Untitled

1. #define _GNU_SOURCE
2.  
3. #include <dirent.h>
4. #include <endian.h>
5. #include <errno.h>
6. #include <fcntl.h>
7. #include <signal.h>
8. #include <stdarg.h>
9. #include <stdbool.h>
10. #include <stdint.h>
11. #include <stdio.h>
12. #include <stdlib.h>
13. #include <string.h>
14. #include <sys/prctl.h>
15. #include <sys/stat.h>
16. #include <sys/syscall.h>
17. #include <sys/types.h>
18. #include <sys/wait.h>
19. #include <time.h>
20. #include <unistd.h>
21.  
22. static void sleep_ms(uint64_t ms)
23. {
24. usleep(ms * 1000);
25. }
26.  
27. static uint64_t current_time_ms(void)
28. {
29. struct timespec ts;
30. if (clock_gettime(CLOCK_MONOTONIC, &ts))
31. exit(1);
32. return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
33. }
34.  
35. #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off))
36. #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len))))
37.  
38. static bool write_file(const char* file, const char* what, ...)
39. {
40. char buf[1024];
41. va_list args;
42. va_start(args, what);
43. vsnprintf(buf, sizeof(buf), what, args);
44. va_end(args);
45. buf[sizeof(buf) - 1] = 0;
46. int len = strlen(buf);
47. int fd = open(file, O_WRONLY | O_CLOEXEC);
48. if (fd == -1)
49. return false;
50. if (write(fd, buf, len) != len) {
51. int err = errno;
52. close(fd);
53. errno = err;
54. return false;
55. }
56. close(fd);
57. return true;
58. }
59.  
60. static void kill_and_wait(int pid, int* status)
61. {
62. kill(-pid, SIGKILL);
63. kill(pid, SIGKILL);
64. for (int i = 0; i < 100; i++) {
65. if (waitpid(-1, status, WNOHANG | __WALL) == pid)
66. return;
67. usleep(1000);
68. }
69. DIR* dir = opendir("/sys/fs/fuse/connections");
70. if (dir) {
71. for (;;) {
72. struct dirent* ent = readdir(dir);
73. if (!ent)
74. break;
75. if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
76. continue;
77. char abort[300];
78. snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name);
79. int fd = open(abort, O_WRONLY);
80. if (fd == -1) {
81. continue;
82. }
83. if (write(fd, abort, 1) < 0) {
84. }
85. close(fd);
86. }
87. closedir(dir);
88. } else {
89. }
90. while (waitpid(-1, status, __WALL) != pid) {
91. }
92. }
93.  
94. static void setup_test()
95. {
96. prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
97. setpgrp();
98. write_file("/proc/self/oom_score_adj", "1000");
99. }
100.  
101. static void execute_one(void);
102.  
103. #define WAIT_FLAGS __WALL
104.  
105. static void loop(void)
106. {
107. int iter = 0;
108. for (;; iter++) {
109. int pid = fork();
110. if (pid < 0)
111. exit(1);
112. if (pid == 0) {
113. setup_test();
114. execute_one();
115. exit(0);
116. }
117. int status = 0;
118. uint64_t start = current_time_ms();
119. for (;;) {
120. if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
121. break;
122. sleep_ms(1);
123. if (current_time_ms() - start < 5000)
124. continue;
125. kill_and_wait(pid, &status);
126. break;
127. }
128. }
129. }
130.  
131. void execute_one(void)
132. {
133. *(uint32_t*)0x20000000 = 0;
134. *(uint32_t*)0x20000004 = 0x80;
135. *(uint8_t*)0x20000008 = 1;
136. *(uint8_t*)0x20000009 = 0;
137. *(uint8_t*)0x2000000a = 0;
138. *(uint8_t*)0x2000000b = 0;
139. *(uint32_t*)0x2000000c = 0;
140. *(uint64_t*)0x20000010 = 0;
141. *(uint64_t*)0x20000018 = 0x8118;
142. *(uint64_t*)0x20000020 = 0;
143. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 0, 1);
144. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 1, 1);
145. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 2, 1);
146. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 3, 1);
147. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 4, 1);
148. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 5, 1);
149. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 6, 1);
150. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 7, 1);
151. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 8, 1);
152. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 9, 1);
153. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 10, 1);
154. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 11, 1);
155. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 12, 1);
156. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 13, 1);
157. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 14, 1);
158. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 15, 2);
159. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 17, 1);
160. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 18, 1);
161. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 19, 1);
162. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 20, 1);
163. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 21, 1);
164. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 22, 1);
165. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 23, 1);
166. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 24, 1);
167. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 25, 1);
168. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 26, 1);
169. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 27, 1);
170. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 28, 1);
171. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 29, 1);
172. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 30, 1);
173. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 31, 1);
174. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 32, 1);
175. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 33, 1);
176. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 34, 1);
177. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 35, 1);
178. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 36, 1);
179. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 37, 1);
180. STORE_BY_BITMASK(uint64_t, , 0x20000028, 0, 38, 26);
181. *(uint32_t*)0x20000030 = 0;
182. *(uint32_t*)0x20000034 = 0;
183. *(uint64_t*)0x20000038 = 0;
184. *(uint64_t*)0x20000040 = 0;
185. *(uint64_t*)0x20000048 = 0;
186. *(uint64_t*)0x20000050 = 0;
187. *(uint32_t*)0x20000058 = 0;
188. *(uint32_t*)0x2000005c = 0;
189. *(uint64_t*)0x20000060 = 0;
190. *(uint32_t*)0x20000068 = 0;
191. *(uint16_t*)0x2000006c = 0;
192. *(uint16_t*)0x2000006e = 0;
193. *(uint32_t*)0x20000070 = 0;
194. *(uint32_t*)0x20000074 = 0;
195. *(uint64_t*)0x20000078 = 0;
196. syscall(__NR_perf_event_open, /*attr=*/0x20000000ul, /*fd=*/-1, /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
197. *(uint32_t*)0x20000700 = 1;
198. *(uint32_t*)0x20000704 = 0x80;
199. *(uint8_t*)0x20000708 = 0;
200. *(uint8_t*)0x20000709 = 0;
201. *(uint8_t*)0x2000070a = 0;
202. *(uint8_t*)0x2000070b = 0;
203. *(uint32_t*)0x2000070c = 0;
204. *(uint64_t*)0x20000710 = 0x50a;
205. *(uint64_t*)0x20000718 = 0;
206. *(uint64_t*)0x20000720 = 0;
207. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 0, 1);
208. STORE_BY_BITMASK(uint64_t, , 0x20000728, 1, 1, 1);
209. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 2, 1);
210. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 3, 1);
211. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 4, 1);
212. STORE_BY_BITMASK(uint64_t, , 0x20000728, 1, 5, 1);
213. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 6, 1);
214. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 7, 1);
215. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 8, 1);
216. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 9, 1);
217. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 10, 1);
218. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 11, 1);
219. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 12, 1);
220. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 13, 1);
221. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 14, 1);
222. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 15, 2);
223. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 17, 1);
224. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 18, 1);
225. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 19, 1);
226. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 20, 1);
227. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 21, 1);
228. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 22, 1);
229. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 23, 1);
230. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 24, 1);
231. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 25, 1);
232. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 26, 1);
233. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 27, 1);
234. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 28, 1);
235. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 29, 1);
236. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 30, 1);
237. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 31, 1);
238. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 32, 1);
239. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 33, 1);
240. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 34, 1);
241. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 35, 1);
242. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 36, 1);
243. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 37, 1);
244. STORE_BY_BITMASK(uint64_t, , 0x20000728, 0, 38, 26);
245. *(uint32_t*)0x20000730 = 0;
246. *(uint32_t*)0x20000734 = 0;
247. *(uint64_t*)0x20000738 = 0;
248. *(uint64_t*)0x20000740 = 0;
249. *(uint64_t*)0x20000748 = 0;
250. *(uint64_t*)0x20000750 = 0;
251. *(uint32_t*)0x20000758 = 0;
252. *(uint32_t*)0x2000075c = 0;
253. *(uint64_t*)0x20000760 = 0;
254. *(uint32_t*)0x20000768 = 0;
255. *(uint16_t*)0x2000076c = 0;
256. *(uint16_t*)0x2000076e = 0;
257. *(uint32_t*)0x20000770 = 0;
258. *(uint32_t*)0x20000774 = 0;
259. *(uint64_t*)0x20000778 = 0;
260. syscall(__NR_perf_event_open, /*attr=*/0x20000700ul, /*pid=*/0, /*cpu=*/-1, /*group=*/-1, /*flags=*/0ul);
261.  
262. }
263. int main(void)
264. {
265. syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
266. syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
267. syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
268. loop();
269. return 0;
270. }
271.