github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/executor/common_test.h

github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/executor/common_test.h (about)

     1  // Copyright 2018 syzkaller project authors. All rights reserved.
     2  // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     3  
     4  // This file is shared between executor and csource package.
     5  
     6  #include <stdlib.h>
     7  #include <unistd.h>
     8  
     9  #if SYZ_EXECUTOR || __NR_syz_mmap
    10  #include <sys/mman.h>
    11  
    12  // syz_mmap(addr vma, len len[addr])
    13  static long syz_mmap(volatile long a0, volatile long a1)
    14  {
    15  	return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
    16  }
    17  #endif
    18  
    19  #if SYZ_EXECUTOR || __NR_syz_errno
    20  #include <errno.h>
    21  
    22  // syz_errno(v int32)
    23  static long syz_errno(volatile long v)
    24  {
    25  	errno = v;
    26  	return v == 0 ? 0 : -1;
    27  }
    28  #endif
    29  
    30  #if SYZ_EXECUTOR || __NR_syz_exit
    31  // syz_exit(status int32)
    32  static long syz_exit(volatile long status)
    33  {
    34  	_exit(status);
    35  	return 0;
    36  }
    37  #endif
    38  
    39  #if SYZ_EXECUTOR || __NR_syz_sleep_ms
    40  // syz_sleep_ms(ms intptr)
    41  static long syz_sleep_ms(volatile long ms)
    42  {
    43  	sleep_ms(ms);
    44  	return 0;
    45  }
    46  #endif
    47  
    48  #if SYZ_EXECUTOR || __NR_syz_compare
    49  #include <errno.h>
    50  #include <string.h>
    51  
    52  // syz_compare(want ptr[in, string], want_len len[want], got ptr[in, compare_data], got_len len[got])
    53  static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len)
    54  {
    55  	if (want_len != got_len) {
    56  		errno = EBADF;
    57  		goto error;
    58  	}
    59  	if (memcmp((void*)want, (void*)got, want_len)) {
    60  		errno = EINVAL;
    61  		goto error;
    62  	}
    63  	return 0;
    64  
    65  error:
    66  	debug("syz_compare: want (%lu):\n", want_len);
    67  	debug_dump_data((char*)want, want_len);
    68  	debug("got (%lu):\n", got_len);
    69  	debug_dump_data((char*)got, got_len);
    70  	return -1;
    71  }
    72  #endif
    73  
    74  #if SYZ_EXECUTOR || __NR_syz_compare_int
    75  #include <errno.h>
    76  #include <stdarg.h>
    77  
    78  // syz_compare_int$4(n const[2], v0 intptr, v1 intptr, v2 intptr, v3 intptr)
    79  static long syz_compare_int(volatile long n, ...)
    80  {
    81  	va_list args;
    82  	va_start(args, n);
    83  	long v0 = va_arg(args, long);
    84  	long v1 = va_arg(args, long);
    85  	long v2 = va_arg(args, long);
    86  	long v3 = va_arg(args, long);
    87  	va_end(args);
    88  	if (n < 2 || n > 4)
    89  		return errno = E2BIG, -1;
    90  	if (n <= 2 && v2 != 0)
    91  		return errno = EFAULT, -1;
    92  	if (n <= 3 && v3 != 0)
    93  		return errno = EFAULT, -1;
    94  	if (v0 != v1)
    95  		return errno = EINVAL, -1;
    96  	if (n > 2 && v0 != v2)
    97  		return errno = EINVAL, -1;
    98  	if (n > 3 && v0 != v3)
    99  		return errno = EINVAL, -1;
   100  	return 0;
   101  }
   102  #endif
   103  
   104  #if SYZ_EXECUTOR || __NR_syz_compare_zlib
   105  #include "common_zlib.h"
   106  #include <errno.h>
   107  #include <fcntl.h>
   108  #include <sys/stat.h>
   109  
   110  // syz_compare_zlib(data ptr[in, array[int8]], size bytesize[data], zdata ptr[in, compressed_image], zsize bytesize[zdata])
   111  static long syz_compare_zlib(volatile long data, volatile long size, volatile long zdata, volatile long zsize)
   112  {
   113  	int fd = open("./uncompressed", O_RDWR | O_CREAT | O_EXCL, 0666);
   114  	if (fd == -1)
   115  		return -1;
   116  	if (puff_zlib_to_file((unsigned char*)zdata, zsize, fd))
   117  		return -1;
   118  	struct stat statbuf;
   119  	if (fstat(fd, &statbuf))
   120  		return -1;
   121  	void* uncompressed = mmap(0, statbuf.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
   122  	if (uncompressed == MAP_FAILED)
   123  		return -1;
   124  	return syz_compare(data, size, (long)uncompressed, statbuf.st_size);
   125  }
   126  #endif
   127  
   128  #if SYZ_EXECUTOR || SYZ_SANDBOX_NONE
   129  static void loop();
   130  static int do_sandbox_none(void)
   131  {
   132  	loop();
   133  	return 0;
   134  }
   135  #endif
   136  
   137  #if SYZ_EXECUTOR || __NR_syz_test_fuzzer1
   138  
   139  static void fake_crash(const char* name)
   140  {
   141  	failmsg("crash", "{{CRASH: %s}}", name);
   142  	doexit(1);
   143  }
   144  
   145  static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c)
   146  {
   147  	// We probably want something more interesting here.
   148  	if (a == 1 && b == 1 && c == 1)
   149  		fake_crash("first bug");
   150  	if (a == 1 && b == 2 && c == 3)
   151  		fake_crash("second bug");
   152  	return 0;
   153  }
   154  
   155  #endif