Skip to content
Permalink
Browse files

sys/linux, executor: run make extract and generate

  • Loading branch information...
xairy committed Jun 26, 2019
1 parent 13c3a99 commit cccc4302d7da39e2fc41f9275442c267935632b7
@@ -70,7 +70,7 @@

#if GOARCH_386
#define GOARCH "386"
#define SYZ_REVISION "15a9e1059c0119f9921a6dd0aa0410377868fcec"
#define SYZ_REVISION "519a941704236f17152699ef7577ed9251da786f"
#define SYZ_EXECUTOR_USES_FORK_SERVER 1
#define SYZ_EXECUTOR_USES_SHMEM 1
#define SYZ_PAGE_SIZE 4096
@@ -80,7 +80,7 @@

#if GOARCH_amd64
#define GOARCH "amd64"
#define SYZ_REVISION "748fe551f032fd1a4600c5de812e5a3ee2f12fe5"
#define SYZ_REVISION "dc711d6c1782cacc83730da773968ee6bfa6e1c9"
#define SYZ_EXECUTOR_USES_FORK_SERVER 1
#define SYZ_EXECUTOR_USES_SHMEM 1
#define SYZ_PAGE_SIZE 4096
@@ -90,7 +90,7 @@

#if GOARCH_arm
#define GOARCH "arm"
#define SYZ_REVISION "638001e76f27907626bfdd07109518a61f517c40"
#define SYZ_REVISION "6ba869e0323201b00a9f14cbf24407b0cfcfeb51"
#define SYZ_EXECUTOR_USES_FORK_SERVER 1
#define SYZ_EXECUTOR_USES_SHMEM 1
#define SYZ_PAGE_SIZE 4096
@@ -100,7 +100,7 @@

#if GOARCH_arm64
#define GOARCH "arm64"
#define SYZ_REVISION "07809266460e405a130f3ffa31d560bc87fea20f"
#define SYZ_REVISION "b21a45c75aa1ed547ed3f71caf5a0aec678d0666"
#define SYZ_EXECUTOR_USES_FORK_SERVER 1
#define SYZ_EXECUTOR_USES_SHMEM 1
#define SYZ_PAGE_SIZE 4096
@@ -110,7 +110,7 @@

#if GOARCH_ppc64le
#define GOARCH "ppc64le"
#define SYZ_REVISION "da187a5c325188bfc6a1c7bd0381c52ce50415c1"
#define SYZ_REVISION "b162f5cf7ce409d50e412b61883fbe10a40d934b"
#define SYZ_EXECUTOR_USES_FORK_SERVER 1
#define SYZ_EXECUTOR_USES_SHMEM 1
#define SYZ_PAGE_SIZE 4096
@@ -4606,6 +4606,7 @@ const call_t syscalls[] = {
{"syz_usb_control_io", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_control_io$hid", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_disconnect", 0, (syscall_t)syz_usb_disconnect},
{"syz_usb_ep_read", 0, (syscall_t)syz_usb_ep_read},
{"syz_usb_ep_write", 0, (syscall_t)syz_usb_ep_write},
{"tee", 315},
{"tgkill", 270},
@@ -7344,6 +7345,7 @@ const call_t syscalls[] = {
{"syz_usb_control_io", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_control_io$hid", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_disconnect", 0, (syscall_t)syz_usb_disconnect},
{"syz_usb_ep_read", 0, (syscall_t)syz_usb_ep_read},
{"syz_usb_ep_write", 0, (syscall_t)syz_usb_ep_write},
{"tee", 276},
{"tgkill", 234},
@@ -10034,6 +10036,7 @@ const call_t syscalls[] = {
{"syz_usb_control_io", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_control_io$hid", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_disconnect", 0, (syscall_t)syz_usb_disconnect},
{"syz_usb_ep_read", 0, (syscall_t)syz_usb_ep_read},
{"syz_usb_ep_write", 0, (syscall_t)syz_usb_ep_write},
{"tee", 342},
{"tgkill", 268},
@@ -12698,6 +12701,7 @@ const call_t syscalls[] = {
{"syz_usb_control_io", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_control_io$hid", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_disconnect", 0, (syscall_t)syz_usb_disconnect},
{"syz_usb_ep_read", 0, (syscall_t)syz_usb_ep_read},
{"syz_usb_ep_write", 0, (syscall_t)syz_usb_ep_write},
{"tee", 77},
{"tgkill", 131},
{"syz_usb_control_io", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_control_io$hid", 0, (syscall_t)syz_usb_control_io},
{"syz_usb_disconnect", 0, (syscall_t)syz_usb_disconnect},
{"syz_usb_ep_read", 0, (syscall_t)syz_usb_ep_read},
{"syz_usb_ep_write", 0, (syscall_t)syz_usb_ep_write},
{"tee", 284},
{"tgkill", 250},
@@ -1765,19 +1765,21 @@ static bool parse_usb_descriptor(char* buffer, size_t length, struct usb_device_
size_t offset = 0;
while (true) {
if (offset == length)
if (offset + 1 >= length)
break;
if (offset + 1 < length)
uint8 desc_length = buffer[offset];
uint8 desc_type = buffer[offset + 1];
if (desc_length <= 2)
break;
uint8 length = buffer[offset];
uint8 type = buffer[offset + 1];
if (type == USB_DT_ENDPOINT) {
if (offset + desc_length > length)
break;
if (desc_type == USB_DT_ENDPOINT) {
index->eps[index->eps_num] = (struct usb_endpoint_descriptor*)(buffer + offset);
index->eps_num++;
}
if (index->eps_num == USB_MAX_EP_NUM)
break;
offset += length;
offset += desc_length;
}
return true;
@@ -1817,6 +1819,7 @@ struct usb_fuzzer_ep_io {
#define USB_FUZZER_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_fuzzer_ep_io)
#define USB_FUZZER_IOCTL_EP_ENABLE _IOW('U', 4, struct usb_endpoint_descriptor)
#define USB_FUZZER_IOCTL_EP_WRITE _IOW('U', 6, struct usb_fuzzer_ep_io)
#define USB_FUZZER_IOCTL_EP_READ _IOWR('U', 7, struct usb_fuzzer_ep_io)
#define USB_FUZZER_IOCTL_CONFIGURE _IO('U', 8)
#define USB_FUZZER_IOCTL_VBUS_DRAW _IOW('U', 9, uint32)
@@ -1854,6 +1857,11 @@ int usb_fuzzer_ep_write(int fd, struct usb_fuzzer_ep_io* io)
return ioctl(fd, USB_FUZZER_IOCTL_EP_WRITE, io);
}
int usb_fuzzer_ep_read(int fd, struct usb_fuzzer_ep_io* io)
{
return ioctl(fd, USB_FUZZER_IOCTL_EP_READ, io);
}
int usb_fuzzer_ep_enable(int fd, struct usb_endpoint_descriptor* desc)
{
return ioctl(fd, USB_FUZZER_IOCTL_EP_ENABLE, desc);
@@ -1961,8 +1969,10 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil
struct vusb_connect_descriptors* descs = (struct vusb_connect_descriptors*)a3;
debug("syz_usb_connect: dev: %p\n", dev);
if (!dev)
if (!dev) {
debug("syz_usb_connect: dev is null\n");
return -1;
}
debug("syz_usb_connect: device data:\n");
debug_dump_data(dev, dev_len);
@@ -1975,7 +1985,7 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil
debug("syz_usb_connect: parse_usb_descriptor failed with %d\n", rv);
return rv;
}
debug("syz_usb_connect: parsed usb descriptor\n");
debug("syz_usb_connect: parsed usb descriptor, %d endpoints found\n", index.eps_num);
int fd = usb_fuzzer_open();
if (fd < 0) {
@@ -2040,8 +2050,11 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil
unsigned ep;
for (ep = 0; ep < index.eps_num; ep++) {
rv = usb_fuzzer_ep_enable(fd, index.eps[ep]);
if (rv < 0)
fail("syz_usb_connect: ep enable failed");
if (rv < 0) {
debug("syz_usb_connect: usb_fuzzer_ep_enable failed with %d\n", rv);
} else {
debug("syz_usb_connect: endpoint %d enabled\n", ep);
}
}
}
@@ -2225,16 +2238,55 @@ static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volati
uint32 len = a2;
char* data = (char*)a3;
struct usb_fuzzer_ep_io_data response;
response.inner.ep = ep;
response.inner.flags = 0;
if (len > sizeof(response.data))
len = 0;
response.inner.length = len;
if (data)
memcpy(&response.data[0], data, len);
struct usb_fuzzer_ep_io_data io_data;
io_data.inner.ep = ep;
io_data.inner.flags = 0;
if (len > sizeof(io_data.data))
len = sizeof(io_data.data);
io_data.inner.length = len;
NONFAILING(memcpy(&io_data.data[0], data, len));
int rv = usb_fuzzer_ep_write(fd, (struct usb_fuzzer_ep_io*)&io_data);
if (rv < 0) {
debug("syz_usb_ep_write: usb_fuzzer_ep_write failed with %d\n", rv);
return rv;
}
sleep_ms(200);
return 0;
}
#endif
return usb_fuzzer_ep_write(fd, (struct usb_fuzzer_ep_io*)&response);
#if SYZ_EXECUTOR || __NR_syz_usb_ep_read
static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3)
{
int fd = a0;
uint16 ep = a1;
uint32 len = a2;
char* data = (char*)a3;
struct usb_fuzzer_ep_io_data io_data;
io_data.inner.ep = ep;
io_data.inner.flags = 0;
if (len > sizeof(io_data.data))
len = sizeof(io_data.data);
io_data.inner.length = len;
int rv = usb_fuzzer_ep_read(fd, (struct usb_fuzzer_ep_io*)&io_data);
if (rv < 0) {
debug("syz_usb_ep_read: usb_fuzzer_ep_read failed with %d\n", rv);
return rv;
}
NONFAILING(memcpy(&data[0], &io_data.data[0], io_data.inner.length));
debug("syz_usb_ep_read: received data:\n");
debug_dump_data(&io_data.data[0], io_data.inner.length);
sleep_ms(200);
return 0;
}
#endif
&StructType{Key: StructKey{Name: "usb_endpoint_descriptor_t[const[USB_ENDPOINT_HID_ADDRESS, int8], const[USB_ENDPOINT_HID_ATTRIBUTES, int8], array[usb_endpoint_extra_descriptor, 0:2]]"}, FldName: "inner"},
}}},
{Key: StructKey{Name: "usb_endpoint_descriptor_t[const[USB_ENDPOINT_HID_ADDRESS, int8], const[USB_ENDPOINT_HID_ATTRIBUTES, int8], array[usb_endpoint_extra_descriptor, 0:2]]"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "usb_endpoint_descriptor_t[const[USB_ENDPOINT_HID_ADDRESS, int8], const[USB_ENDPOINT_HID_ATTRIBUTES, int8], array[usb_endpoint_extra_descriptor, 0:2]]", IsVarlen: true}, Fields: []Type{
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bLength", TypeSize: 1}}, Val: 7},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bLength", TypeSize: 1}}, Val: 9},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bDescriptorType", TypeSize: 1}}, Val: 5},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bEndpointAddress", TypeSize: 1}}, Val: 129},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bmAttributes", TypeSize: 1}}, Val: 3},
&ArrayType{TypeCommon: TypeCommon{TypeName: "array", FldName: "extra", IsVarlen: true}, Type: &UnionType{Key: StructKey{Name: "usb_endpoint_extra_descriptor"}}, Kind: 1, RangeEnd: 2},
}}},
{Key: StructKey{Name: "usb_endpoint_descriptor_t[flags[usb_endpoint_addresses, int8], flags[usb_endpoint_attributes, int8], array[usb_endpoint_extra_descriptor, 0:2]]"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "usb_endpoint_descriptor_t[flags[usb_endpoint_addresses, int8], flags[usb_endpoint_attributes, int8], array[usb_endpoint_extra_descriptor, 0:2]]", IsVarlen: true}, Fields: []Type{
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bLength", TypeSize: 1}}, Val: 7},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bLength", TypeSize: 1}}, Val: 9},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bDescriptorType", TypeSize: 1}}, Val: 5},
&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "usb_endpoint_addresses", FldName: "bEndpointAddress", TypeSize: 1}}, Vals: []uint64{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 128}},
&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "usb_endpoint_attributes", FldName: "bmAttributes", TypeSize: 1}}, Vals: []uint64{0, 1, 2, 3, 0, 16, 0, 4, 8, 12, 0, 16, 16}},
{Name: "syz_usb_disconnect", CallName: "syz_usb_disconnect", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_usb", FldName: "fd", TypeSize: 4}},
}},
{Name: "syz_usb_ep_read", CallName: "syz_usb_ep_read", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_usb", FldName: "fd", TypeSize: 4}},
&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16", FldName: "ep", TypeSize: 2}}, Kind: 2, RangeEnd: 31},
&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 4}}, Path: []string{"data"}},
&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "data", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
}},
{Name: "syz_usb_ep_write", CallName: "syz_usb_ep_write", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_usb", FldName: "fd", TypeSize: 4}},
&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16", FldName: "ep", TypeSize: 2}}, Kind: 2, RangeEnd: 31},
{Name: "USB_DT_DEVICE_SIZE", Value: 18},
{Name: "USB_DT_ENCRYPTION_TYPE", Value: 14},
{Name: "USB_DT_ENDPOINT", Value: 5},
{Name: "USB_DT_ENDPOINT_SIZE", Value: 7},
{Name: "USB_DT_ENDPOINT_AUDIO_SIZE", Value: 9},
{Name: "USB_DT_HUB", Value: 41},
{Name: "USB_DT_INTERFACE", Value: 4},
{Name: "USB_DT_INTERFACE_ASSOCIATION", Value: 11},
{Name: "bpf_insn_load_imm_dw", Value: 24},
}

const revision_386 = "15a9e1059c0119f9921a6dd0aa0410377868fcec"
const revision_386 = "519a941704236f17152699ef7577ed9251da786f"
&StructType{Key: StructKey{Name: "usb_endpoint_descriptor_t[const[USB_ENDPOINT_HID_ADDRESS, int8], const[USB_ENDPOINT_HID_ATTRIBUTES, int8], array[usb_endpoint_extra_descriptor, 0:2]]"}, FldName: "inner"},
}}},
{Key: StructKey{Name: "usb_endpoint_descriptor_t[const[USB_ENDPOINT_HID_ADDRESS, int8], const[USB_ENDPOINT_HID_ATTRIBUTES, int8], array[usb_endpoint_extra_descriptor, 0:2]]"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "usb_endpoint_descriptor_t[const[USB_ENDPOINT_HID_ADDRESS, int8], const[USB_ENDPOINT_HID_ATTRIBUTES, int8], array[usb_endpoint_extra_descriptor, 0:2]]", IsVarlen: true}, Fields: []Type{
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bLength", TypeSize: 1}}, Val: 7},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bLength", TypeSize: 1}}, Val: 9},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bDescriptorType", TypeSize: 1}}, Val: 5},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bEndpointAddress", TypeSize: 1}}, Val: 129},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bmAttributes", TypeSize: 1}}, Val: 3},
&ArrayType{TypeCommon: TypeCommon{TypeName: "array", FldName: "extra", IsVarlen: true}, Type: &UnionType{Key: StructKey{Name: "usb_endpoint_extra_descriptor"}}, Kind: 1, RangeEnd: 2},
}}},
{Key: StructKey{Name: "usb_endpoint_descriptor_t[flags[usb_endpoint_addresses, int8], flags[usb_endpoint_attributes, int8], array[usb_endpoint_extra_descriptor, 0:2]]"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "usb_endpoint_descriptor_t[flags[usb_endpoint_addresses, int8], flags[usb_endpoint_attributes, int8], array[usb_endpoint_extra_descriptor, 0:2]]", IsVarlen: true}, Fields: []Type{
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bLength", TypeSize: 1}}, Val: 7},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bLength", TypeSize: 1}}, Val: 9},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "bDescriptorType", TypeSize: 1}}, Val: 5},
&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "usb_endpoint_addresses", FldName: "bEndpointAddress", TypeSize: 1}}, Vals: []uint64{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 128}},
&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "usb_endpoint_attributes", FldName: "bmAttributes", TypeSize: 1}}, Vals: []uint64{0, 1, 2, 3, 0, 16, 0, 4, 8, 12, 0, 16, 16}},
{Name: "syz_usb_disconnect", CallName: "syz_usb_disconnect", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_usb", FldName: "fd", TypeSize: 4}},
}},
{Name: "syz_usb_ep_read", CallName: "syz_usb_ep_read", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_usb", FldName: "fd", TypeSize: 4}},
&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16", FldName: "ep", TypeSize: 2}}, Kind: 2, RangeEnd: 31},
&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 8}}, Path: []string{"data"}},
&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "data", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
}},
{Name: "syz_usb_ep_write", CallName: "syz_usb_ep_write", Args: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "fd_usb", FldName: "fd", TypeSize: 4}},
&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16", FldName: "ep", TypeSize: 2}}, Kind: 2, RangeEnd: 31},
{Name: "USB_DT_DEVICE_SIZE", Value: 18},
{Name: "USB_DT_ENCRYPTION_TYPE", Value: 14},
{Name: "USB_DT_ENDPOINT", Value: 5},
{Name: "USB_DT_ENDPOINT_SIZE", Value: 7},
{Name: "USB_DT_ENDPOINT_AUDIO_SIZE", Value: 9},
{Name: "USB_DT_HUB", Value: 41},
{Name: "USB_DT_INTERFACE", Value: 4},
{Name: "USB_DT_INTERFACE_ASSOCIATION", Value: 11},
{Name: "bpf_insn_load_imm_dw", Value: 24},
}

const revision_amd64 = "748fe551f032fd1a4600c5de812e5a3ee2f12fe5"
const revision_amd64 = "dc711d6c1782cacc83730da773968ee6bfa6e1c9"

0 comments on commit cccc430

Please sign in to comment.
You can’t perform that action at this time.