#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Bind a name to a socket.
// int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
SYSFUZZ(bind, SYS_bind, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer addr;
retcode = spawn_syscall_lwp(this, NULL, SYS_bind, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int sockfd
typelib_get_buffer(&addr, PAGE_SIZE), // struct sockaddr *addr
typelib_get_integer_range(0, PAGE_SIZE)); // socklen_t addrlen
typelib_clear_buffer(addr);
return retcode;
}
#include "iknowthis.h"
// Callback for typelib_add_resource().
static gboolean destroy_open_file(guintptr fd)
{
return syscall(__NR_close, fd) != -1;
}
// Timers that notify via file descriptors.
// int timerfd_create(int clockid, int flags);
SYSFUZZ(timerfd_create, __NR_timerfd_create, SYS_NONE, CLONE_DEFAULT, 0)
{
glong retcode;
glong fd;
retcode = spawn_syscall_lwp(this, &fd, __NR_timerfd_create, // int
typelib_get_integer_range(0, 6), // int clockid
typelib_get_integer_mask(O_CLOEXEC | O_NONBLOCK)); // int flags
if (retcode == ESUCCESS) {
if (g_random_int_range(0, 128)) {
close(fd);
} else {
typelib_add_resource(this, fd, RES_FILE, RF_NONE, destroy_open_file);
}
}
return retcode;
}
#include "iknowthis.h"
// Callback for typelib_add_resource().
static gboolean destroy_open_file(guintptr fd)
{
return syscall(__NR_close, fd) != -1;
}
// Create a pair of connected sockets.
// int socketpair(int domain, int type, int protocol, int sv[2]);
SYSFUZZ(socketpair, __NR_socketpair, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gint sv[2];
retcode = syscall_fast(__NR_socketpair, // int
typelib_get_integer_range(0, 32), // int domain
typelib_get_integer_range(0, 16), // int type
typelib_get_integer_selection(1, 0), // int protocol
sv); // int sv[2]
// Check for new socket.
if (retcode == ESUCCESS) {
typelib_add_resource(this, sv[0], RES_FILE, RF_NONE, destroy_open_file);
typelib_add_resource(this, sv[1], RES_FILE, RF_NONE, destroy_open_file);
}
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get and set options on sockets.
// int setsockopt(int sockfd, int level, int optname, const void *optval, socklen_t optlen);
SYSFUZZ(setsockopt, SYS_setsockopt, SYS_NONE, CLONE_DEFAULT, 1000)
{
gpointer optval;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, SYS_setsockopt, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int sockfd
typelib_get_integer_range(0, 64), // int level
typelib_get_integer(), // int optname
typelib_get_buffer(&optval, PAGE_SIZE), // const void *optval
typelib_get_integer_range(0, 64)); // socklen_t optlen
typelib_clear_buffer(optval);
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Read from a file descriptor.
// ssize_t read(int fd, void *buf, size_t count);
SYSFUZZ(read, SYS_read, SYS_NONE, CLONE_DEFAULT, 1000)
{
glong retcode;
gpointer buffer;
// Execute systemcall.
retcode = spawn_syscall_lwp(this, NULL, SYS_read, // ssize_t
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int fd
typelib_get_buffer(&buffer, PAGE_SIZE), // void *buf
typelib_get_integer_range(0, PAGE_SIZE)); // size_t count
// Clean up.
typelib_clear_buffer(buffer);
return retcode;
}
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <sched.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Create a POSIX.1b interval timer clock
// long sys_timer_create (clockid_t which_clock, struct sigevent *timer_event_spec, timer_t *created_timer_id);
SYSFUZZ(timer_create, __NR_timer_create, SYS_NONE, CLONE_DEFAULT, 0)
{
gpointer timer_event_spec;
gpointer created_timer_id;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_timer_create,
typelib_get_integer_range(0, 6), // clockid_t which_clock,
typelib_get_buffer(&timer_event_spec, PAGE_SIZE), // struct sigevent *timer_event_spec,
typelib_get_buffer(&created_timer_id, PAGE_SIZE)); // timer_t *created_timer_id
typelib_clear_buffer(timer_event_spec);
typelib_clear_buffer(created_timer_id);
return retcode;
}
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Request a key from the kernel’s key management facility
// key_serial_t request_key(const char *type, const char *description,
// const char *callout_info, key_serial_t keyring);
// XXX: i bet i need typelib support for those f*****g serials.
SYSFUZZ(request_key, __NR_request_key, SYS_NONE, CLONE_DEFAULT, 0)
{
gpointer type;
gpointer desc;
gpointer callout;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_request_key, // key_serial_t
typelib_get_buffer(&type, g_random_int_range(0, 1024)), // const char *type
typelib_get_buffer(&desc, g_random_int_range(0, 1024)), // const char *desc
typelib_get_buffer(&callout, g_random_int_range(0, PAGE_SIZE)), // const void *callout
g_random_boolean()
? + typelib_get_integer()
: - typelib_get_integer_range(0, 32)); // key_serial_t keyring
typelib_clear_buffer(type);
typelib_clear_buffer(desc);
typelib_clear_buffer(callout);
return retcode;
}
{
return syscall(__NR_io_destroy, ctx) == ESUCCESS
? true
: false;
}
// Create an asynchronous I/O context
// int io_setup (int maxevents, io_context_t *ctxp);
SYSFUZZ(io_setup, __NR_io_setup, SYS_NONE, CLONE_DEFAULT, 0)
{
glong retcode;
guintptr ctx;
// Ctx must be initialised to zero before call.
memset(&ctx, 0x00, sizeof ctx);
// Execute systemcall.
retcode = syscall_fast(__NR_io_setup, // int
typelib_get_integer_range(0, 0x10000), // int maxevents (aio_max_nr sysctl)
&ctx); // io_context_t *ctxp
// Record the new context if that worked.
if (retcode == ESUCCESS) {
// This can be negative, apparently.
// g_assert_cmpint(ctx, >, 0);
typelib_add_resource(this, ctx, RES_AIOCTX, RF_NONE, destroy_io_context);
}
return retcode;
}
#include <glib.h>
#include <errno.h>
#include <sys/resource.h>
#include <sys/syscall.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get/set resource limits.
// int setrlimit(int resource, const struct rlimit *rlim);
SYSFUZZ(setrlimit, SYS_setrlimit, SYS_NONE, CLONE_FORK, 0)
{
gpointer rlim;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, SYS_setrlimit, // int
typelib_get_integer_range(0, RLIM_NLIMITS), // int resource
typelib_get_buffer(&rlim, PAGE_SIZE)); // struct rlimit *rlim
typelib_clear_buffer(rlim);
return retcode;
}
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Reposition read/write file offset.
// int _llseek(unsigned int fd, unsigned long offset_high,
// unsigned long offset_low, loff_t *result,
// unsigned int whence);
SYSFUZZ(_llseek, __NR__llseek, SYS_NONE, CLONE_DEFAULT, 0)
{
gpointer result;
gint retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR__llseek, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int fd
typelib_get_integer(), // unsigned long offset_high
typelib_get_integer(), // unsigned long offset_low
typelib_get_buffer(&result, PAGE_SIZE), // loff_t *result
typelib_get_integer_range(0, 2)); // int whence
typelib_clear_buffer(result);
return retcode;
}
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <linux/reboot.h>
#include <errno.h>
#include <unistd.h>
#include <sched.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Read and/or clear kernel message ring buffer; set console_loglevel.
// int syslog(int type, char *bufp, int len);
SYSFUZZ(syslog, __NR_syslog, SYS_NONE, CLONE_DEFAULT, 0)
{
glong retcode;
gpointer bufp;
retcode = spawn_syscall_lwp(this, NULL, __NR_syslog, // int
typelib_get_integer_range(0, 10), // int type
typelib_get_buffer(&bufp, PAGE_SIZE), // char *bufp
typelib_get_integer_range(0, PAGE_SIZE)); // int len
typelib_clear_buffer(bufp);
return retcode;
}
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <glib.h>
#include <asm/unistd.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include "sysfuzz.h"
#include "typelib.h"
#include "iknowthis.h"
// Get directory entries.
// int getdents(unsigned int fd, struct linux_dirent *dirp,
// unsigned int count);
SYSFUZZ(getdents64, __NR_getdents64, SYS_NONE, CLONE_DEFAULT, 0)
{
gpointer dirp;
glong retcode;
retcode = spawn_syscall_lwp(this, NULL, __NR_getdents64, // int
typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int fd
typelib_get_buffer(&dirp, PAGE_SIZE), // struct linux_dirent *dirp
typelib_get_integer_range(0, PAGE_SIZE)); // unsigned int count
typelib_clear_buffer(dirp);
return retcode;
}
