Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prog: introduce the readable struct attribute #3605

Open
a-nogikh opened this issue Jan 3, 2023 · 1 comment
Open

prog: introduce the readable struct attribute #3605

a-nogikh opened this issue Jan 3, 2023 · 1 comment
Labels
enhancement

Comments

@a-nogikh
Copy link
Collaborator

a-nogikh commented Jan 3, 2023

A more global issue: #1070

Context

An email from Ted:

Show 
C strings instead of hex digits? It will make the reproducer much
more human understandable, as well making it easier to edit the string
when the developer is trying to do a better job minimizing the test
case than syzbot. For example:

memcpy(
(void*)0x20000000,
"\x6e\x6f\x75\x73\x65\x72\x5f\x78\x61\x74\x74\x72\x2c\x61\x63\x6c\x2c\x64"
"\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73"
"\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30"
"\x30\x30\x38\x30\x2c\x6c\x61\x7a\x79\x74\x69\x6d\x65\x2c\x6e\x6f\x62\x68"
"\x2c\x71\x75\x6f\x74\x61\x2c\x00\x3d\x93\x09\x61\x36\x5d\x73\x58\x9c",
89);

Would be *much* more understable if it were:

memcpy(
(void*)0x20000000,
"nouser_xattr,acl,debug_want_extra_isize=0x0000000000000080,lazytime,nobh,quota,",
80);

In that particular case, it was apparently already squashed and therefore treated as a byte blob, but normally the printed operations are also far from being most concise. E.g.:

  memcpy((void*)0x20000040, "ext4\000", 5);
  memcpy((void*)0x20000000, "./bus\000", 6);
  memcpy((void*)0x200000c0, "usrjquota=", 10);
  *(uint8_t*)0x200000ca = 0x2c;
  memcpy((void*)0x200000cb, "abort", 5);
  *(uint8_t*)0x200000d0 = 0x2c;
  memcpy((void*)0x200000d1, "debug_want_extra_isize", 22);
  *(uint8_t*)0x200000e7 = 0x3d;
  sprintf((char*)0x200000e8, "0x%016llx", (long long)0x2c);
  *(uint8_t*)0x200000fa = 0x2c;
  memcpy((void*)0x200000fb, "test_dummy_encryption", 21);
  *(uint8_t*)0x20000110 = 0x2c;
  memcpy((void*)0x20000111, "nojournal_checksum", 18);
  *(uint8_t*)0x20000123 = 0x2c;
  memcpy((void*)0x20000124, "noauto_da_alloc", 15);
  *(uint8_t*)0x20000133 = 0x2c;
  *(uint8_t*)0x20000134 = 0;

Proposal

Currently we rely on isReadableDataType when we determine whether to print a value as a byte array or as a string:

syzkaller/prog/encoding.go

Lines 951 to 953 in 1dac8c7

func isReadableDataType(typ *BufferType) bool {
return typ.Kind == BufferString || typ.Kind == BufferFilename || typ.Kind == BufferGlob
}

Add a new readable struct/union attribute to let users indicate that, when generating a C reproducer, this particular attribute should be squashed and printed as a human-readable string. E.g.

type fs_options[ELEMS] {
	elems	array[fs_opt_elem[ELEMS]]
	common	array[fs_opt_elem[fs_options_common]]
	null	const[0, int8]
} [packed, readable]

Questions

Are there any other cases where it can be helpful?

A related (but not exactly the same) scenario are network packets, where it might be better to copy raw packets as a whole, rather than many small memcpy operations.
@dvyukov
Copy link
Collaborator

dvyukov commented Jan 10, 2023

There is plenty of such string-forming structs, lots can be found $ grep "'.'" sys/*/*.txt (+ some that were added before char literals).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dvyukov @a-nogikh