void main_loop()
{
regenerate();
if (do_specific_syscall == 1)
regenerate_random_page();
while (1) {
fork_children();
handle_children();
/* Only check taint if it was zero on startup */
if (do_check_tainted == 0) {
if (check_tainted() != 0) {
output("kernel became tainted!\n");
exit(EXIT_FAILURE);
}
}
if (syscallcount && (shm->execcount >= syscallcount))
exit(EXIT_SUCCESS);
if (shm->execcount % 1000 == 0)
synclogs();
}
}
int lsmod_main(int argc, char **argv)
{
struct module_info info;
char *module_names, *mn, *deps, *dn;
size_t bufsize, depsize, nmod, count, i, j;
module_names = xmalloc(bufsize = 256);
if (my_query_module(NULL, QM_MODULES, (void **)&module_names, &bufsize,
&nmod)) {
bb_perror_msg_and_die("QM_MODULES");
}
deps = xmalloc(depsize = 256);
printf("Module Size Used by");
check_tainted();
for (i = 0, mn = module_names; i < nmod; mn += strlen(mn) + 1, i++) {
if (query_module(mn, QM_INFO, &info, sizeof(info), &count)) {
if (errno == ENOENT) {
/* The module was removed out from underneath us. */
continue;
}
/* else choke */
bb_perror_msg_and_die("module %s: QM_INFO", mn);
}
if (my_query_module(mn, QM_REFS, (void **)&deps, &depsize, &count)) {
if (errno == ENOENT) {
/* The module was removed out from underneath us. */
continue;
}
bb_perror_msg_and_die("module %s: QM_REFS", mn);
}
printf("%-20s%8lu%4ld", mn, info.size, info.usecount);
if (info.flags & NEW_MOD_DELETED)
printf(" (deleted)");
else if (info.flags & NEW_MOD_INITIALIZING)
printf(" (initializing)");
else if (!(info.flags & NEW_MOD_RUNNING))
printf(" (uninitialized)");
else {
if (info.flags & NEW_MOD_AUTOCLEAN)
printf(" (autoclean) ");
if (!(info.flags & NEW_MOD_USED_ONCE))
printf(" (unused)");
}
if (count) printf(" [");
for (j = 0, dn = deps; j < count; dn += strlen(dn) + 1, j++) {
printf("%s%s", dn, (j==count-1)? "":" ");
}
if (count) printf("]");
printf("\n");
}
#ifdef CONFIG_FEATURE_CLEAN_UP
free(module_names);
#endif
return( 0);
}
extern int lsmod_main(int argc, char **argv)
{
printf("Module Size Used by");
check_tainted();
if (bb_xprint_file_by_name("/proc/modules") < 0) {
return 0;
}
return 1;
}
int lsmod_main(int argc, char **argv)
{
printf("Module Size Used by");
check_tainted();
#if defined(CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT)
{
FILE *file;
char line[4096];
file = bb_xfopen("/proc/modules", "r");
while (fgets(line, sizeof(line), file)) {
char *tok;
tok = strtok(line, " \t");
printf("%-19s", tok);
tok = strtok(NULL, " \t\n");
printf(" %8s", tok);
tok = strtok(NULL, " \t\n");
/* Null if no module unloading support. */
if (tok) {
printf(" %s", tok);
tok = strtok(NULL, "\n");
if (!tok)
tok = "";
/* New-style has commas, or -. If so,
truncate (other fields might follow). */
else if (strchr(tok, ',')) {
tok = strtok(tok, "\t ");
/* Strip trailing comma. */
if (tok[strlen(tok)-1] == ',')
tok[strlen(tok)-1] = '\0';
} else if (tok[0] == '-'
&& (tok[1] == '\0' || isspace(tok[1])))
tok = "";
printf(" %s", tok);
}
printf("\n");
}
fclose(file);
}
return 0; /* Success */
#else
if (bb_xprint_file_by_name("/proc/modules") < 0) {
return 0;
}
#endif /* CONFIG_FEATURE_2_6_MODULES */
return 1;
}
int lsmod_main(int argc, char **argv)
{
FILE *file = xfopen("/proc/modules", "r");
printf("Module Size Used by");
check_tainted();
#if defined(CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT)
{
char *line;
while ((line = xmalloc_fgets(file)) != NULL) {
char *tok;
tok = strtok(line, " \t");
printf("%-19s", tok);
tok = strtok(NULL, " \t\n");
printf(" %8s", tok);
tok = strtok(NULL, " \t\n");
/* Null if no module unloading support. */
if (tok) {
printf(" %s", tok);
tok = strtok(NULL, "\n");
if (!tok)
tok = (char*)"";
/* New-style has commas, or -. If so,
truncate (other fields might follow). */
else if (strchr(tok, ',')) {
tok = strtok(tok, "\t ");
/* Strip trailing comma. */
if (tok[strlen(tok)-1] == ',')
tok[strlen(tok)-1] = '\0';
} else if (tok[0] == '-'
&& (tok[1] == '\0' || isspace(tok[1]))
) {
tok = (char*)"";
}
printf(" %s", tok);
}
puts("");
free(line);
}
fclose(file);
}
#else
xprint_and_close_file(file);
#endif /* CONFIG_FEATURE_2_6_MODULES */
return EXIT_SUCCESS;
}
extern int lsmod_main(int argc, char **argv)
{
int fd, i;
char line[128];
printf("Module Size Used by");
check_tainted();
fflush(stdout);
if ((fd = open("/proc/modules", O_RDONLY)) >= 0 ) {
while ((i = read(fd, line, sizeof(line))) > 0) {
write(fileno(stdout), line, i);
}
close(fd);
return 0;
}
perror_msg_and_die("/proc/modules");
return 1;
}
static void watchdog(void)
{
static const char watchdogname[17]="trinity-watchdog";
static unsigned long lastcount = 0;
bool watchdog_exit = FALSE;
while (shm->ready == FALSE) {
usleep(1);
if (shm->exit_reason != STILL_RUNNING)
return;
}
output(0, "Watchdog is alive. (pid:%d)\n", watchdog_pid);
prctl(PR_SET_NAME, (unsigned long) &watchdogname);
(void)signal(SIGSEGV, SIG_DFL);
while (watchdog_exit == FALSE) {
int ret = 0;
unsigned int i;
if (shm_is_corrupt() == TRUE)
goto corrupt;
if (check_main_alive() == FALSE)
goto main_dead;
reap_dead_kids();
check_all_locks();
if (syscalls_todo && (shm->stats.total_syscalls_done >= syscalls_todo)) {
output(0, "Reached limit %d. Telling children to exit.\n", syscalls_todo);
panic(EXIT_REACHED_COUNT);
}
for_each_child(i) {
struct childdata *child = shm->children[i];
struct syscallrecord *rec = &child->syscall;
check_child_progress(child);
if (rec->op_nr > hiscore)
hiscore = rec->op_nr;
}
if (shm->stats.total_syscalls_done > 1) {
if (shm->stats.total_syscalls_done - lastcount > 10000) {
output(0, "%ld iterations. [F:%ld S:%ld HI:%ld]\n",
shm->stats.total_syscalls_done,
shm->stats.failures, shm->stats.successes,
hiscore);
lastcount = shm->stats.total_syscalls_done;
}
}
/* Only check taint if the mask allows it */
if (kernel_taint_mask != 0) {
ret = check_tainted();
if (((ret & kernel_taint_mask) & (~kernel_taint_initial)) != 0)
tainted_postmortem(ret);
}
main_dead:
/* Are we done ? */
if (shm->exit_reason != STILL_RUNNING) {
/* Give children a chance to exit. */
sleep(1);
/* Are there still children running ? */
if (pidmap_empty() == TRUE)
watchdog_exit = TRUE;
else {
static unsigned int last = 0;
if (last != shm->running_childs) {
last = shm->running_childs;
output(0, "exit_reason=%d, but %d children still running.\n",
shm->exit_reason, shm->running_childs);
}
kill_all_kids();
}
}
sleep(1);
}
corrupt:
kill_all_kids();
}
int main(int argc, char* argv[])
{
int ret;
unsigned int i;
printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**> 2012\n");
#ifdef __x86_64__
syscalls = syscalls_x86_64;
max_nr_syscalls = NR_X86_64_SYSCALLS;
#elif __i386__
syscalls = syscalls_i386;
max_nr_syscalls = NR_I386_SYSCALLS;
#elif __powerpc__
syscalls = syscalls_ppc;
#elif __ia64__
syscalls = syscalls_ia64;
#elif __sparc__
syscalls = syscalls_sparc;
#else
syscalls = syscalls_i386;
#endif
progname = argv[0];
parse_args(argc, argv);
if (getuid() == 0) {
if (dangerous == 1) {
printf("DANGER: RUNNING AS ROOT.\n");
printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
printf("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
printf("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
printf("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (create_shm())
exit(EXIT_FAILURE);
if (logging != 0)
open_logfiles();
max_nr_syscalls = NR_SYSCALLS;
for (i = 0; i < max_nr_syscalls; i++)
syscalls[i].entry->number = i;
if (desired_group == GROUP_VM) {
struct syscalltable *newsyscalls;
int count = 0, j = 0;
for (i = 0; i < max_nr_syscalls; i++) {
if (syscalls[i].entry->group == GROUP_VM)
count++;
}
newsyscalls = malloc(count * sizeof(struct syscalltable));
if (newsyscalls == NULL)
exit(EXIT_FAILURE);
for (i = 0; i < max_nr_syscalls; i++) {
if (syscalls[i].entry->group == GROUP_VM)
newsyscalls[j++].entry = syscalls[i].entry;
}
max_nr_syscalls = count;
syscalls = newsyscalls;
}
if (!do_specific_syscall)
output("Fuzzing %d syscalls.\n", max_nr_syscalls);
if (do_specific_syscall == 1)
find_specific_syscall();
if (do_specific_proto == 1)
find_specific_proto();
if (show_syscall_list == 1) {
syscall_list();
exit(EXIT_SUCCESS);
}
page_size = getpagesize();
if (!seed)
seed_from_tod();
else
output("[%d] Random seed: %u (0x%x)\n", getpid(), seed, seed);
init_buffers();
mask_signals();
setup_fds();
if (check_tainted() != 0) {
output("Kernel was tainted on startup. Will keep running if trinity causes an oops.\n");
do_check_tainted = 1;
}
/* just in case we're not using the test.sh harness. */
chmod("tmp/", 0755);
ret = chdir("tmp/");
if (!ret) {
/* nothing right now */
}
main_loop();
printf("\nRan %ld syscalls (%ld retries). Successes: %ld Failures: %ld\n",
shm->execcount - 1, shm->retries, shm->successes, shm->failures);
shmdt(shm);
destroy_maps();
for (i = 0; i < socks; i++)
close(socket_fds[i]);
if (logging != 0)
close_logfiles();
exit(EXIT_SUCCESS);
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
int childstatus;
pid_t pid;
const char taskname[13]="trinity-main";
outputstd("Trinity " VERSION " Dave Jones <*****@*****.**>\n");
progname = argv[0];
initpid = getpid();
page_size = getpagesize();
num_online_cpus = sysconf(_SC_NPROCESSORS_ONLN);
max_children = num_online_cpus; /* possibly overridden in params. */
if (init_random() == FALSE)
exit(EXIT_FAILURE);
set_seed(0);
select_syscall_tables();
create_shm();
/* We do this before the parse_args because --fds will need to
* operate on it when implemented.
*/
setup_fd_providers();
parse_args(argc, argv);
init_uids();
change_tmp_dir();
init_logging();
init_shm();
kernel_taint_initial = check_tainted();
if (kernel_taint_initial != 0)
output(0, "Kernel was tainted on startup. Will ignore flags that are already set.\n");
if (munge_tables() == FALSE) {
ret = EXIT_FAILURE;
goto out;
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto out;
}
init_syscalls();
if (show_ioctl_list == TRUE) {
dump_ioctls();
goto out;
}
do_uid0_check();
if (do_specific_domain == TRUE)
find_specific_domain(specific_domain_optarg);
setup_initial_mappings();
parse_devices();
pids_init();
setup_main_signals();
/* check if we ctrl'c or something went wrong during init. */
if (shm->exit_reason != STILL_RUNNING)
goto cleanup_fds;
init_watchdog();
/* do an extra fork so that the watchdog and the children don't share a common parent */
fflush(stdout);
pid = fork();
if (pid == 0) {
shm->mainpid = getpid();
setup_main_signals();
no_bind_to_cpu = RAND_BOOL();
output(0, "Main thread is alive.\n");
prctl(PR_SET_NAME, (unsigned long) &taskname);
set_seed(0);
if (open_fds() == FALSE) {
if (shm->exit_reason != STILL_RUNNING)
panic(EXIT_FD_INIT_FAILURE); // FIXME: Later, push this down to multiple EXIT's.
exit_main_fail();
}
if (dropprivs == TRUE) //FIXME: Push down into child processes later.
drop_privs();
main_loop();
shm->mainpid = 0;
_exit(EXIT_SUCCESS);
}
/* wait for main loop process to exit. */
(void)waitpid(pid, &childstatus, 0);
/* wait for watchdog to exit. */
waitpid(watchdog_pid, &childstatus, 0);
output(0, "Ran %ld syscalls. Successes: %ld Failures: %ld\n",
shm->stats.total_syscalls_done - 1, shm->stats.successes, shm->stats.failures);
cleanup_fds:
close_sockets();
destroy_initial_mappings();
shutdown_logging();
ret = set_exit_code(shm->exit_reason);
out:
exit(ret);
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
int childstatus;
unsigned int i;
outputstd("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**>\n");
progname = argv[0];
initpid = getpid();
page_size = getpagesize();
num_online_cpus = sysconf(_SC_NPROCESSORS_ONLN);
select_syscall_tables();
if (create_shm())
exit(EXIT_FAILURE);
parse_args(argc, argv);
outputstd("Done parsing arguments.\n");
if (kernel_taint_mask != (int)0xFFFFFFFF) {
outputstd("Custom kernel taint mask has been specified: 0x%08x (%d).\n", kernel_taint_mask, kernel_taint_mask);
}
if (user_specified_children != 0)
max_children = user_specified_children;
else
max_children = sysconf(_SC_NPROCESSORS_ONLN);
if (max_children > MAX_NR_CHILDREN) {
outputerr("Increase MAX_NR_CHILDREN!\n");
exit(EXIT_FAILURE);
}
setup_shm_postargs();
if (logging == TRUE)
open_logfiles();
if (munge_tables() == FALSE) {
ret = EXIT_FAILURE;
goto out;
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto out;
}
init_syscalls();
if (show_ioctl_list == TRUE) {
dump_ioctls();
goto out;
}
if (getuid() == 0) {
if (dangerous == TRUE) {
outputstd("DANGER: RUNNING AS ROOT.\n");
outputstd("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
outputstd("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
outputstd("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
outputstd("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
outputstd("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (do_specific_proto == TRUE)
find_specific_proto(specific_proto_optarg);
init_buffers();
parse_devices();
pids_init();
setup_main_signals();
kernel_taint_initial = check_tainted();
if (kernel_taint_initial != 0) {
output(0, "Kernel was tainted on startup. Will ignore flags that are already set.\n");
}
change_tmp_dir();
/* check if we ctrl'c or something went wrong during init. */
if (shm->exit_reason != STILL_RUNNING)
goto cleanup_fds;
init_watchdog();
do_main_loop();
/* Shutting down. */
waitpid(watchdog_pid, &childstatus, 0);
output(0, "\nRan %ld syscalls. Successes: %ld Failures: %ld\n",
shm->total_syscalls_done - 1, shm->successes, shm->failures);
ret = EXIT_SUCCESS;
cleanup_fds:
close_sockets();
destroy_global_mappings();
if (logging == TRUE)
close_logfiles();
out:
exit(ret);
}
static void watchdog(void)
{
static const char watchdogname[17]="trinity-watchdog";
static unsigned long lastcount = 0;
bool watchdog_exit = FALSE;
int ret = 0;
while (shm->ready == FALSE) {
sleep(1);
if (shm->exit_reason != STILL_RUNNING)
return;
}
output(0, "Watchdog is alive. (pid:%d)\n", watchdog_pid);
prctl(PR_SET_NAME, (unsigned long) &watchdogname);
(void)signal(SIGSEGV, SIG_DFL);
while (watchdog_exit == FALSE) {
if (check_shm_sanity() == SHM_CORRUPT)
goto corrupt;
if (check_main_alive() == FALSE)
goto main_dead;
if (shm->regenerating == FALSE) {
unsigned int i;
reap_dead_kids();
check_children();
if (syscalls_todo && (shm->total_syscalls_done >= syscalls_todo)) {
output(0, "Reached limit %d. Telling children to exit.\n", syscalls_todo);
shm->exit_reason = EXIT_REACHED_COUNT;
}
// Periodic log syncing. FIXME: This is kinda ugly, and mostly unnecessary.
if (shm->total_syscalls_done % 1000 == 0)
synclogs();
for_each_pidslot(i) {
if (shm->child_syscall_count[i] > hiscore)
hiscore = shm->child_syscall_count[i];
}
if (shm->total_syscalls_done > 1) {
if (shm->total_syscalls_done - lastcount > 10000) {
output(0, "%ld iterations. [F:%ld S:%ld HI:%ld]\n",
shm->total_syscalls_done,
shm->failures, shm->successes,
hiscore);
lastcount = shm->total_syscalls_done;
}
}
}
/* Only check taint if it mask allows it */
if (kernel_taint_mask != 0) {
ret = check_tainted();
if (((ret & kernel_taint_mask) & (~kernel_taint_initial)) != 0) {
gettimeofday(&shm->taint_tv, NULL);
output(0, "kernel became tainted! (%d/%d) Last seed was %u\n", ret, kernel_taint_initial, shm->seed);
shm->exit_reason = EXIT_KERNEL_TAINTED;
}
}
main_dead:
/* Are we done ? */
if (shm->exit_reason != STILL_RUNNING) {
/* Give children a chance to exit. */
sleep(1);
/* Are there still children running ? */
if (pidmap_empty() == TRUE)
watchdog_exit = TRUE;
else {
output(0, "exit_reason=%d, but %d children still running.\n",
shm->exit_reason, shm->running_childs);
kill_all_kids();
}
}
sleep(1);
}
static void watchdog(void)
{
static unsigned long lastcount = 0;
bool watchdog_exit = FALSE;
while (watchdog_exit == FALSE) {
int ret = 0;
unsigned int i;
unsigned int stall_count = 0;
if (shm_is_corrupt() == TRUE)
goto corrupt;
if (check_main_alive() == FALSE)
goto main_dead;
reap_dead_kids();
check_all_locks();
if (syscalls_todo && (shm->stats.total_syscalls_done >= syscalls_todo)) {
output(0, "Reached limit %d. Telling children to exit.\n", syscalls_todo);
panic(EXIT_REACHED_COUNT);
}
for_each_child(i) {
struct childdata *child = shm->children[i];
struct syscallrecord *rec = &child->syscall;
if (is_child_making_progress(child) == FALSE)
stall_count++;
if (rec->op_nr > hiscore)
hiscore = rec->op_nr;
}
if (stall_count == shm->running_childs)
stall_genocide();
if (shm->stats.total_syscalls_done > 1) {
if (shm->stats.total_syscalls_done - lastcount > 10000) {
char stalltxt[]=" STALLED:XXXX";
if (stall_count > 0)
sprintf(stalltxt, " STALLED:%u", stall_count);
output(0, "%ld iterations. [F:%ld S:%ld HI:%ld%s]\n",
shm->stats.total_syscalls_done,
shm->stats.failures, shm->stats.successes,
hiscore,
stall_count ? stalltxt : "");
lastcount = shm->stats.total_syscalls_done;
}
}
/* Only check taint if the mask allows it */
if (kernel_taint_mask != 0) {
ret = check_tainted();
if (((ret & kernel_taint_mask) & (~kernel_taint_initial)) != 0)
tainted_postmortem(ret);
}
main_dead:
/* Are we done ? */
if (shm->exit_reason != STILL_RUNNING) {
/* Give children a chance to exit. */
sleep(1);
/* Are there still children running ? */
if (pidmap_empty() == TRUE)
watchdog_exit = TRUE;
else {
static unsigned int last = 0;
if (last != shm->running_childs) {
last = shm->running_childs;
output(0, "exit_reason=%d, but %d children still running.\n",
shm->exit_reason, shm->running_childs);
}
kill_all_kids();
}
}
sleep(1);
}
corrupt:
kill_all_kids();
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
unsigned int i;
printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**> 2012\n");
progname = argv[0];
setup_syscall_tables();
parse_args(argc, argv);
/* If we didn't pass -c or -x, mark all syscalls active. */
if ((do_specific_syscall == FALSE) && (do_exclude_syscall == FALSE))
mark_all_syscalls_active();
if (getuid() == 0) {
if (dangerous == TRUE) {
printf("DANGER: RUNNING AS ROOT.\n");
printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
printf("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
printf("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
printf("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (create_shm())
exit(EXIT_FAILURE);
/* Set seed in parent thread*/
set_seed(0);
if (desired_group != GROUP_NONE) {
ret = setup_syscall_group(desired_group);
if (ret == FALSE) {
ret = EXIT_FAILURE;
goto cleanup_shm;
}
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto cleanup_shm;
}
if (validate_syscall_tables() == FALSE) {
printf("No syscalls were enabled!\n");
printf("Use 32bit:%d 64bit:%d\n", use_32bit, use_64bit);
goto cleanup_shm;
}
sanity_check_tables();
if (logging == TRUE)
open_logfiles();
if (do_specific_syscall == FALSE) {
if (biarch == TRUE)
output(0, "Fuzzing %d 32-bit syscalls & %d 64-bit syscalls.\n",
max_nr_32bit_syscalls, max_nr_64bit_syscalls);
else
output(0, "Fuzzing %d syscalls.\n", max_nr_syscalls);
}
if (do_specific_proto == TRUE)
find_specific_proto(specific_proto_optarg);
page_size = getpagesize();
init_buffers();
mask_signals();
if (check_tainted() != 0) {
output(0, "Kernel was tainted on startup. Will keep running if trinity causes an oops.\n");
do_check_tainted = TRUE;
}
/* just in case we're not using the test.sh harness. */
chmod("tmp/", 0755);
ret = chdir("tmp/");
if (!ret) {
/* nothing right now */
}
if (shm->exit_reason != STILL_RUNNING)
goto cleanup_fds;
init_watchdog();
do_main_loop();
printf("\nRan %ld syscalls. Successes: %ld Failures: %ld\n",
shm->total_syscalls_done - 1, shm->successes, shm->failures);
ret = EXIT_SUCCESS;
cleanup_fds:
for (i = 0; i < nr_sockets; i++) {
struct linger ling;
ling.l_onoff = FALSE; /* linger active */
setsockopt(shm->socket_fds[i], SOL_SOCKET, SO_LINGER, &ling, sizeof(struct linger));
shutdown(shm->socket_fds[i], SHUT_RDWR);
close(shm->socket_fds[i]);
}
destroy_maps();
if (logging == TRUE)
close_logfiles();
cleanup_shm:
if (shm != NULL)
munmap(shm, sizeof(struct shm_s));
exit(ret);
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
int childstatus;
unsigned int i;
printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**>\n");
progname = argv[0];
page_size = getpagesize();
select_syscall_tables();
if (create_shm())
exit(EXIT_FAILURE);
parse_args(argc, argv);
printf("Done parsing arguments.\n");
setup_shm_postargs();
if (logging == TRUE)
open_logfiles();
if (munge_tables() == FALSE) {
ret = EXIT_FAILURE;
goto out;
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto out;
}
if (show_ioctl_list == TRUE) {
dump_ioctls();
goto out;
}
if (getuid() == 0) {
if (dangerous == TRUE) {
printf("DANGER: RUNNING AS ROOT.\n");
printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
printf("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
printf("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
printf("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (do_specific_proto == TRUE)
find_specific_proto(specific_proto_optarg);
init_buffers();
parse_devices();
pids_init();
setup_main_signals();
if (check_tainted() != 0) {
output(0, "Kernel was tainted on startup. Will keep running if trinity causes an oops.\n");
ignore_tainted = TRUE;
}
/* just in case we're not using the test.sh harness. */
chmod("tmp/", 0755);
ret = chdir("tmp/");
if (!ret) {
/* nothing right now */
}
if (shm->exit_reason != STILL_RUNNING)
goto cleanup_fds;
init_watchdog();
do_main_loop();
waitpid(shm->watchdog_pid, &childstatus, 0);
printf("\nRan %ld syscalls. Successes: %ld Failures: %ld\n",
shm->total_syscalls_done - 1, shm->successes, shm->failures);
ret = EXIT_SUCCESS;
cleanup_fds:
for (i = 0; i < nr_sockets; i++) {
struct linger ling;
ling.l_onoff = FALSE; /* linger active */
setsockopt(shm->socket_fds[i], SOL_SOCKET, SO_LINGER, &ling, sizeof(struct linger));
shutdown(shm->socket_fds[i], SHUT_RDWR);
close(shm->socket_fds[i]);
}
destroy_maps();
if (logging == TRUE)
close_logfiles();
out:
exit(ret);
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
const char taskname[13]="trinity-main";
outputstd("Trinity " VERSION " Dave Jones <*****@*****.**>\n");
progname = argv[0];
mainpid = getpid();
page_size = getpagesize();
num_online_cpus = sysconf(_SC_NPROCESSORS_ONLN);
max_children = num_online_cpus; /* possibly overridden in params. */
if (init_random() == FALSE)
exit(EXIT_FAILURE);
select_syscall_tables();
create_shm();
/* We do this before the parse_args because --fds will need to
* operate on the providers list when implemented.
*/
setup_fd_providers();
parse_args(argc, argv);
init_uids();
change_tmp_dir();
init_logging();
init_shm();
kernel_taint_initial = check_tainted();
if (kernel_taint_initial != 0)
output(0, "Kernel was tainted on startup. Will ignore flags that are already set.\n");
if (munge_tables() == FALSE) {
ret = EXIT_FAILURE;
goto out;
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto out;
}
if (show_ioctl_list == TRUE) {
dump_ioctls();
goto out;
}
if (show_unannotated == TRUE) {
show_unannotated_args();
goto out;
}
init_syscalls();
do_uid0_check();
if (do_specific_domain == TRUE)
find_specific_domain(specific_domain_optarg);
pids_init();
init_object_lists(OBJ_GLOBAL);
setup_initial_mappings();
parse_devices();
/* FIXME: Some better object construction method needed. */
create_futexes();
create_sysv_shms();
setup_main_signals();
no_bind_to_cpu = RAND_BOOL();
prctl(PR_SET_NAME, (unsigned long) &taskname);
if (open_fds() == FALSE) {
if (shm->exit_reason != STILL_RUNNING)
panic(EXIT_FD_INIT_FAILURE); // FIXME: Later, push this down to multiple EXIT's.
_exit(EXIT_FAILURE);
}
if (dropprivs == TRUE) //FIXME: Push down into child processes later.
drop_privs();
main_loop();
destroy_global_objects();
output(0, "Ran %ld syscalls. Successes: %ld Failures: %ld\n",
shm->stats.total_syscalls_done - 1, shm->stats.successes, shm->stats.failures);
shutdown_logging();
ret = set_exit_code(shm->exit_reason);
out:
exit(ret);
}