1 /* $NetBSD: t_fuzz.c,v 1.5 2012/04/21 01:03:46 manu Exp $ */
4 * Copyright (c) 2010 The NetBSD Foundation, Inc.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
30 * Fuzztest puffs mount. There are n different levels of testing:
31 * each one pours more and more sane garbage into the args to that
32 * the mount progresses further and further. Level 8 (at least when
33 * writing this comment) should be the one where mounting actually
36 * Our metric of success is crash / no crash.
39 #include <sys/types.h>
40 #include <sys/mount.h>
54 #include <fs/puffs/puffs_msgif.h>
56 #include <rump/rump.h>
57 #include <rump/rump_syscalls.h>
59 #include "../../h_macros.h"
61 #define ITERATIONS 100
64 fixversion(struct puffs_kargs *kargs)
67 kargs->pa_vers = PUFFSVERSION;
71 fixkflag(struct puffs_kargs *kargs)
74 kargs->pa_flags &= PUFFS_KFLAG_MASK;
77 * PUFFS_KFLAG_CACHE_FS_TTL require extended behavior
78 * from the filesystem for which we have no test right now.
80 kargs->pa_flags &= ~PUFFS_KFLAG_CACHE_FS_TTL;
84 fixfhflag(struct puffs_kargs *kargs)
87 kargs->pa_fhflags &= PUFFS_FHFLAG_MASK;
91 fixspare(struct puffs_kargs *kargs)
94 memset(&kargs->pa_spare, 0, sizeof(kargs->pa_spare));
98 fixhandsize(struct puffs_kargs *kargs)
101 kargs->pa_fhsize %= PUFFS_FHSIZE_MAX+4;
105 fixhandsize2(struct puffs_kargs *kargs)
109 if (kargs->pa_fhflags & PUFFS_FHFLAG_NFSV3)
110 kargs->pa_fhsize %= 60;
111 if (kargs->pa_fhflags & PUFFS_FHFLAG_NFSV2)
112 kargs->pa_fhsize %= 28;
116 fixputter(struct puffs_kargs *kargs)
119 kargs->pa_fd = rump_sys_open("/dev/putter", O_RDWR);
120 if (kargs->pa_fd == -1)
121 atf_tc_fail_errno("open putter");
125 fixroot(struct puffs_kargs *kargs)
128 kargs->pa_root_vtype %= VBAD;
132 unfixputter(struct puffs_kargs *kargs)
135 rump_sys_close(kargs->pa_fd);
138 typedef void (*fixfn)(struct puffs_kargs *);
139 static fixfn fixstack[] = {
151 fixup(int nfix, struct puffs_kargs *kargs)
155 assert(nfix <= __arraycount(fixstack));
156 for (i = 0; i < nfix; i++)
161 unfixup(int nfix, struct puffs_kargs *kargs)
168 static pthread_mutex_t damtx;
169 static pthread_cond_t dacv;
170 static int dafd = -1;
173 respondthread(void *arg)
175 char buf[PUFFS_MSG_MAXSIZE];
176 struct puffs_req *preq = (void *)buf;
180 pthread_mutex_lock(&damtx);
183 pthread_cond_wait(&dacv, &damtx);
186 pthread_mutex_unlock(&damtx);
190 if (rump_sys_poll(&pfd, 1, 10) == 0) {
191 pthread_mutex_lock(&damtx);
194 n = rump_sys_read(dafd, buf, sizeof(buf));
196 pthread_mutex_lock(&damtx);
200 /* just say it was succesful */
202 rump_sys_write(dafd, buf, n);
203 pthread_mutex_lock(&damtx);
214 struct puffs_kargs kargs;
220 printf("test seeded RNG with %lu\n", seed);
224 pthread_mutex_init(&damtx, NULL);
225 pthread_cond_init(&dacv, NULL);
226 pthread_create(&pt, NULL, respondthread, NULL);
228 ATF_REQUIRE(rump_sys_mkdir("/mnt", 0777) == 0);
230 for (i = 0; i < ITERATIONS; i++) {
231 tests_makegarbage(&kargs, sizeof(kargs));
233 if (rump_sys_mount(MOUNT_PUFFS, "/mnt", 0,
234 &kargs, sizeof(kargs)) == 0) {
237 pthread_mutex_lock(&damtx);
239 pthread_cond_signal(&dacv);
240 pthread_mutex_unlock(&damtx);
242 rump_sys_stat("/mnt", &sb);
243 rump_sys_unmount("/mnt", MNT_FORCE);
245 unfixup(nfix, &kargs);
247 pthread_mutex_lock(&damtx);
249 pthread_mutex_unlock(&damtx);
253 #define MAKETEST(_n_) \
254 ATF_TC(mountfuzz##_n_); \
255 ATF_TC_HEAD(mountfuzz##_n_, tc) \
256 {atf_tc_set_md_var(tc, "descr", "garbage kargs, " # _n_ " fix(es)");} \
257 ATF_TC_BODY(mountfuzz##_n_, tc) {testbody(_n_);}
272 ATF_TP_ADD_TC(tp, mountfuzz0);
273 ATF_TP_ADD_TC(tp, mountfuzz1);
274 ATF_TP_ADD_TC(tp, mountfuzz2);
275 ATF_TP_ADD_TC(tp, mountfuzz3);
276 ATF_TP_ADD_TC(tp, mountfuzz4);
277 ATF_TP_ADD_TC(tp, mountfuzz5);
278 ATF_TP_ADD_TC(tp, mountfuzz6);
279 ATF_TP_ADD_TC(tp, mountfuzz7);
280 ATF_TP_ADD_TC(tp, mountfuzz8);
282 return atf_no_error();