SYSFUZZ(mremap, __NR_mremap, SYS_NONE, CLONE_DEFAULT, 0)
{
glong retcode;
guintptr address;
gintptr newaddr;
gsize oldsize;
gsize newsize;
gint flags;
typelib_get_vma(this, &address, &oldsize);
newsize = g_random_boolean()
? (PAGE_SIZE * 1)
: (PAGE_SIZE * 2);
flags = typelib_get_integer_mask(MREMAP_FIXED | MREMAP_MAYMOVE);
// I don't currently handle MREMAP_FIXED.
flags &= ~MREMAP_FIXED;
retcode = syscall_fast_ret(&newaddr, __NR_mremap, // void *
address, // void *old_address
oldsize, // size_t old_size
newsize, // size_t new_size
flags, // int flags
typelib_get_integer()); // unsigned long new_addr
if (retcode == ESUCCESS) {
// FIXME: Do something like this.
// typelib_vma_moved(this, address, newaddr, newsize);
typelib_vma_stale(this, address);
#include "iknowthis.h"
// Callback for typelib_add_resource().
static gboolean destroy_open_file(guintptr fd)
{
return syscall(__NR_close, fd) != -1;
}
// Timers that notify via file descriptors.
// int timerfd_create(int clockid, int flags);
SYSFUZZ(timerfd_create, __NR_timerfd_create, SYS_NONE, CLONE_DEFAULT, 0)
{
glong retcode;
glong fd;
retcode = spawn_syscall_lwp(this, &fd, __NR_timerfd_create, // int
typelib_get_integer_range(0, 6), // int clockid
typelib_get_integer_mask(O_CLOEXEC | O_NONBLOCK)); // int flags
if (retcode == ESUCCESS) {
if (g_random_int_range(0, 128)) {
close(fd);
} else {
typelib_add_resource(this, fd, RES_FILE, RF_NONE, destroy_open_file);
}
}
return retcode;
}
// guint32 handle_bytes;
// int handle_type;
// unsigned char f_handle[0];
// };
// Convert name to handle.
// int name_to_handle(int dfd, const char *name, struct file_handle *handle, int *mnt_id, int flag);
SYSFUZZ(name_to_handle_at, __NR_name_to_handle_at, SYS_NONE, CLONE_DEFAULT, 1000)
{
gchar *pathname;
gpointer handle;
gpointer mntid;
glong retcode;
// Execute systemcall.
retcode = spawn_syscall_lwp(this, NULL, __NR_name_to_handle_at, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int dirfd
typelib_get_pathname(&pathname), // const char *name
typelib_get_buffer(&handle, PAGE_SIZE), // struct file_handle *handle
typelib_get_buffer(&mntid, PAGE_SIZE), // int *mnt_id
typelib_get_integer_mask(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)); // int flags
// Release string.
g_free(pathname);
typelib_clear_buffer(mntid);
typelib_clear_buffer(handle);
return retcode;
}
#endif
#ifndef FAN_ALL_INIT_FLAGS
# define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC | FAN_NONBLOCK | FAN_ALL_CLASS_BITS | FAN_UNLIMITED_QUEUE | FAN_UNLIMITED_MARKS)
#endif
// Callback for typelib_add_resource().
static gboolean destroy_open_file(guintptr fd)
{
return syscall(__NR_close, fd) != -1;
}
// Initialize an fanotify instance
// This is expected to fail, as it requires CAPS_SYS_ADMIN.
//
// int fanotify_init(unsigned int flags, unsigned int event_f_flags)
SYSFUZZ(fanotify_init, __NR_fanotify_init, SYS_FAIL, CLONE_DEFAULT, 0)
{
glong retcode;
glong fd;
retcode = spawn_syscall_lwp(this, &fd, __NR_fanotify_init, // int
typelib_get_integer_mask(FAN_ALL_INIT_FLAGS), // unsigned int flags
typelib_get_integer_mask(0xffffffff)); // unsigned int event_f_flags
if (retcode == ESUCCESS) {
typelib_add_resource(this, fd, RES_FILE, RF_NONE, destroy_open_file);
}
return retcode;
}
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Sync a file segment with disk.
// void sync_file_range(int fd, off64_t offset, off64_t nbytes,
// unsigned int flags);
// long sys32_sync_file_range(int fd, unsigned off_low, unsigned off_hi,
// unsigned n_low, unsigned n_hi, int flags);
SYSFUZZ(sync_file_range, __NR_sync_file_range, SYS_NONE, CLONE_DEFAULT, 0)
{
return spawn_syscall_lwp(this, NULL, __NR_sync_file_range, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int fd
typelib_get_integer(), // unsigned off_low
typelib_get_integer(), // unsigned off_high
typelib_get_integer(), // unsigned n_low
typelib_get_integer(), // unsigned n_high
typelib_get_integer_mask(SYNC_FILE_RANGE_WAIT_BEFORE
| SYNC_FILE_RANGE_WRITE
| SYNC_FILE_RANGE_WAIT_AFTER)); // int flags;
}
