• Home
  • History
  • Annotate
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *
3  * honggfuzz - architecture dependent code (NETBSD)
4  * -----------------------------------------
5  *
6  * Author: Kamil Rytarowski <n54@gmx.com>
7  *
8  * Copyright 2010-2018 by Google Inc. All Rights Reserved.
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License. You may obtain
12  * a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS,
18  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
19  * implied. See the License for the specific language governing
20  * permissions and limitations under the License.
21  *
22  */
23 
24 #include "arch.h"
25 
26 // clang-format off
27 #include <sys/param.h>
28 #include <sys/types.h>
29 // clang-format on
30 
31 #include <sys/ptrace.h>
32 #include <sys/syscall.h>
33 #include <sys/time.h>
34 #include <sys/types.h>
35 #include <sys/utsname.h>
36 #include <sys/wait.h>
37 
38 #include <ctype.h>
39 #include <dlfcn.h>
40 #include <errno.h>
41 #include <fcntl.h>
42 #include <inttypes.h>
43 #include <locale.h>
44 #include <poll.h>
45 #include <setjmp.h>
46 #include <signal.h>
47 #include <stdio.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <time.h>
51 #include <unistd.h>
52 
53 #include "fuzz.h"
54 #include "libhfcommon/common.h"
55 #include "libhfcommon/files.h"
56 #include "libhfcommon/log.h"
57 #include "libhfcommon/ns.h"
58 #include "libhfcommon/util.h"
59 #include "netbsd/trace.h"
60 #include "subproc.h"
61 
62 extern char** environ;
63 
arch_fork(run_t * run HF_ATTR_UNUSED)64 pid_t arch_fork(run_t* run HF_ATTR_UNUSED) {
65     pid_t pid = fork();
66     if (pid == -1) {
67         return pid;
68     }
69     if (pid == 0) {
70         logMutexReset();
71         return pid;
72     }
73     return pid;
74 }
75 
arch_launchChild(run_t * run)76 bool arch_launchChild(run_t* run) {
77 #define ARGS_MAX 512
78     const char* args[ARGS_MAX + 2];
79     char argData[PATH_MAX];
80 
81     char inputFile[PATH_MAX];
82     snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileCopyFd);
83 
84     int x = 0;
85     for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) {
86         if (run->global->exe.persistent || run->global->exe.fuzzStdin) {
87             args[x] = run->global->exe.cmdline[x];
88         } else if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) {
89             args[x] = inputFile;
90         } else if (strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) {
91             const char* off = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER);
92             snprintf(argData, sizeof(argData), "%.*s%s", (int)(off - run->global->exe.cmdline[x]),
93                 run->global->exe.cmdline[x], inputFile);
94             args[x] = argData;
95         } else {
96             args[x] = run->global->exe.cmdline[x];
97         }
98     }
99     args[x++] = NULL;
100 
101     LOG_D("Launching '%s' on file '%s'", args[0],
102         run->global->exe.persistent ? "PERSISTENT_MODE" : inputFile);
103 
104     /* alarms persist across execve(), so disable it here */
105     alarm(0);
106 
107     /* Wait for the ptrace to attach now */
108     if (raise(SIGSTOP) == -1) {
109         LOG_F("Couldn't stop itself");
110     }
111 
112     execve(args[0], (char* const*)args, environ);
113     int errno_cpy = errno;
114     alarm(1);
115 
116     LOG_E("execve('%s'): %s", args[0], strerror(errno_cpy));
117 
118     return false;
119 }
120 
arch_prepareParentAfterFork(run_t * run)121 void arch_prepareParentAfterFork(run_t* run) {
122     /* Parent */
123     if (run->global->exe.persistent) {
124         if (fcntl(run->persistentSock, F_SETFL, O_ASYNC) == -1) {
125             PLOG_F("fcntl(%d, F_SETFL, O_ASYNC)", run->persistentSock);
126         }
127     }
128     if (!arch_traceAttach(run)) {
129         LOG_F("Couldn't attach to pid=%d", (int)run->pid);
130     }
131 }
132 
arch_prepareParent(run_t * run HF_ATTR_UNUSED)133 void arch_prepareParent(run_t* run HF_ATTR_UNUSED) {
134 }
135 
arch_checkWait(run_t * run)136 static bool arch_checkWait(run_t* run) {
137     /* All queued wait events must be tested when SIGCHLD was delivered */
138     for (;;) {
139         int status;
140         /* Wait for the whole process group of run->pid */
141         pid_t pid = wait6(P_SID, run->pid, &status,
142             WALLSIG | WALTSIG | WTRAPPED | WEXITED | WUNTRACED | WCONTINUED | WSTOPPED | WNOHANG,
143             NULL, NULL);
144         if (pid == 0) {
145             return false;
146         }
147         if (pid == -1 && errno == EINTR) {
148             return false;
149         }
150         if (pid == -1 && errno == ECHILD) {
151             LOG_D("No more processes to track");
152             return true;
153         }
154         if (pid == -1) {
155             PLOG_F("wait6(pid/session=%d) failed", (int)run->pid);
156         }
157 
158         arch_traceAnalyze(run, status, pid);
159 
160         char statusStr[4096];
161         LOG_D("pid=%d returned with status: %s", pid,
162             subproc_StatusToStr(status, statusStr, sizeof(statusStr)));
163 
164         if (pid == run->pid && (WIFEXITED(status) || WIFSIGNALED(status))) {
165             if (run->global->exe.persistent) {
166                 if (!fuzz_isTerminating()) {
167                     LOG_W("Persistent mode: PID %d exited with status: %s", pid,
168                         subproc_StatusToStr(status, statusStr, sizeof(statusStr)));
169                 }
170             }
171             return true;
172         }
173     }
174 }
175 
arch_reapChild(run_t * run)176 void arch_reapChild(run_t* run) {
177     for (;;) {
178         if (subproc_persistentModeStateMachine(run)) {
179             break;
180         }
181 
182         subproc_checkTimeLimit(run);
183         subproc_checkTermination(run);
184 
185         if (run->global->exe.persistent) {
186             struct pollfd pfd = {
187                 .fd = run->persistentSock,
188                 .events = POLLIN,
189             };
190             int r = poll(&pfd, 1, 250 /* 0.25s */);
191             if (r == -1 && errno != EINTR) {
192                 PLOG_F("poll(fd=%d)", run->persistentSock);
193             }
194         } else {
195             /* Return with SIGIO, SIGCHLD and with SIGUSR1 */
196             const struct timespec ts = {
197                 .tv_sec = 0ULL,
198                 .tv_nsec = (1000ULL * 1000ULL * 250ULL),
199             };
200             int sig = sigtimedwait(&run->global->exe.waitSigSet, NULL, &ts /* 0.25s */);
201             if (sig == -1 && (errno != EAGAIN && errno != EINTR)) {
202                 PLOG_F("sigtimedwait(SIGIO|SIGCHLD|SIGUSR1)");
203             }
204         }
205 
206         if (arch_checkWait(run)) {
207             run->pid = 0;
208             break;
209         }
210     }
211 }
212 
arch_archInit(honggfuzz_t * hfuzz)213 bool arch_archInit(honggfuzz_t* hfuzz) {
214     /* Make %'d work */
215     setlocale(LC_NUMERIC, "en_US.UTF-8");
216 
217     if (access(hfuzz->exe.cmdline[0], X_OK) == -1) {
218         PLOG_E("File '%s' doesn't seem to be executable", hfuzz->exe.cmdline[0]);
219         return false;
220     }
221 
222     /* Updates the important signal array based on input args */
223     arch_traceSignalsInit(hfuzz);
224 
225     return true;
226 }
227 
arch_archThreadInit(run_t * run)228 bool arch_archThreadInit(run_t* run) {
229     run->netbsd.perfMmapBuf = NULL;
230     run->netbsd.perfMmapAux = NULL;
231     run->netbsd.cpuInstrFd = -1;
232     run->netbsd.cpuBranchFd = -1;
233     run->netbsd.cpuIptBtsFd = -1;
234 
235     return true;
236 }
237