diff --git a/afl/llmp_test/src/main.rs b/afl/llmp_test/src/main.rs index b3f39b9b54..ed852b990f 100644 --- a/afl/llmp_test/src/main.rs +++ b/afl/llmp_test/src/main.rs @@ -13,40 +13,40 @@ use afl::events::llmp_translated::*; const TAG_SIMPLE_U32_V1: u32 = 0x51300321; const TAG_MATH_RESULT_V1: u32 = 0x77474331; -unsafe fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { +unsafe fn llmp_test_clientloop(client: *mut LlmpClient, _data: *mut c_void) -> ! { let mut counter: u32 = 0; loop { counter += 1; - let llmp_message = llmp_client_alloc_next(client, size_of::()); + let msg = llmp_client_alloc_next(client, size_of::()); core::ptr::copy( counter.to_be_bytes().as_ptr(), - (*llmp_message).buf.as_mut_ptr(), + (*msg).buf.as_mut_ptr(), size_of::(), ); - (*llmp_message).tag = TAG_SIMPLE_U32_V1; - llmp_client_send(client, llmp_message).unwrap(); + (*msg).tag = TAG_SIMPLE_U32_V1; + llmp_client_send(client, msg).unwrap(); thread::sleep(time::Duration::from_millis(100)); } } -unsafe fn u32_from_msg(message: *const llmp_message) -> u32 { +unsafe fn u32_from_msg(msg: *const LlmpMsg) -> u32 { u32::from_be_bytes( - alloc::slice::from_raw_parts((*message).buf.as_ptr(), size_of::()) + alloc::slice::from_raw_parts((*msg).buf.as_ptr(), size_of::()) .try_into() .unwrap(), ) } -unsafe fn test_adder_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! { +unsafe fn test_adder_clientloop(client: *mut LlmpClient, _data: *mut c_void) -> ! { let mut last_result: u32 = 0; let mut current_result: u32 = 0; loop { let mut msg_counter = 0; loop { let last_msg = llmp_client_recv(client); - if last_msg == 0 as *mut llmp_message { + if last_msg == 0 as *mut LlmpMsg { break; } msg_counter += 1; @@ -64,14 +64,14 @@ unsafe fn test_adder_clientloop(client: *mut llmp_client, _data: *mut c_void) -> msg_counter, current_result ); - let llmp_message = llmp_client_alloc_next(client, size_of::()); + let msg = llmp_client_alloc_next(client, size_of::()); core::ptr::copy( current_result.to_be_bytes().as_ptr(), - (*llmp_message).buf.as_mut_ptr(), + (*msg).buf.as_mut_ptr(), size_of::(), ); - (*llmp_message).tag = TAG_MATH_RESULT_V1; - llmp_client_send(client, llmp_message).unwrap(); + (*msg).tag = TAG_MATH_RESULT_V1; + llmp_client_send(client, msg).unwrap(); last_result = current_result; } @@ -81,10 +81,10 @@ unsafe fn test_adder_clientloop(client: *mut llmp_client, _data: *mut c_void) -> unsafe fn broker_message_hook( _broker: *mut LlmpBroker, - client_metadata: *mut llmp_broker_client_metadata, - message: *mut llmp_message, + client_metadata: *mut LlmpBrokerClientMetadata, + message: *mut LlmpMsg, _data: *mut c_void, -) -> LlmpMessageHookResult { +) -> LlmpMsgHookResult { match (*message).tag { TAG_SIMPLE_U32_V1 => { println!( @@ -92,18 +92,18 @@ unsafe fn broker_message_hook( (*client_metadata).pid, u32_from_msg(message) ); - LlmpMessageHookResult::ForwardToClients + LlmpMsgHookResult::ForwardToClients } TAG_MATH_RESULT_V1 => { println!( "Adder Client has this current result: {:?}", u32_from_msg(message) ); - LlmpMessageHookResult::Handled + LlmpMsgHookResult::Handled } _ => { println!("Unknwon message id received!"); - LlmpMessageHookResult::ForwardToClients + LlmpMsgHookResult::ForwardToClients } } } diff --git a/afl/src/events/llmp.rs b/afl/src/events/llmp.rs index 3d14aa7a45..f6adf68eab 100644 --- a/afl/src/events/llmp.rs +++ b/afl/src/events/llmp.rs @@ -1,15 +1,63 @@ use core::marker::PhantomData; -use std::ptr; +use core::ptr; +use std::{ffi::c_void, io::Read, io::Write, net::TcpListener}; use crate::{ corpus::Corpus, engines::State, executors::Executor, inputs::Input, utils::Rand, AflError, }; use super::{ - llmp_translated::{LlmpBroker, LlmpClientloopFn, LlmpMessageHookFn}, + llmp_translated::{LlmpBroker, LlmpClient, LlmpClientloopFn, LlmpMsgHookFn}, Event, EventManager, }; +pub unsafe fn llmp_tcp_server_clientloop(client: *mut LlmpClient, _data: *mut c_void) -> ! { + // Later in the execution, after the initial map filled up, + // the current broacast map will will point to a different map. + // However, the original map is (as of now) never freed, new clients will start + // to read from the initial map id. + let initial_broadcasts_map_str = client + .as_ref() + .unwrap() + .current_broadcast_map + .as_ref() + .unwrap() + .shm_str; + + let listener = TcpListener::bind("0.0.0.0:3333").unwrap(); + // accept connections and process them, spawning a new thread for each one + println!("Server listening on port 3333"); + loop { + let (mut stream, addr) = match listener.accept() { + Ok(res) => res, + Err(e) => { + dbg!("Ignoring failed accept", e); + continue; + } + }; + dbg!("New connection", addr, stream.peer_addr().unwrap()); + match stream.write(&initial_broadcasts_map_str as &[u8]) { + Ok(_) => {} // fire & forget + Err(e) => { + dbg!("Could not send to shmap to client", e); + continue; + } + }; + let mut new_client_map_str: [u8; 20] = Default::default(); + let map_str_len = match stream.read(&mut new_client_map_str) { + Ok(res) => res, + Err(e) => { + dbg!("Ignoring failed read from client", e); + continue; + } + }; + if map_str_len < 20 { + dbg!("Didn't receive a complete shmap id str from client. Ignoring."); + continue; + } + } +} + /// Eventmanager for multi-processed application #[cfg(feature = "std")] pub struct LLMPEventManager @@ -40,7 +88,7 @@ where true } - fn fire(&mut self, event: Event) -> Result<(), AflError> { + fn fire(&mut self, _event: Event) -> Result<(), AflError> { //self.events.push(event); // TODO: Serde serialize, llmp send @@ -48,7 +96,7 @@ where Ok(()) } - fn process(&mut self, state: &mut S, corpus: &mut C) -> Result { + fn process(&mut self, _state: &mut S, _corpus: &mut C) -> Result { // TODO: iterators /* let mut handled = vec![]; @@ -90,7 +138,7 @@ where /// Forks n processes, calls broker handler and client handlers, never returns. pub fn spawn( process_count: usize, - broker_message_hook: LlmpMessageHookFn, + broker_message_hook: LlmpMsgHookFn, clientloops: LlmpClientloopFn, ) -> ! { unsafe { diff --git a/afl/src/events/llmp_translated.rs b/afl/src/events/llmp_translated.rs index 96538e17ab..4a869b17b8 100644 --- a/afl/src/events/llmp_translated.rs +++ b/afl/src/events/llmp_translated.rs @@ -54,12 +54,12 @@ use core::ffi::c_void; use core::ptr; use core::sync::atomic::{compiler_fence, Ordering}; use libc::{c_int, c_uint, c_ulong, c_ushort}; -use std::ffi::CStr; +use std::{ffi::CStr, os::raw::c_char}; use crate::utils::next_pow2; use crate::AflError; -use super::shmem_translated::{afl_shmem, afl_shmem_by_str, afl_shmem_deinit, afl_shmem_init}; +use super::shmem_translated::{afl_shmem_by_str, afl_shmem_deinit, afl_shmem_init, AflShmem}; extern "C" { #[no_mangle] @@ -88,7 +88,7 @@ pub const AFL_RET_SUCCESS: AflRet = 0; * arithmetics */ #[derive(Copy, Clone)] #[repr(C)] -pub struct afl_alloc_buf { +pub struct AflAllocBuf { pub complete_size: c_ulong, pub magic: c_ulong, pub buf: [u8; 0], @@ -96,27 +96,27 @@ pub struct afl_alloc_buf { #[derive(Clone)] #[repr(C)] -pub struct llmp_client { +pub struct LlmpClient { pub id: u32, - pub last_msg_recvd: *mut llmp_message, - pub current_broadcast_map: *mut afl_shmem, - pub last_msg_sent: *mut llmp_message, + pub last_msg_recvd: *mut LlmpMsg, + pub current_broadcast_map: *mut AflShmem, + pub last_msg_sent: *mut LlmpMsg, pub out_map_count: c_ulong, - pub out_maps: *mut afl_shmem, + pub out_maps: *mut AflShmem, pub new_out_page_hook_count: c_ulong, - pub new_out_page_hooks: *mut llmp_hookdata_generic, + pub new_out_page_hooks: *mut LlmpHookdataGeneric, } #[derive(Copy, Clone)] #[repr(C)] -pub struct llmp_hookdata_generic { +pub struct LlmpHookdataGeneric { pub func: *mut c_void, pub data: *mut c_void, } #[derive(Copy, Clone)] #[repr(C, packed)] -pub struct llmp_message { +pub struct LlmpMsg { pub tag: c_uint, pub sender: c_uint, pub message_id: c_uint, @@ -128,29 +128,29 @@ pub struct llmp_message { #[derive(Clone)] #[repr(C)] pub struct LlmpBroker { - pub last_msg_sent: *mut llmp_message, + pub last_msg_sent: *mut LlmpMsg, pub broadcast_map_count: c_ulong, - pub broadcast_maps: *mut afl_shmem, + pub broadcast_maps: *mut AflShmem, pub msg_hook_count: c_ulong, - pub msg_hooks: *mut llmp_hookdata_generic, + pub msg_hooks: *mut LlmpHookdataGeneric, pub llmp_client_count: c_ulong, - pub llmp_clients: *mut llmp_broker_client_metadata, + pub llmp_clients: *mut LlmpBrokerClientMetadata, } #[derive(Copy, Clone)] #[repr(C)] -pub struct llmp_broker_client_metadata { +pub struct LlmpBrokerClientMetadata { pub client_type: LlmpClientType, - pub client_state: *mut llmp_client, - pub cur_client_map: *mut afl_shmem, - pub last_msg_broker_read: *mut llmp_message, + pub client_state: *mut LlmpClient, + pub cur_client_map: *mut AflShmem, + pub last_msg_broker_read: *mut LlmpMsg, pub pid: c_int, pub clientloop: Option, pub data: *mut c_void, } /// The client loop, running for each spawned client -pub type LlmpClientloopFn = unsafe fn(_: *mut llmp_client, _: *mut c_void) -> !; +pub type LlmpClientloopFn = unsafe fn(client: *mut LlmpClient, data: *mut c_void) -> !; /// Client type enum (TODO: Enumize) type LlmpClientType = c_uint; @@ -160,7 +160,7 @@ const LLMP_CLIENT_TYPE_CHILD_PROCESS: LlmpClientType = 2; /// A share mem page, as used by llmp internally #[derive(Copy, Clone)] #[repr(C, packed)] -pub struct llmp_page { +pub struct LlmpPage { pub sender: u32, pub save_to_unmap: c_ushort, pub sender_dead: c_ushort, @@ -168,11 +168,11 @@ pub struct llmp_page { pub c_ulongotal: c_ulong, pub size_used: c_ulong, pub max_alloc_size: c_ulong, - pub messages: [llmp_message; 0], + pub messages: [LlmpMsg; 0], } /// Result of an LLMP Mesasge hook -pub enum LlmpMessageHookResult { +pub enum LlmpMsgHookResult { /// This has been handled in the broker. No need to forward. Handled, /// Forward this to the clients. We are not done here. @@ -180,31 +180,31 @@ pub enum LlmpMessageHookResult { } /// Message Hook -pub type LlmpMessageHookFn = unsafe fn( +pub type LlmpMsgHookFn = unsafe fn( _: *mut LlmpBroker, - _: *mut llmp_broker_client_metadata, - _: *mut llmp_message, + _: *mut LlmpBrokerClientMetadata, + _: *mut LlmpMsg, _: *mut c_void, -) -> LlmpMessageHookResult; +) -> LlmpMsgHookResult; /// Hook that gets called for each new page, created by LLMP pub type LlmpClientNewPageHookFn = - unsafe fn(_: *mut llmp_client, _: *mut llmp_page, _: *mut c_void) -> (); + unsafe fn(_: *mut LlmpClient, _: *mut LlmpPage, _: *mut c_void) -> (); /// Message payload when a client got added LLMP_TAG_CLIENT_ADDED_V1 */ /// This is an internal message! /// LLMP_TAG_NEW_PAGE_V1 #[derive(Copy, Clone)] #[repr(C, packed)] -struct llmp_payload_new_page { +struct LlmpPayloadNewPage { pub map_size: c_ulong, pub shm_str: [u8; 20], } /// Returs the container element to this ptr #[inline] -unsafe fn afl_alloc_bufptr(buf: *mut c_void) -> *mut afl_alloc_buf { - return (buf as *mut u8).offset(-(16 as c_ulong as isize)) as *mut afl_alloc_buf; +unsafe fn afl_alloc_bufptr(buf: *mut c_void) -> *mut AflAllocBuf { + return (buf as *mut u8).offset(-(16 as c_ulong as isize)) as *mut AflAllocBuf; } /// Optimized realloc wrapper, taken over from AFL. @@ -215,7 +215,7 @@ unsafe fn afl_alloc_bufptr(buf: *mut c_void) -> *mut afl_alloc_buf { /// @return For convenience, this function returns *buf. /// Will return NULL and free *buf if size_needed is <1 or realloc failed. unsafe fn afl_realloc(buf: *mut c_void, mut size_needed: c_ulong) -> *mut c_void { - let mut new_buf: *mut afl_alloc_buf = 0 as *mut afl_alloc_buf; + let mut new_buf: *mut AflAllocBuf = 0 as *mut AflAllocBuf; let mut current_size: c_ulong = 0 as c_ulong; let mut next_size: c_ulong; if !buf.is_null() { @@ -247,7 +247,7 @@ unsafe fn afl_realloc(buf: *mut c_void, mut size_needed: c_ulong) -> *mut c_void } } /* alloc */ - new_buf = realloc(new_buf as *mut c_void, next_size) as *mut afl_alloc_buf; + new_buf = realloc(new_buf as *mut c_void, next_size) as *mut AflAllocBuf; if new_buf.is_null() { return 0 as *mut c_void; } @@ -264,11 +264,11 @@ unsafe fn afl_free(buf: *mut c_void) { }; } #[inline] -unsafe fn shmem2page(afl_shmem: *mut afl_shmem) -> *mut llmp_page { - return (*afl_shmem).map as *mut llmp_page; +unsafe fn shmem2page(afl_shmem: *mut AflShmem) -> *mut LlmpPage { + return (*afl_shmem).map as *mut LlmpPage; } /* If a msg is contained in the current page */ -unsafe fn llmp_msg_in_page(page: *mut llmp_page, msg: *mut llmp_message) -> bool { +unsafe fn llmp_msg_in_page(page: *mut LlmpPage, msg: *mut LlmpMsg) -> bool { /* DBG("llmp_msg_in_page %p within %p-%p\n", msg, page, page + page->c_ulongotal); */ return (page as *mut u8) < msg as *mut u8 && (page as *mut u8).offset((*page).c_ulongotal as isize) > msg as *mut u8; @@ -291,8 +291,8 @@ unsafe fn new_map_size(max_alloc: c_ulong) -> c_ulong { let mut _a: c_ulong = max_alloc .wrapping_mul(2 as c_ulong) .wrapping_add(llmp_align( - (::std::mem::size_of::() as c_ulong) - .wrapping_add(::std::mem::size_of::() as c_ulong), + (::std::mem::size_of::() as c_ulong) + .wrapping_add(::std::mem::size_of::() as c_ulong), )); let mut _b: c_ulong = ((1 as c_int) << 28 as c_int) as c_ulong; if _a > _b { @@ -304,7 +304,7 @@ unsafe fn new_map_size(max_alloc: c_ulong) -> c_ulong { } /* Initialize a new llmp_page. size should be relative to * llmp_page->messages */ -unsafe fn _llmp_page_init(mut page: *mut llmp_page, sender: u32, size: c_ulong) { +unsafe fn _llmp_page_init(mut page: *mut LlmpPage, sender: u32, size: c_ulong) { (*page).sender = sender; ::std::ptr::write_volatile(&mut (*page).current_msg_id as *mut c_ulong, 0 as c_ulong); (*page).max_alloc_size = 0 as c_ulong; @@ -317,35 +317,32 @@ unsafe fn _llmp_page_init(mut page: *mut llmp_page, sender: u32, size: c_ulong) } /* Pointer to the message behind the last message */ #[inline] -unsafe fn _llmp_next_msg_ptr(last_msg: *mut llmp_message) -> *mut llmp_message { +unsafe fn _llmp_next_msg_ptr(last_msg: *mut LlmpMsg) -> *mut LlmpMsg { /* DBG("_llmp_next_msg_ptr %p %lu + %lu\n", last_msg, last_msg->buf_len_padded, sizeof(llmp_message)); */ return (last_msg as *mut u8) - .offset(::std::mem::size_of::() as isize) - .offset((*last_msg).buf_len_padded as isize) as *mut llmp_message; + .offset(::std::mem::size_of::() as isize) + .offset((*last_msg).buf_len_padded as isize) as *mut LlmpMsg; } /* Read next message. */ -unsafe fn llmp_recv(page: *mut llmp_page, last_msg: *mut llmp_message) -> *mut llmp_message { +unsafe fn llmp_recv(page: *mut LlmpPage, last_msg: *mut LlmpMsg) -> *mut LlmpMsg { /* DBG("llmp_recv %p %p\n", page, last_msg); */ compiler_fence(Ordering::SeqCst); if (*page).current_msg_id == 0 { /* No messages yet */ - return 0 as *mut llmp_message; + return 0 as *mut LlmpMsg; } else if last_msg.is_null() { /* We never read a message from this queue. Return first. */ return (*page).messages.as_mut_ptr(); } else if (*last_msg).message_id as c_ulong == (*page).current_msg_id { /* Oops! No new message! */ - return 0 as *mut llmp_message; + return 0 as *mut LlmpMsg; } else { return _llmp_next_msg_ptr(last_msg); }; } /* Blocks/spins until the next message gets posted to the page, then returns that message. */ -pub unsafe fn llmp_recv_blocking( - page: *mut llmp_page, - last_msg: *mut llmp_message, -) -> *mut llmp_message { +pub unsafe fn llmp_recv_blocking(page: *mut LlmpPage, last_msg: *mut LlmpMsg) -> *mut LlmpMsg { let mut current_msg_id: u32 = 0 as u32; if !last_msg.is_null() { if (*last_msg).tag == 0xaf1e0f1 as c_uint && llmp_msg_in_page(page, last_msg) as c_int != 0 @@ -357,7 +354,7 @@ pub unsafe fn llmp_recv_blocking( loop { compiler_fence(Ordering::SeqCst); if (*page).current_msg_id != current_msg_id as c_ulong { - let ret: *mut llmp_message = llmp_recv(page, last_msg); + let ret: *mut LlmpMsg = llmp_recv(page, last_msg); if ret.is_null() { panic!("BUG: blocking llmp message should never be NULL"); } @@ -370,19 +367,16 @@ pub unsafe fn llmp_recv_blocking( So if llmp_alloc_next fails, create new page if necessary, use this function, place EOP, commit EOP, reset, alloc again on the new space. */ -unsafe fn llmp_alloc_eop( - mut page: *mut llmp_page, - mut last_msg: *mut llmp_message, -) -> *mut llmp_message { +unsafe fn llmp_alloc_eop(mut page: *mut LlmpPage, mut last_msg: *mut LlmpMsg) -> *mut LlmpMsg { if (*page).size_used.wrapping_add(llmp_align( - (::std::mem::size_of::() as c_ulong) - .wrapping_add(::std::mem::size_of::() as c_ulong), + (::std::mem::size_of::() as c_ulong) + .wrapping_add(::std::mem::size_of::() as c_ulong), )) > (*page).c_ulongotal { panic!(format!("PROGRAM ABORT : BUG: EOP does not fit in page! page {:?}, size_current {:?}, c_ulongotal {:?}", page, (*page).size_used, (*page).c_ulongotal)); } - let mut ret: *mut llmp_message = if !last_msg.is_null() { + let mut ret: *mut LlmpMsg = if !last_msg.is_null() { _llmp_next_msg_ptr(last_msg) } else { (*page).messages.as_mut_ptr() @@ -390,7 +384,7 @@ unsafe fn llmp_alloc_eop( if (*ret).tag == 0xa143af11 as c_uint { panic!("Did not call send() on last message!"); } - (*ret).buf_len_padded = ::std::mem::size_of::() as c_ulong; + (*ret).buf_len_padded = ::std::mem::size_of::() as c_ulong; (*ret).message_id = if !last_msg.is_null() { (*last_msg).message_id = ((*last_msg).message_id as c_uint).wrapping_add(1 as c_int as c_uint) as u32 as u32; @@ -400,8 +394,8 @@ unsafe fn llmp_alloc_eop( }; (*ret).tag = 0xaf1e0f1 as u32; (*page).size_used = ((*page).size_used as c_ulong).wrapping_add(llmp_align( - (::std::mem::size_of::() as c_ulong) - .wrapping_add(::std::mem::size_of::() as c_ulong), + (::std::mem::size_of::() as c_ulong) + .wrapping_add(::std::mem::size_of::() as c_ulong), )) as c_ulong; return ret; } @@ -410,13 +404,13 @@ Never call alloc_next without either sending or cancelling the last allocated me There can only ever be up to one message allocated per page at each given time. */ unsafe fn llmp_alloc_next( - mut page: *mut llmp_page, - last_msg: *mut llmp_message, + mut page: *mut LlmpPage, + last_msg: *mut LlmpMsg, buf_len: c_ulong, -) -> *mut llmp_message { +) -> *mut LlmpMsg { let mut buf_len_padded: c_ulong = buf_len; let mut complete_msg_size: c_ulong = - llmp_align((::std::mem::size_of::() as c_ulong).wrapping_add(buf_len_padded)); + llmp_align((::std::mem::size_of::() as c_ulong).wrapping_add(buf_len_padded)); /* DBG("XXX complete_msg_size %lu (h: %lu)\n", complete_msg_size, sizeof(llmp_message)); */ /* In case we don't have enough space, make sure the next page will be large * enough */ @@ -429,7 +423,7 @@ unsafe fn llmp_alloc_next( _b } }; - let mut ret: *mut llmp_message; + let mut ret: *mut LlmpMsg; /* DBG("last_msg %p %d (%d)\n", last_msg, last_msg ? (int)last_msg->tag : -1, (int)LLMP_TAG_END_OF_PAGE_V1); */ if last_msg.is_null() || (*last_msg).tag == 0xaf1e0f1 as c_uint { /* We start fresh */ @@ -440,9 +434,9 @@ unsafe fn llmp_alloc_next( let base_addr: c_ulong = ret as c_ulong; buf_len_padded = llmp_align(base_addr.wrapping_add(complete_msg_size)) .wrapping_sub(base_addr) - .wrapping_sub(::std::mem::size_of::() as c_ulong); + .wrapping_sub(::std::mem::size_of::() as c_ulong); complete_msg_size = - buf_len_padded.wrapping_add(::std::mem::size_of::() as c_ulong); + buf_len_padded.wrapping_add(::std::mem::size_of::() as c_ulong); /* DBG("XXX complete_msg_size NEW %lu\n", complete_msg_size); */ /* Still space for the new message plus the additional "we're full" message? */ @@ -450,13 +444,13 @@ unsafe fn llmp_alloc_next( .size_used .wrapping_add(complete_msg_size) .wrapping_add(llmp_align( - (::std::mem::size_of::() as c_ulong) - .wrapping_add(::std::mem::size_of::() as c_ulong), + (::std::mem::size_of::() as c_ulong) + .wrapping_add(::std::mem::size_of::() as c_ulong), )) > (*page).c_ulongotal { /* We're full. */ - return 0 as *mut llmp_message; + return 0 as *mut LlmpMsg; } /* We need to start with 1 for ids, as current message id is initialized * with 0... */ @@ -470,22 +464,22 @@ unsafe fn llmp_alloc_next( panic!(format!("BUG: The current message never got commited using llmp_send! (page->current_msg_id {:?}, last_msg->message_id: {})", (*page).current_msg_id, (*last_msg).message_id)); } else { buf_len_padded = - complete_msg_size.wrapping_sub(::std::mem::size_of::() as c_ulong); + complete_msg_size.wrapping_sub(::std::mem::size_of::() as c_ulong); /* DBG("XXX ret %p id %u buf_len_padded %lu complete_msg_size %lu\n", ret, ret->message_id, buf_len_padded, * complete_msg_size); */ if (*page) .size_used .wrapping_add(complete_msg_size) .wrapping_add(llmp_align( - (::std::mem::size_of::() as c_ulong) - .wrapping_add(::std::mem::size_of::() as c_ulong), + (::std::mem::size_of::() as c_ulong) + .wrapping_add(::std::mem::size_of::() as c_ulong), )) > (*page).c_ulongotal { /* Still space for the new message plus the additional "we're full" message? */ /* We're full. */ - return 0 as *mut llmp_message; + return 0 as *mut LlmpMsg; } ret = _llmp_next_msg_ptr(last_msg); (*ret).message_id = (*last_msg).message_id.wrapping_add(1 as c_uint) @@ -516,7 +510,7 @@ unsafe fn llmp_alloc_next( After commiting, the msg shall no longer be altered! It will be read by the consuming threads (broker->clients or client->broker) */ -unsafe fn llmp_send(page: *mut llmp_page, msg: *mut llmp_message) -> Result<(), AflError> { +unsafe fn llmp_send(page: *mut LlmpPage, msg: *mut LlmpMsg) -> Result<(), AflError> { if (*msg).tag == 0xdeadaf as c_uint { panic!(format!( "No tag set on message with id {}", @@ -540,20 +534,20 @@ unsafe fn llmp_send(page: *mut llmp_page, msg: *mut llmp_message) -> Result<(), } #[inline] -unsafe fn _llmp_broker_current_broadcast_map(broker_state: *mut LlmpBroker) -> *mut afl_shmem { +unsafe fn _llmp_broker_current_broadcast_map(broker_state: *mut LlmpBroker) -> *mut AflShmem { return &mut *(*broker_state).broadcast_maps.offset( (*broker_state) .broadcast_map_count .wrapping_sub(1 as c_ulong) as isize, - ) as *mut afl_shmem; + ) as *mut AflShmem; } /* create a new shard page. Size_requested will be the min size, you may get a * larger map. Retruns NULL on error. */ unsafe fn llmp_new_page_shmem( - uninited_afl_shmem: *mut afl_shmem, + uninited_shmem: *mut AflShmem, sender: c_ulong, size_requested: c_ulong, -) -> *mut llmp_page { +) -> *mut LlmpPage { let size: c_ulong = next_pow2({ let mut _a: c_ulong = size_requested.wrapping_add(40 as c_ulong); let mut _b: c_ulong = ((1 as c_int) << 28 as c_int) as c_ulong; @@ -563,43 +557,39 @@ unsafe fn llmp_new_page_shmem( _b } }); - if afl_shmem_init(uninited_afl_shmem, size).is_null() { - return 0 as *mut llmp_page; + if afl_shmem_init(uninited_shmem, size).is_null() { + return 0 as *mut LlmpPage; } - _llmp_page_init( - shmem2page(uninited_afl_shmem), - sender as u32, - size_requested, - ); - return shmem2page(uninited_afl_shmem); + _llmp_page_init(shmem2page(uninited_shmem), sender as u32, size_requested); + return shmem2page(uninited_shmem); } /* This function handles EOP by creating a new shared page and informing the listener about it using a EOP message. */ unsafe fn llmp_handle_out_eop( - mut maps: *mut afl_shmem, + mut maps: *mut AflShmem, map_count_p: *mut c_ulong, - last_msg_p: *mut *mut llmp_message, -) -> *mut afl_shmem { + last_msg_p: *mut *mut LlmpMsg, +) -> *mut AflShmem { let map_count: u32 = *map_count_p as u32; - let mut old_map: *mut llmp_page = + let mut old_map: *mut LlmpPage = shmem2page(&mut *maps.offset(map_count.wrapping_sub(1 as c_uint) as isize)); maps = afl_realloc( maps as *mut c_void, (map_count.wrapping_add(1 as c_uint) as c_ulong) - .wrapping_mul(::std::mem::size_of::() as c_ulong), - ) as *mut afl_shmem; + .wrapping_mul(::std::mem::size_of::() as c_ulong), + ) as *mut AflShmem; if maps.is_null() { - return 0 as *mut afl_shmem; + return 0 as *mut AflShmem; } /* Broadcast a new, large enough, message. Also sorry for that c ptr stuff! */ - let mut new_map: *mut llmp_page = llmp_new_page_shmem( + let mut new_map: *mut LlmpPage = llmp_new_page_shmem( &mut *maps.offset(map_count as isize), (*old_map).sender as c_ulong, new_map_size((*old_map).max_alloc_size), ); if new_map.is_null() { afl_free(maps as *mut c_void); - return 0 as *mut afl_shmem; + return 0 as *mut AflShmem; } /* Realloc may have changed the location of maps_p (and old_map) in memory :/ */ @@ -612,10 +602,10 @@ unsafe fn llmp_handle_out_eop( (*new_map).max_alloc_size = (*old_map).max_alloc_size; /* On the old map, place a last message linking to the new map for the clients * to consume */ - let mut out: *mut llmp_message = llmp_alloc_eop(old_map, *last_msg_p); + let mut out: *mut LlmpMsg = llmp_alloc_eop(old_map, *last_msg_p); (*out).sender = (*old_map).sender; - let mut new_page_msg: *mut llmp_payload_new_page = - (*out).buf.as_mut_ptr() as *mut llmp_payload_new_page; + let mut new_page_msg: *mut LlmpPayloadNewPage = + (*out).buf.as_mut_ptr() as *mut LlmpPayloadNewPage; /* copy the infos to the message we're going to send on the old buf */ (*new_page_msg).map_size = (*maps.offset(map_count as isize)).map_size; memcpy( @@ -624,13 +614,13 @@ unsafe fn llmp_handle_out_eop( 20 as c_ulong, ); // We never sent a msg on the new buf */ - *last_msg_p = 0 as *mut llmp_message; + *last_msg_p = 0 as *mut LlmpMsg; /* Send the last msg on the old buf */ match llmp_send(old_map, out) { Err(_e) => { afl_free(maps as *mut c_void); println!("Error sending message"); - 0 as *mut afl_shmem + 0 as *mut AflShmem } Ok(_) => maps, } @@ -648,9 +638,9 @@ pub unsafe fn llmp_broker_handle_out_eop(broker: *mut LlmpBroker) -> AflRet { AFL_RET_ALLOC } as AflRet; } -pub unsafe fn llmp_broker_alloc_next(broker: *mut LlmpBroker, len: c_ulong) -> *mut llmp_message { - let mut broadcast_page: *mut llmp_page = shmem2page(_llmp_broker_current_broadcast_map(broker)); - let mut out: *mut llmp_message = llmp_alloc_next(broadcast_page, (*broker).last_msg_sent, len); +pub unsafe fn llmp_broker_alloc_next(broker: *mut LlmpBroker, len: c_ulong) -> *mut LlmpMsg { + let mut broadcast_page: *mut LlmpPage = shmem2page(_llmp_broker_current_broadcast_map(broker)); + let mut out: *mut LlmpMsg = llmp_alloc_next(broadcast_page, (*broker).last_msg_sent, len); if out.is_null() { /* no more space left! We'll have to start a new page */ let ret: AflRet = llmp_broker_handle_out_eop(broker); @@ -696,40 +686,38 @@ impl LlmpBroker { &mut self, shm_str: &CStr, map_size: c_ulong, - ) -> *mut llmp_broker_client_metadata { + ) -> *mut LlmpBrokerClientMetadata { /* make space for a new client and calculate its id */ self.llmp_clients = afl_realloc( self.llmp_clients as *mut c_void, self.llmp_client_count .wrapping_add(1 as c_ulong) - .wrapping_mul(::std::mem::size_of::() as c_ulong), - ) as *mut llmp_broker_client_metadata; + .wrapping_mul(::std::mem::size_of::() as c_ulong), + ) as *mut LlmpBrokerClientMetadata; if self.llmp_clients.is_null() { - return 0 as *mut llmp_broker_client_metadata; + return 0 as *mut LlmpBrokerClientMetadata; } - let mut client: *mut llmp_broker_client_metadata = + let mut client: *mut LlmpBrokerClientMetadata = self.llmp_clients.offset(self.llmp_client_count as isize) - as *mut llmp_broker_client_metadata; + as *mut LlmpBrokerClientMetadata; memset( client as *mut c_void, 0 as c_int, - ::std::mem::size_of::() as c_ulong, + ::std::mem::size_of::() as c_ulong, ); - (*client).client_state = calloc( - 1 as c_ulong, - ::std::mem::size_of::() as c_ulong, - ) as *mut llmp_client; + (*client).client_state = + calloc(1 as c_ulong, ::std::mem::size_of::() as c_ulong) as *mut LlmpClient; if (*client).client_state.is_null() { - return 0 as *mut llmp_broker_client_metadata; + return 0 as *mut LlmpBrokerClientMetadata; } (*(*client).client_state).id = (*self).llmp_client_count as u32; (*client).cur_client_map = - calloc(1 as c_ulong, ::std::mem::size_of::() as c_ulong) as *mut afl_shmem; + calloc(1 as c_ulong, ::std::mem::size_of::() as c_ulong) as *mut AflShmem; if (*client).cur_client_map.is_null() { - return 0 as *mut llmp_broker_client_metadata; + return 0 as *mut LlmpBrokerClientMetadata; } if afl_shmem_by_str((*client).cur_client_map, shm_str, map_size).is_null() { - return 0 as *mut llmp_broker_client_metadata; + return 0 as *mut LlmpBrokerClientMetadata; } self.llmp_client_count = self.llmp_client_count.wrapping_add(1); // TODO: Add client map @@ -738,65 +726,60 @@ impl LlmpBroker { /// Adds a hook that gets called in the broker for each new message the broker touches. /// if the callback returns false, the message is not forwarded to the clients. */ - pub unsafe fn add_message_hook( - &mut self, - hook: LlmpMessageHookFn, - data: *mut c_void, - ) -> AflRet { + pub unsafe fn add_message_hook(&mut self, hook: LlmpMsgHookFn, data: *mut c_void) -> AflRet { return llmp_add_hook_generic( &mut self.msg_hooks, &mut self.msg_hook_count, - ::std::mem::transmute::, *mut c_void>(Some(hook)), + ::std::mem::transmute::, *mut c_void>(Some(hook)), data, ); } /// broker broadcast to its own page for all others to read */ #[inline] - unsafe fn handle_new_msgs(&mut self, mut client: *mut llmp_broker_client_metadata) { + unsafe fn handle_new_msgs(&mut self, mut client: *mut LlmpBrokerClientMetadata) { // TODO: We could memcpy a range of pending messages, instead of one by one. /* DBG("llmp_broker_handle_new_msgs %p %p->%u\n", broker, client, client->client_state->id); */ - let incoming: *mut llmp_page = shmem2page((*client).cur_client_map); + let incoming: *mut LlmpPage = shmem2page((*client).cur_client_map); let mut current_message_id: u32 = if !(*client).last_msg_broker_read.is_null() { (*(*client).last_msg_broker_read).message_id } else { 0 as c_uint }; while current_message_id as c_ulong != (*incoming).current_msg_id { - let msg: *mut llmp_message = llmp_recv(incoming, (*client).last_msg_broker_read); + let msg: *mut LlmpMsg = llmp_recv(incoming, (*client).last_msg_broker_read); if msg.is_null() { panic!("No message received but not all message ids receved! Data out of sync?"); } if (*msg).tag == 0xaf1e0f1 as c_uint { - let pageinfo: *mut llmp_payload_new_page = { - let mut _msg: *mut llmp_message = msg; - (if (*_msg).buf_len >= ::std::mem::size_of::() as c_ulong - { + let pageinfo: *mut LlmpPayloadNewPage = { + let mut _msg: *mut LlmpMsg = msg; + (if (*_msg).buf_len >= ::std::mem::size_of::() as c_ulong { (*_msg).buf.as_mut_ptr() } else { 0 as *mut u8 - }) as *mut llmp_payload_new_page + }) as *mut LlmpPayloadNewPage }; if pageinfo.is_null() { panic!(format!( "Illegal message length for EOP (is {}, expected {})", (*msg).buf_len_padded, - ::std::mem::size_of::() as c_ulong + ::std::mem::size_of::() as c_ulong )); } /* We can reuse the map mem space, no need to free and calloc. However, the pageinfo points to the map we're about to unmap. Copy the contents first. */ - let mut pageinfo_cpy: llmp_payload_new_page = llmp_payload_new_page { + let mut pageinfo_cpy: LlmpPayloadNewPage = LlmpPayloadNewPage { map_size: 0, shm_str: [0; 20], }; memcpy( - &mut pageinfo_cpy as *mut llmp_payload_new_page as *mut c_void, + &mut pageinfo_cpy as *mut LlmpPayloadNewPage as *mut c_void, pageinfo as *const c_void, - ::std::mem::size_of::() as c_ulong, + ::std::mem::size_of::() as c_ulong, ); - let client_map: *mut afl_shmem = (*client).cur_client_map; + let client_map: *mut AflShmem = (*client).cur_client_map; ::std::ptr::write_volatile( &mut (*shmem2page(client_map)).save_to_unmap as *mut u16, 1 as u16, @@ -818,18 +801,17 @@ impl LlmpBroker { } else if (*msg).tag == 0xc11e471 as c_uint { /* This client informs us about yet another new client add it to the list! Also, no need to forward this msg. */ - let pageinfo: *mut llmp_payload_new_page = { - let mut _msg: *mut llmp_message = msg; - (if (*_msg).buf_len >= ::std::mem::size_of::() as c_ulong - { + let pageinfo: *mut LlmpPayloadNewPage = { + let mut _msg: *mut LlmpMsg = msg; + (if (*_msg).buf_len >= ::std::mem::size_of::() as c_ulong { (*_msg).buf.as_mut_ptr() } else { 0 as *mut u8 - }) as *mut llmp_payload_new_page + }) as *mut LlmpPayloadNewPage }; if pageinfo.is_null() { println!("Ignoring broken CLIENT_ADDED msg due to incorrect size. Expected {:?} but got {:?}", - ::std::mem::size_of::() as + ::std::mem::size_of::() as c_ulong, (*msg).buf_len_padded); } /* register_client may realloc the clients, we need to find ours again */ @@ -849,15 +831,15 @@ impl LlmpBroker { (*client).client_type = LLMP_CLIENT_TYPE_FOREIGN_PROCESS; /* find client again */ client = - self.llmp_clients.offset(client_id as isize) as *mut llmp_broker_client_metadata + self.llmp_clients.offset(client_id as isize) as *mut LlmpBrokerClientMetadata } else { let mut forward_msg: bool = 1 as c_int != 0; let mut i: c_ulong = 0; while i < self.msg_hook_count { - let msg_hook: *mut llmp_hookdata_generic = - self.msg_hooks.offset(i as isize) as *mut llmp_hookdata_generic; + let msg_hook: *mut LlmpHookdataGeneric = + self.msg_hooks.offset(i as isize) as *mut LlmpHookdataGeneric; forward_msg = forward_msg as c_int != 0 - && ::std::mem::transmute::<*mut c_void, Option>( + && ::std::mem::transmute::<*mut c_void, Option>( (*msg_hook).func, ) .expect("non-null function pointer")( @@ -871,8 +853,7 @@ impl LlmpBroker { i = i.wrapping_add(1) } if forward_msg { - let mut out: *mut llmp_message = - llmp_broker_alloc_next(self, (*msg).buf_len_padded); + let mut out: *mut LlmpMsg = llmp_broker_alloc_next(self, (*msg).buf_len_padded); if out.is_null() { panic!(format!( "Error allocating {} bytes in shmap {:?}", @@ -889,12 +870,12 @@ impl LlmpBroker { memcpy( out as *mut c_void, msg as *const c_void, - (::std::mem::size_of::() as c_ulong) + (::std::mem::size_of::() as c_ulong) .wrapping_add((*msg).buf_len_padded), ); (*out).buf_len_padded = actual_size; /* We need to replace the message ID with our own */ - let out_page: *mut llmp_page = + let out_page: *mut LlmpPage = shmem2page(_llmp_broker_current_broadcast_map(self)); (*out).message_id = (*out_page).current_msg_id.wrapping_add(1 as c_ulong) as u32; @@ -916,8 +897,8 @@ impl LlmpBroker { compiler_fence(Ordering::SeqCst); let mut i: u32 = 0; while (i as c_ulong) < self.llmp_client_count { - let client: *mut llmp_broker_client_metadata = - self.llmp_clients.offset(i as isize) as *mut llmp_broker_client_metadata; + let client: *mut LlmpBrokerClientMetadata = + self.llmp_clients.offset(i as isize) as *mut LlmpBrokerClientMetadata; self.handle_new_msgs(client); i = i.wrapping_add(1) } @@ -935,13 +916,13 @@ impl LlmpBroker { } /// launch a specific client. This function doesn't need to be called externally - all registered clients will get launched at broker_run - unsafe fn launch_client(&mut self, mut clientdata: *mut llmp_broker_client_metadata) -> bool { + unsafe fn launch_client(&mut self, mut clientdata: *mut LlmpBrokerClientMetadata) -> bool { if clientdata < self.llmp_clients || clientdata > self .llmp_clients .offset(self.llmp_client_count.wrapping_sub(1 as c_ulong) as isize) - as *mut llmp_broker_client_metadata + as *mut LlmpBrokerClientMetadata { println!( "[!] WARNING: Illegal client specified at ptr {:?} (instead of {:?} to {:?})", @@ -949,7 +930,7 @@ impl LlmpBroker { self.llmp_clients, self.llmp_clients .offset(self.llmp_client_count.wrapping_sub(1 as c_ulong) as isize,) - as *mut llmp_broker_client_metadata, + as *mut LlmpBrokerClientMetadata, ); return 0 as c_int != 0; } @@ -1015,8 +996,8 @@ impl LlmpBroker { clientloop: LlmpClientloopFn, data: *mut c_void, ) -> Result<(), AflError> { - let mut client_map: afl_shmem = { - let init = afl_shmem { + let mut client_map: AflShmem = { + let init = AflShmem { shm_str: [0; 20], shm_id: 0, map: 0 as *mut u8, @@ -1033,8 +1014,8 @@ impl LlmpBroker { { return Err(AflError::Unknown("Alloc".into())); } - let mut client: *mut llmp_broker_client_metadata = self.register_client( - CStr::from_ptr(&client_map.shm_str as *const i8), + let mut client: *mut LlmpBrokerClientMetadata = self.register_client( + CStr::from_ptr(&client_map.shm_str as *const u8 as *const c_char), client_map.map_size, ); if client.is_null() { @@ -1047,8 +1028,8 @@ impl LlmpBroker { /* Copy the already allocated shmem to the client state */ (*(*client).client_state).out_maps = afl_realloc( (*(*client).client_state).out_maps as *mut c_void, - ::std::mem::size_of::() as c_ulong, - ) as *mut afl_shmem; + ::std::mem::size_of::() as c_ulong, + ) as *mut AflShmem; if (*(*client).client_state).out_maps.is_null() { afl_shmem_deinit(&mut client_map); afl_shmem_deinit((*client).cur_client_map); @@ -1058,22 +1039,22 @@ impl LlmpBroker { } memcpy( (*(*client).client_state).out_maps as *mut c_void, - &mut client_map as *mut afl_shmem as *const c_void, - ::std::mem::size_of::() as c_ulong, + &mut client_map as *mut AflShmem as *const c_void, + ::std::mem::size_of::() as c_ulong, ); (*(*client).client_state).out_map_count = 1 as c_ulong; /* Each client starts with the very first map. They should then iterate through all maps once and work on all old messages. */ (*(*client).client_state).current_broadcast_map = - self.broadcast_maps.offset(0 as isize) as *mut afl_shmem; + self.broadcast_maps.offset(0 as isize) as *mut AflShmem; (*(*client).client_state).out_map_count = 1 as c_ulong; return Ok(()); } } /// A new page will be used. Notify each registered hook in the client about this fact. -unsafe fn llmp_clientrigger_new_out_page_hooks(client: *mut llmp_client) { +unsafe fn llmp_clientrigger_new_out_page_hooks(client: *mut LlmpClient) { let mut i: c_ulong = 0; while i < (*client).new_out_page_hook_count { ::std::mem::transmute::<*mut c_void, Option>( @@ -1094,8 +1075,8 @@ unsafe fn llmp_clientrigger_new_out_page_hooks(client: *mut llmp_client) { /// A wrapper around unpacking the data, calling through to the loop unsafe fn _llmp_client_wrapped_loop(llmp_client_broker_metadata_ptr: *mut c_void) -> ! { - let metadata: *mut llmp_broker_client_metadata = - llmp_client_broker_metadata_ptr as *mut llmp_broker_client_metadata; + let metadata: *mut LlmpBrokerClientMetadata = + llmp_client_broker_metadata_ptr as *mut LlmpBrokerClientMetadata; /* Before doing anything else:, notify registered hooks about the new page we're about to use */ llmp_clientrigger_new_out_page_hooks((*metadata).client_state); @@ -1108,7 +1089,7 @@ unsafe fn _llmp_client_wrapped_loop(llmp_client_broker_metadata_ptr: *mut c_void /// For non zero-copy, we want to get rid of old pages with duplicate messages /// eventually. This function This funtion sees if we can unallocate older pages. /// The broker would have informed us by setting the save_to_unmap-flag. -unsafe fn llmp_client_prune_old_pages(client: *mut llmp_client) { +unsafe fn llmp_client_prune_old_pages(client: *mut LlmpClient) { let current_map: *mut u8 = (*(*client) .out_maps .offset((*client).out_map_count.wrapping_sub(1 as c_ulong) as isize)) @@ -1126,14 +1107,14 @@ unsafe fn llmp_client_prune_old_pages(client: *mut llmp_client) { (*client) .out_map_count .wrapping_sub(1 as c_ulong) - .wrapping_mul(::std::mem::size_of::() as c_ulong), + .wrapping_mul(::std::mem::size_of::() as c_ulong), ); (*client).out_map_count = (*client).out_map_count.wrapping_sub(1) } } /// We don't have any space. Send eop, then continue on a new page. -unsafe fn llmp_client_handle_out_eop(client: *mut llmp_client) -> bool { +unsafe fn llmp_client_handle_out_eop(client: *mut LlmpClient) -> bool { (*client).out_maps = llmp_handle_out_eop( (*client).out_maps, &mut (*client).out_map_count, @@ -1154,14 +1135,14 @@ unsafe fn llmp_client_handle_out_eop(client: *mut llmp_client) -> bool { /// A client receives a broadcast message. /// Returns null if no message is availiable -pub unsafe fn llmp_client_recv(client: *mut llmp_client) -> *mut llmp_message { +pub unsafe fn llmp_client_recv(client: *mut LlmpClient) -> *mut LlmpMsg { loop { let msg = llmp_recv( shmem2page((*client).current_broadcast_map), (*client).last_msg_recvd, ); if msg.is_null() { - return 0 as *mut llmp_message; + return 0 as *mut LlmpMsg; } (*client).last_msg_recvd = msg; if (*msg).tag == 0xdeadaf as c_uint { @@ -1171,31 +1152,30 @@ pub unsafe fn llmp_client_recv(client: *mut llmp_client) -> *mut llmp_message { /* we reached the end of the current page. We'll init a new page but can reuse the mem are of the current map. However, we cannot use the message if we deinit its page, so let's copy */ - let mut pageinfo_cpy: llmp_payload_new_page = llmp_payload_new_page { + let mut pageinfo_cpy: LlmpPayloadNewPage = LlmpPayloadNewPage { map_size: 0, shm_str: [0; 20], }; - let broadcast_map: *mut afl_shmem = (*client).current_broadcast_map; - let pageinfo: *mut llmp_payload_new_page = { - let mut _msg: *mut llmp_message = msg; - (if (*_msg).buf_len >= ::std::mem::size_of::() as c_ulong - { + let broadcast_map: *mut AflShmem = (*client).current_broadcast_map; + let pageinfo: *mut LlmpPayloadNewPage = { + let mut _msg: *mut LlmpMsg = msg; + (if (*_msg).buf_len >= ::std::mem::size_of::() as c_ulong { (*_msg).buf.as_mut_ptr() } else { 0 as *mut u8 - }) as *mut llmp_payload_new_page + }) as *mut LlmpPayloadNewPage }; if pageinfo.is_null() { panic!(format!( "Illegal message length for EOP (is {}, expected {})", (*msg).buf_len_padded, - ::std::mem::size_of::() as c_ulong + ::std::mem::size_of::() as c_ulong )); } memcpy( - &mut pageinfo_cpy as *mut llmp_payload_new_page as *mut c_void, + &mut pageinfo_cpy as *mut LlmpPayloadNewPage as *mut c_void, pageinfo as *const c_void, - ::std::mem::size_of::() as c_ulong, + ::std::mem::size_of::() as c_ulong, ); /* Never read by broker broker: shmem2page(map)->save_to_unmap = true; */ afl_shmem_deinit(broadcast_map); @@ -1221,8 +1201,8 @@ pub unsafe fn llmp_client_recv(client: *mut llmp_client) -> *mut llmp_message { /// A client blocks/spins until the next message gets posted to the page, /// then returns that message. -pub unsafe fn llmp_client_recv_blocking(client: *mut llmp_client) -> *mut llmp_message { - let mut page: *mut llmp_page = shmem2page((*client).current_broadcast_map); +pub unsafe fn llmp_client_recv_blocking(client: *mut LlmpClient) -> *mut LlmpMsg { + let mut page: *mut LlmpPage = shmem2page((*client).current_broadcast_map); loop { compiler_fence(Ordering::SeqCst); /* busy-wait for a new msg_id to show up in the page */ @@ -1233,7 +1213,7 @@ pub unsafe fn llmp_client_recv_blocking(client: *mut llmp_client) -> *mut llmp_m 0 as c_uint }) as c_ulong { - let ret: *mut llmp_message = llmp_client_recv(client); + let ret: *mut LlmpMsg = llmp_client_recv(client); if !ret.is_null() { return ret; } @@ -1245,7 +1225,7 @@ pub unsafe fn llmp_client_recv_blocking(client: *mut llmp_client) -> *mut llmp_m /// The current page could have changed in recv (EOP) /// Alloc the next message, internally handling end of page by allocating a new one. -pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: usize) -> *mut llmp_message { +pub unsafe fn llmp_client_alloc_next(client: *mut LlmpClient, size: usize) -> *mut LlmpMsg { if client.is_null() { panic!("Client is NULL"); } @@ -1263,7 +1243,7 @@ pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: usize) -> * /* Page is full -> Tell broker and start from the beginning. Also, pray the broker got all messaes we're overwriting. :) */ if !llmp_client_handle_out_eop(client) { - return 0 as *mut llmp_message; + return 0 as *mut LlmpMsg; } if (*client).out_map_count == last_map_count || (*(*shmem2page( @@ -1286,11 +1266,11 @@ pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: usize) -> * .out_maps .offset((*client).out_map_count.wrapping_sub(1) as isize), ), - 0 as *mut llmp_message, + 0 as *mut LlmpMsg, size as c_ulong, ); if msg.is_null() { - return 0 as *mut llmp_message; + return 0 as *mut LlmpMsg; } } (*msg).sender = (*client).id; @@ -1304,10 +1284,10 @@ pub unsafe fn llmp_client_alloc_next(client: *mut llmp_client, size: usize) -> * } /// Cancel send of the next message, this allows us to allocate a new message without sending this one. -pub unsafe fn llmp_client_cancel(client: *mut llmp_client, mut msg: *mut llmp_message) { +pub unsafe fn llmp_client_cancel(client: *mut LlmpClient, mut msg: *mut LlmpMsg) { /* DBG("Client %d cancels send of msg at %p with tag 0x%X and size %ld", client->id, msg, msg->tag, * msg->buf_len_padded); */ - let mut page: *mut llmp_page = shmem2page( + let mut page: *mut LlmpPage = shmem2page( &mut *(*client) .out_maps .offset((*client).out_map_count.wrapping_sub(1 as c_ulong) as isize), @@ -1316,15 +1296,15 @@ pub unsafe fn llmp_client_cancel(client: *mut llmp_client, mut msg: *mut llmp_me (*page).size_used = ((*page).size_used as c_ulong).wrapping_sub( (*msg) .buf_len_padded - .wrapping_add(::std::mem::size_of::() as c_ulong), + .wrapping_add(::std::mem::size_of::() as c_ulong), ) as c_ulong; } /* Commits a msg to the client's out ringbuf */ pub unsafe fn llmp_client_send( - client_state: *mut llmp_client, - msg: *mut llmp_message, + client_state: *mut LlmpClient, + msg: *mut LlmpMsg, ) -> Result<(), AflError> { - let page: *mut llmp_page = shmem2page( + let page: *mut LlmpPage = shmem2page( &mut *(*client_state) .out_maps .offset((*client_state).out_map_count.wrapping_sub(1) as isize), @@ -1335,24 +1315,22 @@ pub unsafe fn llmp_client_send( } /// Creates a new, unconnected, client state -pub unsafe fn llmp_client_new_unconnected() -> *mut llmp_client { - let client_state: *mut llmp_client = calloc( - 1 as c_ulong, - ::std::mem::size_of::() as c_ulong, - ) as *mut llmp_client; +pub unsafe fn llmp_client_new_unconnected() -> *mut LlmpClient { + let client_state: *mut LlmpClient = + calloc(1 as c_ulong, ::std::mem::size_of::() as c_ulong) as *mut LlmpClient; (*client_state).current_broadcast_map = - calloc(1 as c_ulong, ::std::mem::size_of::() as c_ulong) as *mut afl_shmem; + calloc(1 as c_ulong, ::std::mem::size_of::() as c_ulong) as *mut AflShmem; if (*client_state).current_broadcast_map.is_null() { - return 0 as *mut llmp_client; + return 0 as *mut LlmpClient; } (*client_state).out_maps = afl_realloc( (*client_state).out_maps as *mut c_void, - (1 as c_ulong).wrapping_mul(::std::mem::size_of::() as c_ulong), - ) as *mut afl_shmem; + (1 as c_ulong).wrapping_mul(::std::mem::size_of::() as c_ulong), + ) as *mut AflShmem; if (*client_state).out_maps.is_null() { free((*client_state).current_broadcast_map as *mut c_void); free(client_state as *mut c_void); - return 0 as *mut llmp_client; + return 0 as *mut LlmpClient; } (*client_state).out_map_count = 1 as c_ulong; if llmp_new_page_shmem( @@ -1365,33 +1343,33 @@ pub unsafe fn llmp_client_new_unconnected() -> *mut llmp_client { afl_free((*client_state).out_maps as *mut c_void); free((*client_state).current_broadcast_map as *mut c_void); free(client_state as *mut c_void); - return 0 as *mut llmp_client; + return 0 as *mut LlmpClient; } (*client_state).new_out_page_hook_count = 0 as c_ulong; - (*client_state).new_out_page_hooks = 0 as *mut llmp_hookdata_generic; + (*client_state).new_out_page_hooks = 0 as *mut LlmpHookdataGeneric; return client_state; } /// Destroys the given cient state -pub unsafe fn llmp_client_delete(client_state: *mut llmp_client) { +pub unsafe fn llmp_client_delete(client_state: *mut LlmpClient) { let mut i: c_ulong = 0; while i < (*client_state).out_map_count { afl_shmem_deinit(&mut *(*client_state).out_maps.offset(i as isize)); i = i.wrapping_add(1) } afl_free((*client_state).out_maps as *mut c_void); - (*client_state).out_maps = 0 as *mut afl_shmem; + (*client_state).out_maps = 0 as *mut AflShmem; (*client_state).out_map_count = 0 as c_ulong; afl_free((*client_state).new_out_page_hooks as *mut c_void); - (*client_state).new_out_page_hooks = 0 as *mut llmp_hookdata_generic; + (*client_state).new_out_page_hooks = 0 as *mut LlmpHookdataGeneric; (*client_state).new_out_page_hook_count = 0 as c_ulong; afl_shmem_deinit((*client_state).current_broadcast_map); free((*client_state).current_broadcast_map as *mut c_void); - (*client_state).current_broadcast_map = 0 as *mut afl_shmem; + (*client_state).current_broadcast_map = 0 as *mut AflShmem; free(client_state as *mut c_void); } -impl Drop for llmp_client { +impl Drop for LlmpClient { fn drop(&mut self) { unsafe { llmp_client_delete(self) }; } @@ -1400,20 +1378,20 @@ impl Drop for llmp_client { /// Generic function to add a hook to the mem pointed to by hooks_p, using afl_realloc on the mem area, and increasing /// hooks_count_p pub unsafe fn llmp_add_hook_generic( - hooks_p: *mut *mut llmp_hookdata_generic, + hooks_p: *mut *mut LlmpHookdataGeneric, hooks_count_p: *mut c_ulong, new_hook_func: *mut c_void, new_hook_data: *mut c_void, ) -> AflRet { let hooks_count: c_ulong = *hooks_count_p; - let hooks: *mut llmp_hookdata_generic = afl_realloc( + let hooks: *mut LlmpHookdataGeneric = afl_realloc( *hooks_p as *mut c_void, hooks_count .wrapping_add(1 as c_ulong) - .wrapping_mul(::std::mem::size_of::() as c_ulong), - ) as *mut llmp_hookdata_generic; + .wrapping_mul(::std::mem::size_of::() as c_ulong), + ) as *mut LlmpHookdataGeneric; if hooks.is_null() { - *hooks_p = 0 as *mut llmp_hookdata_generic; + *hooks_p = 0 as *mut LlmpHookdataGeneric; *hooks_count_p = 0 as c_ulong; return AFL_RET_ALLOC; } @@ -1428,7 +1406,7 @@ pub unsafe fn llmp_add_hook_generic( /// Adds a hook that gets called in the client for each new outgoing page the client creates. pub unsafe fn llmp_client_add_new_out_page_hook( - client: *mut llmp_client, + client: *mut LlmpClient, hook: Option, data: *mut c_void, ) -> AflRet { @@ -1478,14 +1456,14 @@ unsafe fn llmp_broker_init(broker: *mut LlmpBroker) -> Result<(), AflError> { /* let's create some space for outgoing maps */ (*broker).broadcast_maps = afl_realloc( 0 as *mut c_void, - (1 as c_ulong).wrapping_mul(::std::mem::size_of::() as c_ulong), - ) as *mut afl_shmem; + (1 as c_ulong).wrapping_mul(::std::mem::size_of::() as c_ulong), + ) as *mut AflShmem; if (*broker).broadcast_maps.is_null() { return Err(AflError::Unknown("Alloc".into())); } (*broker).broadcast_map_count = 1 as c_ulong; (*broker).llmp_client_count = 0 as c_ulong; - (*broker).llmp_clients = 0 as *mut llmp_broker_client_metadata; + (*broker).llmp_clients = 0 as *mut LlmpBrokerClientMetadata; if llmp_new_page_shmem( _llmp_broker_current_broadcast_map(broker), -(1 as c_int) as c_ulong, diff --git a/afl/src/events/shmem_translated.rs b/afl/src/events/shmem_translated.rs index cf12b29698..0e9f53ce60 100644 --- a/afl/src/events/shmem_translated.rs +++ b/afl/src/events/shmem_translated.rs @@ -76,26 +76,26 @@ pub const AFL_RET_SUCCESS: c_uint = 0; #[derive(Copy, Clone)] #[repr(C)] -pub struct afl_shmem { - pub shm_str: [c_char; 20], +pub struct AflShmem { + pub shm_str: [u8; 20], pub shm_id: c_int, pub map: *mut c_uchar, pub map_size: c_ulong, } -pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) { +pub unsafe fn afl_shmem_deinit(mut shm: *mut AflShmem) { if shm.is_null() || (*shm).map.is_null() { /* Serialized map id */ // Not set or not initialized; return; } - (*shm).shm_str[0 as usize] = '\u{0}' as c_char; + (*shm).shm_str[0 as usize] = '\u{0}' as u8; shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).map = 0 as *mut c_uchar; } // Functions to create Shared memory region, for observation channels and // opening inputs and stuff. -pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, map_size: c_ulong) -> *mut c_uchar { +pub unsafe fn afl_shmem_init(mut shm: *mut AflShmem, map_size: c_ulong) -> *mut c_uchar { (*shm).map_size = map_size; (*shm).map = 0 as *mut c_uchar; (*shm).shm_id = shmget( @@ -104,7 +104,7 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, map_size: c_ulong) -> *mut 0o1000 as c_int | 0o2000 as c_int | 0o600 as c_int, ); if (*shm).shm_id < 0 as c_int { - (*shm).shm_str[0] = '\u{0}' as c_char; + (*shm).shm_str[0] = '\u{0}' as u8; return 0 as *mut c_uchar; } snprintf( @@ -114,19 +114,19 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, map_size: c_ulong) -> *mut (*shm).shm_id, ); (*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as c_ulong) - .wrapping_sub(1 as c_int as c_ulong) as usize] = '\u{0}' as c_char; + .wrapping_sub(1 as c_int as c_ulong) as usize] = '\u{0}' as u8; (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar; if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar || (*shm).map.is_null() { shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds); (*shm).shm_id = -(1 as c_int); - (*shm).shm_str[0 as c_int as usize] = '\u{0}' as c_char; + (*shm).shm_str[0 as c_int as usize] = '\u{0}' as u8; return 0 as *mut c_uchar; } return (*shm).map; } pub unsafe fn afl_shmem_by_str( - mut shm: *mut afl_shmem, + mut shm: *mut AflShmem, shm_str: &CStr, map_size: c_ulong, ) -> *mut c_uchar { @@ -149,7 +149,7 @@ pub unsafe fn afl_shmem_by_str( if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar { (*shm).map = 0 as *mut c_uchar; (*shm).map_size = 0 as c_int as c_ulong; - (*shm).shm_str[0 as c_int as usize] = '\u{0}' as c_char; + (*shm).shm_str[0 as c_int as usize] = '\u{0}' as u8; return 0 as *mut c_uchar; } return (*shm).map; @@ -157,7 +157,7 @@ pub unsafe fn afl_shmem_by_str( /* Write sharedmap as env var */ /* Write sharedmap as env var and the size as name#_SIZE */ -pub unsafe fn afl_shmem_to_env_var(shmem: &afl_shmem, env_name: &CStr) -> c_uint { +pub unsafe fn afl_shmem_to_env_var(shmem: &AflShmem, env_name: &CStr) -> c_uint { let env_len = env_name.to_bytes().len(); if env_len == 0 || env_len > 200 || (*shmem).shm_str[0 as c_int as usize] == 0 { return AFL_RET_NULL_PTR;