diff --git a/pkg/csource/csource.go b/pkg/csource/csource.go index c8513286..75b5a5e0 100644 --- a/pkg/csource/csource.go +++ b/pkg/csource/csource.go @@ -239,7 +239,12 @@ func (ctx *context) emitCall(w *bytes.Buffer, call prog.ExecCall, ci int, haveCo } fmt.Fprintf(w, "0") } - fmt.Fprintf(w, ");\n") + fmt.Fprintf(w, ");") + comment := ctx.target.AnnotateCall(call) + if len(comment) != 0 { + fmt.Fprintf(w, " /* %s */", comment) + } + fmt.Fprintf(w, "\n") if trace { cast := "" if !native && !strings.HasPrefix(callName, "syz_") { diff --git a/prog/target.go b/prog/target.go index b64af002..da9b3255 100644 --- a/prog/target.go +++ b/prog/target.go @@ -31,6 +31,11 @@ type Target struct { // SanitizeCall neutralizes harmful calls. SanitizeCall func(c *Call) + // AnnotateCall annotates a syscall invocation in C reproducers. + // The returned string will be placed inside a comment except for the + // empty string which will omit the comment. + AnnotateCall func(c ExecCall) string + // SpecialTypes allows target to do custom generation/mutation for some struct's and union's. // Map key is struct/union name for which custom generation/mutation is required. // Map value is custom generation/mutation function that will be called @@ -106,6 +111,7 @@ func AllTargets() []*Target { func (target *Target) lazyInit() { target.SanitizeCall = func(c *Call) {} + target.AnnotateCall = func(c ExecCall) string { return "" } target.initTarget() target.initArch(target) target.ConstMap = nil // currently used only by initArch diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go index bce74fba..c42fe049 100644 --- a/sys/openbsd/init.go +++ b/sys/openbsd/init.go @@ -4,6 +4,8 @@ package openbsd import ( + "fmt" + "github.com/google/syzkaller/prog" "github.com/google/syzkaller/sys/targets" ) @@ -17,6 +19,7 @@ func InitTarget(target *prog.Target) { target.MakeMmap = targets.MakePosixMmap(target) target.SanitizeCall = arch.SanitizeCall + target.AnnotateCall = arch.annotateCall } type arch struct { @@ -107,3 +110,16 @@ func (arch *arch) SanitizeCall(c *prog.Call) { arch.unix.SanitizeCall(c) } } + +func (arch *arch) annotateCall(c prog.ExecCall) string { + devArg := 2 + switch c.Meta.Name { + case "mknodat": + devArg = 3 + fallthrough + case "mknod": + dev := c.Args[devArg].(prog.ExecArgConst).Value + return fmt.Sprintf("major = %v, minor = %v", devmajor(dev), devminor(dev)) + } + return "" +}