mirror of
https://github.com/reactos/syzkaller.git
synced 2024-11-23 03:19:51 +00:00
19b6584f71
At the moment syzkaller is able to respond to FUSE with a syntactically correct response using the specific write$FUSE_*() syscalls, but most of the times these responses are not related to the type of request that was received. With this pseudo-syscall we are able to provide the correct response type while still allowing the fuzzer to fuzz its content. This is done by requiring each type of response as an input parameter and then choosing the correct one based on the request opcode. Notice that the fuzzer is still free to mix write$FUSE_*() and syz_fuse_handle_req() syscalls, so it is not losing any degree of freedom. syz_fuse_handle_req() retrieves the FUSE request and resource fuse_unique internally (by performing a read() on the /dev/fuse file descriptor provided as input). For this reason, a new template argument has been added to fuse_out (renamed to _fuse_out) so that the unique field can be both an int64 (used by syz_fuse_handle_req()) and a fuse_unique resource (used by the write$FUSE_*() syscalls) without any code duplication. |
||
|---|---|---|
| .. | ||
| akaros | ||
| android | ||
| freebsd | ||
| fuchsia | ||
| linux | ||
| netbsd | ||
| openbsd | ||
| syz-extract | ||
| syz-sysgen | ||
| targets | ||
| test | ||
| trusty | ||
| windows | ||
| sys.go | ||