#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <sched.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Create a POSIX.1b interval timer clock
// long sys_timer_create (clockid_t which_clock, struct sigevent *timer_event_spec, timer_t *created_timer_id);
SYSFUZZ(timer_create, __NR_timer_create, SYS_NONE, CLONE_DEFAULT, 0)
{
gpointer timer_event_spec;
gpointer created_timer_id;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_timer_create,
typelib_get_integer_range(0, 6), // clockid_t which_clock,
typelib_get_buffer(&timer_event_spec, PAGE_SIZE), // struct sigevent *timer_event_spec,
typelib_get_buffer(&created_timer_id, PAGE_SIZE)); // timer_t *created_timer_id
typelib_clear_buffer(timer_event_spec);
typelib_clear_buffer(created_timer_id);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Bind a name to a socket.
// int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
SYSFUZZ(bind, SYS_bind, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer addr;
retcode = spawn_syscall_lwp(this, NULL, SYS_bind, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int sockfd
typelib_get_buffer(&addr, PAGE_SIZE), // struct sockaddr *addr
typelib_get_integer_range(0, PAGE_SIZE)); // socklen_t addrlen
typelib_clear_buffer(addr);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Delete a directory.
// int rmdir(const char *path);
SYSFUZZ(rmdir, SYS_rmdir, SYS_NONE, CLONE_DEFAULT, 0)
{
gchar *pathname;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, SYS_rmdir, // int
typelib_get_pathname(&pathname)); // const char *pathname
g_free(pathname);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Receive a message from a socket.
// ssize_t recvfrom(int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen);
SYSFUZZ(recvfrom, SYS_recvfrom, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer buf;
gpointer dest_addr;
retcode = spawn_syscall_lwp(this, NULL, SYS_recvfrom, // ssize_t
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int sockfd
typelib_get_buffer(&buf, PAGE_SIZE), // void *buf
typelib_get_integer_range(0, PAGE_SIZE), // size_t len
typelib_get_integer(), // int flags
typelib_get_buffer(&dest_addr, PAGE_SIZE), // const struct sockaddr *src_addr
typelib_get_integer_range(0, PAGE_SIZE)); // socklen_t addrlen
typelib_clear_buffer(buf);
typelib_clear_buffer(dest_addr);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get or set value of an interval timer.
// int getitimer(int which, struct itimerval *curr_value);
SYSFUZZ(getitimer, SYS_getitimer, SYS_NONE, CLONE_FORK, 0)
{
gpointer c;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, SYS_getitimer, // int
typelib_get_integer_selection(3,
ITIMER_REAL,
ITIMER_VIRTUAL,
ITIMER_PROF), // int which
typelib_get_buffer(&c, sizeof(struct itimerval))); // struct itimerval *curr_value
typelib_clear_buffer(c);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Read from a file descriptor.
// ssize_t read(int fd, void *buf, size_t count);
SYSFUZZ(read, SYS_read, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer buffer;
// Execute systemcall.
retcode = spawn_syscall_lwp(this, NULL, SYS_read, // ssize_t
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int fd
typelib_get_buffer(&buffer, PAGE_SIZE), // void *buf
typelib_get_integer_range(0, PAGE_SIZE)); // size_t count
// Clean up.
typelib_clear_buffer(buffer);
return retcode;
}
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <sched.h>
#include <linux/net.h>
#include <string.h>
#include <sys/socket.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Shut down part of a full-duplex connection.
// int shutdown(int sockfd, int how);
SYSFUZZ(shutdown, __NR_shutdown, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_shutdown, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int sockfd
typelib_get_integer_selection(3, SHUT_RD, // int how
SHUT_WR,
SHUT_RDWR));
return retcode;
}
#include <signal.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Synchronously wait for queued signals specified in uthese.
// long sys_rt_sigtimedwait (const sigset_t *uthese, siginfo_t *uinfo,
// const struct struct timespec *uts,
// size_t sigsetsize);
// long long struct struct... :-)
SYSFUZZ(rt_sigtimedwait, __NR_rt_sigtimedwait, SYS_NONE, CLONE_DEFAULT, 1000)
{
gpointer uthese;
gpointer uinfo;
gpointer uts;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_rt_sigtimedwait, // int
typelib_get_buffer(&uthese, sizeof(sigset_t)), // sigset_t *uthese
typelib_get_buffer(&uinfo, sizeof(sigset_t)), // sigset_t *uinfo
typelib_get_buffer(&uts, sizeof(struct timespec)), // const struct struct timespec *uts
typelib_get_integer_selection(1, sizeof(guint64))); // size_t sigsetsize
typelib_clear_buffer(uthese);
typelib_clear_buffer(uinfo);
typelib_clear_buffer(uts);
return retcode;
}
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Request a key from the kernel’s key management facility
// key_serial_t request_key(const char *type, const char *description,
// const char *callout_info, key_serial_t keyring);
// XXX: i bet i need typelib support for those f*****g serials.
SYSFUZZ(request_key, __NR_request_key, SYS_NONE, CLONE_DEFAULT, 0)
{
gpointer type;
gpointer desc;
gpointer callout;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_request_key, // key_serial_t
typelib_get_buffer(&type, g_random_int_range(0, 1024)), // const char *type
typelib_get_buffer(&desc, g_random_int_range(0, 1024)), // const char *desc
typelib_get_buffer(&callout, g_random_int_range(0, PAGE_SIZE)), // const void *callout
g_random_boolean()
? + typelib_get_integer()
: - typelib_get_integer_range(0, 32)); // key_serial_t keyring
typelib_clear_buffer(type);
typelib_clear_buffer(desc);
typelib_clear_buffer(callout);
return retcode;
}
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Change the root file system
// int pivot_root(const char *new_root, const char *put_old);
SYSFUZZ(pivot_root, __NR_pivot_root, SYS_FAIL | SYS_BORING, CLONE_DEFAULT, 0)
{
gchar *new_root;
gchar *put_old;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_pivot_root, // int
typelib_get_pathname(&new_root), // const char *new_root
typelib_get_pathname(&put_old)); // const char *put_old
g_free(new_root);
g_free(put_old);
return retcode;
}
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get file status.
SYSFUZZ(oldlstat, __NR_oldlstat, SYS_NONE, CLONE_DEFAULT, 0)
{
gchar *pathname;
gpointer buf;
gint retcode;
// Execute systemcall.
retcode = spawn_syscall_lwp(this, NULL, __NR_oldlstat, // int
typelib_get_pathname(&pathname), // const char *path
typelib_get_buffer(&buf, g_random_int_range(0, 1024))); // struct stat *buf
g_free(pathname);
typelib_clear_buffer(buf);
return retcode;
}
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <sched.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Wait for a signal.
SYSFUZZ(sigsuspend, __NR_sigsuspend, SYS_NONE, CLONE_DEFAULT, 100)
{
gpointer mask;
gint retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_sigsuspend, // int
typelib_get_buffer(&mask, g_random_int_range(0, 32))); // const sigset_t *mask
typelib_clear_buffer(mask);
return retcode;
}
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <stdbool.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get a Thread Local Storage (TLS) area
// int get_thread_area(struct user_desc *u_info);
SYSFUZZ(get_thread_area, __NR_get_thread_area, SYS_NONE, CLONE_FORK, 0)
{
gpointer u_info;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_get_thread_area, // int
typelib_get_buffer(&u_info, PAGE_SIZE)); // struct user_desc *u_info
typelib_clear_buffer(u_info);
return retcode;
}
#include <unistd.h>
#include <fcntl.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Wait for some event on a file descriptor.
// int ppoll(struct pollfd *fds, nfds_t nfds, const struct timespec *timeout, const sigset_t *sigmask);
SYSFUZZ(ppoll, __NR_ppoll, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer fds;
gpointer timeout;
gpointer sigmask;
// Execute systemcall.
retcode = spawn_syscall_lwp(this, NULL, __NR_ppoll, // int
typelib_get_buffer(&fds, g_random_int_range(0, PAGE_SIZE)), // struct pollfd *fds
typelib_get_integer(), // nfds_t nfds
typelib_get_buffer(&timeout, g_random_int_range(0, PAGE_SIZE)),
typelib_get_buffer(&sigmask, g_random_int_range(0, PAGE_SIZE)));
// Clean up.
typelib_clear_buffer(fds);
typelib_clear_buffer(timeout);
typelib_clear_buffer(sigmask);
return retcode;
}
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Read from or write to a file descriptor at a given offset.
// ssize_t pwrite(int fd, const void *buf, size_t count, off_t offset);
SYSFUZZ(pwrite64, __NR_pwrite64, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer buffer;
// Execute systemcall.
retcode = spawn_syscall_lwp(this, NULL, __NR_pwrite64, // ssize_t
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int fd
typelib_get_buffer(&buffer, PAGE_SIZE), // void *buf
typelib_get_integer_range(0, PAGE_SIZE), // size_t count
typelib_get_integer()); // off_t offset
// Clean up.
typelib_clear_buffer(buffer);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get and set options on sockets.
// int setsockopt(int sockfd, int level, int optname, const void *optval, socklen_t optlen);
SYSFUZZ(setsockopt, SYS_setsockopt, SYS_NONE, CLONE_DEFAULT, 1000)
{
gpointer optval;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, SYS_setsockopt, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int sockfd
typelib_get_integer_range(0, 64), // int level
typelib_get_integer(), // int optname
typelib_get_buffer(&optval, PAGE_SIZE), // const void *optval
typelib_get_integer_range(0, 64)); // socklen_t optlen
typelib_clear_buffer(optval);
return retcode;
}
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Control interface for an epoll descriptor
// int epoll_ctl(int epfd, int op, int fd, struct epoll_event *event)
SYSFUZZ(epoll_ctl, __NR_epoll_ctl, SYS_NONE, CLONE_DEFAULT, 0)
{
gpointer event;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_epoll_ctl, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int fd
typelib_get_integer(), // int op
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int fd
typelib_get_buffer(&event, PAGE_SIZE)); // struct epoll_event *event
typelib_clear_buffer(event);
return retcode;
}
// Callback for typelib_add_resource().
static gboolean destroy_open_file(guintptr fd)
{
return syscall(__NR_close, fd) != -1;
}
// Create a file descriptor for event notification.
// int eventfd(unsigned int initval, int flags);
SYSFUZZ(eventfd, __NR_eventfd, SYS_NONE, CLONE_DEFAULT, 0)
{
glong retcode;
glong fd;
retcode = spawn_syscall_lwp(this, &fd, __NR_eventfd, // int
typelib_get_integer(), // int initval
typelib_get_integer()); // int flags
if (retcode == ESUCCESS) {
// Stop eventfd() from spamming my file descriptor list.
if (g_random_int_range(0, 128)) {
close(fd);
} else {
typelib_add_resource(this, fd, RES_FILE, RF_NONE, destroy_open_file);
}
}
return retcode;
}
#include "iknowthis.h"
// Callback for typelib_add_resource().
static gboolean destroy_open_file(guintptr fd)
{
return syscall(__NR_close, fd) != -1;
}
// Timers that notify via file descriptors.
// int timerfd_create(int clockid, int flags);
SYSFUZZ(timerfd_create, __NR_timerfd_create, SYS_NONE, CLONE_DEFAULT, 0)
{
glong retcode;
glong fd;
retcode = spawn_syscall_lwp(this, &fd, __NR_timerfd_create, // int
typelib_get_integer_range(0, 6), // int clockid
typelib_get_integer_mask(O_CLOEXEC | O_NONBLOCK)); // int flags
if (retcode == ESUCCESS) {
if (g_random_int_range(0, 128)) {
close(fd);
} else {
typelib_add_resource(this, fd, RES_FILE, RF_NONE, destroy_open_file);
}
}
return retcode;
}
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <sys/mman.h>
#include <errno.h>
#include <unistd.h>
#include <sched.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Remove a message queue.
// mqd_t mq_unlink(const char *name);
SYSFUZZ(mq_unlink, __NR_mq_unlink, SYS_NONE, CLONE_DEFAULT, 0)
{
gchar *name;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_mq_unlink, // mqd_t
typelib_get_pathname(&name)); // const char *name
g_free(name);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get name of connected peer socket.
// TODO: make sockaddr types a resource?
// int getpeername(int sockfd, struct sockaddr *addr, socklen_t *addrlen);
SYSFUZZ(getpeername, SYS_getpeername, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer addr;
gpointer addrlen;
retcode = spawn_syscall_lwp(this, NULL, SYS_getpeername, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int sockfd
typelib_get_buffer(&addr, PAGE_SIZE), // struct sockaddr *addr
typelib_get_buffer(&addrlen, PAGE_SIZE)); // socklen_t *addrlen;
typelib_clear_buffer(addr);
typelib_clear_buffer(addrlen);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get/set list of supplementary group IDs.
// int setgroups(size_t size, const gid_t *list);
SYSFUZZ(setgroups, SYS_setgroups, SYS_FAIL, CLONE_DEFAULT, 0)
{
gpointer list;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, SYS_setgroups, // int
typelib_get_integer(), // int size
typelib_get_buffer(&list, PAGE_SIZE)); // gid_t list[]
typelib_clear_buffer(list);
return retcode;
}
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Change file timestamps with nanosecond precision.
// int utimensat(int dirfd, const char *pathname, const struct timespec times[2], int flags);
SYSFUZZ(utimensat, __NR_utimensat, SYS_NONE, CLONE_DEFAULT, 0)
{
gchar *filename;
gpointer times;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_utimensat, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int dirfd
typelib_get_pathname(&filename), // const char *filename
typelib_get_buffer(×, PAGE_SIZE), // const struct timespec times[2]
typelib_get_integer()); // int flags
typelib_clear_buffer(times);
g_free(filename);
return retcode;
}
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <linux/reboot.h>
#include <errno.h>
#include <unistd.h>
#include <sched.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Delete a loadable module entry.
// int delete_module(const char *name);
SYSFUZZ(delete_module, __NR_delete_module, SYS_FAIL | SYS_BORING, CLONE_DEFAULT, 0)
{
gpointer name;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_delete_module, // caddr_t
typelib_get_buffer(&name, PAGE_SIZE)); // const char *name
typelib_clear_buffer(name);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Check real user's permissions for a file.
SYSFUZZ(access, SYS_access, SYS_NONE, CLONE_DEFAULT, 1000)
{
gchar *pathname;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, SYS_access, // int
typelib_get_pathname(&pathname), // const char *pathname
typelib_get_integer()); // int mode
g_free(pathname);
return retcode;
}
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <stdbool.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get/set resource limits.
SYSFUZZ(ugetrlimit, __NR_ugetrlimit, SYS_NONE, CLONE_DEFAULT, 0)
{
gpointer rlim;
gint retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_ugetrlimit, // int
typelib_get_integer(), // int resource
typelib_get_buffer(&rlim, g_random_int_range(0, 8192))); // struct rlimit *rlim
typelib_clear_buffer(rlim);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Return the current timespec value of tp for the specified clock
// long sys_clock_gettime (clockid_t which_clock, struct timespec *tp);
SYSFUZZ(clock_gettime, SYS_clock_gettime, SYS_NONE, CLONE_DEFAULT, 0)
{
gpointer tp;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, SYS_clock_gettime, // long
typelib_get_integer(), // clockid_t which_clock,
typelib_get_buffer(&tp, sizeof(struct timespec))); // struct timespec *tp
typelib_clear_buffer(tp);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Receive a message from a socket.
// ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags);
SYSFUZZ(recvmsg, SYS_recvmsg, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer msg;
retcode = spawn_syscall_lwp(this, NULL, SYS_recvmsg, // ssize_t
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int sockfd
typelib_get_buffer(&msg, PAGE_SIZE), // const struct msghdr *msg
typelib_get_integer()); // int flags
typelib_clear_buffer(msg);
return retcode;
}
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
SYSFUZZ(pselect6, __NR_pselect6, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer readfds;
gpointer writefds;
gpointer exceptfds;
gpointer timeout;
gpointer sigmask;
retcode = spawn_syscall_lwp(this, NULL, __NR_pselect6, // int
typelib_get_integer(), // int nfds
typelib_get_buffer(&readfds, g_random_int_range(0, PAGE_SIZE)), // fd_set *readfds
typelib_get_buffer(&writefds, g_random_int_range(0, PAGE_SIZE)), // fd_set *writefds
typelib_get_buffer(&exceptfds, g_random_int_range(0, PAGE_SIZE)),// fd_set *exceptfds
typelib_get_buffer(&timeout, g_random_int_range(0, PAGE_SIZE)), // const struct timespec *timeout
typelib_get_buffer(&sigmask, g_random_int_range(0, PAGE_SIZE))); // const sigset_t *sigmask
typelib_clear_buffer(readfds);
typelib_clear_buffer(writefds);
typelib_clear_buffer(exceptfds);
typelib_clear_buffer(timeout);
typelib_clear_buffer(sigmask);
return retcode;
}
#endif
#ifndef FAN_ALL_INIT_FLAGS
# define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC | FAN_NONBLOCK | FAN_ALL_CLASS_BITS | FAN_UNLIMITED_QUEUE | FAN_UNLIMITED_MARKS)
#endif
// Callback for typelib_add_resource().
static gboolean destroy_open_file(guintptr fd)
{
return syscall(__NR_close, fd) != -1;
}
// Initialize an fanotify instance
// This is expected to fail, as it requires CAPS_SYS_ADMIN.
//
// int fanotify_init(unsigned int flags, unsigned int event_f_flags)
SYSFUZZ(fanotify_init, __NR_fanotify_init, SYS_FAIL, CLONE_DEFAULT, 0)
{
glong retcode;
glong fd;
retcode = spawn_syscall_lwp(this, &fd, __NR_fanotify_init, // int
typelib_get_integer_mask(FAN_ALL_INIT_FLAGS), // unsigned int flags
typelib_get_integer_mask(0xffffffff)); // unsigned int event_f_flags
if (retcode == ESUCCESS) {
typelib_add_resource(this, fd, RES_FILE, RF_NONE, destroy_open_file);
}
return retcode;
}