From 8c1621bedea53aa77ac39bbda26e86592d6dde5b Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 7 Feb 2019 18:40:59 +0100
Subject: sys/linux: prohibit EXT4_IOC_RESIZE_FS

When we run with sandbox=none, test program can do EXT4_IOC_RESIZE_FS which
shrinks rootfs basically to 0. This breaks the machine as all tests then fail with:

failed to create temp dir: mkdir syzkaller-testdir077269498: no space left on device

This is the most common source of "lost connection" crashes overall and
they are not actually kernel bugs.

Prohibit EXT4_IOC_RESIZE_FS for now.
Alternatively we can mount tmpfs with sandbox=none.

Update #971
---
 sys/linux/init.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'sys/linux/init.go')

diff --git a/sys/linux/init.go b/sys/linux/init.go
index a76fd78fb..e7fe9d78a 100644
--- a/sys/linux/init.go
+++ b/sys/linux/init.go
@@ -24,6 +24,7 @@ func InitTarget(target *prog.Target) {
 		SNAPSHOT_FREEZE:           target.GetConst("SNAPSHOT_FREEZE"),
 		SNAPSHOT_UNFREEZE:         target.GetConst("SNAPSHOT_UNFREEZE"),
 		EXT4_IOC_SHUTDOWN:         target.GetConst("EXT4_IOC_SHUTDOWN"),
+		EXT4_IOC_RESIZE_FS:        target.GetConst("EXT4_IOC_RESIZE_FS"),
 		EXT4_IOC_MIGRATE:          target.GetConst("EXT4_IOC_MIGRATE"),
 		FAN_OPEN_PERM:             target.GetConst("FAN_OPEN_PERM"),
 		FAN_ACCESS_PERM:           target.GetConst("FAN_ACCESS_PERM"),
@@ -114,6 +115,7 @@ type arch struct {
 	SNAPSHOT_FREEZE           uint64
 	SNAPSHOT_UNFREEZE         uint64
 	EXT4_IOC_SHUTDOWN         uint64
+	EXT4_IOC_RESIZE_FS        uint64
 	EXT4_IOC_MIGRATE          uint64
 	FAN_OPEN_PERM             uint64
 	FAN_ACCESS_PERM           uint64
@@ -165,6 +167,13 @@ func (arch *arch) sanitizeCall(c *prog.Call) {
 		if uint64(uint32(cmd.Val)) == arch.EXT4_IOC_SHUTDOWN {
 			cmd.Val = arch.EXT4_IOC_MIGRATE
 		}
+		// EXT4_IOC_RESIZE_FS on root fs can shrink it to 0 (or whatever is the minimum size)
+		// and then creation of new temp dirs for tests will fail.
+		// TODO: not necessary for sandbox=namespace as it tests in a tmpfs
+		// and/or if we mount tmpfs for sandbox=none (#971).
+		if uint64(uint32(cmd.Val)) == arch.EXT4_IOC_RESIZE_FS {
+			cmd.Val = arch.EXT4_IOC_MIGRATE
+		}
 	case "fanotify_mark":
 		// FAN_*_PERM require the program to reply to open requests.
 		// If that does not happen, the program will hang in an unkillable state forever.
-- 
cgit mrf-deployment