github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/executor/common_test.h (about) 1 // Copyright 2018 syzkaller project authors. All rights reserved. 2 // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 // This file is shared between executor and csource package. 5 6 #include <stdlib.h> 7 #include <unistd.h> 8 9 #if SYZ_EXECUTOR || __NR_syz_mmap 10 #include <sys/mman.h> 11 12 // syz_mmap(addr vma, len len[addr]) 13 static long syz_mmap(volatile long a0, volatile long a1) 14 { 15 return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); 16 } 17 #endif 18 19 #if SYZ_EXECUTOR || __NR_syz_errno 20 #include <errno.h> 21 22 // syz_errno(v int32) 23 static long syz_errno(volatile long v) 24 { 25 errno = v; 26 return v == 0 ? 0 : -1; 27 } 28 #endif 29 30 #if SYZ_EXECUTOR || __NR_syz_exit 31 // syz_exit(status int32) 32 static long syz_exit(volatile long status) 33 { 34 doexit(status); 35 return 0; 36 } 37 #endif 38 39 #if SYZ_EXECUTOR || __NR_syz_sleep_ms 40 // syz_sleep_ms(ms intptr) 41 static long syz_sleep_ms(volatile long ms) 42 { 43 sleep_ms(ms); 44 return 0; 45 } 46 #endif 47 48 #if SYZ_EXECUTOR || __NR_syz_compare 49 #include <errno.h> 50 #include <string.h> 51 52 // syz_compare(want ptr[in, string], want_len len[want], got ptr[in, compare_data], got_len len[got]) 53 static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) 54 { 55 if (want_len != got_len) { 56 errno = EBADF; 57 goto error; 58 } 59 if (memcmp((void*)want, (void*)got, want_len)) { 60 errno = EINVAL; 61 goto error; 62 } 63 return 0; 64 65 error: 66 debug("syz_compare: want (%lu):\n", want_len); 67 debug_dump_data((char*)want, want_len); 68 debug("got (%lu):\n", got_len); 69 debug_dump_data((char*)got, got_len); 70 return -1; 71 } 72 #endif 73 74 #if SYZ_EXECUTOR || __NR_syz_compare_int 75 #include <errno.h> 76 #include <stdarg.h> 77 78 // syz_compare_int$4(n const[2], v0 intptr, v1 intptr, v2 intptr, v3 intptr) 79 static long syz_compare_int(volatile long n, ...) 80 { 81 va_list args; 82 va_start(args, n); 83 long v0 = va_arg(args, long); 84 long v1 = va_arg(args, long); 85 long v2 = va_arg(args, long); 86 long v3 = va_arg(args, long); 87 va_end(args); 88 if (n < 2 || n > 4) 89 return errno = E2BIG, -1; 90 if (n <= 2 && v2 != 0) 91 return errno = EFAULT, -1; 92 if (n <= 3 && v3 != 0) 93 return errno = EFAULT, -1; 94 if (v0 != v1) 95 return errno = EINVAL, -1; 96 if (n > 2 && v0 != v2) 97 return errno = EINVAL, -1; 98 if (n > 3 && v0 != v3) 99 return errno = EINVAL, -1; 100 return 0; 101 } 102 #endif 103 104 #if SYZ_EXECUTOR || __NR_syz_compare_zlib 105 #include "common_zlib.h" 106 #include <errno.h> 107 #include <fcntl.h> 108 #include <sys/stat.h> 109 110 // syz_compare_zlib(data ptr[in, array[int8]], size bytesize[data], zdata ptr[in, compressed_image], zsize bytesize[zdata]) 111 static long syz_compare_zlib(volatile long data, volatile long size, volatile long zdata, volatile long zsize) 112 { 113 int fd = open("./uncompressed", O_RDWR | O_CREAT | O_EXCL, 0666); 114 if (fd == -1) 115 return -1; 116 if (puff_zlib_to_file((unsigned char*)zdata, zsize, fd)) 117 return -1; 118 struct stat statbuf; 119 if (fstat(fd, &statbuf)) 120 return -1; 121 void* uncompressed = NULL; 122 if (statbuf.st_size > 0) { 123 // We cannot mmap 0 bytes. 124 uncompressed = mmap(0, statbuf.st_size, PROT_READ, MAP_PRIVATE, fd, 0); 125 if (uncompressed == MAP_FAILED) 126 return -1; 127 } 128 return syz_compare(data, size, (long)uncompressed, statbuf.st_size); 129 } 130 #endif 131 132 #if SYZ_EXECUTOR || SYZ_SANDBOX_NONE 133 static void loop(); 134 static int do_sandbox_none(void) 135 { 136 // Test various ways how feature setup can fail. 137 // We don't care about these features for test OS, 138 // this is just to test the feature support detection code. 139 #if SYZ_EXECUTOR || SYZ_NET_INJECTION 140 #if SYZ_EXECUTOR 141 if (flag_net_injection) 142 #endif 143 fail("net injection is not supported"); 144 #endif 145 #if SYZ_EXECUTOR || SYZ_DEVLINK_PCI 146 #if SYZ_EXECUTOR 147 if (flag_devlink_pci) 148 #endif 149 exitf("devlink_pci is not supported"); 150 #endif 151 loop(); 152 return 0; 153 } 154 #endif 155 156 #if SYZ_EXECUTOR || __NR_syz_test_fuzzer1 157 158 static void fake_crash(const char* name) 159 { 160 failmsg("crash", "{{CRASH: %s}}", name); 161 doexit(1); 162 } 163 164 static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) 165 { 166 // We probably want something more interesting here. 167 if (a == 1 && b == 1 && c == 1) 168 fake_crash("first bug"); 169 if (a == 1 && b == 2 && c == 3) 170 fake_crash("second bug"); 171 return 0; 172 } 173 174 #endif 175 176 #if SYZ_EXECUTOR || __NR_syz_inject_cover 177 static long syz_inject_cover(volatile long a, volatile long b) 178 #if SYZ_EXECUTOR 179 ; // defined in executor_test.h 180 #else 181 { 182 return 0; 183 } 184 #endif 185 #endif 186 187 #if SYZ_EXECUTOR || __NR_syz_inject_remote_cover 188 static long syz_inject_remote_cover(volatile long a, volatile long b) 189 #if SYZ_EXECUTOR 190 ; // defined in executor_test.h 191 #else 192 { 193 return 0; 194 } 195 #endif 196 #endif 197 198 #if SYZ_EXECUTOR || SYZ_SYSCTL 199 static void setup_sysctl() 200 { 201 } 202 #endif 203 204 #if SYZ_EXECUTOR || (SYZ_CGROUPS && (SYZ_SANDBOX_NONE || SYZ_SANDBOX_SETUID || SYZ_SANDBOX_NAMESPACE || SYZ_SANDBOX_ANDROID)) 205 static void setup_cgroups() 206 { 207 } 208 #endif