diff options
Diffstat (limited to 'executor')
| -rw-r--r-- | executor/common.h | 67 | ||||
| -rw-r--r-- | executor/common_fuchsia.h | 66 | ||||
| -rw-r--r-- | executor/common_linux.h | 65 | ||||
| -rw-r--r-- | executor/common_windows.h | 50 | ||||
| -rw-r--r-- | executor/executor.h | 22 | ||||
| -rw-r--r-- | executor/executor_fuchsia.cc | 66 | ||||
| -rw-r--r-- | executor/executor_linux.cc | 53 | ||||
| -rw-r--r-- | executor/executor_linux.h | 66 | ||||
| -rw-r--r-- | executor/executor_posix.h | 82 | ||||
| -rw-r--r-- | executor/executor_windows.cc | 85 | ||||
| -rw-r--r-- | executor/executor_windows.h | 74 | ||||
| -rw-r--r-- | executor/syscalls_windows.h | 14 |
12 files changed, 514 insertions, 196 deletions
diff --git a/executor/common.h b/executor/common.h index 9eb5ea2c5..f5b525cc4 100644 --- a/executor/common.h +++ b/executor/common.h @@ -5,10 +5,6 @@ #include <stdint.h> #include <string.h> -#if defined(SYZ_EXECUTOR) || defined(SYZ_THREADED) || defined(SYZ_COLLIDE) -#include <pthread.h> -#include <stdlib.h> -#endif #if defined(SYZ_EXECUTOR) || defined(SYZ_USE_TMP_DIR) #include <errno.h> #include <stdarg.h> @@ -21,15 +17,6 @@ #include <signal.h> #include <string.h> #endif -#if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) -#include <errno.h> -#include <signal.h> -#include <stdarg.h> -#include <stdio.h> -#include <sys/time.h> -#include <sys/wait.h> -#include <time.h> -#endif #if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) #include <stdarg.h> #include <stdio.h> @@ -64,7 +51,7 @@ const int kErrorStatus = 68; defined(SYZ_USE_TMP_DIR) || defined(SYZ_TUN_ENABLE) || defined(SYZ_SANDBOX_NAMESPACE) || \ defined(SYZ_SANDBOX_SETUID) || defined(SYZ_FAULT_INJECTION) || defined(__NR_syz_kvm_setup_cpu) // logical error (e.g. invalid input program), use as an assert() alernative -__attribute__((noreturn)) static void fail(const char* msg, ...) +NORETURN static void fail(const char* msg, ...) { int e = errno; fflush(stdout); @@ -81,7 +68,7 @@ __attribute__((noreturn)) static void fail(const char* msg, ...) #if defined(SYZ_EXECUTOR) // kernel error (e.g. wrong syscall return value) -__attribute__((noreturn)) static void error(const char* msg, ...) +NORETURN static void error(const char* msg, ...) { fflush(stdout); va_list args; @@ -95,7 +82,7 @@ __attribute__((noreturn)) static void error(const char* msg, ...) #if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) // just exit (e.g. due to temporal ENOMEM error) -__attribute__((noreturn)) static void exitf(const char* msg, ...) +NORETURN static void exitf(const char* msg, ...) { int e = errno; fflush(stdout); @@ -139,41 +126,6 @@ static void debug(const char* msg, ...) } #endif -#if defined(SYZ_EXECUTOR) || defined(SYZ_HANDLE_SEGV) -static __thread int skip_segv; -static __thread jmp_buf segv_env; - -static void segv_handler(int sig, siginfo_t* info, void* uctx) -{ - // Generated programs can contain bad (unmapped/protected) addresses, - // which cause SIGSEGVs during copyin/copyout. - // This handler ignores such crashes to allow the program to proceed. - // We additionally opportunistically check that the faulty address - // is not within executable data region, because such accesses can corrupt - // output region and then fuzzer will fail on corrupted data. - uintptr_t addr = (uintptr_t)info->si_addr; - const uintptr_t prog_start = 1 << 20; - const uintptr_t prog_end = 100 << 20; - if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { - debug("SIGSEGV on %p, skipping\n", addr); - _longjmp(segv_env, 1); - } - debug("SIGSEGV on %p, exiting\n", addr); - doexit(sig); - for (;;) { - } -} - -#define NONFAILING(...) \ - { \ - __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ - if (_setjmp(segv_env) == 0) { \ - __VA_ARGS__; \ - } \ - __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ - } -#endif - #if defined(SYZ_EXECUTOR) || defined(SYZ_USE_CHECKSUMS) struct csum_inet { uint32_t acc; @@ -204,15 +156,4 @@ static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } -#endif - -#if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) -static uint64_t current_time_ms() -{ - struct timespec ts; - - if (clock_gettime(CLOCK_MONOTONIC, &ts)) - fail("clock_gettime failed"); - return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; -} -#endif +#endif
\ No newline at end of file diff --git a/executor/common_fuchsia.h b/executor/common_fuchsia.h index e6ccddffe..004046020 100644 --- a/executor/common_fuchsia.h +++ b/executor/common_fuchsia.h @@ -3,14 +3,53 @@ // This file is shared between executor and csource package. +#include <unistd.h> #include <zircon/process.h> #include <zircon/syscalls.h> +#if defined(SYZ_EXECUTOR) || defined(SYZ_THREADED) || defined(SYZ_COLLIDE) +#include <pthread.h> +#include <stdlib.h> +#endif +#if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) +#include <errno.h> +#include <signal.h> +#include <stdarg.h> +#include <stdio.h> +#include <sys/time.h> +#include <sys/wait.h> +#include <time.h> +#endif #define doexit exit +#define NORETURN __attribute__((noreturn)) #include "common.h" #if defined(SYZ_EXECUTOR) || defined(SYZ_HANDLE_SEGV) +static __thread int skip_segv; +static __thread jmp_buf segv_env; + +static void segv_handler(int sig, siginfo_t* info, void* uctx) +{ + // Generated programs can contain bad (unmapped/protected) addresses, + // which cause SIGSEGVs during copyin/copyout. + // This handler ignores such crashes to allow the program to proceed. + // We additionally opportunistically check that the faulty address + // is not within executable data region, because such accesses can corrupt + // output region and then fuzzer will fail on corrupted data. + uintptr_t addr = (uintptr_t)info->si_addr; + const uintptr_t prog_start = 1 << 20; + const uintptr_t prog_end = 100 << 20; + if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { + debug("SIGSEGV on %p, skipping\n", addr); + _longjmp(segv_env, 1); + } + debug("SIGSEGV on %p, exiting\n", addr); + doexit(sig); + for (;;) { + } +} + static void install_segv_handler() { struct sigaction sa; @@ -21,6 +60,33 @@ static void install_segv_handler() sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } + +#define NONFAILING(...) \ + { \ + __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ + if (_setjmp(segv_env) == 0) { \ + __VA_ARGS__; \ + } \ + __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ + } +#endif + +#if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) +static uint64_t current_time_ms() +{ + struct timespec ts; + + if (clock_gettime(CLOCK_MONOTONIC, &ts)) + fail("clock_gettime failed"); + return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; +} +#endif + +#if defined(SYZ_EXECUTOR) +static void sleep_ms(uint64_t ms) +{ + usleep(ms * 1000); +} #endif #if defined(SYZ_EXECUTOR) || defined(SYZ_FAULT_INJECTION) diff --git a/executor/common_linux.h b/executor/common_linux.h index dd7d0ac31..3ad7d374f 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -9,6 +9,19 @@ #include <sys/syscall.h> #include <unistd.h> +#if defined(SYZ_EXECUTOR) || defined(SYZ_THREADED) || defined(SYZ_COLLIDE) +#include <pthread.h> +#include <stdlib.h> +#endif +#if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) +#include <errno.h> +#include <signal.h> +#include <stdarg.h> +#include <stdio.h> +#include <sys/time.h> +#include <sys/wait.h> +#include <time.h> +#endif #if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) #include <sys/prctl.h> #endif @@ -113,6 +126,7 @@ __attribute__((noreturn)) static void doexit(int status) for (i = 0;; i++) { } } +#define NORETURN __attribute__((noreturn)) #endif #if defined(SYZ_EXECUTOR) @@ -124,6 +138,30 @@ __attribute__((noreturn)) static void doexit(int status) #include "common.h" #if defined(SYZ_EXECUTOR) || defined(SYZ_HANDLE_SEGV) +static __thread int skip_segv; +static __thread jmp_buf segv_env; + +static void segv_handler(int sig, siginfo_t* info, void* uctx) +{ + // Generated programs can contain bad (unmapped/protected) addresses, + // which cause SIGSEGVs during copyin/copyout. + // This handler ignores such crashes to allow the program to proceed. + // We additionally opportunistically check that the faulty address + // is not within executable data region, because such accesses can corrupt + // output region and then fuzzer will fail on corrupted data. + uintptr_t addr = (uintptr_t)info->si_addr; + const uintptr_t prog_start = 1 << 20; + const uintptr_t prog_end = 100 << 20; + if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { + debug("SIGSEGV on %p, skipping\n", addr); + _longjmp(segv_env, 1); + } + debug("SIGSEGV on %p, exiting\n", addr); + doexit(sig); + for (;;) { + } +} + static void install_segv_handler() { struct sigaction sa; @@ -142,6 +180,33 @@ static void install_segv_handler() sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } + +#define NONFAILING(...) \ + { \ + __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ + if (_setjmp(segv_env) == 0) { \ + __VA_ARGS__; \ + } \ + __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ + } +#endif + +#if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) +static uint64_t current_time_ms() +{ + struct timespec ts; + + if (clock_gettime(CLOCK_MONOTONIC, &ts)) + fail("clock_gettime failed"); + return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; +} +#endif + +#if defined(SYZ_EXECUTOR) +static void sleep_ms(uint64_t ms) +{ + usleep(ms * 1000); +} #endif #if defined(SYZ_EXECUTOR) || defined(SYZ_USE_TMP_DIR) diff --git a/executor/common_windows.h b/executor/common_windows.h new file mode 100644 index 000000000..80c197a4a --- /dev/null +++ b/executor/common_windows.h @@ -0,0 +1,50 @@ +// Copyright 2017 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +// This file is shared between executor and csource package. + +#include <windows.h> + +#define doexit exit +#define NORETURN + +#include "common.h" + +#if defined(SYZ_EXECUTOR) || defined(SYZ_HANDLE_SEGV) +static void install_segv_handler() +{ +} + +// TODO(dvyukov): implement me +#define NONFAILING(...) \ + __try { \ + __VA_ARGS__; \ + } __except (EXCEPTION_EXECUTE_HANDLER) { \ + } +#endif + +#if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) +static uint64_t current_time_ms() +{ + return GetTickCount64(); +} +#endif + +#if defined(SYZ_EXECUTOR) +static void sleep_ms(uint64_t ms) +{ + Sleep(ms); +} +#endif + +#if defined(SYZ_EXECUTOR) || defined(SYZ_FAULT_INJECTION) +static int inject_fault(int nth) +{ + return 0; +} + +static int fault_injected(int fail_fd) +{ + return 0; +} +#endif diff --git a/executor/executor.h b/executor/executor.h index 08112ec5d..0eb0e4fc4 100644 --- a/executor/executor.h +++ b/executor/executor.h @@ -3,7 +3,6 @@ #include <algorithm> #include <errno.h> -#include <pthread.h> #include <signal.h> #include <stdarg.h> #include <stddef.h> @@ -12,7 +11,6 @@ #include <stdlib.h> #include <string.h> #include <time.h> -#include <unistd.h> #ifndef GIT_REVISION #define GIT_REVISION "unknown" @@ -77,7 +75,7 @@ const uint64_t arg_csum_chunk_const = 1; struct thread_t { bool created; int id; - pthread_t th; + osthread_t th; // TODO(dvyukov): this assumes 64-bit kernel. This must be "kernel long" somehow. uint64_t* cover_data; // Pointer to the size of coverage (stored as first word of memory). @@ -135,12 +133,6 @@ void handle_completion(thread_t* th); void execute_call(thread_t* th); void thread_create(thread_t* th, int id); void* worker_thread(void* arg); -void event_init(event_t* ev); -void event_set(event_t* ev); -void event_reset(event_t* ev); -void event_wait(event_t* ev); -bool event_isset(event_t* ev); -bool event_timedwait(event_t* ev, uint64_t timeout_ms); uint32_t* write_output(uint32_t v); void write_completed(uint32_t completed); uint64_t read_input(uint64_t** input_posp, bool peek = false); @@ -282,7 +274,7 @@ retry: fail("running = %d", running); if (running > 0) { bool last = read_input(&input_pos, true) == instr_eof; - usleep(last ? 1000 : 100); + sleep_ms(last ? 10 : 1); for (int i = 0; i < kMaxThreads; i++) { th = &threads[i]; if (!th->handled && event_isset(&th->done)) @@ -445,14 +437,8 @@ void thread_create(thread_t* th, int id) event_init(&th->ready); event_init(&th->done); event_set(&th->done); - if (flag_threaded) { - pthread_attr_t attr; - pthread_attr_init(&attr); - pthread_attr_setstacksize(&attr, 128 << 10); - if (pthread_create(&th->th, &attr, worker_thread, th)) - exitf("pthread_create failed"); - pthread_attr_destroy(&attr); - } + if (flag_threaded) + thread_start(&th->th, worker_thread, th); } void* worker_thread(void* arg) diff --git a/executor/executor_fuchsia.cc b/executor/executor_fuchsia.cc index 4ff293350..7bb7146e1 100644 --- a/executor/executor_fuchsia.cc +++ b/executor/executor_fuchsia.cc @@ -6,11 +6,7 @@ #define SYZ_EXECUTOR #include "common_fuchsia.h" -struct event_t { - pthread_mutex_t mu; - pthread_cond_t cv; - bool state; -}; +#include "executor_posix.h" #include "executor.h" @@ -85,63 +81,3 @@ uint32_t* write_output(uint32_t v) void write_completed(uint32_t completed) { } - -void event_init(event_t* ev) -{ - if (pthread_mutex_init(&ev->mu, 0)) - fail("pthread_mutex_init failed"); - if (pthread_cond_init(&ev->cv, 0)) - fail("pthread_cond_init failed"); - ev->state = false; -} - -void event_reset(event_t* ev) -{ - ev->state = false; -} - -void event_set(event_t* ev) -{ - pthread_mutex_lock(&ev->mu); - if (ev->state) - fail("event already set"); - ev->state = true; - pthread_mutex_unlock(&ev->mu); - pthread_cond_broadcast(&ev->cv); -} - -void event_wait(event_t* ev) -{ - pthread_mutex_lock(&ev->mu); - while (!ev->state) - pthread_cond_wait(&ev->cv, &ev->mu); - pthread_mutex_unlock(&ev->mu); -} - -bool event_isset(event_t* ev) -{ - pthread_mutex_lock(&ev->mu); - bool res = ev->state; - pthread_mutex_unlock(&ev->mu); - return res; -} - -bool event_timedwait(event_t* ev, uint64_t timeout_ms) -{ - pthread_mutex_lock(&ev->mu); - uint64_t start = current_time_ms(); - for (;;) { - if (ev->state) - break; - uint64_t now = current_time_ms(); - if (now - start > timeout_ms) - break; - timespec ts; - ts.tv_sec = 0; - ts.tv_nsec = (timeout_ms - (now - start)) * 1000 * 1000; - pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); - } - bool res = ev->state; - pthread_mutex_unlock(&ev->mu); - return res; -} diff --git a/executor/executor_linux.cc b/executor/executor_linux.cc index 85a0b29c8..7a26d71c0 100644 --- a/executor/executor_linux.cc +++ b/executor/executor_linux.cc @@ -15,12 +15,11 @@ #include <sys/wait.h> #include <unistd.h> -struct event_t { - int state; -}; - #define SYZ_EXECUTOR #include "common_linux.h" + +#include "executor_linux.h" + #include "executor.h" #include "syscalls_linux.h" @@ -327,49 +326,3 @@ void write_completed(uint32_t completed) { __atomic_store_n(output_data, completed, __ATOMIC_RELEASE); } - -void event_init(event_t* ev) -{ - ev->state = 0; -} - -void event_reset(event_t* ev) -{ - ev->state = 0; -} - -void event_set(event_t* ev) -{ - if (ev->state) - fail("event already set"); - __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); - syscall(SYS_futex, &ev->state, FUTEX_WAKE); -} - -void event_wait(event_t* ev) -{ - while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) - syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, 0); -} - -bool event_isset(event_t* ev) -{ - return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); -} - -bool event_timedwait(event_t* ev, uint64_t timeout_ms) -{ - uint64_t start = current_time_ms(); - uint64_t now = start; - for (;;) { - timespec ts = {}; - ts.tv_sec = 0; - ts.tv_nsec = (timeout_ms - (now - start)) * 1000 * 1000; - syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, &ts); - if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) - return true; - now = current_time_ms(); - if (now - start > timeout_ms) - return false; - } -} diff --git a/executor/executor_linux.h b/executor/executor_linux.h new file mode 100644 index 000000000..5ede578f1 --- /dev/null +++ b/executor/executor_linux.h @@ -0,0 +1,66 @@ +// Copyright 2017 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +#include <pthread.h> + +typedef pthread_t osthread_t; + +void thread_start(osthread_t* t, void* (*fn)(void*), void* arg) +{ + pthread_attr_t attr; + pthread_attr_init(&attr); + pthread_attr_setstacksize(&attr, 128 << 10); + if (pthread_create(t, &attr, fn, arg)) + exitf("pthread_create failed"); + pthread_attr_destroy(&attr); +} + +struct event_t { + int state; +}; + +void event_init(event_t* ev) +{ + ev->state = 0; +} + +void event_reset(event_t* ev) +{ + ev->state = 0; +} + +void event_set(event_t* ev) +{ + if (ev->state) + fail("event already set"); + __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); + syscall(SYS_futex, &ev->state, FUTEX_WAKE); +} + +void event_wait(event_t* ev) +{ + while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) + syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, 0); +} + +bool event_isset(event_t* ev) +{ + return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); +} + +bool event_timedwait(event_t* ev, uint64_t timeout_ms) +{ + uint64_t start = current_time_ms(); + uint64_t now = start; + for (;;) { + timespec ts = {}; + ts.tv_sec = 0; + ts.tv_nsec = (timeout_ms - (now - start)) * 1000 * 1000; + syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, &ts); + if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) + return true; + now = current_time_ms(); + if (now - start > timeout_ms) + return false; + } +} diff --git a/executor/executor_posix.h b/executor/executor_posix.h new file mode 100644 index 000000000..e9b06b807 --- /dev/null +++ b/executor/executor_posix.h @@ -0,0 +1,82 @@ +// Copyright 2017 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +#include <pthread.h> + +typedef pthread_t osthread_t; + +void thread_start(osthread_t* t, void* (*fn)(void*), void* arg) +{ + pthread_attr_t attr; + pthread_attr_init(&attr); + pthread_attr_setstacksize(&attr, 128 << 10); + if (pthread_create(t, &attr, fn, arg)) + exitf("pthread_create failed"); + pthread_attr_destroy(&attr); +} + +struct event_t { + pthread_mutex_t mu; + pthread_cond_t cv; + bool state; +}; + +void event_init(event_t* ev) +{ + if (pthread_mutex_init(&ev->mu, 0)) + fail("pthread_mutex_init failed"); + if (pthread_cond_init(&ev->cv, 0)) + fail("pthread_cond_init failed"); + ev->state = false; +} + +void event_reset(event_t* ev) +{ + ev->state = false; +} + +void event_set(event_t* ev) +{ + pthread_mutex_lock(&ev->mu); + if (ev->state) + fail("event already set"); + ev->state = true; + pthread_mutex_unlock(&ev->mu); + pthread_cond_broadcast(&ev->cv); +} + +void event_wait(event_t* ev) +{ + pthread_mutex_lock(&ev->mu); + while (!ev->state) + pthread_cond_wait(&ev->cv, &ev->mu); + pthread_mutex_unlock(&ev->mu); +} + +bool event_isset(event_t* ev) +{ + pthread_mutex_lock(&ev->mu); + bool res = ev->state; + pthread_mutex_unlock(&ev->mu); + return res; +} + +bool event_timedwait(event_t* ev, uint64_t timeout_ms) +{ + pthread_mutex_lock(&ev->mu); + uint64_t start = current_time_ms(); + for (;;) { + if (ev->state) + break; + uint64_t now = current_time_ms(); + if (now - start > timeout_ms) + break; + timespec ts; + ts.tv_sec = 0; + ts.tv_nsec = (timeout_ms - (now - start)) * 1000 * 1000; + pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); + } + bool res = ev->state; + pthread_mutex_unlock(&ev->mu); + return res; +} diff --git a/executor/executor_windows.cc b/executor/executor_windows.cc new file mode 100644 index 000000000..7b30e1a96 --- /dev/null +++ b/executor/executor_windows.cc @@ -0,0 +1,85 @@ +// Copyright 2017 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +// +build + +#include <io.h> + +#define SYZ_EXECUTOR +#include "common_windows.h" + +#include "executor_windows.h" + +#include "executor.h" + +#include "syscalls_windows.h" + +char input_data[kMaxInput]; +uint32_t output; + +int main(int argc, char** argv) +{ + if (argc == 2 && strcmp(argv[1], "version") == 0) { + puts("linux " GOARCH " " SYZ_REVISION " " GIT_REVISION); + return 0; + } + + int pos = 0; + for (;;) { + int rv = _read(0, input_data + pos, sizeof(input_data) - pos); + if (rv < 0) + fail("read failed"); + if (rv == 0) + break; + pos += rv; + } + if (pos < 24) + fail("truncated input"); + + uint64_t flags = *(uint64_t*)input_data; + flag_debug = flags & (1 << 0); + flag_threaded = flags & (1 << 2); + flag_collide = flags & (1 << 3); + if (!flag_threaded) + flag_collide = false; + uint64_t executor_pid = *((uint64_t*)input_data + 2); + debug("input %d, threaded=%d collide=%d pid=%llu\n", + pos, flag_threaded, flag_collide, executor_pid); + + execute_one(((uint64_t*)input_data) + 3); + return 0; +} + +long execute_syscall(call_t* c, long a0, long a1, long a2, long a3, long a4, long a5, long a6, long a7, long a8) +{ + debug("%s = %p\n", c->name, c->call); + long res = c->call(a0, a1, a2, a3, a4, a5, a6, a7, a8); + debug("%s = %ld\n", c->name, res); + return res; +} + +void cover_open() +{ +} + +void cover_enable(thread_t* th) +{ +} + +void cover_reset(thread_t* th) +{ +} + +uint64_t read_cover_size(thread_t* th) +{ + return 0; +} + +uint32_t* write_output(uint32_t v) +{ + return &output; +} + +void write_completed(uint32_t completed) +{ +}
\ No newline at end of file diff --git a/executor/executor_windows.h b/executor/executor_windows.h new file mode 100644 index 000000000..5b788e095 --- /dev/null +++ b/executor/executor_windows.h @@ -0,0 +1,74 @@ +// Copyright 2017 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +#include <windows.h> + +typedef HANDLE osthread_t; + +void thread_start(osthread_t* t, void* (*fn)(void*), void* arg) +{ + *t = CreateThread(NULL, 128 << 10, (LPTHREAD_START_ROUTINE)fn, arg, 0, NULL); + if (*t == NULL) + exitf("CreateThread failed"); +} + +struct event_t { + CRITICAL_SECTION cs; + CONDITION_VARIABLE cv; + int state; +}; + +void event_init(event_t* ev) +{ + InitializeCriticalSection(&ev->cs); + InitializeConditionVariable(&ev->cv); + ev->state = 0; +} + +void event_reset(event_t* ev) +{ + ev->state = 0; +} + +void event_set(event_t* ev) +{ + EnterCriticalSection(&ev->cs); + if (ev->state) + fail("event already set"); + ev->state = true; + LeaveCriticalSection(&ev->cs); + WakeAllConditionVariable(&ev->cv); +} + +void event_wait(event_t* ev) +{ + EnterCriticalSection(&ev->cs); + while (!ev->state) + SleepConditionVariableCS(&ev->cv, &ev->cs, INFINITE); + LeaveCriticalSection(&ev->cs); +} + +bool event_isset(event_t* ev) +{ + EnterCriticalSection(&ev->cs); + bool res = ev->state; + LeaveCriticalSection(&ev->cs); + return res; +} + +bool event_timedwait(event_t* ev, uint64_t timeout_ms) +{ + EnterCriticalSection(&ev->cs); + uint64_t start = current_time_ms(); + for (;;) { + if (ev->state) + break; + uint64_t now = current_time_ms(); + if (now - start > timeout_ms) + break; + SleepConditionVariableCS(&ev->cv, &ev->cs, timeout_ms - (now - start)); + } + bool res = ev->state; + LeaveCriticalSection(&ev->cs); + return res; +} diff --git a/executor/syscalls_windows.h b/executor/syscalls_windows.h new file mode 100644 index 000000000..517845c25 --- /dev/null +++ b/executor/syscalls_windows.h @@ -0,0 +1,14 @@ +// AUTOGENERATED FILE + +#if defined(_M_X64) || 0 +#define GOARCH "amd64" +#define SYZ_REVISION "5abfe477fc941d0acacdeae7934602a90c22d5bc" + +unsigned syscall_count = 3; +call_t syscalls[] = { + {"CloseHandle", 0, (syscall_t)CloseHandle}, + {"CreateFileA", 0, (syscall_t)CreateFileA}, + {"VirtualAlloc", 0, (syscall_t)VirtualAlloc}, + +}; +#endif |