We used shm_open with mmap to share libfuzzer's coverage bitmap with child (runner) processes. The same functionality can be achieved with MAP_SHARED | MAP_ANONYMOUS, since we do not care about naming or permissioning the shared memory object. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200622165040.15121-1-alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
		
			
				
	
	
		
			42 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			42 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * Fork-based fuzzing helpers
 | |
|  *
 | |
|  * Copyright Red Hat Inc., 2019
 | |
|  *
 | |
|  * Authors:
 | |
|  *  Alexander Bulekov   <alxndr@bu.edu>
 | |
|  *
 | |
|  * This work is licensed under the terms of the GNU GPL, version 2 or later.
 | |
|  * See the COPYING file in the top-level directory.
 | |
|  *
 | |
|  */
 | |
| 
 | |
| #include "qemu/osdep.h"
 | |
| #include "fork_fuzz.h"
 | |
| 
 | |
| 
 | |
| void counter_shm_init(void)
 | |
| {
 | |
|     /* Copy what's in the counter region to a temporary buffer.. */
 | |
|     void *copy = malloc(&__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
 | |
|     memcpy(copy,
 | |
|            &__FUZZ_COUNTERS_START,
 | |
|            &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
 | |
| 
 | |
|     /* Map a shared region over the counter region */
 | |
|     if (mmap(&__FUZZ_COUNTERS_START,
 | |
|              &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START,
 | |
|              PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED | MAP_ANONYMOUS,
 | |
|              0, 0) == MAP_FAILED) {
 | |
|         perror("Error: ");
 | |
|         exit(1);
 | |
|     }
 | |
| 
 | |
|     /* Copy the original data back to the counter-region */
 | |
|     memcpy(&__FUZZ_COUNTERS_START, copy,
 | |
|            &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
 | |
|     free(copy);
 | |
| }
 | |
| 
 | |
| 
 |