| Message ID | 20190107211316.17578-1-tytso@mit.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [blktests] src/sg/syzkaller1.c: fix portability problem for syscall(__NR_mmap, ...) | expand |
On 1/7/19 1:13 PM, Theodore Ts'o wrote: > How mmap is mapped to a raw system call varies across different > archiecture. On some architectures (such as 32-bit ARM), __NR_mmap ^^^^^^^^^^^ architectures? > may not exist at all; glibc will use __NR_mmap2 to implement mmap(2). > Syzkaller is using mmap() as a non-portable version of malloc(3), so > it should be safe to use the glibc's mmap wrapper instead of trying to > directly call the system call. > > Signed-off-by: Theodore Ts'o <tytso@mit.edu> > --- > src/sg/syzkaller1.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/src/sg/syzkaller1.c b/src/sg/syzkaller1.c > index 743859a..e254d4a 100644 > --- a/src/sg/syzkaller1.c > +++ b/src/sg/syzkaller1.c > @@ -401,8 +401,10 @@ long r[15]; > void test() > { > memset(r, -1, sizeof(r)); > - r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0x5000ul, 0x3ul, > - 0x32ul, (uintptr_t)(-1ul), 0x0ul, 0, 0, 0); > +//r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0x5000ul, 0x3ul, > +// 0x32ul, (uintptr_t)(-1ul), 0x0ul, 0, 0, 0); > + r[0] = (long) mmap((void *) 0x20000000, (size_t) 0x5000, > + PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS, -1, 0); > NONFAILING(memcpy((void*)0x20000000, > dev_sg, strlen(dev_sg))); > r[2] = execute_syscall(__NR_syz_open_dev, 0x20000000ul, 0x0ul, 0x2ul, Anyway: Reviewed-by: Bart Van Assche <bvanassche@acm.org>
diff --git a/src/sg/syzkaller1.c b/src/sg/syzkaller1.c index 743859a..e254d4a 100644 --- a/src/sg/syzkaller1.c +++ b/src/sg/syzkaller1.c @@ -401,8 +401,10 @@ long r[15]; void test() { memset(r, -1, sizeof(r)); - r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0x5000ul, 0x3ul, - 0x32ul, (uintptr_t)(-1ul), 0x0ul, 0, 0, 0); +//r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0x5000ul, 0x3ul, +// 0x32ul, (uintptr_t)(-1ul), 0x0ul, 0, 0, 0); + r[0] = (long) mmap((void *) 0x20000000, (size_t) 0x5000, + PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS, -1, 0); NONFAILING(memcpy((void*)0x20000000, dev_sg, strlen(dev_sg))); r[2] = execute_syscall(__NR_syz_open_dev, 0x20000000ul, 0x0ul, 0x2ul,
How mmap is mapped to a raw system call varies across different archiecture. On some architectures (such as 32-bit ARM), __NR_mmap may not exist at all; glibc will use __NR_mmap2 to implement mmap(2). Syzkaller is using mmap() as a non-portable version of malloc(3), so it should be safe to use the glibc's mmap wrapper instead of trying to directly call the system call. Signed-off-by: Theodore Ts'o <tytso@mit.edu> --- src/sg/syzkaller1.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)