From dad7ee745f0abc782ab120ba0cee9e6c1aec2d9c Mon Sep 17 00:00:00 2001 From: Anton Lindqvist Date: Thu, 13 Jun 2019 17:12:20 +0200 Subject: sys/openbsd: sanitize setrlimit(RLIMIT_STACK) syscalls Do not allow the stack to grow beyond the initial soft limit chosen by syz-executor. Otherwise, syz-executor will most likely not be able to perform any more heap allocations since they majoriy of memory is reserved for the stack. This is one of the root causes of the high amount of reported "lost connection to test machine". --- sys/openbsd/init.go | 36 +++++++++++++++++++++++++++--------- sys/openbsd/init_test.go | 5 +++++ 2 files changed, 32 insertions(+), 9 deletions(-) (limited to 'sys/openbsd') diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go index 8dabf3118..8d5e8b0dd 100644 --- a/sys/openbsd/init.go +++ b/sys/openbsd/init.go @@ -5,6 +5,7 @@ package openbsd import ( "fmt" + "math" "github.com/google/syzkaller/prog" "github.com/google/syzkaller/sys/targets" @@ -43,6 +44,8 @@ const ( // RLIMIT_DATA from openbsd:src/sys/sys/resource.h rlimitData = 2 + // RLIMIT_STACK from openbsd:src/sys/sys/resource.h + rlimitStack = 3 ) // openbsd:src/sys/sys/types.h @@ -110,23 +113,38 @@ func (arch *arch) SanitizeCall(c *prog.Call) { dev.Val = devNullDevT } case "setrlimit": - // OpenBSD performs a strict validation of the RLIMIT_DATA soft - // limit during memory allocation. Lowering the same limit could - // cause syz-executor to run out of memory quickly. Therefore - // make sure to not go lower than the default soft limit for the - // staff group. - if c.Args[0].(*prog.ConstArg).Val != rlimitData { + var rlimitMin uint64 + var rlimitMax uint64 = math.MaxUint64 + resource := c.Args[0].(*prog.ConstArg).Val + if resource == rlimitData { + // OpenBSD performs a strict validation of the + // RLIMIT_DATA soft limit during memory allocation. + // Lowering the same limit could cause syz-executor to + // run out of memory quickly. Therefore make sure to not + // go lower than the default soft limit for the staff + // group. + rlimitMin = 1536 * 1024 * 1024 + } else if resource == rlimitStack { + // Do not allow the stack to grow beyond the initial + // soft limit chosen by syz-executor. Otherwise, + // syz-executor will most likely not be able to perform + // any more heap allocations since they majority of + // memory is reserved for the stack. + rlimitMax = 1 * 1024 * 1024 + } else { break } - var rlimitDataMin uint64 = 1536 * 1024 * 1024 ptr := c.Args[1].(*prog.PointerArg) if ptr.Res != nil { args := ptr.Res.(*prog.GroupArg).Inner for _, arg := range args { switch v := arg.(type) { case *prog.ConstArg: - if v.Val < rlimitDataMin { - v.Val = rlimitDataMin + if v.Val < rlimitMin { + v.Val = rlimitMin + } + if v.Val > rlimitMax { + v.Val = rlimitMax } } } diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go index 157b46a86..6be30356e 100644 --- a/sys/openbsd/init_test.go +++ b/sys/openbsd/init_test.go @@ -51,6 +51,11 @@ func TestSanitizeMknodCall(t *testing.T) { `setrlimit(0x2, &(0x7f0000cc0ff0)={0x0, 0x80000000})`, `setrlimit(0x2, &(0x7f0000cc0ff0)={0x60000000, 0x80000000})`, }, + { + // RLIMIT_STACK + `setrlimit(0x3, &(0x7f0000cc0ff0)={0x1000000000, 0x1000000000})`, + `setrlimit(0x3, &(0x7f0000cc0ff0)={0x100000, 0x100000})`, + }, { // RLIMIT_CPU `setrlimit(0x0, &(0x7f0000cc0ff0)={0x1, 0x1})`, -- cgit mrf-deployment