From 8c1621bedea53aa77ac39bbda26e86592d6dde5b Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 7 Feb 2019 18:40:59 +0100
Subject: sys/linux: prohibit EXT4_IOC_RESIZE_FS

When we run with sandbox=none, test program can do EXT4_IOC_RESIZE_FS which
shrinks rootfs basically to 0. This breaks the machine as all tests then fail with:

failed to create temp dir: mkdir syzkaller-testdir077269498: no space left on device

This is the most common source of "lost connection" crashes overall and
they are not actually kernel bugs.

Prohibit EXT4_IOC_RESIZE_FS for now.
Alternatively we can mount tmpfs with sandbox=none.

Update #971
---
 sys/linux/fs_ext4.txt    | 5 ++---
 sys/linux/gen/386.go     | 7 +------
 sys/linux/gen/amd64.go   | 7 +------
 sys/linux/gen/arm.go     | 7 +------
 sys/linux/gen/arm64.go   | 7 +------
 sys/linux/gen/ppc64le.go | 7 +------
 sys/linux/init.go        | 9 +++++++++
 7 files changed, 16 insertions(+), 33 deletions(-)

(limited to 'sys/linux')

diff --git a/sys/linux/fs_ext4.txt b/sys/linux/fs_ext4.txt
index 6e0f9ffbd..19563b86c 100644
--- a/sys/linux/fs_ext4.txt
+++ b/sys/linux/fs_ext4.txt
@@ -11,14 +11,13 @@ ioctl$EXT4_IOC_GROUP_ADD(fd fd, cmd const[EXT4_IOC_GROUP_ADD], arg ptr[in, ext4_
 ioctl$EXT4_IOC_MIGRATE(fd fd, cmd const[EXT4_IOC_MIGRATE])
 ioctl$EXT4_IOC_ALLOC_DA_BLKS(fd fd, cmd const[EXT4_IOC_ALLOC_DA_BLKS])
 ioctl$EXT4_IOC_MOVE_EXT(fd fd, cmd const[EXT4_IOC_MOVE_EXT], arg ptr[in, move_extent])
-ioctl$EXT4_IOC_RESIZE_FS(fd fd, cmd const[EXT4_IOC_RESIZE_FS], arg ptr[in, int64])
 ioctl$EXT4_IOC_SWAP_BOOT(fd fd, cmd const[EXT4_IOC_SWAP_BOOT])
 ioctl$EXT4_IOC_PRECACHE_EXTENTS(fd fd, cmd const[EXT4_IOC_PRECACHE_EXTENTS])
 
 ext4_inode_flags = EXT4_SECRM_FL, EXT4_UNRM_FL, EXT4_COMPR_FL, EXT4_SYNC_FL, EXT4_IMMUTABLE_FL, EXT4_APPEND_FL, EXT4_NODUMP_FL, EXT4_NOATIME_FL, EXT4_PROJINHERIT_FL, EXT4_EOFBLOCKS_FL, EXT4_JOURNAL_DATA_FL, EXT4_NOTAIL_FL, EXT4_DIRSYNC_FL, EXT4_TOPDIR_FL, EXT4_EXTENTS_FL
 
-# Don't enable shutdown, EXT4_IOC_SHUTDOWN on root fs effectively brings the machine down in weird ways.
-_ = EXT4_IOC_SHUTDOWN
+# See comments in init.go.
+_ = EXT4_IOC_SHUTDOWN, EXT4_IOC_RESIZE_FS
 
 ext4_new_group_input {
 	group		int32
diff --git a/sys/linux/gen/386.go b/sys/linux/gen/386.go
index c7419ad6b..69dbccab4 100644
--- a/sys/linux/gen/386.go
+++ b/sys/linux/gen/386.go
@@ -29882,11 +29882,6 @@ var syscalls_386 = []*Syscall{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 4}}, Val: 26130},
 	}},
-	{NR: 54, Name: "ioctl$EXT4_IOC_RESIZE_FS", CallName: "ioctl", Args: []Type{
-		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
-		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 4}}, Val: 1074292240},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "arg", TypeSize: 4}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int64", TypeSize: 8}}}},
-	}},
 	{NR: 54, Name: "ioctl$EXT4_IOC_SETFLAGS", CallName: "ioctl", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 4}}, Val: 1074030082},
@@ -47510,4 +47505,4 @@ var consts_386 = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_386 = "e55c1d4469260750efc083609d848c4225c9a24b"
+const revision_386 = "0b986c85b5edbab89b58e44657e1e9a73e2db747"
diff --git a/sys/linux/gen/amd64.go b/sys/linux/gen/amd64.go
index 060b56dff..ea9d8ecb0 100644
--- a/sys/linux/gen/amd64.go
+++ b/sys/linux/gen/amd64.go
@@ -30369,11 +30369,6 @@ var syscalls_amd64 = []*Syscall{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 8}}, Val: 26130},
 	}},
-	{NR: 16, Name: "ioctl$EXT4_IOC_RESIZE_FS", CallName: "ioctl", Args: []Type{
-		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
-		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 8}}, Val: 1074292240},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "arg", TypeSize: 8}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int64", TypeSize: 8}}}},
-	}},
 	{NR: 16, Name: "ioctl$EXT4_IOC_SETFLAGS", CallName: "ioctl", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 8}}, Val: 1074292226},
@@ -48037,4 +48032,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_amd64 = "9d166e83d2dbb367024f73a14ca95d0030d8dc82"
+const revision_amd64 = "0391b21ce7b59de5fdf2d83c1efe587f2c5458b7"
diff --git a/sys/linux/gen/arm.go b/sys/linux/gen/arm.go
index e8b2e92a9..f8b995fdf 100644
--- a/sys/linux/gen/arm.go
+++ b/sys/linux/gen/arm.go
@@ -29691,11 +29691,6 @@ var syscalls_arm = []*Syscall{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 4}}, Val: 26130},
 	}},
-	{NR: 54, Name: "ioctl$EXT4_IOC_RESIZE_FS", CallName: "ioctl", Args: []Type{
-		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
-		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 4}}, Val: 1074292240},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "arg", TypeSize: 4}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int64", TypeSize: 8}}}},
-	}},
 	{NR: 54, Name: "ioctl$EXT4_IOC_SETFLAGS", CallName: "ioctl", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 4}}, Val: 1074030082},
@@ -47087,4 +47082,4 @@ var consts_arm = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_arm = "af32e4c48e665c44f07929273c6f263d9ae7fc71"
+const revision_arm = "5551f204a00e09d3f78b5386baecb906605e24b7"
diff --git a/sys/linux/gen/arm64.go b/sys/linux/gen/arm64.go
index 6de2a35d4..0c807f393 100644
--- a/sys/linux/gen/arm64.go
+++ b/sys/linux/gen/arm64.go
@@ -30081,11 +30081,6 @@ var syscalls_arm64 = []*Syscall{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 8}}, Val: 26130},
 	}},
-	{NR: 29, Name: "ioctl$EXT4_IOC_RESIZE_FS", CallName: "ioctl", Args: []Type{
-		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
-		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 8}}, Val: 1074292240},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "arg", TypeSize: 8}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int64", TypeSize: 8}}}},
-	}},
 	{NR: 29, Name: "ioctl$EXT4_IOC_SETFLAGS", CallName: "ioctl", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 8}}, Val: 1074292226},
@@ -47387,4 +47382,4 @@ var consts_arm64 = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_arm64 = "65b47e2d00b30604ca983eeb49727ae7c7c4196b"
+const revision_arm64 = "07762f923b682a64b4f4773195a4fb9789fc4f99"
diff --git a/sys/linux/gen/ppc64le.go b/sys/linux/gen/ppc64le.go
index a46bd66a7..491df766f 100644
--- a/sys/linux/gen/ppc64le.go
+++ b/sys/linux/gen/ppc64le.go
@@ -29205,11 +29205,6 @@ var syscalls_ppc64le = []*Syscall{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 8}}, Val: 536897042},
 	}},
-	{NR: 54, Name: "ioctl$EXT4_IOC_RESIZE_FS", CallName: "ioctl", Args: []Type{
-		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
-		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 8}}, Val: 2148034064},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "arg", TypeSize: 8}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int64", TypeSize: 8}}}},
-	}},
 	{NR: 54, Name: "ioctl$EXT4_IOC_SETFLAGS", CallName: "ioctl", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "fd", TypeSize: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "cmd", TypeSize: 8}}, Val: 2148034050},
@@ -45025,4 +45020,4 @@ var consts_ppc64le = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }
 
-const revision_ppc64le = "0f3d834d62ad737fc1d8bec9eb141fe2bd715a25"
+const revision_ppc64le = "3bda989d8136fcb59fa73f0a90f6964dfbaa4297"
diff --git a/sys/linux/init.go b/sys/linux/init.go
index a76fd78fb..e7fe9d78a 100644
--- a/sys/linux/init.go
+++ b/sys/linux/init.go
@@ -24,6 +24,7 @@ func InitTarget(target *prog.Target) {
 		SNAPSHOT_FREEZE:           target.GetConst("SNAPSHOT_FREEZE"),
 		SNAPSHOT_UNFREEZE:         target.GetConst("SNAPSHOT_UNFREEZE"),
 		EXT4_IOC_SHUTDOWN:         target.GetConst("EXT4_IOC_SHUTDOWN"),
+		EXT4_IOC_RESIZE_FS:        target.GetConst("EXT4_IOC_RESIZE_FS"),
 		EXT4_IOC_MIGRATE:          target.GetConst("EXT4_IOC_MIGRATE"),
 		FAN_OPEN_PERM:             target.GetConst("FAN_OPEN_PERM"),
 		FAN_ACCESS_PERM:           target.GetConst("FAN_ACCESS_PERM"),
@@ -114,6 +115,7 @@ type arch struct {
 	SNAPSHOT_FREEZE           uint64
 	SNAPSHOT_UNFREEZE         uint64
 	EXT4_IOC_SHUTDOWN         uint64
+	EXT4_IOC_RESIZE_FS        uint64
 	EXT4_IOC_MIGRATE          uint64
 	FAN_OPEN_PERM             uint64
 	FAN_ACCESS_PERM           uint64
@@ -165,6 +167,13 @@ func (arch *arch) sanitizeCall(c *prog.Call) {
 		if uint64(uint32(cmd.Val)) == arch.EXT4_IOC_SHUTDOWN {
 			cmd.Val = arch.EXT4_IOC_MIGRATE
 		}
+		// EXT4_IOC_RESIZE_FS on root fs can shrink it to 0 (or whatever is the minimum size)
+		// and then creation of new temp dirs for tests will fail.
+		// TODO: not necessary for sandbox=namespace as it tests in a tmpfs
+		// and/or if we mount tmpfs for sandbox=none (#971).
+		if uint64(uint32(cmd.Val)) == arch.EXT4_IOC_RESIZE_FS {
+			cmd.Val = arch.EXT4_IOC_MIGRATE
+		}
 	case "fanotify_mark":
 		// FAN_*_PERM require the program to reply to open requests.
 		// If that does not happen, the program will hang in an unkillable state forever.
-- 
cgit mrf-deployment