static void scsi_sanitise(const struct ioctl_group *grp, int childno)
{
pick_random_ioctl(grp, childno);
switch (shm->a2[childno]) {
case SG_IO:
scsi_sg_io_sanitise(childno);
break;
default:
break;
}
}
static void autofs_sanitise(const struct ioctl_group *grp, struct syscallrecord *rec)
{
struct autofs_dev_ioctl *arg;
pick_random_ioctl(grp, rec);
rec->a3 = (unsigned long) get_address();
switch (rec->a2) {
case AUTOFS_DEV_IOCTL_VERSION:
case AUTOFS_DEV_IOCTL_PROTOVER:
case AUTOFS_DEV_IOCTL_PROTOSUBVER:
case AUTOFS_DEV_IOCTL_OPENMOUNT:
case AUTOFS_DEV_IOCTL_CLOSEMOUNT:
case AUTOFS_DEV_IOCTL_READY:
case AUTOFS_DEV_IOCTL_FAIL:
case AUTOFS_DEV_IOCTL_SETPIPEFD:
case AUTOFS_DEV_IOCTL_CATATONIC:
case AUTOFS_DEV_IOCTL_TIMEOUT:
case AUTOFS_DEV_IOCTL_REQUESTER:
case AUTOFS_DEV_IOCTL_EXPIRE:
case AUTOFS_DEV_IOCTL_ASKUMOUNT:
case AUTOFS_DEV_IOCTL_ISMOUNTPOINT:
arg = (struct autofs_dev_ioctl *) rec->a3;
init_autofs_dev_ioctl(arg);
arg->ioctlfd = get_random_fd();
arg->fail.token = rand();
arg->fail.status = rand();
if (RAND_BOOL()) {
arg->size += 5;
arg->path[0] = '/';
arg->path[1] = rand();
arg->path[2] = rand();
arg->path[3] = rand();
arg->path[4] = 0;
} else {
int i;
arg->size += rand();
for (i=0; i < 10; ++i)
arg->path[i] = rand();
}
break;
default:
break;
}
}
static void autofs_sanitise(const struct ioctl_group *grp, int childno)
{
int i;
struct autofs_dev_ioctl *arg;
pick_random_ioctl(grp, childno);
shm->a3[childno] = (unsigned long) page_rand;
switch (shm->a2[childno]) {
case AUTOFS_DEV_IOCTL_VERSION:
case AUTOFS_DEV_IOCTL_PROTOVER:
case AUTOFS_DEV_IOCTL_PROTOSUBVER:
case AUTOFS_DEV_IOCTL_OPENMOUNT:
case AUTOFS_DEV_IOCTL_CLOSEMOUNT:
case AUTOFS_DEV_IOCTL_READY:
case AUTOFS_DEV_IOCTL_FAIL:
case AUTOFS_DEV_IOCTL_SETPIPEFD:
case AUTOFS_DEV_IOCTL_CATATONIC:
case AUTOFS_DEV_IOCTL_TIMEOUT:
case AUTOFS_DEV_IOCTL_REQUESTER:
case AUTOFS_DEV_IOCTL_EXPIRE:
case AUTOFS_DEV_IOCTL_ASKUMOUNT:
case AUTOFS_DEV_IOCTL_ISMOUNTPOINT:
arg = (struct autofs_dev_ioctl *)shm->a3[childno];
init_autofs_dev_ioctl(arg);
arg->ioctlfd = get_random_fd();
arg->fail.token = rand();
arg->fail.status = rand();
if (rand_bool()) {
arg->size += 5;
arg->path[0] = '/';
arg->path[1] = rand();
arg->path[2] = rand();
arg->path[3] = rand();
arg->path[4] = 0;
} else {
arg->size += rand();
for (i=0; i < 10; ++i)
arg->path[i] = rand();
}
break;
default:
break;
}
}
static void dm_sanitise(const struct ioctl_group *grp, struct syscallrecord *rec)
{
struct dm_ioctl *dm;
pick_random_ioctl(grp, rec);
rec->a3 = (unsigned long) get_writable_address(sizeof(struct dm_ioctl));
dm = (struct dm_ioctl *) rec->a3;
/* set a sensible version to get past the initial checks */
dm->version[0] = DM_VERSION_MAJOR;
dm->version[1] = DM_VERSION_MINOR;
dm->version[2] = DM_VERSION_PATCHLEVEL;
/* clear one of these strings to pass some kernel validation */
if (RAND_BOOL())
dm->name[0] = 0;
else
dm->uuid[0] = 0;
}
static void dm_sanitise(const struct ioctl_group *grp, int childno)
{
struct dm_ioctl *dm;
pick_random_ioctl(grp, childno);
shm->a3[childno] = (unsigned long) page_rand;
dm = (struct dm_ioctl *)shm->a3[childno];
/* set a sensible version to get past the initial checks */
dm->version[0] = DM_VERSION_MAJOR;
dm->version[1] = DM_VERSION_MINOR;
dm->version[2] = DM_VERSION_PATCHLEVEL;
/* clear one of these strings to pass some kernel validation */
if (rand() % 2 == 0)
dm->name[0] = 0;
else
dm->uuid[0] = 0;
}
static void input_sanitise(const struct ioctl_group *grp, int childno)
{
unsigned int u, r;
pick_random_ioctl(grp, childno);
switch (shm->syscall[childno].a2) {
case EVIOCGNAME(0):
u = rand();
shm->syscall[childno].a2 = EVIOCGNAME(u);
break;
case EVIOCGPHYS(0):
u = rand();
shm->syscall[childno].a2 = EVIOCGPHYS(u);
break;
case EVIOCGUNIQ(0):
u = rand();
shm->syscall[childno].a2 = EVIOCGUNIQ(u);
break;
#ifdef EVIOCGPROP
case EVIOCGPROP(0):
u = rand();
shm->syscall[childno].a2 = EVIOCGPROP(u);
break;
#endif
#ifdef EVIOCGMTSLOTS
case EVIOCGMTSLOTS(0):
u = rand();
shm->syscall[childno].a2 = EVIOCGMTSLOTS(u);
break;
#endif
case EVIOCGKEY(0):
u = rand();
shm->syscall[childno].a2 = EVIOCGKEY(u);
break;
case EVIOCGLED(0):
u = rand();
shm->syscall[childno].a2 = EVIOCGLED(u);
break;
case EVIOCGSND(0):
u = rand();
shm->syscall[childno].a2 = EVIOCGSND(u);
break;
case EVIOCGSW(0):
u = rand();
shm->syscall[childno].a2 = EVIOCGSW(u);
break;
case EVIOCGBIT(0,0):
u = rand();
r = rand();
if (u % 10) u %= EV_CNT;
if (r % 10) r /= 4;
shm->syscall[childno].a2 = EVIOCGBIT(u, r);
break;
case EVIOCGABS(0):
u = rand();
if (u % 10) u %= ABS_CNT;
shm->syscall[childno].a2 = EVIOCGABS(u);
break;
case EVIOCSABS(0):
u = rand();
if (u % 10) u %= ABS_CNT;
shm->syscall[childno].a2 = EVIOCSABS(u);
break;
default:
break;
}
}
