From a4718693a3d9fcabb02299b2ec07c19d8208c539 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 30 Aug 2018 21:10:38 -0700
Subject: sys/linux: add syz_execute_func

The function executes random code.

Update #310
---
 prog/rand.go  | 40 ++++++++++++++++++++++++++++++++++++++++
 prog/types.go |  3 ++-
 2 files changed, 42 insertions(+), 1 deletion(-)

(limited to 'prog')

diff --git a/prog/rand.go b/prog/rand.go
index 7f5597f82..23b4afcfa 100644
--- a/prog/rand.go
+++ b/prog/rand.go
@@ -326,6 +326,12 @@ func (r *randGen) createResource(s *state, res *ResourceType) (arg Arg, calls []
 
 func (r *randGen) generateText(kind TextKind) []byte {
 	switch kind {
+	case TextTarget:
+		if r.target.Arch == "amd64" || r.target.Arch == "386" {
+			cfg := createTargetIfuzzConfig(r.target)
+			return ifuzz.Generate(cfg, r.Rand)
+		}
+		fallthrough
 	case TextArm64:
 		// Just a stub, need something better.
 		text := make([]byte, 50)
@@ -341,6 +347,12 @@ func (r *randGen) generateText(kind TextKind) []byte {
 
 func (r *randGen) mutateText(kind TextKind, text []byte) []byte {
 	switch kind {
+	case TextTarget:
+		if r.target.Arch == "amd64" || r.target.Arch == "386" {
+			cfg := createTargetIfuzzConfig(r.target)
+			return ifuzz.Mutate(cfg, r.Rand, text)
+		}
+		fallthrough
 	case TextArm64:
 		return mutateData(r, text, 40, 60)
 	default:
@@ -349,6 +361,32 @@ func (r *randGen) mutateText(kind TextKind, text []byte) []byte {
 	}
 }
 
+func createTargetIfuzzConfig(target *Target) *ifuzz.Config {
+	cfg := &ifuzz.Config{
+		Len:  10,
+		Priv: false,
+		Exec: true,
+		MemRegions: []ifuzz.MemRegion{
+			{Start: target.DataOffset, Size: target.NumPages * target.PageSize},
+		},
+	}
+	for _, p := range target.SpecialPointers {
+		cfg.MemRegions = append(cfg.MemRegions, ifuzz.MemRegion{
+			Start: p & ^target.PageSize, Size: p & ^target.PageSize + target.PageSize,
+		})
+	}
+	switch target.Arch {
+	case "amd64":
+		cfg.Mode = ifuzz.ModeLong64
+	case "386":
+		cfg.Mode = ifuzz.ModeProt32
+	default:
+		panic("unknown text kind")
+	}
+	return cfg
+
+}
+
 func createIfuzzConfig(kind TextKind) *ifuzz.Config {
 	cfg := &ifuzz.Config{
 		Len:  10,
@@ -377,6 +415,8 @@ func createIfuzzConfig(kind TextKind) *ifuzz.Config {
 		cfg.Mode = ifuzz.ModeProt32
 	case TextX86bit64:
 		cfg.Mode = ifuzz.ModeLong64
+	default:
+		panic("unknown text kind")
 	}
 	return cfg
 }
diff --git a/prog/types.go b/prog/types.go
index 3bb2fdbb4..1ce94b6f0 100644
--- a/prog/types.go
+++ b/prog/types.go
@@ -342,7 +342,8 @@ const (
 type TextKind int
 
 const (
-	TextX86Real TextKind = iota
+	TextTarget TextKind = iota
+	TextX86Real
 	TextX86bit16
 	TextX86bit32
 	TextX86bit64
-- 
cgit mrf-deployment