maps.c

   1 #include <stdlib.h>
   2 #include <string.h>
   3 #include <sys/mman.h>
   4 #include <sys/types.h>
   5 #include <sys/stat.h>
   6 #include "arch.h"
   7 #include "list.h"
   8 #include "child.h"
   9 #include "maps.h"
  10 #include "random.h"
  11 #include "shm.h"
  12
  13 /* Walk a list, get a random element */
  14 static struct map * __get_map(struct list_head *head, unsigned int max)
  15 {
  16         struct list_head *node;
  17
  18         unsigned int i, j = 0;
  19
  20         i = rand() % max;
  21
  22         list_for_each(node, head) {
  23                 struct map *m;
  24
  25                 m = (struct map *) node;
  26
  27                 if (i == j)
  28                         return m;
  29                 j++;
  30         }
  31         return NULL;
  32 }
  33
  34 /* Return a pointer a previous mmap() that we did, either during startup,
  35  * or from a fuzz result. */
  36 struct map * get_map(void)
  37 {
  38         struct map *map;
  39         bool local = FALSE;
  40
  41         /* We can get called by child processes, and also during startup by
  42          * the main process when it constructs page_rand etc.
  43          * If we're not running in child context, just do shared mappings.
  44          * because main doesn't have any 'local' mappings.
  45          */
  46         if (this_child != 0) {
  47                 if (shm->num_mappings[this_child] > 0)
  48                         local = rand_bool();
  49         }
  50
  51         if (local == TRUE)
  52                 map = __get_map(&shm->mappings[this_child]->list, shm->num_mappings[this_child]);
  53         else
  54                 map = __get_map(&shared_mappings->list, num_shared_mappings);
  55
  56         return map;
  57 }
  58
  59 static void delete_local_mapping(int childno, struct map *map)
  60 {
  61         list_del(&map->list);
  62         shm->num_mappings[childno]--;
  63 }
  64
  65 /* Called from munmap()'s ->post routine. */
  66 void delete_mapping(int childno, struct map *map)
  67 {
  68         if (map->type == MAP_LOCAL)
  69                 delete_local_mapping(childno, map);
  70
  71         /* Right now, we don't want to delete MAP_GLOBAL mappings */
  72 }
  73
  74 /* used in several sanitise_* functions. */
  75 struct map * common_set_mmap_ptr_len(int childno)
  76 {
  77         struct map *map;
  78
  79         map = (struct map *) shm->syscall[childno].a1;
  80         shm->scratch[childno] = (unsigned long) map;    /* Save this for ->post */
  81         if (map == NULL) {
  82                 shm->syscall[childno].a1 = 0;
  83                 shm->syscall[childno].a2 = 0;
  84                 return NULL;
  85         }
  86
  87         shm->syscall[childno].a1 = (unsigned long) map->ptr;
  88         shm->syscall[childno].a2 = map->size;           //TODO: Munge this.
  89
  90         return map;
  91 }