From 0febcbea09fcd33ce8f555b254b6eaf1f8d3d3a5 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 01:51:17 +0100 Subject: [PATCH 1/9] fixed string handling --- llmp_test/src/main.rs | 54 +++++++++------------------------- src/events/llmp_translated.rs | 30 +++++++++---------- src/events/shmem_translated.rs | 28 ++++++++++-------- 3 files changed, 44 insertions(+), 68 deletions(-) diff --git a/llmp_test/src/main.rs b/llmp_test/src/main.rs index 1e927d293a..b0f5d2d6e8 100644 --- a/llmp_test/src/main.rs +++ b/llmp_test/src/main.rs @@ -10,7 +10,6 @@ fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) { } fn main() { - let thread_count = 1; /* The main node has a broker, a tcp server, and a few worker threads */ @@ -24,45 +23,20 @@ fn main() { llmp_client_count: 0, llmp_clients: ptr::null_mut(), }; - unsafe {llmp_broker_init(&mut broker).expect("Could not init")}; - - unsafe {llmp_broker_register_childprocess_clientloop(&mut broker, llmp_test_clientloop, ptr::null_mut()).expect("could not add child clientloop")}; - - /*unsafe {llmp_broker_register_threaded_clientloop(broker, llmp_clientloop_print_u32, NULL)) { - - FATAL("error adding threaded client"); + let thread_count = 4; + unsafe { + llmp_broker_init(&mut broker).expect("Could not init"); + for i in 0..thread_count { + println!("Adding client {}", i); + llmp_broker_register_childprocess_clientloop( + &mut broker, + llmp_test_clientloop, + ptr::null_mut(), + ) + .expect("could not add child clientloop"); + } + println!("Spawning broker"); + llmp_broker_run(&mut broker); } - - int i; - for (i = 0; i < thread_count; i++) { - - if (!llmp_broker_register_threaded_clientloop(broker, llmp_clientloop_rand_u32, NULL)) { - - FATAL("error adding threaded client"); - - } - - } - - OKF("Spawning main on port %d", port); - llmp_broker_run(broker); - - } else { - - if (thread_count > 1) { WARNF("Multiple threads not supported for clients."); } - - OKF("Client will connect to port %d", port); - // Worker only needs to spawn client threads. - llmp_client_t *client_state = llmp_client_new(port); - if (!client_state) { FATAL("Error connecting to broker at port %d", port); } - llmp_clientloop_rand_u32(client_state, NULL); - - } - - FATAL("Unreachable"); - - - println!("Hello, world!"); - */ } diff --git a/src/events/llmp_translated.rs b/src/events/llmp_translated.rs index ff349520f9..0a0734a9cd 100644 --- a/src/events/llmp_translated.rs +++ b/src/events/llmp_translated.rs @@ -53,7 +53,7 @@ use ::libc; use core::sync::atomic::{compiler_fence, Ordering}; use libc::{c_int, c_uint, c_ulong, c_ushort, c_void}; use std::process::exit; -use std::str; +use std::ffi::CStr; use crate::AflError; use crate::utils::next_pow2; @@ -680,7 +680,7 @@ pub unsafe extern "C" fn llmp_broker_alloc_next( Be careful: Intenral realloc may change the location of the client map */ unsafe fn llmp_broker_register_client( mut broker: *mut llmp_broker_state, - shm_str: &str, + shm_str: &CStr, map_size: c_ulong, ) -> *mut llmp_broker_client_metadata { /* make space for a new client and calculate its id */ @@ -780,7 +780,7 @@ unsafe fn llmp_broker_handle_new_msgs( afl_shmem_deinit(client_map); if afl_shmem_by_str( client_map, - str::from_utf8(&(*pageinfo).shm_str).unwrap(), + CStr::from_bytes_with_nul(&(*pageinfo).shm_str).expect("Illegal shm_str"), (*pageinfo).map_size, ) .is_null() @@ -811,7 +811,7 @@ unsafe fn llmp_broker_handle_new_msgs( let client_id: u32 = (*(*client).client_state).id; if llmp_broker_register_client( broker, - str::from_utf8(&(*pageinfo).shm_str).unwrap(), + CStr::from_bytes_with_nul(&(*pageinfo).shm_str).expect("Illegal shm_str"), (*pageinfo).map_size, ) .is_null() @@ -901,8 +901,7 @@ pub unsafe extern "C" fn llmp_broker_once(broker: *mut llmp_broker_state) { } /* The broker walks all pages and looks for changes, then broadcasts them on * its own shared page */ -#[no_mangle] -pub unsafe extern "C" fn llmp_broker_loop(broker: *mut llmp_broker_state) { +pub unsafe fn llmp_broker_loop(broker: *mut llmp_broker_state) -> !{ loop { compiler_fence(Ordering::SeqCst); llmp_broker_once(broker); @@ -1000,8 +999,8 @@ pub unsafe extern "C" fn llmp_broker_launch_client( } //return 1 as c_int != 0; } -#[no_mangle] -pub unsafe extern "C" fn llmp_broker_launch_clientloops(broker: *mut llmp_broker_state) -> bool { + +pub unsafe fn llmp_broker_launch_clientloops(broker: *mut llmp_broker_state) -> Result<(), AflError> { let mut i: c_ulong = 0; while i < (*broker).llmp_client_count { if (*(*broker).llmp_clients.offset(i as isize)).client_type as c_uint @@ -1009,13 +1008,14 @@ pub unsafe extern "C" fn llmp_broker_launch_clientloops(broker: *mut llmp_broker { if !llmp_broker_launch_client(broker, &mut *(*broker).llmp_clients.offset(i as isize)) { println!("[!] WARNING: Could not launch all clients"); - return 0 as c_int != 0; + return Err(AflError::Unknown("Failed to launch clients".into())) } } i = i.wrapping_add(1) } - return 1 as c_int != 0; + Ok(()) } + /* The broker walks all pages and looks for changes, then broadcasts them on its own shared page. Never returns. */ @@ -1023,11 +1023,11 @@ Never returns. */ Same as llmp_broker_launch_threaded clients(); Never returns. */ /* Start all threads and the main broker. Never returns. */ -#[no_mangle] -pub unsafe extern "C" fn llmp_broker_run(broker: *mut llmp_broker_state) { - llmp_broker_launch_clientloops(broker); +pub unsafe fn llmp_broker_run(broker: *mut llmp_broker_state) -> ! { + llmp_broker_launch_clientloops(broker).expect("Failed to launch clients"); llmp_broker_loop(broker); } + /* For non zero-copy, we want to get rid of old pages with duplicate messages eventually. This function This funtion sees if we can unallocate older pages. @@ -1127,7 +1127,7 @@ pub unsafe extern "C" fn llmp_client_recv(mut client: *mut llmp_client) -> *mut afl_shmem_deinit(broadcast_map); if afl_shmem_by_str( (*client).current_broadcast_map, - str::from_utf8(&(*pageinfo).shm_str).unwrap(), + CStr::from_bytes_with_nul(&(*pageinfo).shm_str).expect("Illegal shm_str"), (*pageinfo).map_size, ) .is_null() @@ -1350,7 +1350,7 @@ pub unsafe fn llmp_broker_register_childprocess_clientloop( return Err(AflError::Unknown("Alloc".into())); } let mut client: *mut llmp_broker_client_metadata = - llmp_broker_register_client(broker, str::from_utf8(&client_map.shm_str).unwrap(), client_map.map_size); + llmp_broker_register_client(broker, CStr::from_ptr(&client_map.shm_str as *const i8), client_map.map_size); if client.is_null() { afl_shmem_deinit(&mut client_map); return Err(AflError::Unknown("Something in clients failed".into())); diff --git a/src/events/shmem_translated.rs b/src/events/shmem_translated.rs index 3823567702..3ffa692a31 100644 --- a/src/events/shmem_translated.rs +++ b/src/events/shmem_translated.rs @@ -1,5 +1,6 @@ use ::libc; use libc::{c_int, c_uint, c_char, c_uchar, c_ushort, c_long, c_ulong, c_void}; +use std::ffi::CStr; extern "C" { #[no_mangle] @@ -84,7 +85,7 @@ pub const AFL_RET_SUCCESS: c_uint = 0; #[derive(Copy, Clone)] #[repr(C)] pub struct afl_shmem { - pub shm_str: [u8; 20], + pub shm_str: [c_char; 20], pub shm_id: c_int, pub map: *mut c_uchar, pub map_size: c_ulong, @@ -96,8 +97,8 @@ pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) { // Not set or not initialized; return } - (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as i32 as u8; + (*shm).shm_str[0 as usize] = + '\u{0}' as c_char; shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).map = 0 as *mut c_uchar; } @@ -112,8 +113,8 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, 0o1000 as c_int | 0o2000 as c_int | 0o600 as c_int); if (*shm).shm_id < 0 as c_int { - (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as i32 as u8; + (*shm).shm_str[0] = + '\u{0}' as c_char; return 0 as *mut c_uchar } snprintf((*shm).shm_str.as_mut_ptr() as *mut i8, @@ -122,7 +123,7 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, (*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as c_ulong).wrapping_sub(1 as c_int as c_ulong) as - usize] = '\u{0}' as i32 as u8; + usize] = '\u{0}' as c_char; (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar; @@ -131,16 +132,16 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).shm_id = -(1 as c_int); (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as i32 as u8; + '\u{0}' as c_char; return 0 as *mut c_uchar } return (*shm).map; } pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, - shm_str: &str, + shm_str: &CStr, map_size: c_ulong) -> *mut c_uchar { - if shm.is_null() || shm_str.len() == 0 || map_size == 0 { + if shm.is_null() || shm_str.to_bytes().len() == 0 || map_size == 0 { return 0 as *mut c_uchar } (*shm).map = 0 as *mut c_uchar; @@ -149,7 +150,7 @@ pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, (::std::mem::size_of::<[c_char; 20]>() as c_ulong).wrapping_sub(1 as c_int as c_ulong)); - (*shm).shm_id = shm_str.parse::().unwrap(); + (*shm).shm_id = shm_str.to_str().expect(&format!("illegal shm_str {:?}", shm_str)).parse::().unwrap(); (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar; @@ -157,7 +158,7 @@ pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, (*shm).map = 0 as *mut c_uchar; (*shm).map_size = 0 as c_int as c_ulong; (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as i32 as u8; + '\u{0}' as c_char; return 0 as *mut c_uchar } return (*shm).map; @@ -166,9 +167,10 @@ pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, /* Write sharedmap as env var */ /* Write sharedmap as env var and the size as name#_SIZE */ pub unsafe fn afl_shmem_to_env_var(shmem: *mut afl_shmem, - env_name: &str) + env_name: &CStr) -> c_uint { - if shmem.is_null() || env_name.len() == 0 || env_name.len() > 200 || + let env_len = env_name.to_bytes().len(); + if shmem.is_null() || env_len == 0 || env_len > 200 || (*shmem).shm_str[0 as c_int as usize] == 0 { return AFL_RET_NULL_PTR } From f695684b0343ce58106467db2ae61a96cbf6fd22 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 02:55:33 +0100 Subject: [PATCH 2/9] multithreaded things --- llmp_test/src/main.rs | 53 +++++++++++++++++-- src/events/llmp_translated.rs | 96 ++++++++++++++-------------------- src/events/shmem_translated.rs | 4 +- 3 files changed, 92 insertions(+), 61 deletions(-) diff --git a/llmp_test/src/main.rs b/llmp_test/src/main.rs index b0f5d2d6e8..ebec9173c9 100644 --- a/llmp_test/src/main.rs +++ b/llmp_test/src/main.rs @@ -5,12 +5,56 @@ use std::ptr; use afl::events::llmp_translated::*; -fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) { - println!("Client says hi"); +use std::{thread, time}; + +fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { + let mut counter: u32 = 0; + loop { + counter += 10; + + unsafe { + let llmp_message = llmp_client_alloc_next(client, 10); + std::ptr::copy( + counter.to_be_bytes().as_ptr(), + (*llmp_message).buf.as_mut_ptr(), + 4, + ); + (*llmp_message).tag = 1; + llmp_client_send(client, llmp_message); + } + + thread::sleep(time::Duration::from_millis(100)); + } +} + +fn broker_message_hook( + broker: *mut llmp_broker_state, + client_metadata: *mut llmp_broker_client_metadata, + message: *mut llmp_message, + _data: *mut c_void, +) -> LlmpMessageHookResult { + + unsafe { + match (*message).tag { + 1 => { + // TODO: use higher bits + let counter_lowest = (std::slice::from_raw_parts((*message).buf.as_ptr(), 4))[3]; + println!( + "Got message {:?} from client {:?}", + counter_lowest, + (*client_metadata).pid + ); + LlmpMessageHookResult::Handled + }, + _ => { + println!("Unknwon message id received!"); + LlmpMessageHookResult::ForwardToClients + } + } + } } fn main() { - let thread_count = 1; /* The main node has a broker, a tcp server, and a few worker threads */ @@ -37,6 +81,9 @@ fn main() { } println!("Spawning broker"); + + llmp_broker_add_message_hook(&mut broker, broker_message_hook, ptr::null_mut()); + llmp_broker_run(&mut broker); } } diff --git a/src/events/llmp_translated.rs b/src/events/llmp_translated.rs index 0a0734a9cd..92b2057650 100644 --- a/src/events/llmp_translated.rs +++ b/src/events/llmp_translated.rs @@ -52,7 +52,6 @@ use ::libc; use core::sync::atomic::{compiler_fence, Ordering}; use libc::{c_int, c_uint, c_ulong, c_ushort, c_void}; -use std::process::exit; use std::ffi::CStr; use crate::AflError; @@ -148,7 +147,7 @@ pub struct llmp_broker_client_metadata { pub data: *mut c_void, } -pub type LlmpClientloopFn = fn(_: *mut llmp_client, _: *mut c_void) -> (); +pub type LlmpClientloopFn = fn(_: *mut llmp_client, _: *mut c_void) -> !; pub type LlmpClientType = c_uint; pub const LLMP_CLIENT_TYPE_FOREIGN_PROCESS: LlmpClientType = 3; pub const LLMP_CLIENT_TYPE_CHILD_PROCESS: LlmpClientType = 2; @@ -166,14 +165,19 @@ pub struct llmp_page { pub messages: [llmp_message; 0], } -pub type LlmpMessageHookFn = unsafe extern "C" fn( +pub enum LlmpMessageHookResult { + Handled, + ForwardToClients, +} + +pub type LlmpMessageHookFn = fn( _: *mut llmp_broker_state, _: *mut llmp_broker_client_metadata, _: *mut llmp_message, _: *mut c_void, -) -> bool; +) -> LlmpMessageHookResult; pub type LlmpClientNewPageHookFn = - unsafe extern "C" fn(_: *mut llmp_client, _: *mut llmp_page, _: *mut c_void) -> (); + unsafe fn(_: *mut llmp_client, _: *mut llmp_page, _: *mut c_void) -> (); /* Just a random msg */ /* Message payload when a client got added LLMP_TAG_CLIENT_ADDED_V1 */ /* A new sharedmap appeared. @@ -190,7 +194,7 @@ pub struct llmp_payload_new_page { /* Returs the container element to this ptr */ #[inline] -unsafe extern "C" fn afl_alloc_bufptr(buf: *mut c_void) -> *mut afl_alloc_buf { +unsafe fn afl_alloc_bufptr(buf: *mut c_void) -> *mut afl_alloc_buf { return (buf as *mut u8).offset(-(16 as c_ulong as isize)) as *mut afl_alloc_buf; } /* This function makes sure *size is > size_needed after call. @@ -200,8 +204,7 @@ https://blog.mozilla.org/nnethercote/2014/11/04/please-grow-your-buffers-exponen Will return NULL and free *buf if size_needed is <1 or realloc failed. @return For convenience, this function returns *buf. */ -#[inline] -unsafe extern "C" fn afl_realloc(buf: *mut c_void, mut size_needed: c_ulong) -> *mut c_void { +unsafe fn afl_realloc(buf: *mut c_void, mut size_needed: c_ulong) -> *mut c_void { let mut new_buf: *mut afl_alloc_buf = 0 as *mut afl_alloc_buf; let mut current_size: c_ulong = 0 as c_int as c_ulong; let mut next_size: c_ulong; @@ -243,25 +246,24 @@ unsafe extern "C" fn afl_realloc(buf: *mut c_void, mut size_needed: c_ulong) -> return (*new_buf).buf.as_mut_ptr() as *mut c_void; } #[inline] -unsafe extern "C" fn afl_free(buf: *mut c_void) { +unsafe fn afl_free(buf: *mut c_void) { if !buf.is_null() { free(afl_alloc_bufptr(buf) as *mut c_void); }; } #[inline] -unsafe extern "C" fn shmem2page(afl_shmem: *mut afl_shmem) -> *mut llmp_page { +unsafe fn shmem2page(afl_shmem: *mut afl_shmem) -> *mut llmp_page { return (*afl_shmem).map as *mut llmp_page; } /* If a msg is contained in the current page */ -#[no_mangle] -pub unsafe extern "C" fn llmp_msg_in_page(page: *mut llmp_page, msg: *mut llmp_message) -> bool { +pub unsafe fn llmp_msg_in_page(page: *mut llmp_page, msg: *mut llmp_message) -> bool { /* DBG("llmp_msg_in_page %p within %p-%p\n", msg, page, page + page->c_ulongotal); */ return (page as *mut u8) < msg as *mut u8 && (page as *mut u8).offset((*page).c_ulongotal as isize) > msg as *mut u8; } /* allign to LLMP_ALIGNNMENT bytes */ #[inline] -unsafe extern "C" fn llmp_align(to_align: c_ulong) -> c_ulong { +unsafe fn llmp_align(to_align: c_ulong) -> c_ulong { if 64 as c_int == 0 as c_int || to_align.wrapping_rem(64 as c_int as c_ulong) == 0 as c_int as c_ulong { @@ -275,7 +277,7 @@ unsafe extern "C" fn llmp_align(to_align: c_ulong) -> c_ulong { enough. For now, we want to have at least enough space to store 2 of the largest messages we encountered. */ #[inline] -unsafe extern "C" fn new_map_size(max_alloc: c_ulong) -> c_ulong { +unsafe fn new_map_size(max_alloc: c_ulong) -> c_ulong { return next_pow2({ let mut _a: c_ulong = max_alloc @@ -294,7 +296,7 @@ unsafe extern "C" fn new_map_size(max_alloc: c_ulong) -> c_ulong { } /* Initialize a new llmp_page. size should be relative to * llmp_page->messages */ -unsafe extern "C" fn _llmp_page_init(mut page: *mut llmp_page, sender: u32, size: c_ulong) { +unsafe fn _llmp_page_init(mut page: *mut llmp_page, sender: u32, size: c_ulong) { (*page).sender = sender; ::std::ptr::write_volatile( &mut (*page).current_msg_id as *mut c_ulong, @@ -310,15 +312,14 @@ unsafe extern "C" fn _llmp_page_init(mut page: *mut llmp_page, sender: u32, size } /* Pointer to the message behind the last message */ #[inline] -unsafe extern "C" fn _llmp_next_msg_ptr(last_msg: *mut llmp_message) -> *mut llmp_message { +unsafe fn _llmp_next_msg_ptr(last_msg: *mut llmp_message) -> *mut llmp_message { /* DBG("_llmp_next_msg_ptr %p %lu + %lu\n", last_msg, last_msg->buf_len_padded, sizeof(llmp_message)); */ return (last_msg as *mut u8) .offset(::std::mem::size_of::() as c_ulong as isize) .offset((*last_msg).buf_len_padded as isize) as *mut llmp_message; } /* Read next message. */ -#[no_mangle] -pub unsafe extern "C" fn llmp_recv( +pub unsafe fn llmp_recv( page: *mut llmp_page, last_msg: *mut llmp_message, ) -> *mut llmp_message { @@ -339,8 +340,7 @@ pub unsafe extern "C" fn llmp_recv( } /* Blocks/spins until the next message gets posted to the page, then returns that message. */ -#[no_mangle] -pub unsafe extern "C" fn llmp_recv_blocking( +pub unsafe fn llmp_recv_blocking( page: *mut llmp_page, last_msg: *mut llmp_message, ) -> *mut llmp_message { @@ -369,8 +369,7 @@ pub unsafe extern "C" fn llmp_recv_blocking( So if llmp_alloc_next fails, create new page if necessary, use this function, place EOP, commit EOP, reset, alloc again on the new space. */ -#[no_mangle] -pub unsafe extern "C" fn llmp_alloc_eop( +pub unsafe fn llmp_alloc_eop( mut page: *mut llmp_page, mut last_msg: *mut llmp_message, ) -> *mut llmp_message { @@ -409,8 +408,7 @@ pub unsafe extern "C" fn llmp_alloc_eop( Never call alloc_next without either sending or cancelling the last allocated message for this page! There can only ever be up to one message allocated per page at each given time. */ -#[no_mangle] -pub unsafe extern "C" fn llmp_alloc_next( +pub unsafe fn llmp_alloc_next( mut page: *mut llmp_page, last_msg: *mut llmp_message, buf_len: c_ulong, @@ -517,8 +515,7 @@ pub unsafe extern "C" fn llmp_alloc_next( After commiting, the msg shall no longer be altered! It will be read by the consuming threads (broker->clients or client->broker) */ -#[no_mangle] -pub unsafe extern "C" fn llmp_send(page: *mut llmp_page, msg: *mut llmp_message) -> bool { +pub unsafe fn llmp_send(page: *mut llmp_page, msg: *mut llmp_message) -> bool { if (*msg).tag == 0xdeadaf as c_uint { panic!(format!( "No tag set on message with id {}", @@ -538,7 +535,7 @@ pub unsafe extern "C" fn llmp_send(page: *mut llmp_page, msg: *mut llmp_message) return 1 as c_int != 0; } #[inline] -unsafe extern "C" fn _llmp_broker_current_broadcast_map( +unsafe fn _llmp_broker_current_broadcast_map( broker_state: *mut llmp_broker_state, ) -> *mut afl_shmem { return &mut *(*broker_state).broadcast_maps.offset( @@ -549,8 +546,7 @@ unsafe extern "C" fn _llmp_broker_current_broadcast_map( } /* create a new shard page. Size_requested will be the min size, you may get a * larger map. Retruns NULL on error. */ -#[no_mangle] -pub unsafe extern "C" fn llmp_new_page_shmem( +pub unsafe fn llmp_new_page_shmem( uninited_afl_shmem: *mut afl_shmem, sender: c_ulong, size_requested: c_ulong, @@ -576,7 +572,7 @@ pub unsafe extern "C" fn llmp_new_page_shmem( } /* This function handles EOP by creating a new shared page and informing the listener about it using a EOP message. */ -unsafe extern "C" fn llmp_handle_out_eop( +unsafe fn llmp_handle_out_eop( mut maps: *mut afl_shmem, map_count_p: *mut c_ulong, last_msg_p: *mut *mut llmp_message, @@ -634,8 +630,7 @@ unsafe extern "C" fn llmp_handle_out_eop( return maps; } /* no more space left! We'll have to start a new page */ -#[no_mangle] -pub unsafe extern "C" fn llmp_broker_handle_out_eop(mut broker: *mut llmp_broker_state) -> AflRet { +pub unsafe fn llmp_broker_handle_out_eop(mut broker: *mut llmp_broker_state) -> AflRet { (*broker).broadcast_maps = llmp_handle_out_eop( (*broker).broadcast_maps, &mut (*broker).broadcast_map_count, @@ -647,8 +642,7 @@ pub unsafe extern "C" fn llmp_broker_handle_out_eop(mut broker: *mut llmp_broker AFL_RET_ALLOC } as AflRet; } -#[no_mangle] -pub unsafe extern "C" fn llmp_broker_alloc_next( +pub unsafe fn llmp_broker_alloc_next( broker: *mut llmp_broker_state, len: c_ulong, ) -> *mut llmp_message { @@ -888,8 +882,7 @@ unsafe fn llmp_broker_handle_new_msgs( * its own shared page, once. */ /* The broker walks all pages and looks for changes, then broadcasts them on * its own shared page, once. */ -#[no_mangle] -pub unsafe extern "C" fn llmp_broker_once(broker: *mut llmp_broker_state) { +pub unsafe fn llmp_broker_once(broker: *mut llmp_broker_state) { compiler_fence(Ordering::SeqCst); let mut i: u32 = 0; while (i as c_ulong) < (*broker).llmp_client_count { @@ -910,7 +903,7 @@ pub unsafe fn llmp_broker_loop(broker: *mut llmp_broker_state) -> !{ } } /* A new page will be used. Notify each registered hook in the client about this fact. */ -unsafe extern "C" fn llmp_clientrigger_new_out_page_hooks(client: *mut llmp_client) { +unsafe fn llmp_clientrigger_new_out_page_hooks(client: *mut llmp_client) { let mut i: c_ulong = 0; while i < (*client).new_out_page_hook_count { ::std::mem::transmute::<*mut c_void, Option>( @@ -929,9 +922,9 @@ unsafe extern "C" fn llmp_clientrigger_new_out_page_hooks(client: *mut llmp_clie } } /* A wrapper around unpacking the data, calling through to the loop */ -unsafe extern "C" fn _llmp_client_wrapped_loop( +unsafe fn _llmp_client_wrapped_loop( llmp_client_broker_metadata_ptr: *mut c_void, -) -> *mut c_void { +) -> ! { let metadata: *mut llmp_broker_client_metadata = llmp_client_broker_metadata_ptr as *mut llmp_broker_client_metadata; /* Before doing anything else:, notify registered hooks about the new page we're about to use */ @@ -941,15 +934,10 @@ unsafe extern "C" fn _llmp_client_wrapped_loop( (*metadata).client_state, (*metadata).data, ); - println!( - "Client loop exited for client {}", - (*(*metadata).client_state).id - ); - return 0 as *mut c_void; } + /* launch a specific client. This function is rarely needed - all registered clients will get launched at broker_run */ -#[no_mangle] -pub unsafe extern "C" fn llmp_broker_launch_client( +pub unsafe fn llmp_broker_launch_client( broker: *mut llmp_broker_state, mut clientdata: *mut llmp_broker_client_metadata, ) -> bool { @@ -985,9 +973,7 @@ pub unsafe extern "C" fn llmp_broker_launch_client( } else { if child_id == 0 as c_int { /* child */ - /* in the child, start loop, exit afterwards. */ _llmp_client_wrapped_loop(clientdata as *mut c_void); - exit(1); } } /* parent */ @@ -1033,7 +1019,7 @@ pub unsafe fn llmp_broker_run(broker: *mut llmp_broker_state) -> ! { eventually. This function This funtion sees if we can unallocate older pages. The broker would have informed us by setting the save_to_unmap-flag. */ -unsafe extern "C" fn llmp_client_prune_old_pages(mut client: *mut llmp_client) { +unsafe fn llmp_client_prune_old_pages(mut client: *mut llmp_client) { let current_map: *mut u8 = (*(*client) .out_maps .offset((*client).out_map_count.wrapping_sub(1 as c_int as c_ulong) as isize)) @@ -1059,7 +1045,7 @@ unsafe extern "C" fn llmp_client_prune_old_pages(mut client: *mut llmp_client) { } } /* We don't have any space. Send eop, the reset to beginning of ringbuf */ -unsafe extern "C" fn llmp_client_handle_out_eop(mut client: *mut llmp_client) -> bool { +unsafe fn llmp_client_handle_out_eop(mut client: *mut llmp_client) -> bool { (*client).out_maps = llmp_handle_out_eop( (*client).out_maps, &mut (*client).out_map_count, @@ -1079,8 +1065,7 @@ unsafe extern "C" fn llmp_client_handle_out_eop(mut client: *mut llmp_client) -> } /* A client receives a broadcast message. Returns null if no message is * availiable */ -#[no_mangle] -pub unsafe extern "C" fn llmp_client_recv(mut client: *mut llmp_client) -> *mut llmp_message { +pub unsafe fn llmp_client_recv(mut client: *mut llmp_client) -> *mut llmp_message { loop { let msg = llmp_recv( shmem2page((*client).current_broadcast_map), @@ -1431,13 +1416,13 @@ pub unsafe fn llmp_client_add_new_out_page_hook( if the callback returns false, the message is not forwarded to the clients. */ pub unsafe fn llmp_broker_add_message_hook( broker: *mut llmp_broker_state, - hook: Option, + hook: LlmpMessageHookFn, data: *mut c_void, ) -> AflRet { return llmp_add_hook_generic( &mut (*broker).msg_hooks, &mut (*broker).msg_hook_count, - ::std::mem::transmute::, *mut c_void>(hook), + ::std::mem::transmute::, *mut c_void>(Some(hook)), data, ); } @@ -1474,8 +1459,7 @@ pub unsafe fn llmp_broker_init(mut broker: *mut llmp_broker_state) -> Result<(), return Ok(()); } /* Clean up the broker instance */ -#[no_mangle] -pub unsafe extern "C" fn llmp_broker_deinit(mut broker: *mut llmp_broker_state) { +pub unsafe fn llmp_broker_deinit(mut broker: *mut llmp_broker_state) { let mut i: c_ulong; i = 0 as c_int as c_ulong; while i < (*broker).broadcast_map_count { diff --git a/src/events/shmem_translated.rs b/src/events/shmem_translated.rs index 3ffa692a31..b3809b8552 100644 --- a/src/events/shmem_translated.rs +++ b/src/events/shmem_translated.rs @@ -166,11 +166,11 @@ pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, /* Write sharedmap as env var */ /* Write sharedmap as env var and the size as name#_SIZE */ -pub unsafe fn afl_shmem_to_env_var(shmem: *mut afl_shmem, +pub unsafe fn afl_shmem_to_env_var(shmem: &afl_shmem, env_name: &CStr) -> c_uint { let env_len = env_name.to_bytes().len(); - if shmem.is_null() || env_len == 0 || env_len > 200 || + if env_len == 0 || env_len > 200 || (*shmem).shm_str[0 as c_int as usize] == 0 { return AFL_RET_NULL_PTR } From 01d8b705c846595bb15c31ed6718e426c0d467cf Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 03:13:05 +0100 Subject: [PATCH 3/9] fixed examle, format --- llmp_test/src/main.rs | 41 ++++----- src/events/llmp_translated.rs | 38 ++++---- src/events/shmem_translated.rs | 159 +++++++++++++++++---------------- 3 files changed, 117 insertions(+), 121 deletions(-) diff --git a/llmp_test/src/main.rs b/llmp_test/src/main.rs index ebec9173c9..964960db01 100644 --- a/llmp_test/src/main.rs +++ b/llmp_test/src/main.rs @@ -5,12 +5,13 @@ use std::ptr; use afl::events::llmp_translated::*; +use std::convert::TryInto; use std::{thread, time}; fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { let mut counter: u32 = 0; loop { - counter += 10; + counter += 1; unsafe { let llmp_message = llmp_client_alloc_next(client, 10); @@ -28,34 +29,34 @@ fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { } fn broker_message_hook( - broker: *mut llmp_broker_state, + _broker: *mut llmp_broker_state, client_metadata: *mut llmp_broker_client_metadata, message: *mut llmp_message, _data: *mut c_void, ) -> LlmpMessageHookResult { - unsafe { - match (*message).tag { - 1 => { - // TODO: use higher bits - let counter_lowest = (std::slice::from_raw_parts((*message).buf.as_ptr(), 4))[3]; - println!( - "Got message {:?} from client {:?}", - counter_lowest, - (*client_metadata).pid - ); - LlmpMessageHookResult::Handled - }, - _ => { - println!("Unknwon message id received!"); - LlmpMessageHookResult::ForwardToClients + match (*message).tag { + 1 => { + println!( + "Client {:?} sent message: {:?}", + (*client_metadata).pid, + u32::from_be_bytes( + std::slice::from_raw_parts((*message).buf.as_ptr(), 4) + .try_into() + .unwrap() + ), + ); + LlmpMessageHookResult::Handled + } + _ => { + println!("Unknwon message id received!"); + LlmpMessageHookResult::ForwardToClients + } } } - } } fn main() { - /* The main node has a broker, a tcp server, and a few worker threads */ let mut broker = llmp_broker_state { @@ -67,7 +68,7 @@ fn main() { llmp_client_count: 0, llmp_clients: ptr::null_mut(), }; - let thread_count = 4; + let thread_count = 3; unsafe { llmp_broker_init(&mut broker).expect("Could not init"); for i in 0..thread_count { diff --git a/src/events/llmp_translated.rs b/src/events/llmp_translated.rs index 92b2057650..dc0ee56e97 100644 --- a/src/events/llmp_translated.rs +++ b/src/events/llmp_translated.rs @@ -54,10 +54,10 @@ use core::sync::atomic::{compiler_fence, Ordering}; use libc::{c_int, c_uint, c_ulong, c_ushort, c_void}; use std::ffi::CStr; -use crate::AflError; use crate::utils::next_pow2; +use crate::AflError; -use super::shmem_translated::{afl_shmem_deinit, afl_shmem_init, afl_shmem_by_str, afl_shmem}; +use super::shmem_translated::{afl_shmem, afl_shmem_by_str, afl_shmem_deinit, afl_shmem_init}; extern "C" { #[no_mangle] @@ -319,10 +319,7 @@ unsafe fn _llmp_next_msg_ptr(last_msg: *mut llmp_message) -> *mut llmp_message { .offset((*last_msg).buf_len_padded as isize) as *mut llmp_message; } /* Read next message. */ -pub unsafe fn llmp_recv( - page: *mut llmp_page, - last_msg: *mut llmp_message, -) -> *mut llmp_message { +pub unsafe fn llmp_recv(page: *mut llmp_page, last_msg: *mut llmp_message) -> *mut llmp_message { /* DBG("llmp_recv %p %p\n", page, last_msg); */ compiler_fence(Ordering::SeqCst); if (*page).current_msg_id == 0 { @@ -894,7 +891,7 @@ pub unsafe fn llmp_broker_once(broker: *mut llmp_broker_state) { } /* The broker walks all pages and looks for changes, then broadcasts them on * its own shared page */ -pub unsafe fn llmp_broker_loop(broker: *mut llmp_broker_state) -> !{ +pub unsafe fn llmp_broker_loop(broker: *mut llmp_broker_state) -> ! { loop { compiler_fence(Ordering::SeqCst); llmp_broker_once(broker); @@ -922,9 +919,7 @@ unsafe fn llmp_clientrigger_new_out_page_hooks(client: *mut llmp_client) { } } /* A wrapper around unpacking the data, calling through to the loop */ -unsafe fn _llmp_client_wrapped_loop( - llmp_client_broker_metadata_ptr: *mut c_void, -) -> ! { +unsafe fn _llmp_client_wrapped_loop(llmp_client_broker_metadata_ptr: *mut c_void) -> ! { let metadata: *mut llmp_broker_client_metadata = llmp_client_broker_metadata_ptr as *mut llmp_broker_client_metadata; /* Before doing anything else:, notify registered hooks about the new page we're about to use */ @@ -986,7 +981,9 @@ pub unsafe fn llmp_broker_launch_client( //return 1 as c_int != 0; } -pub unsafe fn llmp_broker_launch_clientloops(broker: *mut llmp_broker_state) -> Result<(), AflError> { +pub unsafe fn llmp_broker_launch_clientloops( + broker: *mut llmp_broker_state, +) -> Result<(), AflError> { let mut i: c_ulong = 0; while i < (*broker).llmp_client_count { if (*(*broker).llmp_clients.offset(i as isize)).client_type as c_uint @@ -994,7 +991,7 @@ pub unsafe fn llmp_broker_launch_clientloops(broker: *mut llmp_broker_state) -> { if !llmp_broker_launch_client(broker, &mut *(*broker).llmp_clients.offset(i as isize)) { println!("[!] WARNING: Could not launch all clients"); - return Err(AflError::Unknown("Failed to launch clients".into())) + return Err(AflError::Unknown("Failed to launch clients".into())); } } i = i.wrapping_add(1) @@ -1154,10 +1151,7 @@ pub unsafe fn llmp_client_recv_blocking(client: *mut llmp_client) -> *mut llmp_m } /* The current page could have changed in recv (EOP) */ /* Alloc the next message, internally handling end of page by allocating a new one. */ -pub unsafe fn llmp_client_alloc_next( - client: *mut llmp_client, - size: c_ulong, -) -> *mut llmp_message { +pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: c_ulong) -> *mut llmp_message { if client.is_null() { panic!("Client is NULL"); } @@ -1231,10 +1225,7 @@ pub unsafe fn llmp_client_cancel(client: *mut llmp_client, mut msg: *mut llmp_me ) as c_ulong; } /* Commits a msg to the client's out ringbuf */ -pub unsafe fn llmp_client_send( - mut client_state: *mut llmp_client, - msg: *mut llmp_message, -) -> bool { +pub unsafe fn llmp_client_send(mut client_state: *mut llmp_client, msg: *mut llmp_message) -> bool { let page: *mut llmp_page = shmem2page( &mut *(*client_state).out_maps.offset( (*client_state) @@ -1334,8 +1325,11 @@ pub unsafe fn llmp_broker_register_childprocess_clientloop( { return Err(AflError::Unknown("Alloc".into())); } - let mut client: *mut llmp_broker_client_metadata = - llmp_broker_register_client(broker, CStr::from_ptr(&client_map.shm_str as *const i8), client_map.map_size); + let mut client: *mut llmp_broker_client_metadata = llmp_broker_register_client( + broker, + CStr::from_ptr(&client_map.shm_str as *const i8), + client_map.map_size, + ); if client.is_null() { afl_shmem_deinit(&mut client_map); return Err(AflError::Unknown("Something in clients failed".into())); diff --git a/src/events/shmem_translated.rs b/src/events/shmem_translated.rs index b3809b8552..a9da60f9a5 100644 --- a/src/events/shmem_translated.rs +++ b/src/events/shmem_translated.rs @@ -1,31 +1,24 @@ use ::libc; -use libc::{c_int, c_uint, c_char, c_uchar, c_ushort, c_long, c_ulong, c_void}; +use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_ushort, c_void}; use std::ffi::CStr; extern "C" { #[no_mangle] - fn snprintf(_: *mut c_char, _: c_ulong, - _: *const c_char, _: ...) -> c_int; + fn snprintf(_: *mut c_char, _: c_ulong, _: *const c_char, _: ...) -> c_int; #[no_mangle] - fn strncpy(_: *mut c_char, _: *const c_char, _: c_ulong) - -> *mut c_char; + fn strncpy(_: *mut c_char, _: *const c_char, _: c_ulong) -> *mut c_char; #[no_mangle] fn strlen(_: *const c_char) -> c_ulong; #[no_mangle] - fn shmctl(__shmid: c_int, __cmd: c_int, __buf: *mut shmid_ds) - -> c_int; + fn shmctl(__shmid: c_int, __cmd: c_int, __buf: *mut shmid_ds) -> c_int; #[no_mangle] - fn shmget(__key: c_int, __size: c_ulong, __shmflg: c_int) - -> c_int; + fn shmget(__key: c_int, __size: c_ulong, __shmflg: c_int) -> c_int; #[no_mangle] - fn shmat(__shmid: c_int, __shmaddr: *const c_void, - __shmflg: c_int) -> *mut c_void; + fn shmat(__shmid: c_int, __shmaddr: *const c_void, __shmflg: c_int) -> *mut c_void; #[no_mangle] - fn strtol(_: *const c_char, _: *mut *mut c_char, - _: c_int) -> c_long; + fn strtol(_: *const c_char, _: *mut *mut c_char, _: c_int) -> c_long; #[no_mangle] - fn setenv(__name: *const c_char, __value: *const c_char, - __replace: c_int) -> c_int; + fn setenv(__name: *const c_char, __value: *const c_char, __replace: c_int) -> c_int; } #[derive(Copy, Clone)] #[repr(C)] @@ -95,104 +88,112 @@ pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) { if shm.is_null() || (*shm).map.is_null() { /* Serialized map id */ // Not set or not initialized; - return + return; } - (*shm).shm_str[0 as usize] = - '\u{0}' as c_char; + (*shm).shm_str[0 as usize] = '\u{0}' as c_char; shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).map = 0 as *mut c_uchar; } // Functions to create Shared memory region, for observation channels and // opening inputs and stuff. -pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, - map_size: c_ulong) -> *mut c_uchar { +pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, map_size: c_ulong) -> *mut c_uchar { (*shm).map_size = map_size; (*shm).map = 0 as *mut c_uchar; - (*shm).shm_id = - shmget(0 as c_int, map_size, - 0o1000 as c_int | 0o2000 as c_int | - 0o600 as c_int); + (*shm).shm_id = shmget( + 0 as c_int, + map_size, + 0o1000 as c_int | 0o2000 as c_int | 0o600 as c_int, + ); if (*shm).shm_id < 0 as c_int { - (*shm).shm_str[0] = - '\u{0}' as c_char; - return 0 as *mut c_uchar + (*shm).shm_str[0] = '\u{0}' as c_char; + return 0 as *mut c_uchar; } - snprintf((*shm).shm_str.as_mut_ptr() as *mut i8, - ::std::mem::size_of::<[c_char; 20]>() as c_ulong, - b"%d\x00" as *const u8 as *const c_char, (*shm).shm_id); - (*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as - c_ulong).wrapping_sub(1 as c_int as - c_ulong) as - usize] = '\u{0}' as c_char; - (*shm).map = - shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as - *mut c_uchar; - if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar || - (*shm).map.is_null() { + snprintf( + (*shm).shm_str.as_mut_ptr() as *mut i8, + ::std::mem::size_of::<[c_char; 20]>() as c_ulong, + b"%d\x00" as *const u8 as *const c_char, + (*shm).shm_id, + ); + (*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as c_ulong) + .wrapping_sub(1 as c_int as c_ulong) as usize] = '\u{0}' as c_char; + (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar; + if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar || (*shm).map.is_null() { shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).shm_id = -(1 as c_int); - (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as c_char; - return 0 as *mut c_uchar + (*shm).shm_str[0 as c_int as usize] = '\u{0}' as c_char; + return 0 as *mut c_uchar; } return (*shm).map; } -pub unsafe fn afl_shmem_by_str(mut shm: *mut afl_shmem, - shm_str: &CStr, - map_size: c_ulong) -> *mut c_uchar { +pub unsafe fn afl_shmem_by_str( + mut shm: *mut afl_shmem, + shm_str: &CStr, + map_size: c_ulong, +) -> *mut c_uchar { if shm.is_null() || shm_str.to_bytes().len() == 0 || map_size == 0 { - return 0 as *mut c_uchar + return 0 as *mut c_uchar; } (*shm).map = 0 as *mut c_uchar; (*shm).map_size = map_size; - strncpy((*shm).shm_str.as_mut_ptr() as *mut c_char, shm_str.as_ptr() as *const c_char, - (::std::mem::size_of::<[c_char; 20]>() as - c_ulong).wrapping_sub(1 as c_int as - c_ulong)); - (*shm).shm_id = shm_str.to_str().expect(&format!("illegal shm_str {:?}", shm_str)).parse::().unwrap(); - (*shm).map = - shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as - *mut c_uchar; + strncpy( + (*shm).shm_str.as_mut_ptr() as *mut c_char, + shm_str.as_ptr() as *const c_char, + (::std::mem::size_of::<[c_char; 20]>() as c_ulong).wrapping_sub(1 as c_int as c_ulong), + ); + (*shm).shm_id = shm_str + .to_str() + .expect(&format!("illegal shm_str {:?}", shm_str)) + .parse::() + .unwrap(); + (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar; if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar { (*shm).map = 0 as *mut c_uchar; (*shm).map_size = 0 as c_int as c_ulong; - (*shm).shm_str[0 as c_int as usize] = - '\u{0}' as c_char; - return 0 as *mut c_uchar + (*shm).shm_str[0 as c_int as usize] = '\u{0}' as c_char; + return 0 as *mut c_uchar; } return (*shm).map; } /* Write sharedmap as env var */ /* Write sharedmap as env var and the size as name#_SIZE */ -pub unsafe fn afl_shmem_to_env_var(shmem: &afl_shmem, - env_name: &CStr) - -> c_uint { +pub unsafe fn afl_shmem_to_env_var(shmem: &afl_shmem, env_name: &CStr) -> c_uint { let env_len = env_name.to_bytes().len(); - if env_len == 0 || env_len > 200 || - (*shmem).shm_str[0 as c_int as usize] == 0 { - return AFL_RET_NULL_PTR + if env_len == 0 || env_len > 200 || (*shmem).shm_str[0 as c_int as usize] == 0 { + return AFL_RET_NULL_PTR; } let mut shm_str: [c_char; 256] = [0; 256]; - snprintf(shm_str.as_mut_ptr(), - ::std::mem::size_of::<[c_char; 256]>() as c_ulong, - b"%d\x00" as *const u8 as *const c_char, (*shmem).shm_id); - if setenv(env_name.as_ptr() as *const c_char, shm_str.as_mut_ptr(), 1 as c_int) < - 0 as c_int { - return AFL_RET_ERRNO + snprintf( + shm_str.as_mut_ptr(), + ::std::mem::size_of::<[c_char; 256]>() as c_ulong, + b"%d\x00" as *const u8 as *const c_char, + (*shmem).shm_id, + ); + if setenv( + env_name.as_ptr() as *const c_char, + shm_str.as_mut_ptr(), + 1 as c_int, + ) < 0 as c_int + { + return AFL_RET_ERRNO; } /* Write the size to env, too */ let mut size_env_name: [c_char; 256] = [0; 256]; - snprintf(size_env_name.as_mut_ptr(), - ::std::mem::size_of::<[c_char; 256]>() as c_ulong, - b"%s_SIZE\x00" as *const u8 as *const c_char, env_name); - snprintf(shm_str.as_mut_ptr(), - ::std::mem::size_of::<[c_char; 256]>() as c_ulong, - b"%d\x00" as *const u8 as *const c_char, (*shmem).shm_id); - if setenv(size_env_name.as_mut_ptr(), shm_str.as_mut_ptr(), - 1 as c_int) < 0 as c_int { - return AFL_RET_ERRNO + snprintf( + size_env_name.as_mut_ptr(), + ::std::mem::size_of::<[c_char; 256]>() as c_ulong, + b"%s_SIZE\x00" as *const u8 as *const c_char, + env_name, + ); + snprintf( + shm_str.as_mut_ptr(), + ::std::mem::size_of::<[c_char; 256]>() as c_ulong, + b"%d\x00" as *const u8 as *const c_char, + (*shmem).shm_id, + ); + if setenv(size_env_name.as_mut_ptr(), shm_str.as_mut_ptr(), 1 as c_int) < 0 as c_int { + return AFL_RET_ERRNO; } return AFL_RET_SUCCESS; -} \ No newline at end of file +} From 5e825b47850d933b03f7fb6548de7076222f1bb2 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 03:43:11 +0100 Subject: [PATCH 4/9] tidied up the example --- llmp_test/Cargo.toml | 1 + llmp_test/src/main.rs | 27 +++++++++++++++------------ src/events/llmp_translated.rs | 14 +++++++------- 3 files changed, 23 insertions(+), 19 deletions(-) diff --git a/llmp_test/Cargo.toml b/llmp_test/Cargo.toml index c7035f5fba..5ce6bfad10 100644 --- a/llmp_test/Cargo.toml +++ b/llmp_test/Cargo.toml @@ -7,4 +7,5 @@ edition = "2018" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] +num_cpus = "1.0" afl = { path = "../" } \ No newline at end of file diff --git a/llmp_test/src/main.rs b/llmp_test/src/main.rs index 964960db01..988fa56555 100644 --- a/llmp_test/src/main.rs +++ b/llmp_test/src/main.rs @@ -1,12 +1,13 @@ +use core::convert::TryInto; use core::ffi::c_void; - -use std::env::args; -use std::ptr; +use core::mem::size_of; +use core::ptr; +use std::thread; +use std::time; use afl::events::llmp_translated::*; -use std::convert::TryInto; -use std::{thread, time}; +const TAG_SIMPLE_U32_V1: u32 = 0x51300321; fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { let mut counter: u32 = 0; @@ -14,13 +15,13 @@ fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { counter += 1; unsafe { - let llmp_message = llmp_client_alloc_next(client, 10); + let llmp_message = llmp_client_alloc_next(client, size_of::()); std::ptr::copy( counter.to_be_bytes().as_ptr(), (*llmp_message).buf.as_mut_ptr(), - 4, + size_of::(), ); - (*llmp_message).tag = 1; + (*llmp_message).tag = TAG_SIMPLE_U32_V1; llmp_client_send(client, llmp_message); } @@ -36,12 +37,12 @@ fn broker_message_hook( ) -> LlmpMessageHookResult { unsafe { match (*message).tag { - 1 => { + TAG_SIMPLE_U32_V1 => { println!( "Client {:?} sent message: {:?}", (*client_metadata).pid, u32::from_be_bytes( - std::slice::from_raw_parts((*message).buf.as_ptr(), 4) + std::slice::from_raw_parts((*message).buf.as_ptr(), size_of::()) .try_into() .unwrap() ), @@ -57,7 +58,10 @@ fn broker_message_hook( } fn main() { - /* The main node has a broker, a tcp server, and a few worker threads */ + /* The main node has a broker, and a few worker threads */ + + let thread_count = num_cpus::get() - 1; + println!("Running with 1 broker and {} clients", thread_count); let mut broker = llmp_broker_state { last_msg_sent: ptr::null_mut(), @@ -68,7 +72,6 @@ fn main() { llmp_client_count: 0, llmp_clients: ptr::null_mut(), }; - let thread_count = 3; unsafe { llmp_broker_init(&mut broker).expect("Could not init"); for i in 0..thread_count { diff --git a/src/events/llmp_translated.rs b/src/events/llmp_translated.rs index dc0ee56e97..a85ec8230d 100644 --- a/src/events/llmp_translated.rs +++ b/src/events/llmp_translated.rs @@ -1151,7 +1151,7 @@ pub unsafe fn llmp_client_recv_blocking(client: *mut llmp_client) -> *mut llmp_m } /* The current page could have changed in recv (EOP) */ /* Alloc the next message, internally handling end of page by allocating a new one. */ -pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: c_ulong) -> *mut llmp_message { +pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: usize) -> *mut llmp_message { if client.is_null() { panic!("Client is NULL"); } @@ -1159,10 +1159,10 @@ pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: c_ulong) -> shmem2page( &mut *(*client) .out_maps - .offset((*client).out_map_count.wrapping_sub(1 as c_int as c_ulong) as isize), + .offset((*client).out_map_count.wrapping_sub(1) as isize), ), (*client).last_msg_sent, - size, + size as c_ulong, ); if msg.is_null() { let last_map_count: c_ulong = (*client).out_map_count; @@ -1175,7 +1175,7 @@ pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: c_ulong) -> || (*(*shmem2page( &mut *(*client) .out_maps - .offset((*client).out_map_count.wrapping_sub(1 as c_int as c_ulong) as isize), + .offset((*client).out_map_count.wrapping_sub(1) as isize), )) .messages .as_mut_ptr()) @@ -1190,10 +1190,10 @@ pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: c_ulong) -> shmem2page( &mut *(*client) .out_maps - .offset((*client).out_map_count.wrapping_sub(1 as c_int as c_ulong) as isize), + .offset((*client).out_map_count.wrapping_sub(1) as isize), ), 0 as *mut llmp_message, - size, + size as c_ulong, ); if msg.is_null() { return 0 as *mut llmp_message; @@ -1203,7 +1203,7 @@ pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: c_ulong) -> (*msg).message_id = if !(*client).last_msg_sent.is_null() { (*(*client).last_msg_sent).message_id.wrapping_add(1) } else { - 1 as c_int as c_uint + 1 as c_uint }; /* DBG("Allocated message at loc %p with buflen %ld", msg, msg->buf_len_padded); */ return msg; From d8402ef8f9366340a093be5c6564a6c41cbc750e Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 04:23:43 +0100 Subject: [PATCH 5/9] adder added to test --- llmp_test/src/main.rs | 104 ++++++++++++++++++++++++--------- src/events/llmp_translated.rs | 6 +- src/events/shmem_translated.rs | 1 - 3 files changed, 81 insertions(+), 30 deletions(-) diff --git a/llmp_test/src/main.rs b/llmp_test/src/main.rs index 988fa56555..4fffc2bc09 100644 --- a/llmp_test/src/main.rs +++ b/llmp_test/src/main.rs @@ -8,60 +8,105 @@ use std::time; use afl::events::llmp_translated::*; const TAG_SIMPLE_U32_V1: u32 = 0x51300321; +const TAG_MATH_RESULT_V1: u32 = 0x77474331; -fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { +unsafe fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { let mut counter: u32 = 0; loop { counter += 1; - unsafe { + let llmp_message = llmp_client_alloc_next(client, size_of::()); + std::ptr::copy( + counter.to_be_bytes().as_ptr(), + (*llmp_message).buf.as_mut_ptr(), + size_of::(), + ); + (*llmp_message).tag = TAG_SIMPLE_U32_V1; + llmp_client_send(client, llmp_message); + + thread::sleep(time::Duration::from_millis(100)); + } +} + +unsafe fn u32_from_msg(message: *const llmp_message) -> u32 { + u32::from_be_bytes( + std::slice::from_raw_parts((*message).buf.as_ptr(), size_of::()) + .try_into() + .unwrap(), + ) +} + +unsafe fn test_adder_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { + let mut last_result: u32 = 0; + let mut current_result: u32 = 0; + loop { + loop { + let last_msg = llmp_client_recv(client); + if last_msg == 0 as *mut llmp_message { + break; + } + match (*last_msg).tag { + TAG_SIMPLE_U32_V1 => { + current_result = last_result.wrapping_add(u32_from_msg(last_msg)); + } + _ => println!("Adder Client ignored unknown message {}", (*last_msg).tag), + }; + } + + if current_result != last_result { let llmp_message = llmp_client_alloc_next(client, size_of::()); std::ptr::copy( - counter.to_be_bytes().as_ptr(), + current_result.to_be_bytes().as_ptr(), (*llmp_message).buf.as_mut_ptr(), size_of::(), ); - (*llmp_message).tag = TAG_SIMPLE_U32_V1; + (*llmp_message).tag = TAG_MATH_RESULT_V1; llmp_client_send(client, llmp_message); + last_result = current_result; } thread::sleep(time::Duration::from_millis(100)); } } -fn broker_message_hook( +unsafe fn broker_message_hook( _broker: *mut llmp_broker_state, client_metadata: *mut llmp_broker_client_metadata, message: *mut llmp_message, _data: *mut c_void, ) -> LlmpMessageHookResult { - unsafe { - match (*message).tag { - TAG_SIMPLE_U32_V1 => { - println!( - "Client {:?} sent message: {:?}", - (*client_metadata).pid, - u32::from_be_bytes( - std::slice::from_raw_parts((*message).buf.as_ptr(), size_of::()) - .try_into() - .unwrap() - ), - ); - LlmpMessageHookResult::Handled - } - _ => { - println!("Unknwon message id received!"); - LlmpMessageHookResult::ForwardToClients - } + match (*message).tag { + TAG_SIMPLE_U32_V1 => { + println!( + "Client {:?} sent message: {:?}", + (*client_metadata).pid, + u32_from_msg(message) + ); + LlmpMessageHookResult::ForwardToClients + } + TAG_MATH_RESULT_V1 => { + println!( + "Adder Client has this current result: {:?}", + u32_from_msg(message) + ); + LlmpMessageHookResult::Handled + } + _ => { + println!("Unknwon message id received!"); + LlmpMessageHookResult::ForwardToClients } } } fn main() { /* The main node has a broker, and a few worker threads */ + let threads_total = num_cpus::get(); - let thread_count = num_cpus::get() - 1; - println!("Running with 1 broker and {} clients", thread_count); + let counter_thread_count = threads_total - 2; + println!( + "Running with 1 broker, 1 adder, and {} counter clients", + counter_thread_count + ); let mut broker = llmp_broker_state { last_msg_sent: ptr::null_mut(), @@ -74,7 +119,7 @@ fn main() { }; unsafe { llmp_broker_init(&mut broker).expect("Could not init"); - for i in 0..thread_count { + for i in 0..counter_thread_count { println!("Adding client {}", i); llmp_broker_register_childprocess_clientloop( &mut broker, @@ -84,6 +129,13 @@ fn main() { .expect("could not add child clientloop"); } + llmp_broker_register_childprocess_clientloop( + &mut broker, + test_adder_clientloop, + ptr::null_mut(), + ) + .expect("Error registering childprocess"); + println!("Spawning broker"); llmp_broker_add_message_hook(&mut broker, broker_message_hook, ptr::null_mut()); diff --git a/src/events/llmp_translated.rs b/src/events/llmp_translated.rs index a85ec8230d..d33eed5b58 100644 --- a/src/events/llmp_translated.rs +++ b/src/events/llmp_translated.rs @@ -147,7 +147,7 @@ pub struct llmp_broker_client_metadata { pub data: *mut c_void, } -pub type LlmpClientloopFn = fn(_: *mut llmp_client, _: *mut c_void) -> !; +pub type LlmpClientloopFn = unsafe fn(_: *mut llmp_client, _: *mut c_void) -> !; pub type LlmpClientType = c_uint; pub const LLMP_CLIENT_TYPE_FOREIGN_PROCESS: LlmpClientType = 3; pub const LLMP_CLIENT_TYPE_CHILD_PROCESS: LlmpClientType = 2; @@ -170,7 +170,7 @@ pub enum LlmpMessageHookResult { ForwardToClients, } -pub type LlmpMessageHookFn = fn( +pub type LlmpMessageHookFn = unsafe fn( _: *mut llmp_broker_state, _: *mut llmp_broker_client_metadata, _: *mut llmp_message, @@ -1075,7 +1075,7 @@ pub unsafe fn llmp_client_recv(mut client: *mut llmp_client) -> *mut llmp_messag if (*msg).tag == 0xdeadaf as c_uint { panic!("BUG: Read unallocated msg"); } else { - if (*msg).tag == 0xaf1e0f1 as c_int as c_uint { + if (*msg).tag == 0xaf1e0f1 as c_uint { /* we reached the end of the current page. We'll init a new page but can reuse the mem are of the current map. However, we cannot use the message if we deinit its page, so let's copy */ diff --git a/src/events/shmem_translated.rs b/src/events/shmem_translated.rs index a9da60f9a5..cf12b29698 100644 --- a/src/events/shmem_translated.rs +++ b/src/events/shmem_translated.rs @@ -1,4 +1,3 @@ -use ::libc; use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_ushort, c_void}; use std::ffi::CStr; From 9ffc34b9739c488ff99fc0eea4217b398a75653b Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 04:24:50 +0100 Subject: [PATCH 6/9] deleted random file --- llmp_test/libc::c_int | 1 - 1 file changed, 1 deletion(-) delete mode 100644 llmp_test/libc::c_int diff --git a/llmp_test/libc::c_int b/llmp_test/libc::c_int deleted file mode 100644 index ffa29ba8a2..0000000000 --- a/llmp_test/libc::c_int +++ /dev/null @@ -1 +0,0 @@ -/mnt/c/Users/dcmai/tmp/rust/libAFL From 2760cb509912351cabbefee769f978858478fd73 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 04:30:12 +0100 Subject: [PATCH 7/9] fixed bug in llmp test --- llmp_test/src/main.rs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/llmp_test/src/main.rs b/llmp_test/src/main.rs index 4fffc2bc09..cd2e150c65 100644 --- a/llmp_test/src/main.rs +++ b/llmp_test/src/main.rs @@ -40,20 +40,27 @@ unsafe fn test_adder_clientloop(client: *mut llmp_client, _data: *mut c_void) -> let mut last_result: u32 = 0; let mut current_result: u32 = 0; loop { + let mut msg_counter = 0; loop { let last_msg = llmp_client_recv(client); if last_msg == 0 as *mut llmp_message { break; } + msg_counter += 1; match (*last_msg).tag { TAG_SIMPLE_U32_V1 => { - current_result = last_result.wrapping_add(u32_from_msg(last_msg)); + current_result = current_result.wrapping_add(u32_from_msg(last_msg)); } _ => println!("Adder Client ignored unknown message {}", (*last_msg).tag), }; } if current_result != last_result { + println!( + "Adder handled {} messages, reporting {} to broker", + msg_counter, current_result + ); + let llmp_message = llmp_client_alloc_next(client, size_of::()); std::ptr::copy( current_result.to_be_bytes().as_ptr(), From cd49cdfbeadd43c994d69910c2e635cc98aedfa3 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 04:37:16 +0100 Subject: [PATCH 8/9] cleaned up useless casts --- src/events/llmp_translated.rs | 134 +++++++++++++++++----------------- 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/src/events/llmp_translated.rs b/src/events/llmp_translated.rs index d33eed5b58..11350e76dc 100644 --- a/src/events/llmp_translated.rs +++ b/src/events/llmp_translated.rs @@ -206,12 +206,12 @@ Will return NULL and free *buf if size_needed is <1 or realloc failed. */ unsafe fn afl_realloc(buf: *mut c_void, mut size_needed: c_ulong) -> *mut c_void { let mut new_buf: *mut afl_alloc_buf = 0 as *mut afl_alloc_buf; - let mut current_size: c_ulong = 0 as c_int as c_ulong; + let mut current_size: c_ulong = 0 as c_ulong; let mut next_size: c_ulong; if !buf.is_null() { /* the size is always stored at buf - 1*c_ulong */ new_buf = afl_alloc_bufptr(buf); - if (*new_buf).magic != 0xaf1a110c as c_uint as c_ulong { + if (*new_buf).magic != 0xaf1a110c as c_ulong { panic!(format!( "Illegal, non-null pointer passed to afl_realloc (buf {:?}, magic {:?})", new_buf, @@ -226,8 +226,8 @@ unsafe fn afl_realloc(buf: *mut c_void, mut size_needed: c_ulong) -> *mut c_void return buf; } /* No initial size was set */ - if size_needed < 64 as c_int as c_ulong { - next_size = 64 as c_int as c_ulong + if size_needed < 64 as c_ulong { + next_size = 64 as c_ulong } else { /* grow exponentially */ next_size = next_pow2(size_needed); @@ -242,7 +242,7 @@ unsafe fn afl_realloc(buf: *mut c_void, mut size_needed: c_ulong) -> *mut c_void return 0 as *mut c_void; } (*new_buf).complete_size = next_size; - (*new_buf).magic = 0xaf1a110c as c_uint as c_ulong; + (*new_buf).magic = 0xaf1a110c as c_ulong; return (*new_buf).buf.as_mut_ptr() as *mut c_void; } #[inline] @@ -265,12 +265,12 @@ pub unsafe fn llmp_msg_in_page(page: *mut llmp_page, msg: *mut llmp_message) -> #[inline] unsafe fn llmp_align(to_align: c_ulong) -> c_ulong { if 64 as c_int == 0 as c_int - || to_align.wrapping_rem(64 as c_int as c_ulong) == 0 as c_int as c_ulong + || to_align.wrapping_rem(64 as c_ulong) == 0 as c_int as c_ulong { return to_align; } return to_align.wrapping_add( - (64 as c_int as c_ulong).wrapping_sub(to_align.wrapping_rem(64 as c_int as c_ulong)), + (64 as c_ulong).wrapping_sub(to_align.wrapping_rem(64 as c_int as c_ulong)), ); } /* In case we don't have enough space, make sure the next page will be large @@ -281,7 +281,7 @@ unsafe fn new_map_size(max_alloc: c_ulong) -> c_ulong { return next_pow2({ let mut _a: c_ulong = max_alloc - .wrapping_mul(2 as c_int as c_ulong) + .wrapping_mul(2 as c_ulong) .wrapping_add(llmp_align( (::std::mem::size_of::() as c_ulong) .wrapping_add(::std::mem::size_of::() as c_ulong), @@ -300,11 +300,11 @@ unsafe fn _llmp_page_init(mut page: *mut llmp_page, sender: u32, size: c_ulong) (*page).sender = sender; ::std::ptr::write_volatile( &mut (*page).current_msg_id as *mut c_ulong, - 0 as c_int as c_ulong, + 0 as c_ulong, ); - (*page).max_alloc_size = 0 as c_int as c_ulong; + (*page).max_alloc_size = 0 as c_ulong; (*page).c_ulongotal = size; - (*page).size_used = 0 as c_int as c_ulong; + (*page).size_used = 0 as c_ulong; (*(*page).messages.as_mut_ptr()).message_id = 0 as c_uint; (*(*page).messages.as_mut_ptr()).tag = 0xdeadaf as c_uint; ::std::ptr::write_volatile(&mut (*page).save_to_unmap as *mut u16, 0 as c_int as u16); @@ -315,7 +315,7 @@ unsafe fn _llmp_page_init(mut page: *mut llmp_page, sender: u32, size: c_ulong) unsafe fn _llmp_next_msg_ptr(last_msg: *mut llmp_message) -> *mut llmp_message { /* DBG("_llmp_next_msg_ptr %p %lu + %lu\n", last_msg, last_msg->buf_len_padded, sizeof(llmp_message)); */ return (last_msg as *mut u8) - .offset(::std::mem::size_of::() as c_ulong as isize) + .offset(::std::mem::size_of::() as isize) .offset((*last_msg).buf_len_padded as isize) as *mut llmp_message; } /* Read next message. */ @@ -341,9 +341,9 @@ pub unsafe fn llmp_recv_blocking( page: *mut llmp_page, last_msg: *mut llmp_message, ) -> *mut llmp_message { - let mut current_msg_id: u32 = 0 as c_int as u32; + let mut current_msg_id: u32 = 0 as u32; if !last_msg.is_null() { - if (*last_msg).tag == 0xaf1e0f1 as c_int as c_uint + if (*last_msg).tag == 0xaf1e0f1 as c_uint && llmp_msg_in_page(page, last_msg) as c_int != 0 { panic!("BUG: full page passed to await_message_blocking or reset failed"); @@ -394,7 +394,7 @@ pub unsafe fn llmp_alloc_eop( } else { 1 as c_uint }; - (*ret).tag = 0xaf1e0f1 as c_int as u32; + (*ret).tag = 0xaf1e0f1 as u32; (*page).size_used = ((*page).size_used as c_ulong).wrapping_add(llmp_align( (::std::mem::size_of::() as c_ulong) .wrapping_add(::std::mem::size_of::() as c_ulong), @@ -427,7 +427,7 @@ pub unsafe fn llmp_alloc_next( }; let mut ret: *mut llmp_message; /* DBG("last_msg %p %d (%d)\n", last_msg, last_msg ? (int)last_msg->tag : -1, (int)LLMP_TAG_END_OF_PAGE_V1); */ - if last_msg.is_null() || (*last_msg).tag == 0xaf1e0f1 as c_int as c_uint { + if last_msg.is_null() || (*last_msg).tag == 0xaf1e0f1 as c_uint { /* We start fresh */ ret = (*page).messages.as_mut_ptr(); /* The initial message may not be alligned, so we at least align the end of @@ -457,9 +457,9 @@ pub unsafe fn llmp_alloc_next( /* We need to start with 1 for ids, as current message id is initialized * with 0... */ (*ret).message_id = if !last_msg.is_null() { - (*last_msg).message_id.wrapping_add(1 as c_int as c_uint) + (*last_msg).message_id.wrapping_add(1 as c_uint) } else { - 1 as c_int as c_uint + 1 as c_uint } } else if (*page).current_msg_id != (*last_msg).message_id as c_ulong { /* Oops, wrong usage! */ @@ -484,7 +484,7 @@ pub unsafe fn llmp_alloc_next( return 0 as *mut llmp_message; } ret = _llmp_next_msg_ptr(last_msg); - (*ret).message_id = (*last_msg).message_id.wrapping_add(1 as c_int as c_uint) + (*ret).message_id = (*last_msg).message_id.wrapping_add(1 as c_uint) } /* The beginning of our message should be messages + size_used, else nobody * sent the last msg! */ @@ -538,7 +538,7 @@ unsafe fn _llmp_broker_current_broadcast_map( return &mut *(*broker_state).broadcast_maps.offset( (*broker_state) .broadcast_map_count - .wrapping_sub(1 as c_int as c_ulong) as isize, + .wrapping_sub(1 as c_ulong) as isize, ) as *mut afl_shmem; } /* create a new shard page. Size_requested will be the min size, you may get a @@ -576,10 +576,10 @@ unsafe fn llmp_handle_out_eop( ) -> *mut afl_shmem { let map_count: u32 = *map_count_p as u32; let mut old_map: *mut llmp_page = - shmem2page(&mut *maps.offset(map_count.wrapping_sub(1 as c_int as c_uint) as isize)); + shmem2page(&mut *maps.offset(map_count.wrapping_sub(1 as c_uint) as isize)); maps = afl_realloc( maps as *mut c_void, - (map_count.wrapping_add(1 as c_int as c_uint) as c_ulong) + (map_count.wrapping_add(1 as c_uint) as c_ulong) .wrapping_mul(::std::mem::size_of::() as c_ulong), ) as *mut afl_shmem; if maps.is_null() { @@ -597,8 +597,8 @@ unsafe fn llmp_handle_out_eop( } /* Realloc may have changed the location of maps_p (and old_map) in memory :/ */ - old_map = shmem2page(&mut *maps.offset(map_count.wrapping_sub(1 as c_int as c_uint) as isize)); - *map_count_p = map_count.wrapping_add(1 as c_int as c_uint) as c_ulong; + old_map = shmem2page(&mut *maps.offset(map_count.wrapping_sub(1 as c_uint) as isize)); + *map_count_p = map_count.wrapping_add(1 as c_uint) as c_ulong; ::std::ptr::write_volatile( &mut (*new_map).current_msg_id as *mut c_ulong, (*old_map).current_msg_id, @@ -615,7 +615,7 @@ unsafe fn llmp_handle_out_eop( memcpy( (*new_page_msg).shm_str.as_mut_ptr() as *mut c_void, (*maps.offset(map_count as isize)).shm_str.as_mut_ptr() as *const c_void, - 20 as c_int as c_ulong, + 20 as c_ulong, ); // We never sent a msg on the new buf */ *last_msg_p = 0 as *mut llmp_message; @@ -679,7 +679,7 @@ unsafe fn llmp_broker_register_client( (*broker).llmp_clients as *mut c_void, (*broker) .llmp_client_count - .wrapping_add(1 as c_int as c_ulong) + .wrapping_add(1 as c_ulong) .wrapping_mul(::std::mem::size_of::() as c_ulong), ) as *mut llmp_broker_client_metadata; if (*broker).llmp_clients.is_null() { @@ -695,7 +695,7 @@ unsafe fn llmp_broker_register_client( ::std::mem::size_of::() as c_ulong, ); (*client).client_state = calloc( - 1 as c_int as c_ulong, + 1 as c_ulong, ::std::mem::size_of::() as c_ulong, ) as *mut llmp_client; if (*client).client_state.is_null() { @@ -703,7 +703,7 @@ unsafe fn llmp_broker_register_client( } (*(*client).client_state).id = (*broker).llmp_client_count as u32; (*client).cur_client_map = calloc( - 1 as c_int as c_ulong, + 1 as c_ulong, ::std::mem::size_of::() as c_ulong, ) as *mut afl_shmem; if (*client).cur_client_map.is_null() { @@ -728,14 +728,14 @@ unsafe fn llmp_broker_handle_new_msgs( let mut current_message_id: u32 = if !(*client).last_msg_broker_read.is_null() { (*(*client).last_msg_broker_read).message_id } else { - 0 as c_int as c_uint + 0 as c_uint }; while current_message_id as c_ulong != (*incoming).current_msg_id { let msg: *mut llmp_message = llmp_recv(incoming, (*client).last_msg_broker_read); if msg.is_null() { panic!("No message received but not all message ids receved! Data out of sync?"); } - if (*msg).tag == 0xaf1e0f1 as c_int as c_uint { + if (*msg).tag == 0xaf1e0f1 as c_uint { let pageinfo: *mut llmp_payload_new_page = { let mut _msg: *mut llmp_message = msg; (if (*_msg).buf_len >= ::std::mem::size_of::() as c_ulong { @@ -766,7 +766,7 @@ unsafe fn llmp_broker_handle_new_msgs( let client_map: *mut afl_shmem = (*client).cur_client_map; ::std::ptr::write_volatile( &mut (*shmem2page(client_map)).save_to_unmap as *mut u16, - 1 as c_int as u16, + 1 as u16, ); afl_shmem_deinit(client_map); if afl_shmem_by_str( @@ -782,7 +782,7 @@ unsafe fn llmp_broker_handle_new_msgs( (*pageinfo).map_size )); } - } else if (*msg).tag == 0xc11e471 as c_int as c_uint { + } else if (*msg).tag == 0xc11e471 as c_uint { /* This client informs us about yet another new client add it to the list! Also, no need to forward this msg. */ let pageinfo: *mut llmp_payload_new_page = { @@ -864,7 +864,7 @@ unsafe fn llmp_broker_handle_new_msgs( shmem2page(_llmp_broker_current_broadcast_map(broker)); (*out).message_id = (*out_page) .current_msg_id - .wrapping_add(1 as c_int as c_ulong) as u32; + .wrapping_add(1 as c_ulong) as u32; if !llmp_send(out_page, out) { panic!("Error sending msg"); } @@ -911,7 +911,7 @@ unsafe fn llmp_clientrigger_new_out_page_hooks(client: *mut llmp_client) { shmem2page( &mut *(*client) .out_maps - .offset((*client).out_map_count.wrapping_sub(1 as c_int as c_ulong) as isize), + .offset((*client).out_map_count.wrapping_sub(1 as c_ulong) as isize), ), (*(*client).new_out_page_hooks.offset(i as isize)).data, ); @@ -941,7 +941,7 @@ pub unsafe fn llmp_broker_launch_client( > &mut *(*broker).llmp_clients.offset( (*broker) .llmp_client_count - .wrapping_sub(1 as c_int as c_ulong) as isize, + .wrapping_sub(1 as c_ulong) as isize, ) as *mut llmp_broker_client_metadata { println!( @@ -951,7 +951,7 @@ pub unsafe fn llmp_broker_launch_client( &mut *(*broker).llmp_clients.offset( (*broker) .llmp_client_count - .wrapping_sub(1 as c_int as c_ulong) as isize, + .wrapping_sub(1 as c_ulong) as isize, ) as *mut llmp_broker_client_metadata, ); return 0 as c_int != 0; @@ -987,7 +987,7 @@ pub unsafe fn llmp_broker_launch_clientloops( let mut i: c_ulong = 0; while i < (*broker).llmp_client_count { if (*(*broker).llmp_clients.offset(i as isize)).client_type as c_uint - == LLMP_CLIENT_TYPE_CHILD_PROCESS as c_int as c_uint + == LLMP_CLIENT_TYPE_CHILD_PROCESS as c_uint { if !llmp_broker_launch_client(broker, &mut *(*broker).llmp_clients.offset(i as isize)) { println!("[!] WARNING: Could not launch all clients"); @@ -1019,23 +1019,23 @@ pub unsafe fn llmp_broker_run(broker: *mut llmp_broker_state) -> ! { unsafe fn llmp_client_prune_old_pages(mut client: *mut llmp_client) { let current_map: *mut u8 = (*(*client) .out_maps - .offset((*client).out_map_count.wrapping_sub(1 as c_int as c_ulong) as isize)) + .offset((*client).out_map_count.wrapping_sub(1 as c_ulong) as isize)) .map; /* look for pages that are save_to_unmap, then unmap them. */ - while (*(*client).out_maps.offset(0 as c_int as isize)).map != current_map - && (*shmem2page(&mut *(*client).out_maps.offset(0 as c_int as isize))).save_to_unmap + while (*(*client).out_maps.offset(0 as isize)).map != current_map + && (*shmem2page(&mut *(*client).out_maps.offset(0 as isize))).save_to_unmap as c_int != 0 { /* This page is save to unmap. The broker already reads or read it. */ - afl_shmem_deinit(&mut *(*client).out_maps.offset(0 as c_int as isize)); + afl_shmem_deinit(&mut *(*client).out_maps.offset(0 as isize)); /* We remove at the start, move the other pages back. */ memmove( (*client).out_maps as *mut c_void, - (*client).out_maps.offset(1 as c_int as isize) as *const c_void, + (*client).out_maps.offset(1 as isize) as *const c_void, (*client) .out_map_count - .wrapping_sub(1 as c_int as c_ulong) + .wrapping_sub(1 as c_ulong) .wrapping_mul(::std::mem::size_of::() as c_ulong), ); (*client).out_map_count = (*client).out_map_count.wrapping_sub(1) @@ -1137,7 +1137,7 @@ pub unsafe fn llmp_client_recv_blocking(client: *mut llmp_client) -> *mut llmp_m != (if !(*client).last_msg_recvd.is_null() { (*(*client).last_msg_recvd).message_id } else { - 0 as c_int as c_uint + 0 as c_uint }) as c_ulong { let ret: *mut llmp_message = llmp_client_recv(client); @@ -1215,7 +1215,7 @@ pub unsafe fn llmp_client_cancel(client: *mut llmp_client, mut msg: *mut llmp_me let mut page: *mut llmp_page = shmem2page( &mut *(*client) .out_maps - .offset((*client).out_map_count.wrapping_sub(1 as c_int as c_ulong) as isize), + .offset((*client).out_map_count.wrapping_sub(1 as c_ulong) as isize), ); (*msg).tag = 0xdeadaf as c_uint; (*page).size_used = ((*page).size_used as c_ulong).wrapping_sub( @@ -1230,7 +1230,7 @@ pub unsafe fn llmp_client_send(mut client_state: *mut llmp_client, msg: *mut llm &mut *(*client_state).out_maps.offset( (*client_state) .out_map_count - .wrapping_sub(1 as c_int as c_ulong) as isize, + .wrapping_sub(1 as c_ulong) as isize, ), ); let ret: bool = llmp_send(page, msg); @@ -1241,11 +1241,11 @@ pub unsafe fn llmp_client_send(mut client_state: *mut llmp_client, msg: *mut llm /* Creates a new, unconnected, client state */ pub unsafe fn llmp_client_new_unconnected() -> *mut llmp_client { let mut client_state: *mut llmp_client = calloc( - 1 as c_int as c_ulong, + 1 as c_ulong, ::std::mem::size_of::() as c_ulong, ) as *mut llmp_client; (*client_state).current_broadcast_map = calloc( - 1 as c_int as c_ulong, + 1 as c_ulong, ::std::mem::size_of::() as c_ulong, ) as *mut afl_shmem; if (*client_state).current_broadcast_map.is_null() { @@ -1253,16 +1253,16 @@ pub unsafe fn llmp_client_new_unconnected() -> *mut llmp_client { } (*client_state).out_maps = afl_realloc( (*client_state).out_maps as *mut c_void, - (1 as c_int as c_ulong).wrapping_mul(::std::mem::size_of::() as c_ulong), + (1 as c_ulong).wrapping_mul(::std::mem::size_of::() as c_ulong), ) as *mut afl_shmem; if (*client_state).out_maps.is_null() { free((*client_state).current_broadcast_map as *mut c_void); free(client_state as *mut c_void); return 0 as *mut llmp_client; } - (*client_state).out_map_count = 1 as c_int as c_ulong; + (*client_state).out_map_count = 1 as c_ulong; if llmp_new_page_shmem( - &mut *(*client_state).out_maps.offset(0 as c_int as isize), + &mut *(*client_state).out_maps.offset(0 as isize), (*client_state).id as c_ulong, ((1 as c_int) << 28 as c_int) as c_ulong, ) @@ -1273,7 +1273,7 @@ pub unsafe fn llmp_client_new_unconnected() -> *mut llmp_client { free(client_state as *mut c_void); return 0 as *mut llmp_client; } - (*client_state).new_out_page_hook_count = 0 as c_int as c_ulong; + (*client_state).new_out_page_hook_count = 0 as c_ulong; (*client_state).new_out_page_hooks = 0 as *mut llmp_hookdata_generic; return client_state; } @@ -1286,10 +1286,10 @@ pub unsafe fn llmp_client_delete(mut client_state: *mut llmp_client) { } afl_free((*client_state).out_maps as *mut c_void); (*client_state).out_maps = 0 as *mut afl_shmem; - (*client_state).out_map_count = 0 as c_int as c_ulong; + (*client_state).out_map_count = 0 as c_ulong; afl_free((*client_state).new_out_page_hooks as *mut c_void); (*client_state).new_out_page_hooks = 0 as *mut llmp_hookdata_generic; - (*client_state).new_out_page_hook_count = 0 as c_int as c_ulong; + (*client_state).new_out_page_hook_count = 0 as c_ulong; afl_shmem_deinit((*client_state).current_broadcast_map); free((*client_state).current_broadcast_map as *mut c_void); (*client_state).current_broadcast_map = 0 as *mut afl_shmem; @@ -1354,13 +1354,13 @@ pub unsafe fn llmp_broker_register_childprocess_clientloop( &mut client_map as *mut afl_shmem as *const c_void, ::std::mem::size_of::() as c_ulong, ); - (*(*client).client_state).out_map_count = 1 as c_int as c_ulong; + (*(*client).client_state).out_map_count = 1 as c_ulong; /* Each client starts with the very first map. They should then iterate through all maps once and work on all old messages. */ (*(*client).client_state).current_broadcast_map = - &mut *(*broker).broadcast_maps.offset(0 as c_int as isize) as *mut afl_shmem; - (*(*client).client_state).out_map_count = 1 as c_int as c_ulong; + &mut *(*broker).broadcast_maps.offset(0 as isize) as *mut afl_shmem; + (*(*client).client_state).out_map_count = 1 as c_ulong; return Ok(()); } @@ -1376,12 +1376,12 @@ pub unsafe fn llmp_add_hook_generic( let hooks: *mut llmp_hookdata_generic = afl_realloc( *hooks_p as *mut c_void, hooks_count - .wrapping_add(1 as c_int as c_ulong) + .wrapping_add(1 as c_ulong) .wrapping_mul(::std::mem::size_of::() as c_ulong), ) as *mut llmp_hookdata_generic; if hooks.is_null() { *hooks_p = 0 as *mut llmp_hookdata_generic; - *hooks_count_p = 0 as c_int as c_ulong; + *hooks_count_p = 0 as c_ulong; return AFL_RET_ALLOC; } let ref mut fresh9 = (*hooks.offset(hooks_count as isize)).func; @@ -1389,7 +1389,7 @@ pub unsafe fn llmp_add_hook_generic( let ref mut fresh10 = (*hooks.offset(hooks_count as isize)).data; *fresh10 = new_hook_data; *hooks_p = hooks; - *hooks_count_p = hooks_count.wrapping_add(1 as c_int as c_ulong); + *hooks_count_p = hooks_count.wrapping_add(1 as c_ulong); return AFL_RET_SUCCESS; } /* Adds a hook that gets called in the client for each new outgoing page the client creates. */ @@ -1432,13 +1432,13 @@ pub unsafe fn llmp_broker_init(mut broker: *mut llmp_broker_state) -> Result<(), /* let's create some space for outgoing maps */ (*broker).broadcast_maps = afl_realloc( 0 as *mut c_void, - (1 as c_int as c_ulong).wrapping_mul(::std::mem::size_of::() as c_ulong), + (1 as c_ulong).wrapping_mul(::std::mem::size_of::() as c_ulong), ) as *mut afl_shmem; if (*broker).broadcast_maps.is_null() { return Err(AflError::Unknown("Alloc".into())); } - (*broker).broadcast_map_count = 1 as c_int as c_ulong; - (*broker).llmp_client_count = 0 as c_int as c_ulong; + (*broker).broadcast_map_count = 1 as c_ulong; + (*broker).llmp_client_count = 0 as c_ulong; (*broker).llmp_clients = 0 as *mut llmp_broker_client_metadata; if llmp_new_page_shmem( _llmp_broker_current_broadcast_map(broker), @@ -1455,12 +1455,12 @@ pub unsafe fn llmp_broker_init(mut broker: *mut llmp_broker_state) -> Result<(), /* Clean up the broker instance */ pub unsafe fn llmp_broker_deinit(mut broker: *mut llmp_broker_state) { let mut i: c_ulong; - i = 0 as c_int as c_ulong; + i = 0 as c_ulong; while i < (*broker).broadcast_map_count { afl_shmem_deinit(&mut *(*broker).broadcast_maps.offset(i as isize)); i = i.wrapping_add(1) } - i = 0 as c_int as c_ulong; + i = 0 as c_ulong; while i < (*broker).llmp_client_count { afl_shmem_deinit((*(*broker).llmp_clients.offset(i as isize)).cur_client_map); free((*(*broker).llmp_clients.offset(i as isize)).cur_client_map as *mut c_void); @@ -1468,7 +1468,7 @@ pub unsafe fn llmp_broker_deinit(mut broker: *mut llmp_broker_state) { // TODO: Properly clean up the client } afl_free((*broker).broadcast_maps as *mut c_void); - (*broker).broadcast_map_count = 0 as c_int as c_ulong; + (*broker).broadcast_map_count = 0 as c_ulong; afl_free((*broker).llmp_clients as *mut c_void); - (*broker).llmp_client_count = 0 as c_int as c_ulong; + (*broker).llmp_client_count = 0 as c_ulong; } From 57b4d1d84f1bc65afcf8fdff2a5f00a7851a0c2a Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 22 Nov 2020 04:49:00 +0100 Subject: [PATCH 9/9] rustifying --- llmp_test/src/main.rs | 4 +- src/events/llmp_translated.rs | 113 ++++++++++++++++------------------ 2 files changed, 54 insertions(+), 63 deletions(-) diff --git a/llmp_test/src/main.rs b/llmp_test/src/main.rs index cd2e150c65..80f777f65c 100644 --- a/llmp_test/src/main.rs +++ b/llmp_test/src/main.rs @@ -22,7 +22,7 @@ unsafe fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> size_of::(), ); (*llmp_message).tag = TAG_SIMPLE_U32_V1; - llmp_client_send(client, llmp_message); + llmp_client_send(client, llmp_message).unwrap(); thread::sleep(time::Duration::from_millis(100)); } @@ -68,7 +68,7 @@ unsafe fn test_adder_clientloop(client: *mut llmp_client, _data: *mut c_void) -> size_of::(), ); (*llmp_message).tag = TAG_MATH_RESULT_V1; - llmp_client_send(client, llmp_message); + llmp_client_send(client, llmp_message).unwrap(); last_result = current_result; } diff --git a/src/events/llmp_translated.rs b/src/events/llmp_translated.rs index 11350e76dc..07971b4507 100644 --- a/src/events/llmp_translated.rs +++ b/src/events/llmp_translated.rs @@ -264,14 +264,11 @@ pub unsafe fn llmp_msg_in_page(page: *mut llmp_page, msg: *mut llmp_message) -> /* allign to LLMP_ALIGNNMENT bytes */ #[inline] unsafe fn llmp_align(to_align: c_ulong) -> c_ulong { - if 64 as c_int == 0 as c_int - || to_align.wrapping_rem(64 as c_ulong) == 0 as c_int as c_ulong - { + if 64 as c_int == 0 as c_int || to_align.wrapping_rem(64 as c_ulong) == 0 as c_int as c_ulong { return to_align; } - return to_align.wrapping_add( - (64 as c_ulong).wrapping_sub(to_align.wrapping_rem(64 as c_int as c_ulong)), - ); + return to_align + .wrapping_add((64 as c_ulong).wrapping_sub(to_align.wrapping_rem(64 as c_int as c_ulong))); } /* In case we don't have enough space, make sure the next page will be large enough. For now, we want to have at least enough space to store 2 of the @@ -279,13 +276,12 @@ largest messages we encountered. */ #[inline] unsafe fn new_map_size(max_alloc: c_ulong) -> c_ulong { return next_pow2({ - let mut _a: c_ulong = - max_alloc - .wrapping_mul(2 as c_ulong) - .wrapping_add(llmp_align( - (::std::mem::size_of::() as c_ulong) - .wrapping_add(::std::mem::size_of::() as c_ulong), - )); + let mut _a: c_ulong = max_alloc + .wrapping_mul(2 as c_ulong) + .wrapping_add(llmp_align( + (::std::mem::size_of::() as c_ulong) + .wrapping_add(::std::mem::size_of::() as c_ulong), + )); let mut _b: c_ulong = ((1 as c_int) << 28 as c_int) as c_ulong; if _a > _b { _a @@ -298,10 +294,7 @@ unsafe fn new_map_size(max_alloc: c_ulong) -> c_ulong { * llmp_page->messages */ unsafe fn _llmp_page_init(mut page: *mut llmp_page, sender: u32, size: c_ulong) { (*page).sender = sender; - ::std::ptr::write_volatile( - &mut (*page).current_msg_id as *mut c_ulong, - 0 as c_ulong, - ); + ::std::ptr::write_volatile(&mut (*page).current_msg_id as *mut c_ulong, 0 as c_ulong); (*page).max_alloc_size = 0 as c_ulong; (*page).c_ulongotal = size; (*page).size_used = 0 as c_ulong; @@ -343,8 +336,7 @@ pub unsafe fn llmp_recv_blocking( ) -> *mut llmp_message { let mut current_msg_id: u32 = 0 as u32; if !last_msg.is_null() { - if (*last_msg).tag == 0xaf1e0f1 as c_uint - && llmp_msg_in_page(page, last_msg) as c_int != 0 + if (*last_msg).tag == 0xaf1e0f1 as c_uint && llmp_msg_in_page(page, last_msg) as c_int != 0 { panic!("BUG: full page passed to await_message_blocking or reset failed"); } @@ -512,7 +504,7 @@ pub unsafe fn llmp_alloc_next( After commiting, the msg shall no longer be altered! It will be read by the consuming threads (broker->clients or client->broker) */ -pub unsafe fn llmp_send(page: *mut llmp_page, msg: *mut llmp_message) -> bool { +pub unsafe fn llmp_send(page: *mut llmp_page, msg: *mut llmp_message) -> Result<(), AflError> { if (*msg).tag == 0xdeadaf as c_uint { panic!(format!( "No tag set on message with id {}", @@ -520,7 +512,10 @@ pub unsafe fn llmp_send(page: *mut llmp_page, msg: *mut llmp_message) -> bool { )); } if msg.is_null() || !llmp_msg_in_page(page, msg) { - return 0 as c_int != 0; + return Err(AflError::Unknown(format!( + "Llmp Message {:?} is null or not in current page", + msg + ))); } compiler_fence(Ordering::SeqCst); ::std::ptr::write_volatile( @@ -529,8 +524,9 @@ pub unsafe fn llmp_send(page: *mut llmp_page, msg: *mut llmp_message) -> bool { ); compiler_fence(Ordering::SeqCst); - return 1 as c_int != 0; + return Ok(()); } + #[inline] unsafe fn _llmp_broker_current_broadcast_map( broker_state: *mut llmp_broker_state, @@ -620,11 +616,14 @@ unsafe fn llmp_handle_out_eop( // We never sent a msg on the new buf */ *last_msg_p = 0 as *mut llmp_message; /* Send the last msg on the old buf */ - if !llmp_send(old_map, out) { - afl_free(maps as *mut c_void); - return 0 as *mut afl_shmem; + match llmp_send(old_map, out) { + Err(_e) => { + afl_free(maps as *mut c_void); + println!("Error sending message"); + 0 as *mut afl_shmem + } + Ok(_) => maps, } - return maps; } /* no more space left! We'll have to start a new page */ pub unsafe fn llmp_broker_handle_out_eop(mut broker: *mut llmp_broker_state) -> AflRet { @@ -702,10 +701,8 @@ unsafe fn llmp_broker_register_client( return 0 as *mut llmp_broker_client_metadata; } (*(*client).client_state).id = (*broker).llmp_client_count as u32; - (*client).cur_client_map = calloc( - 1 as c_ulong, - ::std::mem::size_of::() as c_ulong, - ) as *mut afl_shmem; + (*client).cur_client_map = + calloc(1 as c_ulong, ::std::mem::size_of::() as c_ulong) as *mut afl_shmem; if (*client).cur_client_map.is_null() { return 0 as *mut llmp_broker_client_metadata; } @@ -862,12 +859,11 @@ unsafe fn llmp_broker_handle_new_msgs( /* We need to replace the message ID with our own */ let out_page: *mut llmp_page = shmem2page(_llmp_broker_current_broadcast_map(broker)); - (*out).message_id = (*out_page) - .current_msg_id - .wrapping_add(1 as c_ulong) as u32; - if !llmp_send(out_page, out) { - panic!("Error sending msg"); - } + (*out).message_id = (*out_page).current_msg_id.wrapping_add(1 as c_ulong) as u32; + match llmp_send(out_page, out) { + Err(e) => panic!(format!("Error sending msg: {:?}", e)), + _ => (), + }; (*broker).last_msg_sent = out } } @@ -938,21 +934,19 @@ pub unsafe fn llmp_broker_launch_client( ) -> bool { if clientdata < (*broker).llmp_clients || clientdata - > &mut *(*broker).llmp_clients.offset( - (*broker) - .llmp_client_count - .wrapping_sub(1 as c_ulong) as isize, - ) as *mut llmp_broker_client_metadata + > &mut *(*broker) + .llmp_clients + .offset((*broker).llmp_client_count.wrapping_sub(1 as c_ulong) as isize) + as *mut llmp_broker_client_metadata { println!( "[!] WARNING: Illegal client specified at ptr {:?} (instead of {:?} to {:?})", clientdata, (*broker).llmp_clients, - &mut *(*broker).llmp_clients.offset( - (*broker) - .llmp_client_count - .wrapping_sub(1 as c_ulong) as isize, - ) as *mut llmp_broker_client_metadata, + &mut *(*broker) + .llmp_clients + .offset((*broker).llmp_client_count.wrapping_sub(1 as c_ulong) as isize,) + as *mut llmp_broker_client_metadata, ); return 0 as c_int != 0; } @@ -1023,9 +1017,7 @@ unsafe fn llmp_client_prune_old_pages(mut client: *mut llmp_client) { .map; /* look for pages that are save_to_unmap, then unmap them. */ while (*(*client).out_maps.offset(0 as isize)).map != current_map - && (*shmem2page(&mut *(*client).out_maps.offset(0 as isize))).save_to_unmap - as c_int - != 0 + && (*shmem2page(&mut *(*client).out_maps.offset(0 as isize))).save_to_unmap as c_int != 0 { /* This page is save to unmap. The broker already reads or read it. */ afl_shmem_deinit(&mut *(*client).out_maps.offset(0 as isize)); @@ -1225,17 +1217,18 @@ pub unsafe fn llmp_client_cancel(client: *mut llmp_client, mut msg: *mut llmp_me ) as c_ulong; } /* Commits a msg to the client's out ringbuf */ -pub unsafe fn llmp_client_send(mut client_state: *mut llmp_client, msg: *mut llmp_message) -> bool { +pub unsafe fn llmp_client_send( + mut client_state: *mut llmp_client, + msg: *mut llmp_message, +) -> Result<(), AflError> { let page: *mut llmp_page = shmem2page( - &mut *(*client_state).out_maps.offset( - (*client_state) - .out_map_count - .wrapping_sub(1 as c_ulong) as isize, - ), + &mut *(*client_state) + .out_maps + .offset((*client_state).out_map_count.wrapping_sub(1) as isize), ); - let ret: bool = llmp_send(page, msg); + llmp_send(page, msg)?; (*client_state).last_msg_sent = msg; - return ret; + Ok(()) } /* Creates a new, unconnected, client state */ @@ -1244,10 +1237,8 @@ pub unsafe fn llmp_client_new_unconnected() -> *mut llmp_client { 1 as c_ulong, ::std::mem::size_of::() as c_ulong, ) as *mut llmp_client; - (*client_state).current_broadcast_map = calloc( - 1 as c_ulong, - ::std::mem::size_of::() as c_ulong, - ) as *mut afl_shmem; + (*client_state).current_broadcast_map = + calloc(1 as c_ulong, ::std::mem::size_of::() as c_ulong) as *mut afl_shmem; if (*client_state).current_broadcast_map.is_null() { return 0 as *mut llmp_client; }