syscalls/mmap.c

   1 /*
   2  * SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len,
   3         unsigned long, prot, unsigned long, flags,
   4         unsigned long, fd, unsigned long, off)
   5  */
   6 #include <stdlib.h>
   7 #include <string.h>
   8 #include <sys/mman.h>
   9 #include "maps.h"
  10 #include "sanitise.h"
  11 #include "shm.h"
  12 #include "arch.h"
  13 #include "compat.h"
  14 #include "random.h"
  15 #include "utils.h"      //ARRAY_SIZE
  16 #include "utils.h"
  17
  18 #ifdef __x86_64__
  19 #define NUM_FLAGS 13
  20 #else
  21 #define NUM_FLAGS 12
  22 #endif
  23
  24 // need this to actually get MAP_UNINITIALIZED defined
  25 #define CONFIG_MMAP_ALLOW_UNINITIALIZED
  26
  27 static void do_anon(int childno)
  28 {
  29         /* no fd if anonymous mapping. */
  30         shm->a5[childno] = -1;
  31         shm->a6[childno] = 0;
  32 }
  33
  34 void sanitise_mmap(int childno)
  35 {
  36         unsigned int i;
  37         unsigned int flagvals[NUM_FLAGS] = { MAP_FIXED, MAP_ANONYMOUS,
  38                         MAP_GROWSDOWN, MAP_DENYWRITE, MAP_EXECUTABLE, MAP_LOCKED,
  39                         MAP_NORESERVE, MAP_POPULATE, MAP_NONBLOCK, MAP_STACK,
  40                         MAP_HUGETLB, MAP_UNINITIALIZED,
  41 #ifdef __x86_64__
  42                         MAP_32BIT,
  43 #endif
  44         };
  45         unsigned int numflags = rand() % NUM_FLAGS;
  46         unsigned long sizes[] = {
  47                 -1,     /* over-written with page_size below */
  48                 1 * MB, 2 * MB, 4 * MB, 10 * MB,
  49                 1 * GB,
  50         };
  51
  52         sizes[0] = page_size;
  53
  54         /* Don't actually set a hint right now. */
  55         shm->a1[childno] = 0;
  56
  57         shm->a2[childno] = sizes[rand() % ARRAY_SIZE(sizes)];
  58
  59         // set additional flags
  60         for (i = 0; i < numflags; i++)
  61                 shm->a4[childno] |= flagvals[rand() % NUM_FLAGS];
  62
  63         if (shm->a4[childno] & MAP_ANONYMOUS) {
  64                 do_anon(childno);
  65         } else {
  66                 /* page align non-anonymous mappings. */
  67                 shm->a6[childno] &= PAGE_MASK;
  68         }
  69 }
  70
  71 static void post_mmap(int childno)
  72 {
  73         char *p;
  74         struct list_head *list;
  75         struct map *new;
  76
  77         p = (void *) shm->retval[childno];
  78         if (p == MAP_FAILED)
  79                 return;
  80
  81         new = zmalloc(sizeof(struct map));
  82         new->name = strdup("misc");
  83         new->size = shm->a2[childno];
  84         new->prot = shm->a3[childno];
  85         new->ptr = p;
  86
  87         // Add this to a list for use by subsequent syscalls.
  88         list = &shm->mappings[childno]->list;
  89         list_add_tail(&new->list, list);
  90         shm->num_mappings[childno]++;
  91
  92         /* Sometimes dirty the mapping. */
  93         if (!(new->prot & PROT_WRITE))
  94                 return;
  95
  96         if (rand_bool())
  97                 p[rand() % page_size] = 1;
  98 }
  99
 100 struct syscall syscall_mmap = {
 101         .name = "mmap",
 102         .num_args = 6,
 103         .sanitise = sanitise_mmap,
 104         .arg1name = "addr",
 105         .arg1type = ARG_MMAP,
 106         .arg2name = "len",
 107         .arg2type = ARG_LEN,
 108         .arg3name = "prot",
 109         .arg3type = ARG_LIST,
 110         .arg3list = {
 111                 .num = 4,
 112                 .values = { PROT_READ, PROT_WRITE, PROT_EXEC, PROT_SEM },
 113         },
 114         .arg4name = "flags",
 115         .arg4type = ARG_OP,
 116         .arg4list = {
 117                 .num = 2,
 118                 .values = { MAP_SHARED, MAP_PRIVATE },
 119         },
 120         .arg5name = "fd",
 121         .arg5type = ARG_FD,
 122         .arg6name = "off",
 123         .arg6type = ARG_LEN,
 124         .group = GROUP_VM,
 125         .flags = NEED_ALARM,
 126         .post = post_mmap,
 127 };