From d545e945ce3761556e10fd6b4c20a952c0e821a1 Mon Sep 17 00:00:00 2001
From: Andrey Konovalov <andreyknvl@google.com>
Date: Wed, 7 Aug 2019 18:03:59 +0200
Subject: sys/linux: add syz_open_dev$char_usb descriptions

syz_open_dev$char_usb opens char devices with major = USB_MAJOR.
Sanitize its values to make sure it doesn't open other char/block devices.
---
 sys/linux/init.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'sys/linux/init.go')

diff --git a/sys/linux/init.go b/sys/linux/init.go
index e24e7eb77..5ae9f001d 100644
--- a/sys/linux/init.go
+++ b/sys/linux/init.go
@@ -41,6 +41,7 @@ func InitTarget(target *prog.Target) {
 		AF_AX25:                     target.GetConst("AF_AX25"),
 		AF_NETROM:                   target.GetConst("AF_NETROM"),
 		AF_ROSE:                     target.GetConst("AF_ROSE"),
+		USB_MAJOR:                   target.GetConst("USB_MAJOR"),
 		// These are not present on all arches.
 		ARCH_SET_FS: target.ConstMap["ARCH_SET_FS"],
 		ARCH_SET_GS: target.ConstMap["ARCH_SET_GS"],
@@ -138,6 +139,7 @@ type arch struct {
 	AF_AX25                     uint64
 	AF_NETROM                   uint64
 	AF_ROSE                     uint64
+	USB_MAJOR                   uint64
 }
 
 func (arch *arch) sanitizeCall(c *prog.Call) {
@@ -206,6 +208,10 @@ func (arch *arch) sanitizeCall(c *prog.Call) {
 	switch c.Meta.Name {
 	case "setsockopt$EBT_SO_SET_ENTRIES":
 		arch.sanitizeEbtables(c)
+	case "syz_open_dev$char_usb":
+		// Don't allow opening various char and block devices.
+		c.Args[0].(*prog.ConstArg).Val = 0xc
+		c.Args[1].(*prog.ConstArg).Val = arch.USB_MAJOR
 	}
 }
 
-- 
cgit mrf-deployment