sys/fuchsia/threads.txt | 2 +- 5 files changed, 20 insertions(+), 12 deletions(-) (limited to 'sys/fuchsia') diff --git a/sys/fuchsia/gen/amd64.go b/sys/fuchsia/gen/amd64.go index d489c9238..421955818 100644 --- a/sys/fuchsia/gen/amd64.go +++ b/sys/fuchsia/gen/amd64.go @@ -1647,6 +1647,9 @@ var syscalls_amd64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, }}, {Name: "sync", CallName: "sync"}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_future_time", CallName: "syz_future_time", Args: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "when", TypeSize: 8}}, Kind: 2, RangeEnd: 1}, }, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_time", FldName: "ret", TypeSize: 8, ArgDir: 1}}}, @@ -2571,8 +2574,8 @@ var syscalls_amd64 = []*Syscall{ {Name: "zx_process_start", CallName: "zx_process_start", Args: []Type{ &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_process", FldName: "process", TypeSize: 4}}, &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "thread", TypeSize: 4}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}}, }}, @@ -2643,8 +2646,8 @@ var syscalls_amd64 = []*Syscall{ }}, {Name: "zx_thread_start", CallName: "zx_thread_start", Args: []Type{ &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "handle", TypeSize: 4}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}}, }}, @@ -2985,4 +2988,4 @@ var consts_amd64 = []ConstValue{ {Name: "fuchsia_io_SeekOrigin_Start"}, } -const revision_amd64 = "2a5cb64c987696cb8bdf1d6d9561c04993cf3299" +const revision_amd64 = "ee62749ce0e69fd29de1864a220e909a18613438" diff --git a/sys/fuchsia/gen/arm64.go b/sys/fuchsia/gen/arm64.go index 460544bab..e6eb6fdb6 100644 --- a/sys/fuchsia/gen/arm64.go +++ b/sys/fuchsia/gen/arm64.go @@ -1647,6 +1647,9 @@ var syscalls_arm64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, }}, {Name: "sync", CallName: "sync"}, + {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + }}, {Name: "syz_future_time", CallName: "syz_future_time", Args: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "when", TypeSize: 8}}, Kind: 2, RangeEnd: 1}, }, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_time", FldName: "ret", TypeSize: 8, ArgDir: 1}}}, @@ -2571,8 +2574,8 @@ var syscalls_arm64 = []*Syscall{ {Name: "zx_process_start", CallName: "zx_process_start", Args: []Type{ &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_process", FldName: "process", TypeSize: 4}}, &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "thread", TypeSize: 4}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}}, }}, @@ -2643,8 +2646,8 @@ var syscalls_arm64 = []*Syscall{ }}, {Name: "zx_thread_start", CallName: "zx_thread_start", Args: []Type{ &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "handle", TypeSize: 4}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}}, }}, @@ -2985,4 +2988,4 @@ var consts_arm64 = []ConstValue{ {Name: "fuchsia_io_SeekOrigin_Start"}, } -const revision_arm64 = "974ef513ae535d2b92308edd342169a59b596cd4" +const revision_arm64 = "80d5b2ce01d8c9deca31efaa1a61da313eaa44e6" diff --git a/sys/fuchsia/processes.txt b/sys/fuchsia/processes.txt index c6f51c3d2..835edbb1e 100644 --- a/sys/fuchsia/processes.txt +++ b/sys/fuchsia/processes.txt @@ -6,7 +6,7 @@ include resource zx_process[zx_task] zx_process_create(job zx_job, name ptr[in, string], name_len len[name], options const[0], proc_handle ptr[out, zx_process], vmar_handle ptr[out, zx_vmar]) -zx_process_start(process zx_process, thread zx_thread, entry intptr, stack intptr, arg1 const[0], arg2 const[0]) +zx_process_start(process zx_process, thread zx_thread, entry ptr[in, text[target]], stack ptr[out, array[int8]], arg1 const[0], arg2 const[0]) zx_process_read_memory(process zx_process, vaddr ptr[out, int8], buffer ptr[out, array[int8]], len len[buffer], actual ptr[out, intptr]) # TODO: temporary disabled as it crashes kernel left and right. # zx_process_write_memory(process zx_process, vaddr ptr[out, int8], buffer ptr[in, array[int8]], len len[buffer], actual ptr[out, intptr]) diff --git a/sys/fuchsia/sys.txt b/sys/fuchsia/sys.txt index 3ed323799..1fb885f03 100644 --- a/sys/fuchsia/sys.txt +++ b/sys/fuchsia/sys.txt @@ -6,6 +6,8 @@ include include +syz_execute_func(text ptr[in, text[target]]) + # Provided by sysroot (include/ddk/driver.h) resource zx_root_resource[zx_handle] get_root_resource() zx_root_resource diff --git a/sys/fuchsia/threads.txt b/sys/fuchsia/threads.txt index ef4831e03..7947703d9 100644 --- a/sys/fuchsia/threads.txt +++ b/sys/fuchsia/threads.txt @@ -7,7 +7,7 @@ include resource zx_thread[zx_task] zx_thread_create(process zx_process, name ptr[in, string], name_len len[name], options const[0], out ptr[out, zx_thread]) -zx_thread_start(handle zx_thread, entry intptr, stack intptr, arg1 const[0], arg2 const[0]) +zx_thread_start(handle zx_thread, entry ptr[in, text[target]], stack ptr[out, array[int8]], arg1 const[0], arg2 const[0]) zx_thread_exit() # Note: kind corresponds to ZX_THREAD_STATE_REGSET0..9 constants. zx_thread_read_state(handle zx_thread, kind int32[0:9], buffer ptr[out, array[int64]], len bytesize[buffer], actual ptr[out, int32]) -- cgit mrf-deployment