shithub: fuzz

Info  •  Files  •  Log  •  Branches

create and populate list of syscalls to fuzz; initialize table of all syscalls; some reformat for tabstop=4

--- a/fuzz.h

+++ b/fuzz.h

@@ -20,68 +20,68 @@

 // User space syscall definitions as per libc.h with sc_ prefix added

 typedef int call;

 enum call {

-sc_exits	,		//	_exits(char*);

-sc_abort	,		//	abort(void);

-sc_access	,		//	access(char*, int);

-sc_alarm	,		//	alarm(ulong);

-sc_await	,		//	await(char*, int);

+sc_exits	,	//	_exits(char*);

+sc_abort	,	//	abort(void);

+sc_access	,	//	access(char*, int);

+sc_alarm	,	//	alarm(ulong);

+sc_await	,	//	await(char*, int);

 sc_bind	,		//	bind(char*, char*, int);

 sc_brk	,		//	brk(void*);

-sc_chdir	,		//	chdir(char*);

-sc_close	,		//	close(int);

-sc_create	,		//	create(char*, int, ulong);

+sc_chdir	,	//	chdir(char*);

+sc_close	,	//	close(int);

+sc_create	,	//	create(char*, int, ulong);

 sc_dup	,		//	dup(int, int);

-sc_errstr	,		//	errstr(char*, uint);

+sc_errstr	,	//	errstr(char*, uint);

 sc_exec	,		//	exec(char*, char*[]);

-sc_execl	,		//	execl(char*, ...);

+sc_execl	,	//	execl(char*, ...);

 sc_fork	,		//	fork(void);

-sc_rfork	,		//	rfork(int);

-sc_fauth	,		//	fauth(int, char*);

-sc_fstat	,		//	fstat(int, uchar*, int);

-sc_fwstat	,		//	fwstat(int, uchar*, int);

-sc_fversion,		//	fversion(int, int, char*, int);

-sc_mount	,		//	mount(int, int, char*, int, char*);

+sc_rfork	,	//	rfork(int);

+sc_fauth	,	//	fauth(int, char*);

+sc_fstat	,	//	fstat(int, uchar*, int);

+sc_fwstat	,	//	fwstat(int, uchar*, int);

+sc_fversion,	//	fversion(int, int, char*, int);

+sc_mount	,	//	mount(int, int, char*, int, char*);

 sc_unmount,		//	unmount(char*, char*);

-sc_noted	,		//	noted(int);

-sc_notify	,		//	notify(void(*)(void*, char*));

+sc_noted	,	//	noted(int);

+sc_notify	,	//	notify(void(*)(void*, char*));

 sc_open	,		//	open(char*, int);

 sc_fd2path,		//	fd2path(int, char*, int);

 sc_pipe	,		//	pipe(int*);

-sc_pread	,		//	pread(int, void*, long, vlong);

+sc_pread	,	//	pread(int, void*, long, vlong);

 sc_preadv,		//	preadv(int, IOchunk*, int, vlong);

-sc_pwrite	,		//	pwrite(int, void*, long, vlong);

+sc_pwrite	,	//	pwrite(int, void*, long, vlong);

 sc_pwritev,		//	pwritev(int, IOchunk*, int, vlong);

 sc_read	,		//	read(int, void*, long);

-sc_readn	,		//	readn(int, void*, long);

-sc_readv	,		//	readv(int, IOchunk*, int);

+sc_readn	,	//	readn(int, void*, long);

+sc_readv	,	//	readv(int, IOchunk*, int);

 sc_remove,		//	remove(char*);

 sc_sbrk	,		//	sbrk(ulong);

-sc_oseek	,		//	oseek(int, long, int);

-sc_seek,			//	seek(int, vlong, int);

-sc_segattach,		//	segattach(int, char*, void*, ulong);

-sc_segbrk	,		//	segbrk(void*, void*);

-sc_segdetach,		//	segdetach(void*);

-sc_segflush,		//	segflush(void*, ulong);

+sc_oseek	,	//	oseek(int, long, int);

+sc_seek,		//	seek(int, vlong, int);

+sc_segattach,	//	segattach(int, char*, void*, ulong);

+sc_segbrk	,	//	segbrk(void*, void*);

+sc_segdetach,	//	segdetach(void*);

+sc_segflush,	//	segflush(void*, ulong);

 sc_segfree,		//	segfree(void*, ulong);

 sc_semacquire,	//	semacquire(long*, int);

-sc_semrelease	,	//	semrelease(long*, long);

-sc_sleep,			//	sleep(long);

-sc_stat,			//	stat(char*, uchar*, int);

+sc_semrelease,	//	semrelease(long*, long);

+sc_sleep,		//	sleep(long);

+sc_stat,		//	stat(char*, uchar*, int);

 sc_tsemacquire,	//	tsemacquire(long*, ulong);

-sc_wait,			//	wait(void);

+sc_wait,		//	wait(void);

 sc_waitpid,		//	waitpid(void);

-sc_write,			//	write(int, void*, long);

-sc_writev,			//	writev(int, IOchunk*, int);

-sc_wstat,			//	wstat(char*, uchar*, int);

+sc_write,		//	write(int, void*, long);

+sc_writev,		//	writev(int, IOchunk*, int);

+sc_wstat,		//	wstat(char*, uchar*, int);

 sc_rendezvous,	//	rendezvous(void*, void*);

 sc_dirstat,		//	dirstat(char*);

-sc_dirfstat,		//	dirfstat(int);

-sc_dirwstat,		//	dirwstat(char*, Dir*);

-sc_dirfwstat,		//	dirfwstat(int, Dir*);

+sc_dirfstat,	//	dirfstat(int);

+sc_dirwstat,	//	dirwstat(char*, Dir*);

+sc_dirfwstat,	//	dirfwstat(int, Dir*);

 sc_dirread,		//	dirread(int, Dir**);

 sc_nulldir,		//	nulldir(Dir*);

-sc_dirreadall,		//	dirreadall(int, Dir**);

-sc_getpid	,		//	getpid(void);

+sc_dirreadall,	//	dirreadall(int, Dir**);

+sc_getpid	,	//	getpid(void);

 sc_getppid,		//	getppid(void);

 sc_rerrstr,		//	rerrstr(char*, uint);

 sc_sysname,		//	sysname(void);

@@ -95,11 +95,11 @@

 typedef struct caller caller;

 struct caller

 {

-	call			c;			// System call in use

+	call		c;			// System call in use

 	char*		name;		// Real name of syscall

 	int			round;		// Last run executed

 	int			seed;		// Seed call was initialized with

-//	List			inputs;		// List of input types in order from left→right

+//	List		inputs;		// List of input types in order from left→right

 };

 // Index of system calls -- one for each enum'd system call

--- a/main.c

+++ b/main.c

@@ -1,5 +1,6 @@

 #include "fuzz.h"

+// Commandline usage warning

 void

 usage(void)

 {

@@ -7,11 +8,17 @@

 	exits("usage");

 }

+/* Prototypes */

+void	initsctable(void);

+int		name2index(char*);

+

+

+// A kernel fuzzer for the Plan 9 kernel

 void

 main(int argc, char *argv[])

 {

-	int nrounds = -1;

-	int i;

+	int nrounds = -1, i;

+	List tofuzz = mklist() ; // List of syscall table ID's to fuzz

 	ARGBEGIN{

 		case 'n':

@@ -22,10 +29,19 @@

 			usage();

 	}ARGEND

+	// Initialize the table of all system calls

+	initsctable();

+

 	// Acquire a list of calls specified by spaces (fuzz -n 1 read write seek)

-	for(;*argv;){

-		print("Loading call: %s\n", *argv++);

-		// TODO -- add to list

+	for(;*argv;argv++){

+		int index;

+		if(index = name2index(*argv) > 0){

+			print("Loading call: %s\n", *argv);

+			ladd(&tofuzz, &index); // Might be dangerous, pls fix

+		}else{

+			print("Error: Invalid system call: %s\n", *argv);

+			exits("Encountered invalid syscall");

+		}

 	}

 	// Operate for the desired number of rounds, -1 is infinite

@@ -34,4 +50,29 @@

 	}

 	exits(nil);

+}

+

+

+// Initialize the syscall table -- hopefully deprecated by a lex/yacc builder

+void

+initsctable(void)

+{

+	int i;

+	for(i = 0; i < NCALLS; i++){

+		syscalls[i].c = (call)i;

+		syscalls[i].name = callnames[i]; // Pointer points to callnames

+		syscalls[i].round = -1;

+		syscalls[i].seed = -1;

+	}

+}

+

+// Given a syscall name, return the index it occurs -- or -1 if not found

+int

+name2index(char* name)

+{

+	int i;

+	for(i = 0; i < NCALLS; i++)

+		if(strcmp(syscalls[i].name, name) == 0)

+			return i;

+	return -1;

 }