1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
/*
* Fork-based fuzzing helpers
*
* Copyright Red Hat Inc., 2019
*
* Authors:
* Alexander Bulekov <alxndr@bu.edu>
*
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*
*/
#include "qemu/osdep.h"
#include "fork_fuzz.h"
void counter_shm_init(void)
{
char *shm_path = g_strdup_printf("/qemu-fuzz-cntrs.%d", getpid());
int fd = shm_open(shm_path, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
g_free(shm_path);
if (fd == -1) {
perror("Error: ");
exit(1);
}
if (ftruncate(fd, &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START) == -1) {
perror("Error: ");
exit(1);
}
/* Copy what's in the counter region to the shm.. */
void *rptr = mmap(NULL ,
&__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START,
PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
memcpy(rptr,
&__FUZZ_COUNTERS_START,
&__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
munmap(rptr, &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
/* And map the shm over the counter region */
rptr = mmap(&__FUZZ_COUNTERS_START,
&__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START,
PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, 0);
close(fd);
if (!rptr) {
perror("Error: ");
exit(1);
}
}
|
