SYSFUZZ(mremap, __NR_mremap, SYS_NONE, CLONE_DEFAULT, 0) { glong retcode; guintptr address; gintptr newaddr; gsize oldsize; gsize newsize; gint flags; typelib_get_vma(this, &address, &oldsize); newsize = g_random_boolean() ? (PAGE_SIZE * 1) : (PAGE_SIZE * 2); flags = typelib_get_integer_mask(MREMAP_FIXED | MREMAP_MAYMOVE); // I don't currently handle MREMAP_FIXED. flags &= ~MREMAP_FIXED; retcode = syscall_fast_ret(&newaddr, __NR_mremap, // void * address, // void *old_address oldsize, // size_t old_size newsize, // size_t new_size flags, // int flags typelib_get_integer()); // unsigned long new_addr if (retcode == ESUCCESS) { // FIXME: Do something like this. // typelib_vma_moved(this, address, newaddr, newsize); typelib_vma_stale(this, address);
#include "iknowthis.h" // Callback for typelib_add_resource(). static gboolean destroy_open_file(guintptr fd) { return syscall(__NR_close, fd) != -1; } // Timers that notify via file descriptors. // int timerfd_create(int clockid, int flags); SYSFUZZ(timerfd_create, __NR_timerfd_create, SYS_NONE, CLONE_DEFAULT, 0) { glong retcode; glong fd; retcode = spawn_syscall_lwp(this, &fd, __NR_timerfd_create, // int typelib_get_integer_range(0, 6), // int clockid typelib_get_integer_mask(O_CLOEXEC | O_NONBLOCK)); // int flags if (retcode == ESUCCESS) { if (g_random_int_range(0, 128)) { close(fd); } else { typelib_add_resource(this, fd, RES_FILE, RF_NONE, destroy_open_file); } } return retcode; }
// guint32 handle_bytes; // int handle_type; // unsigned char f_handle[0]; // }; // Convert name to handle. // int name_to_handle(int dfd, const char *name, struct file_handle *handle, int *mnt_id, int flag); SYSFUZZ(name_to_handle_at, __NR_name_to_handle_at, SYS_NONE, CLONE_DEFAULT, 1000) { gchar *pathname; gpointer handle; gpointer mntid; glong retcode; // Execute systemcall. retcode = spawn_syscall_lwp(this, NULL, __NR_name_to_handle_at, // int typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int dirfd typelib_get_pathname(&pathname), // const char *name typelib_get_buffer(&handle, PAGE_SIZE), // struct file_handle *handle typelib_get_buffer(&mntid, PAGE_SIZE), // int *mnt_id typelib_get_integer_mask(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)); // int flags // Release string. g_free(pathname); typelib_clear_buffer(mntid); typelib_clear_buffer(handle); return retcode; }
#endif #ifndef FAN_ALL_INIT_FLAGS # define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC | FAN_NONBLOCK | FAN_ALL_CLASS_BITS | FAN_UNLIMITED_QUEUE | FAN_UNLIMITED_MARKS) #endif // Callback for typelib_add_resource(). static gboolean destroy_open_file(guintptr fd) { return syscall(__NR_close, fd) != -1; } // Initialize an fanotify instance // This is expected to fail, as it requires CAPS_SYS_ADMIN. // // int fanotify_init(unsigned int flags, unsigned int event_f_flags) SYSFUZZ(fanotify_init, __NR_fanotify_init, SYS_FAIL, CLONE_DEFAULT, 0) { glong retcode; glong fd; retcode = spawn_syscall_lwp(this, &fd, __NR_fanotify_init, // int typelib_get_integer_mask(FAN_ALL_INIT_FLAGS), // unsigned int flags typelib_get_integer_mask(0xffffffff)); // unsigned int event_f_flags if (retcode == ESUCCESS) { typelib_add_resource(this, fd, RES_FILE, RF_NONE, destroy_open_file); } return retcode; }
# define _GNU_SOURCE #endif #include <glib.h> #include <asm/unistd.h> #include <errno.h> #include <unistd.h> #include <fcntl.h> #include "sysfuzz.h" #include "typelib.h" #include "iknowthis.h" // Sync a file segment with disk. // void sync_file_range(int fd, off64_t offset, off64_t nbytes, // unsigned int flags); // long sys32_sync_file_range(int fd, unsigned off_low, unsigned off_hi, // unsigned n_low, unsigned n_hi, int flags); SYSFUZZ(sync_file_range, __NR_sync_file_range, SYS_NONE, CLONE_DEFAULT, 0) { return spawn_syscall_lwp(this, NULL, __NR_sync_file_range, // int typelib_get_resource(this, NULL, RES_FILE, RF_NONE), // int fd typelib_get_integer(), // unsigned off_low typelib_get_integer(), // unsigned off_high typelib_get_integer(), // unsigned n_low typelib_get_integer(), // unsigned n_high typelib_get_integer_mask(SYNC_FILE_RANGE_WAIT_BEFORE | SYNC_FILE_RANGE_WRITE | SYNC_FILE_RANGE_WAIT_AFTER)); // int flags; }