1 /*
2  * Program that makes random system calls with random arguments.
3  */
4 
5 /*
6  * Copyright (C) 2003-2006 IBM
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public License as
10  * published by the Free Software Foundation; either version 2 of the
11  * License, or (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
21  * 02111-1307, USA.
22  */
23 
24 #include <signal.h>
25 #include <limits.h>
26 #include <strings.h>
27 #include <unistd.h>
28 #include <fcntl.h>
29 #include <errno.h>
30 #include <string.h>
31 #include <stdio.h>
32 #include <syscall.h>
33 #include <stdint.h>
34 #include <stdlib.h>
35 
36 unsigned long callnum, args[6];
37 
seed_random(void)38 int seed_random(void)
39 {
40 	int fp;
41 	long seed;
42 
43 	fp = open("/dev/urandom", O_RDONLY);
44 	if (fp < 0) {
45 		perror("/dev/urandom");
46 		return 0;
47 	}
48 
49 	if (read(fp, &seed, sizeof(seed)) != sizeof(seed)) {
50 		perror("read random seed");
51 		return 0;
52 	}
53 
54 	close(fp);
55 	srand(seed);
56 
57 	return 1;
58 }
59 
get_big_randnum(void * buf,unsigned int size)60 void get_big_randnum(void *buf, unsigned int size)
61 {
62 	uint32_t *x = buf;
63 	int i;
64 
65 	for (i = 0; i < size; i += 4, x++) {
66 		*x = (unsigned long)((float)UINT_MAX *
67 				     (rand() / (RAND_MAX + 1.0)));
68 	}
69 }
70 
get_randnum(unsigned long min,unsigned long max)71 unsigned long get_randnum(unsigned long min, unsigned long max)
72 {
73 	return min + (unsigned long)((float)max * (rand() / (RAND_MAX + 1.0)));
74 }
75 
find_syscall(void)76 int find_syscall(void)
77 {
78 	int x;
79 
80 badcall:
81 	x = get_randnum(0, 384);
82 
83 	/* poorly implemented blacklist */
84 	switch (x) {
85 		/* don't screw with signal handling */
86 #ifdef SYS_signal
87 	case SYS_signal:
88 #endif
89 #ifdef SYS_sigaction
90 	case SYS_sigaction:
91 #endif
92 #ifdef SYS_sigsuspend
93 	case SYS_sigsuspend:
94 #endif
95 #ifdef SYS_sigpending
96 	case SYS_sigpending:
97 #endif
98 #ifdef SYS_sigreturn
99 	case SYS_sigreturn:
100 #endif
101 #ifdef SYS_sigprocmask
102 	case SYS_sigprocmask:
103 #endif
104 #ifdef SYS_rt_sigreturn
105 	case SYS_rt_sigreturn:
106 #endif
107 #ifdef SYS_rt_sigaction
108 	case SYS_rt_sigaction:
109 #endif
110 #ifdef SYS_rt_sigprocmask
111 	case SYS_rt_sigprocmask:
112 #endif
113 #ifdef SYS_rt_sigpending
114 	case SYS_rt_sigpending:
115 #endif
116 #ifdef SYS_rt_sigtimedwait
117 	case SYS_rt_sigtimedwait:
118 #endif
119 #ifdef SYS_rt_sigqueueinfo
120 	case SYS_rt_sigqueueinfo:
121 #endif
122 #ifdef SYS_rt_sigsuspend
123 	case SYS_rt_sigsuspend:
124 #endif
125 #ifdef SYS_sigaltstack
126 	case SYS_sigaltstack:
127 #endif
128 #ifdef SYS_settimeofday
129 	case SYS_settimeofday:
130 #endif
131 
132 		/* don't exit the program :P */
133 #ifdef SYS_exit
134 	case SYS_exit:
135 #endif
136 #ifdef SYS_exit_group
137 	case SYS_exit_group:
138 #endif
139 
140 		/* don't put it to sleep either */
141 #ifdef SYS_pause
142 	case SYS_pause:
143 #endif
144 #ifdef SYS_select
145 	case SYS_select:
146 #endif
147 #ifdef SYS_read
148 	case SYS_read:
149 #endif
150 #ifdef SYS_write
151 	case SYS_write:
152 #endif
153 
154 		/* these can fill the process table */
155 #ifdef SYS_fork
156 	case SYS_fork:
157 #endif
158 #ifdef SYS_vfork
159 	case SYS_vfork:
160 #endif
161 #ifdef SYS_clone
162 	case SYS_clone:
163 #endif
164 
165 		/* This causes OOM conditions */
166 #if 1
167 #ifdef SYS_brk
168 	case SYS_brk:
169 #endif
170 #endif
171 
172 		/* these get our program killed */
173 #ifdef SYS_vm86
174 	case SYS_vm86:
175 #endif
176 #ifdef SYS_vm86old
177 	case SYS_vm86old:
178 #endif
179 		goto badcall;
180 	}
181 
182 	return x;
183 }
184 
bogus_signal_handler(int signum)185 void bogus_signal_handler(int signum)
186 {
187 	fprintf(stderr,
188 		"                                    Signal %d on syscall(%lu, 0x%lX, 0x%lX, 0x%lX, 0x%lX, 0x%lX, 0x%lX).\n",
189 		signum, callnum, args[0], args[1], args[2], args[3], args[4],
190 		args[5]);
191 }
192 
real_signal_handler(int signum)193 void real_signal_handler(int signum)
194 {
195 	exit(0);
196 }
197 
install_signal_handlers(void)198 void install_signal_handlers(void)
199 {
200 	int x;
201 	struct sigaction zig;
202 
203 	memset(&zig, 0x00, sizeof(zig));
204 	zig.sa_handler = bogus_signal_handler;
205 	for (x = 0; x < 64; x++) {
206 		sigaction(x, &zig, NULL);
207 	}
208 
209 	zig.sa_handler = real_signal_handler;
210 	sigaction(SIGINT, &zig, NULL);
211 	sigaction(SIGTERM, &zig, NULL);
212 }
213 
main(int argc,char * argv[])214 int main(int argc, char *argv[])
215 {
216 	int i;
217 	int debug = 0, zero_mode = 0;
218 
219 	if (!seed_random()) {
220 		return 1;
221 	}
222 
223 	for (i = 1; i < argc; i++) {
224 		if (!strcmp(argv[i], "-d"))
225 			debug = 1;
226 		else if (!strcmp(argv[i], "-z"))
227 			zero_mode = 1;
228 	}
229 
230 	memset(args, 0, sizeof(unsigned long) * 6);
231 
232 	install_signal_handlers();
233 
234 	while (1) {
235 		callnum = find_syscall();
236 		if (!zero_mode)
237 			get_big_randnum(&args[0], sizeof(unsigned long) * 6);
238 
239 		if (debug) {
240 			printf("syscall(%lu, 0x%lX, 0x%lX, 0x%lX, 0x%lX, "
241 			       "0x%lX, 0x%lX);       \n",
242 			       callnum, args[0], args[1], args[2], args[3],
243 			       args[4], args[5]);
244 			fflush(stdout);
245 		}
246 
247 		syscall(callnum, args[0], args[1], args[2],
248 			args[3], args[4], args[5]);
249 	}
250 
251 	return 0;
252 }
253