restructure results

1 files changed, 38 insertions, 0 deletions

diff --git a/results/classifier/zero-shot-user-mode/instruction/927 b/results/classifier/zero-shot-user-mode/instruction/927
new file mode 100644
index 00000000..21b82ff9
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/instruction/927
@@ -0,0 +1,38 @@
+instruction: 0.498
+syscall: 0.358
+runtime: 0.144
+
+
+
+linux-user: openat on /proc/self/exe can return a closed file descriptor
+Description of problem:
+`open("/proc/self/exe", ...)` returns a closed file descriptor if qemu-user was executed as an interpreter, passing a file descriptor in the `AT_EXECFD` auxval.
+
+When the `AT_EXECFD` auxval is nonzero the user program is loaded through `load_elf_binary()` (in `linux-user/elfload.c`) which ultimately calls `load_elf_image()` with that same file descriptor, and `load_elf_image()` closes the file descriptor before returning. 
+
+`do_openat` in `linux-user/syscall.c` will return that file descriptor to the user if the opened path satisfies `is_proc_myself(pathname, "exe")`, which is obviously wrong both in that the file descriptor is closed as part of the initialization process of qemu itself, and that the user program would then close that file descriptor and thus the next invocation of `open` would have the same problem.
+Steps to reproduce:
+This program prints `3 3` in a x86_64 docker container on my machine (arm64 macos, which docker desktop handles by running containers in a native linux VM under qemu-user).
+
+```c
+#include <fcntl.h>
+#include <stdio.h>
+
+int main(int argc, char **argv) {
+    int selfexe = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
+    if (selfexe < 0) {
+        perror("open self");
+        return 1;
+    }
+
+    int devnull = open("/dev/null", O_WRONLY | O_CLOEXEC);
+    if (devnull < 0) {
+        perror("open devnull");
+        return 1;
+    }
+
+    printf("%d %d\n", selfexe, devnull);
+}
+```
+Additional information:
+Thanks to @pm215 for helping me pinpoint the exact issue I was encountering.