1 // Copyright 2018 The Chromium OS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 // 5 // Copyright © 2022 Intel Corporation 6 // 7 // SPDX-License-Identifier: Apache-2.0 AND BSD-3-Clause 8 9 #![no_main] 10 11 use std::fs::File; 12 use std::io::{Seek, SeekFrom, Write}; 13 use std::os::unix::io::{FromRawFd, RawFd}; 14 use std::{ffi, io}; 15 16 use libfuzzer_sys::fuzz_target; 17 use linux_loader::loader::KernelLoader; 18 use vm_memory::bitmap::AtomicBitmap; 19 use vm_memory::GuestAddress; 20 21 type GuestMemoryMmap = vm_memory::GuestMemoryMmap<AtomicBitmap>; 22 23 const MEM_SIZE: usize = 256 * 1024 * 1024; 24 // From 'arch::x86_64::layout::HIGH_RAM_START' 25 const HIGH_RAM_START: GuestAddress = GuestAddress(0x100000); 26 27 fuzz_target!(|bytes| { 28 let shm = memfd_create(&ffi::CString::new("fuzz_load_kernel").unwrap(), 0).unwrap(); 29 let mut kernel_file: File = unsafe { File::from_raw_fd(shm) }; 30 kernel_file.write_all(&bytes).unwrap(); 31 kernel_file.seek(SeekFrom::Start(0)).unwrap(); 32 33 let guest_memory = GuestMemoryMmap::from_ranges(&[(GuestAddress(0), MEM_SIZE)]).unwrap(); 34 linux_loader::loader::elf::Elf::load( 35 &guest_memory, 36 None, 37 &mut kernel_file, 38 Some(HIGH_RAM_START), 39 ) 40 .ok(); 41 }); 42 43 fn memfd_create(name: &ffi::CStr, flags: u32) -> Result<RawFd, io::Error> { 44 let res = unsafe { libc::syscall(libc::SYS_memfd_create, name.as_ptr(), flags) }; 45 46 if res < 0 { 47 Err(io::Error::last_os_error()) 48 } else { 49 Ok(res as RawFd) 50 } 51 } 52