xref: /aosp_15_r20/external/AFLplusplus/include/snapshot-inl.h (revision 08b48e0b10e97b33e7b60c5b6e2243bd915777f2) 
1*08b48e0bSAndroid Build Coastguard Worker /*
2*08b48e0bSAndroid Build Coastguard Worker    american fuzzy lop++ - snapshot helpers routines
3*08b48e0bSAndroid Build Coastguard Worker    ------------------------------------------------
4*08b48e0bSAndroid Build Coastguard Worker 
5*08b48e0bSAndroid Build Coastguard Worker    Originally written by Michal Zalewski
6*08b48e0bSAndroid Build Coastguard Worker 
7*08b48e0bSAndroid Build Coastguard Worker    Forkserver design by Jann Horn <[email protected]>
8*08b48e0bSAndroid Build Coastguard Worker 
9*08b48e0bSAndroid Build Coastguard Worker    Now maintained by Marc Heuse <[email protected]>,
10*08b48e0bSAndroid Build Coastguard Worker                      Heiko Eißfeldt <[email protected]>,
11*08b48e0bSAndroid Build Coastguard Worker                      Andrea Fioraldi <[email protected]>,
12*08b48e0bSAndroid Build Coastguard Worker                      Dominik Maier <[email protected]>
13*08b48e0bSAndroid Build Coastguard Worker 
14*08b48e0bSAndroid Build Coastguard Worker    Copyright 2016, 2017 Google Inc. All rights reserved.
15*08b48e0bSAndroid Build Coastguard Worker    Copyright 2019-2024 AFLplusplus Project. All rights reserved.
16*08b48e0bSAndroid Build Coastguard Worker 
17*08b48e0bSAndroid Build Coastguard Worker    Licensed under the Apache License, Version 2.0 (the "License");
18*08b48e0bSAndroid Build Coastguard Worker    you may not use this file except in compliance with the License.
19*08b48e0bSAndroid Build Coastguard Worker    You may obtain a copy of the License at:
20*08b48e0bSAndroid Build Coastguard Worker 
21*08b48e0bSAndroid Build Coastguard Worker      https://www.apache.org/licenses/LICENSE-2.0
22*08b48e0bSAndroid Build Coastguard Worker 
23*08b48e0bSAndroid Build Coastguard Worker  */
24*08b48e0bSAndroid Build Coastguard Worker 
25*08b48e0bSAndroid Build Coastguard Worker // From AFL-Snapshot-LKM/include/afl_snapshot.h (must be kept synced)
26*08b48e0bSAndroid Build Coastguard Worker 
27*08b48e0bSAndroid Build Coastguard Worker #include <sys/ioctl.h>
28*08b48e0bSAndroid Build Coastguard Worker #include <stdlib.h>
29*08b48e0bSAndroid Build Coastguard Worker #include <fcntl.h>
30*08b48e0bSAndroid Build Coastguard Worker 
31*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_FILE_NAME "/dev/afl_snapshot"
32*08b48e0bSAndroid Build Coastguard Worker 
33*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_IOCTL_MAGIC 44313
34*08b48e0bSAndroid Build Coastguard Worker 
35*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_IOCTL_DO _IO(AFL_SNAPSHOT_IOCTL_MAGIC, 1)
36*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_IOCTL_CLEAN _IO(AFL_SNAPSHOT_IOCTL_MAGIC, 2)
37*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_EXCLUDE_VMRANGE \
38*08b48e0bSAndroid Build Coastguard Worker   _IOR(AFL_SNAPSHOT_IOCTL_MAGIC, 3, struct afl_snapshot_vmrange_args *)
39*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_INCLUDE_VMRANGE \
40*08b48e0bSAndroid Build Coastguard Worker   _IOR(AFL_SNAPSHOT_IOCTL_MAGIC, 4, struct afl_snapshot_vmrange_args *)
41*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_IOCTL_TAKE _IOR(AFL_SNAPSHOT_IOCTL_MAGIC, 5, int)
42*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_IOCTL_RESTORE _IO(AFL_SNAPSHOT_IOCTL_MAGIC, 6)
43*08b48e0bSAndroid Build Coastguard Worker 
44*08b48e0bSAndroid Build Coastguard Worker // Trace new mmaped ares and unmap them on restore.
45*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_MMAP 1
46*08b48e0bSAndroid Build Coastguard Worker // Do not snapshot any page (by default all writeable not-shared pages
47*08b48e0bSAndroid Build Coastguard Worker // are shanpshotted.
48*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_BLOCK 2
49*08b48e0bSAndroid Build Coastguard Worker // Snapshot file descriptor state, close newly opened descriptors
50*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_FDS 4
51*08b48e0bSAndroid Build Coastguard Worker // Snapshot registers state
52*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_REGS 8
53*08b48e0bSAndroid Build Coastguard Worker // Perform a restore when exit_group is invoked
54*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_EXIT 16
55*08b48e0bSAndroid Build Coastguard Worker // TODO(andrea) allow not COW snapshots (high perf on small processes)
56*08b48e0bSAndroid Build Coastguard Worker // Disable COW, restore all the snapshotted pages
57*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_NOCOW 32
58*08b48e0bSAndroid Build Coastguard Worker // Do not snapshot Stack pages
59*08b48e0bSAndroid Build Coastguard Worker #define AFL_SNAPSHOT_NOSTACK 64
60*08b48e0bSAndroid Build Coastguard Worker 
61*08b48e0bSAndroid Build Coastguard Worker struct afl_snapshot_vmrange_args {
62*08b48e0bSAndroid Build Coastguard Worker 
63*08b48e0bSAndroid Build Coastguard Worker   unsigned long start, end;
64*08b48e0bSAndroid Build Coastguard Worker 
65*08b48e0bSAndroid Build Coastguard Worker };
66*08b48e0bSAndroid Build Coastguard Worker 
67*08b48e0bSAndroid Build Coastguard Worker static int afl_snapshot_dev_fd;
68*08b48e0bSAndroid Build Coastguard Worker 
afl_snapshot_init(void)69*08b48e0bSAndroid Build Coastguard Worker static int afl_snapshot_init(void) {
70*08b48e0bSAndroid Build Coastguard Worker 
71*08b48e0bSAndroid Build Coastguard Worker   afl_snapshot_dev_fd = open(AFL_SNAPSHOT_FILE_NAME, 0);
72*08b48e0bSAndroid Build Coastguard Worker   return afl_snapshot_dev_fd;
73*08b48e0bSAndroid Build Coastguard Worker 
74*08b48e0bSAndroid Build Coastguard Worker }
75*08b48e0bSAndroid Build Coastguard Worker 
afl_snapshot_exclude_vmrange(void * start,void * end)76*08b48e0bSAndroid Build Coastguard Worker static void afl_snapshot_exclude_vmrange(void *start, void *end) {
77*08b48e0bSAndroid Build Coastguard Worker 
78*08b48e0bSAndroid Build Coastguard Worker   struct afl_snapshot_vmrange_args args = {(unsigned long)start,
79*08b48e0bSAndroid Build Coastguard Worker                                            (unsigned long)end};
80*08b48e0bSAndroid Build Coastguard Worker   ioctl(afl_snapshot_dev_fd, AFL_SNAPSHOT_EXCLUDE_VMRANGE, &args);
81*08b48e0bSAndroid Build Coastguard Worker 
82*08b48e0bSAndroid Build Coastguard Worker }
83*08b48e0bSAndroid Build Coastguard Worker 
afl_snapshot_include_vmrange(void * start,void * end)84*08b48e0bSAndroid Build Coastguard Worker static void afl_snapshot_include_vmrange(void *start, void *end) {
85*08b48e0bSAndroid Build Coastguard Worker 
86*08b48e0bSAndroid Build Coastguard Worker   struct afl_snapshot_vmrange_args args = {(unsigned long)start,
87*08b48e0bSAndroid Build Coastguard Worker                                            (unsigned long)end};
88*08b48e0bSAndroid Build Coastguard Worker   ioctl(afl_snapshot_dev_fd, AFL_SNAPSHOT_INCLUDE_VMRANGE, &args);
89*08b48e0bSAndroid Build Coastguard Worker 
90*08b48e0bSAndroid Build Coastguard Worker }
91*08b48e0bSAndroid Build Coastguard Worker 
afl_snapshot_take(int config)92*08b48e0bSAndroid Build Coastguard Worker static int afl_snapshot_take(int config) {
93*08b48e0bSAndroid Build Coastguard Worker 
94*08b48e0bSAndroid Build Coastguard Worker   return ioctl(afl_snapshot_dev_fd, AFL_SNAPSHOT_IOCTL_TAKE, config);
95*08b48e0bSAndroid Build Coastguard Worker 
96*08b48e0bSAndroid Build Coastguard Worker }
97*08b48e0bSAndroid Build Coastguard Worker 
afl_snapshot_do(void)98*08b48e0bSAndroid Build Coastguard Worker static int afl_snapshot_do(void) {
99*08b48e0bSAndroid Build Coastguard Worker 
100*08b48e0bSAndroid Build Coastguard Worker   return ioctl(afl_snapshot_dev_fd, AFL_SNAPSHOT_IOCTL_DO);
101*08b48e0bSAndroid Build Coastguard Worker 
102*08b48e0bSAndroid Build Coastguard Worker }
103*08b48e0bSAndroid Build Coastguard Worker 
afl_snapshot_restore(void)104*08b48e0bSAndroid Build Coastguard Worker static void afl_snapshot_restore(void) {
105*08b48e0bSAndroid Build Coastguard Worker 
106*08b48e0bSAndroid Build Coastguard Worker   ioctl(afl_snapshot_dev_fd, AFL_SNAPSHOT_IOCTL_RESTORE);
107*08b48e0bSAndroid Build Coastguard Worker 
108*08b48e0bSAndroid Build Coastguard Worker }
109*08b48e0bSAndroid Build Coastguard Worker 
afl_snapshot_clean(void)110*08b48e0bSAndroid Build Coastguard Worker static void afl_snapshot_clean(void) {
111*08b48e0bSAndroid Build Coastguard Worker 
112*08b48e0bSAndroid Build Coastguard Worker   ioctl(afl_snapshot_dev_fd, AFL_SNAPSHOT_IOCTL_CLEAN);
113*08b48e0bSAndroid Build Coastguard Worker 
114*08b48e0bSAndroid Build Coastguard Worker }
115*08b48e0bSAndroid Build Coastguard Worker 
116