Linux-Block Archive on lore.kernel.org
 help / Atom feed
* [PATCH blktests v2] src/sg/syzkaller1.c: fix portability problem for syscall(__NR_mmap, ...)
@ 2019-01-09  3:11 Theodore Ts'o
  0 siblings, 0 replies; 1+ messages in thread
From: Theodore Ts'o @ 2019-01-09  3:11 UTC (permalink / raw)
  To: linux-block
  Cc: Bart Van Assche
	--in-reply-to=5423ce34-1d3c-2363-da4e-fe35b02c988b @ acm . org,
	Theodore Ts'o

How mmap is mapped to a raw system call varies across different
architectures.  On some architectures (such as 32-bit ARM), __NR_mmap
may not exist at all; glibc will use __NR_mmap2 to implement mmap(2).
Syzkaller is using mmap() as a non-portable version of malloc(3), so
it should be safe to use the glibc's mmap wrapper instead of trying to
directly call the system call.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
---
 src/sg/syzkaller1.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

[ I found this issue when trying to build blktests as part of the
  kvm-xfstests test appliance, which I currently do for the x86_64,
  i386, arm64, and armhf platforms.

  The PULL request I sent is this -v2 version, which has the spelling
  correction pointed out by Bart plus his Reviewed-by.

  I thought about rewriting the full Syzkaller test in idiomatic C
  instead of the cr*p assembly-language like mess that it generates,
  but that would risk changing the test case.  So for this change I
  opted to keep it as close as possible to the original
  machine-generated test.
]

diff --git a/src/sg/syzkaller1.c b/src/sg/syzkaller1.c
index 743859a..e254d4a 100644
--- a/src/sg/syzkaller1.c
+++ b/src/sg/syzkaller1.c
@@ -401,8 +401,10 @@ long r[15];
 void test()
 {
   memset(r, -1, sizeof(r));
-  r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0x5000ul, 0x3ul,
-                         0x32ul, (uintptr_t)(-1ul), 0x0ul, 0, 0, 0);
+//r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0x5000ul, 0x3ul,
+//                       0x32ul, (uintptr_t)(-1ul), 0x0ul, 0, 0, 0);
+  r[0] = (long) mmap((void *) 0x20000000, (size_t) 0x5000,
+                     PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS, -1, 0);
   NONFAILING(memcpy((void*)0x20000000,
                     dev_sg, strlen(dev_sg)));
   r[2] = execute_syscall(__NR_syz_open_dev, 0x20000000ul, 0x0ul, 0x2ul,
-- 
2.19.1


^ permalink raw reply	[flat|nested] 1+ messages in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-09  3:11 [PATCH blktests v2] src/sg/syzkaller1.c: fix portability problem for syscall(__NR_mmap, ...) Theodore Ts'o

Linux-Block Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-block/0 linux-block/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-block linux-block/ https://lore.kernel.org/linux-block \
		linux-block@vger.kernel.org linux-block@archiver.kernel.org
	public-inbox-index linux-block


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-block


AGPL code for this site: git clone https://public-inbox.org/ public-inbox