OpenCore  1.0.4
OpenCore Bootloader
Loading...
Searching...
No Matches
TestExt4Dxe.c
Go to the documentation of this file.
1
5#include <Ext4Dxe.h>
6
7#include <UserFile.h>
8#include <UserGlobalVar.h>
9#include <UserMemory.h>
10#include <UserUnicodeCollation.h>
11#include <string.h>
12
13#define OPEN_FILE_MODES_COUNT 3
14
15STATIC UINTN mFuzzOffset;
16STATIC UINTN mFuzzSize;
17STATIC CONST UINT8 *mFuzzPointer;
18
19STATIC EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *mEfiSfsInterface;
20
21STATIC UINT64 mOpenFileModes[OPEN_FILE_MODES_COUNT] = { EFI_FILE_MODE_READ, EFI_FILE_MODE_WRITE, EFI_FILE_MODE_CREATE };
22
32EFI_STATUS
33Ext4InitialiseUnicodeCollation (
34 EFI_HANDLE DriverHandle
35 )
36{
37 OcUnicodeCollationInitializeMappingTables ();
38 return EFI_SUCCESS;
39}
40
52INTN
53Ext4StrCmpInsensitive (
54 IN CHAR16 *Str1,
55 IN CHAR16 *Str2
56 )
57{
58 return EngStriColl (NULL, Str1, Str2);
59}
60
61EFI_STATUS
62EFIAPI
63EfiLibInstallAllDriverProtocols2 (
64 IN CONST EFI_HANDLE ImageHandle,
65 IN CONST EFI_SYSTEM_TABLE *SystemTable,
66 IN EFI_DRIVER_BINDING_PROTOCOL *DriverBinding,
67 IN EFI_HANDLE DriverBindingHandle,
68 IN CONST EFI_COMPONENT_NAME_PROTOCOL *ComponentName, OPTIONAL
69 IN CONST EFI_COMPONENT_NAME2_PROTOCOL *ComponentName2, OPTIONAL
70 IN CONST EFI_DRIVER_CONFIGURATION_PROTOCOL *DriverConfiguration, OPTIONAL
71 IN CONST EFI_DRIVER_CONFIGURATION2_PROTOCOL *DriverConfiguration2, OPTIONAL
72 IN CONST EFI_DRIVER_DIAGNOSTICS_PROTOCOL *DriverDiagnostics, OPTIONAL
73 IN CONST EFI_DRIVER_DIAGNOSTICS2_PROTOCOL *DriverDiagnostics2 OPTIONAL
74 )
75{
76 abort ();
77 return EFI_NOT_FOUND;
78}
79
80EFI_STATUS
81EFIAPI
82EfiLibUninstallAllDriverProtocols2 (
83 IN EFI_DRIVER_BINDING_PROTOCOL *DriverBinding,
84 IN CONST EFI_COMPONENT_NAME_PROTOCOL *ComponentName, OPTIONAL
85 IN CONST EFI_COMPONENT_NAME2_PROTOCOL *ComponentName2, OPTIONAL
86 IN CONST EFI_DRIVER_CONFIGURATION_PROTOCOL *DriverConfiguration, OPTIONAL
87 IN CONST EFI_DRIVER_CONFIGURATION2_PROTOCOL *DriverConfiguration2, OPTIONAL
88 IN CONST EFI_DRIVER_DIAGNOSTICS_PROTOCOL *DriverDiagnostics, OPTIONAL
89 IN CONST EFI_DRIVER_DIAGNOSTICS2_PROTOCOL *DriverDiagnostics2 OPTIONAL
90 )
91{
92 abort ();
93 return EFI_NOT_FOUND;
94}
95
96EFI_STATUS
97EFIAPI
98WrapInstallMultipleProtocolInterfaces (
99 IN OUT EFI_HANDLE *Handle,
100 ...
101 )
102{
103 VA_LIST Args;
104 EFI_STATUS Status;
105 EFI_GUID *Protocol;
106 VOID *Interface;
107
108 if (Handle == NULL) {
109 return EFI_INVALID_PARAMETER;
110 }
111
112 VA_START (Args, Handle);
113 for (Status = EFI_SUCCESS; !EFI_ERROR (Status);) {
114 //
115 // If protocol is NULL, then it's the end of the list
116 //
117 Protocol = VA_ARG (Args, EFI_GUID *);
118 if (Protocol == NULL) {
119 break;
120 }
121
122 Interface = VA_ARG (Args, VOID *);
123
124 //
125 // If this is Sfs protocol then save interface into global state
126 //
127 if (CompareGuid (Protocol, &gEfiSimpleFileSystemProtocolGuid)) {
128 mEfiSfsInterface = Interface;
129 }
130 }
131
132 VA_END (Args);
133
134 return Status;
135}
136
137VOID
138FreeAll (
139 IN CHAR16 *FileName,
140 IN EXT4_PARTITION *Part
141 )
142{
143 FreePool (FileName);
144
145 if (Part != NULL) {
146 if (Part->DiskIo != NULL) {
147 FreePool (Part->DiskIo);
148 }
149
150 if (Part->BlockIo != NULL) {
151 if (Part->BlockIo->Media != NULL) {
152 FreePool (Part->BlockIo->Media);
153 }
154
155 FreePool (Part->BlockIo);
156 }
157
158 if (Part->Root != NULL) {
159 Ext4UnmountAndFreePartition (Part);
160 } else if (Part != NULL) {
161 FreePool (Part);
162 }
163 }
164}
165
166EFI_STATUS
167EFIAPI
168FuzzReadDisk (
169 IN EFI_DISK_IO_PROTOCOL *This,
170 IN UINT32 MediaId,
171 IN UINT64 Offset,
172 IN UINTN BufferSize,
173 OUT VOID *Buffer
174 )
175{
176 if (Buffer == NULL) {
177 return EFI_INVALID_PARAMETER;
178 }
179
180 if ((mFuzzSize - mFuzzOffset) < BufferSize) {
181 return EFI_OUT_OF_RESOURCES;
182 }
183
184 CopyMem (Buffer, mFuzzPointer, BufferSize);
185 mFuzzPointer += BufferSize;
186 mFuzzOffset += BufferSize;
187
188 return EFI_SUCCESS;
189}
190
191STATIC
192INT32
193TestExt4Dxe (
194 CONST UINT8 *FuzzData,
195 UINTN FuzzSize
196 )
197{
198 EFI_STATUS Status;
199 EXT4_PARTITION *Part;
200 EXT4_FILE *File;
201 EFI_FILE_PROTOCOL *This;
202 EFI_DISK_IO_PROTOCOL *DiskIo;
203 EFI_BLOCK_IO_PROTOCOL *BlockIo;
204 EFI_HANDLE DeviceHandle;
205 UINTN BufferSize;
206 VOID *Buffer;
207 VOID *TmpBuffer;
208 EFI_FILE_PROTOCOL *NewHandle;
209 CHAR16 *FileName;
210 VOID *Info;
211 UINTN Len;
212 UINT64 Position;
213 UINT64 FileSize;
214 UINTN Index;
215
216 Part = NULL;
217 BufferSize = 100;
218
219 mFuzzOffset = 0;
220 mFuzzSize = FuzzSize;
221 mFuzzPointer = FuzzData;
222 mEfiSfsInterface = NULL;
223
224 DeviceHandle = (EFI_HANDLE)0xDEADBEAFULL;
225
226 //
227 // Construct file name
228 //
229 FileName = AllocateZeroPool (BufferSize);
230 if (FileName == NULL) {
231 return 0;
232 }
233
234 ASAN_CHECK_MEMORY_REGION (FileName, BufferSize);
235
236 if ((mFuzzSize - mFuzzOffset) < BufferSize) {
237 FreePool (FileName);
238 return 0;
239 }
240
241 CopyMem (FileName, mFuzzPointer, BufferSize - 2);
242 mFuzzPointer += BufferSize - 2;
243 mFuzzOffset += BufferSize - 2;
244
245 //
246 // Construct BlockIo and DiskIo interfaces
247 //
248 DiskIo = AllocateZeroPool (sizeof (EFI_DISK_IO_PROTOCOL));
249 if (DiskIo == NULL) {
250 FreePool (FileName);
251 return 0;
252 }
253
254 ASAN_CHECK_MEMORY_REGION (DiskIo, sizeof (EFI_DISK_IO_PROTOCOL));
255
256 DiskIo->ReadDisk = FuzzReadDisk;
257
258 BlockIo = AllocateZeroPool (sizeof (EFI_BLOCK_IO_PROTOCOL));
259 if (BlockIo == NULL) {
260 FreePool (FileName);
261 FreePool (DiskIo);
262 return 0;
263 }
264
265 ASAN_CHECK_MEMORY_REGION (BlockIo, sizeof (EFI_BLOCK_IO_PROTOCOL));
266
267 BlockIo->Media = AllocateZeroPool (sizeof (EFI_BLOCK_IO_MEDIA));
268 if (BlockIo->Media == NULL) {
269 FreePool (FileName);
270 FreePool (DiskIo);
271 FreePool (BlockIo);
272 return 0;
273 }
274
275 ASAN_CHECK_MEMORY_REGION (BlockIo->Media, sizeof (EFI_BLOCK_IO_MEDIA));
276
277 //
278 // Check Ext4 SuperBlock magic like it done
279 // in Ext4IsBindingSupported routine
280 //
281 if (!Ext4SuperblockCheckMagic (DiskIo, BlockIo)) {
282 // Don't halt on bad magic, just keep going
283 DEBUG ((DEBUG_WARN, "[ext4] Superblock contains bad magic \n"));
284 }
285
286 //
287 // Open partition
288 //
289 Status = Ext4OpenPartition (DeviceHandle, DiskIo, NULL, BlockIo);
290
291 if (EFI_ERROR (Status)) {
292 DEBUG ((DEBUG_ERROR, "[ext4] Error mounting: %r\n", Status));
293 FreePool (FileName);
294 FreePool (BlockIo->Media);
295 FreePool (BlockIo);
296 FreePool (DiskIo);
297 return 0;
298 }
299
300 Part = (EXT4_PARTITION *)mEfiSfsInterface;
301
302 ASAN_CHECK_MEMORY_REGION (Part, sizeof (EXT4_PARTITION));
303
304 This = (EFI_FILE_PROTOCOL *)Part->Root;
305
306 //
307 // Test Ext4Dxe driver
308 //
309 for (Index = 0; Index < OPEN_FILE_MODES_COUNT; Index++) {
310 Status = Ext4Open (This, &NewHandle, FileName, mOpenFileModes[Index], 0);
311 if (Status == EFI_SUCCESS) {
312 //
313 // Try to read 100 bytes
314 //
315 Buffer = AllocateZeroPool (100);
316 BufferSize = 100;
317 if (Buffer == NULL) {
318 FreeAll (FileName, Part);
319 return 0;
320 }
321
322 Status = Ext4ReadFile (NewHandle, &BufferSize, Buffer);
323 if (Status == EFI_BUFFER_TOO_SMALL) {
324 TmpBuffer = ReallocatePool (100, BufferSize, Buffer);
325 if (TmpBuffer == NULL) {
326 FreePool (Buffer);
327 FreeAll (FileName, Part);
328 return 0;
329 }
330
331 Buffer = TmpBuffer;
332
333 ASAN_CHECK_MEMORY_REGION (Buffer, BufferSize);
334
335 Ext4ReadFile (NewHandle, &BufferSize, Buffer);
336 }
337
338 Ext4WriteFile (NewHandle, &BufferSize, Buffer);
339
340 FreePool (Buffer);
341
342 Len = 0;
343 Info = NULL;
344 Status = Ext4GetInfo (NewHandle, &gEfiFileInfoGuid, &Len, Info);
345 if (Status == EFI_BUFFER_TOO_SMALL) {
346 Info = AllocateZeroPool (Len);
347 if (Info == NULL) {
348 FreeAll (FileName, Part);
349 return 0;
350 }
351
352 Ext4GetInfo (NewHandle, &gEfiFileInfoGuid, &Len, Info);
353 FreePool (Info);
354 }
355
356 Len = 0;
357 Status = Ext4GetInfo (NewHandle, &gEfiFileSystemInfoGuid, &Len, Info);
358 if (Status == EFI_BUFFER_TOO_SMALL) {
359 Info = AllocateZeroPool (Len);
360 if (Info == NULL) {
361 FreeAll (FileName, Part);
362 return 0;
363 }
364
365 Ext4GetInfo (NewHandle, &gEfiFileSystemInfoGuid, &Len, Info);
366 FreePool (Info);
367 }
368
369 Len = 0;
370 Status = Ext4GetInfo (NewHandle, &gEfiFileSystemVolumeLabelInfoIdGuid, &Len, Info);
371 if (Status == EFI_BUFFER_TOO_SMALL) {
372 Info = AllocateZeroPool (Len);
373 if (Info == NULL) {
374 FreeAll (FileName, Part);
375 return 0;
376 }
377
378 Ext4GetInfo (NewHandle, &gEfiFileSystemVolumeLabelInfoIdGuid, &Len, Info);
379 FreePool (Info);
380 }
381
382 Ext4SetInfo (NewHandle, &gEfiFileSystemVolumeLabelInfoIdGuid, Len, Info);
383
384 //
385 // Test position functions
386 //
387 Ext4GetPosition (NewHandle, &Position);
388 Ext4SetPosition (NewHandle, Position);
389
390 //
391 // Trying to reach the end of file and read/write it
392 //
393 Position = (UINT64)-1;
394 Status = Ext4SetPosition (NewHandle, Position);
395 if (!EFI_ERROR (Status)) {
396 Buffer = AllocateZeroPool (100);
397 BufferSize = 100;
398 if (Buffer == NULL) {
399 FreeAll (FileName, Part);
400 return 0;
401 }
402
403 Status = Ext4ReadFile (NewHandle, &BufferSize, Buffer);
404 if (Status == EFI_BUFFER_TOO_SMALL) {
405 TmpBuffer = ReallocatePool (100, BufferSize, Buffer);
406 if (TmpBuffer == NULL) {
407 FreePool (Buffer);
408 FreeAll (FileName, Part);
409 return 0;
410 }
411
412 Buffer = TmpBuffer;
413
414 ASAN_CHECK_MEMORY_REGION (Buffer, BufferSize);
415
416 Ext4ReadFile (NewHandle, &BufferSize, Buffer);
417 }
418
419 Ext4WriteFile (NewHandle, &BufferSize, Buffer);
420
421 FreePool (Buffer);
422 }
423
424 //
425 // Trying to reach out of bound of FileSize
426 //
427 File = EXT4_FILE_FROM_THIS (NewHandle);
428 FileSize = EXT4_INODE_SIZE (File->Inode);
429 if (FileSize < (UINT64)-1 - 1) {
430 Position = FileSize + 1;
431 Status = Ext4SetPosition (NewHandle, Position);
432 if (!EFI_ERROR (Status)) {
433 Buffer = AllocateZeroPool (100);
434 BufferSize = 100;
435 if (Buffer == NULL) {
436 FreeAll (FileName, Part);
437 return 0;
438 }
439
440 Status = Ext4ReadFile (NewHandle, &BufferSize, Buffer);
441
442 ASSERT (Status == EFI_DEVICE_ERROR);
443 FreePool (Buffer);
444 }
445 }
446
447 Ext4Delete (NewHandle);
448 }
449 }
450
451 FreeAll (FileName, Part);
452
453 return 0;
454}
455
456INT32
457LLVMFuzzerTestOneInput (
458 CONST UINT8 *FuzzData,
459 UINTN FuzzSize
460 )
461{
462 VOID *NewData;
463 UINT32 ConfigSize;
464
465 if (FuzzSize == 0) {
466 return 0;
467 }
468
469 //
470 // Override InstallMultipleProtocolInterfaces with custom wrapper
471 //
472 gBS->InstallMultipleProtocolInterfaces = WrapInstallMultipleProtocolInterfaces;
473
474 ConfigSize = 0;
475 ConfigureMemoryAllocations (FuzzData, FuzzSize, &ConfigSize);
476 SetPoolAllocationSizeLimit (BASE_1GB | BASE_2GB);
477
478 NewData = AllocatePool (FuzzSize);
479 if (NewData != NULL) {
480 CopyMem (NewData, FuzzData, FuzzSize);
481 TestExt4Dxe (NewData, FuzzSize);
482 FreePool (NewData);
483 }
484
485 DEBUG ((
486 DEBUG_POOL | DEBUG_PAGE,
487 "UMEM: Allocated %u pools %u pages\n",
488 (UINT32)mPoolAllocations,
489 (UINT32)mPageAllocations
490 ));
491
492 return 0;
493}
494
495int
496ENTRY_POINT (
497 int argc,
498 char **argv
499 )
500{
501 uint32_t f;
502 uint8_t *b;
503
504 if ((b = UserReadFile ((argc > 1) ? argv[1] : "in.bin", &f)) == NULL) {
505 DEBUG ((DEBUG_ERROR, "Read fail\n"));
506 return -1;
507 }
508
509 LLVMFuzzerTestOneInput (b, f);
510 FreePool (b);
511 return 0;
512}
gBS
EFI_BOOT_SERVICES * gBS
Definition OcBootServicesTableLib.c:29
Buffer
OC_TYPING_BUFFER_ENTRY Buffer[OC_TYPING_BUFFER_SIZE]
Definition OcTypingLib.h:42
Handle
APPLE_EVENT_HANDLE Handle
Definition OcTypingLib.h:45
OcUnicodeCollationInitializeMappingTables
VOID OcUnicodeCollationInitializeMappingTables(VOID)
Definition OcUnicodeCollationEngCommon.c:153
EngStriColl
INTN EFIAPI EngStriColl(IN EFI_UNICODE_COLLATION_PROTOCOL *This, IN CHAR16 *Str1, IN CHAR16 *Str2)
Definition OcUnicodeCollationEngCommon.c:198
mEfiSfsInterface
STATIC EFI_SIMPLE_FILE_SYSTEM_PROTOCOL * mEfiSfsInterface
Definition TestExt4Dxe.c:19
FuzzReadDisk
EFI_STATUS EFIAPI FuzzReadDisk(IN EFI_DISK_IO_PROTOCOL *This, IN UINT32 MediaId, IN UINT64 Offset, IN UINTN BufferSize, OUT VOID *Buffer)
Definition TestExt4Dxe.c:168
OPEN_FILE_MODES_COUNT
#define OPEN_FILE_MODES_COUNT
Definition TestExt4Dxe.c:13
WrapInstallMultipleProtocolInterfaces
EFI_STATUS EFIAPI WrapInstallMultipleProtocolInterfaces(IN OUT EFI_HANDLE *Handle,...)
Definition TestExt4Dxe.c:98
Ext4InitialiseUnicodeCollation
EFI_STATUS Ext4InitialiseUnicodeCollation(EFI_HANDLE DriverHandle)
Definition TestExt4Dxe.c:33
mOpenFileModes
STATIC UINT64 mOpenFileModes[OPEN_FILE_MODES_COUNT]
Definition TestExt4Dxe.c:21
EfiLibUninstallAllDriverProtocols2
EFI_STATUS EFIAPI EfiLibUninstallAllDriverProtocols2(IN EFI_DRIVER_BINDING_PROTOCOL *DriverBinding, IN CONST EFI_COMPONENT_NAME_PROTOCOL *ComponentName, OPTIONAL IN CONST EFI_COMPONENT_NAME2_PROTOCOL *ComponentName2, OPTIONAL IN CONST EFI_DRIVER_CONFIGURATION_PROTOCOL *DriverConfiguration, OPTIONAL IN CONST EFI_DRIVER_CONFIGURATION2_PROTOCOL *DriverConfiguration2, OPTIONAL IN CONST EFI_DRIVER_DIAGNOSTICS_PROTOCOL *DriverDiagnostics, OPTIONAL IN CONST EFI_DRIVER_DIAGNOSTICS2_PROTOCOL *DriverDiagnostics2 OPTIONAL)
Definition TestExt4Dxe.c:82
mFuzzOffset
STATIC UINTN mFuzzOffset
Definition TestExt4Dxe.c:15
EfiLibInstallAllDriverProtocols2
EFI_STATUS EFIAPI EfiLibInstallAllDriverProtocols2(IN CONST EFI_HANDLE ImageHandle, IN CONST EFI_SYSTEM_TABLE *SystemTable, IN EFI_DRIVER_BINDING_PROTOCOL *DriverBinding, IN EFI_HANDLE DriverBindingHandle, IN CONST EFI_COMPONENT_NAME_PROTOCOL *ComponentName, OPTIONAL IN CONST EFI_COMPONENT_NAME2_PROTOCOL *ComponentName2, OPTIONAL IN CONST EFI_DRIVER_CONFIGURATION_PROTOCOL *DriverConfiguration, OPTIONAL IN CONST EFI_DRIVER_CONFIGURATION2_PROTOCOL *DriverConfiguration2, OPTIONAL IN CONST EFI_DRIVER_DIAGNOSTICS_PROTOCOL *DriverDiagnostics, OPTIONAL IN CONST EFI_DRIVER_DIAGNOSTICS2_PROTOCOL *DriverDiagnostics2 OPTIONAL)
Definition TestExt4Dxe.c:63
mFuzzSize
STATIC UINTN mFuzzSize
Definition TestExt4Dxe.c:16
mFuzzPointer
STATIC CONST UINT8 * mFuzzPointer
Definition TestExt4Dxe.c:17
FreeAll
VOID FreeAll(IN CHAR16 *FileName, IN EXT4_PARTITION *Part)
Definition TestExt4Dxe.c:138
Ext4StrCmpInsensitive
INTN Ext4StrCmpInsensitive(IN CHAR16 *Str1, IN CHAR16 *Str2)
Definition TestExt4Dxe.c:53
LLVMFuzzerTestOneInput
INT32 LLVMFuzzerTestOneInput(CONST UINT8 *FuzzData, UINTN FuzzSize)
Definition TestExt4Dxe.c:457
TestExt4Dxe
STATIC INT32 TestExt4Dxe(CONST UINT8 *FuzzData, UINTN FuzzSize)
Definition TestExt4Dxe.c:193
CopyMem
VOID *EFIAPI CopyMem(OUT VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition UserBaseMemoryLib.c:75
CompareGuid
BOOLEAN EFIAPI CompareGuid(IN CONST GUID *Guid1, IN CONST GUID *Guid2)
Definition UserBaseMemoryLib.c:456
UserReadFile
UINT8 * UserReadFile(IN CONST CHAR8 *FileName, OUT UINT32 *Size)
Definition UserFile.c:62
gEfiFileInfoGuid
EFI_GUID gEfiFileInfoGuid
Definition UserGlobalVar.c:124
gEfiFileSystemInfoGuid
EFI_GUID gEfiFileSystemInfoGuid
Definition UserGlobalVar.c:166
gEfiSimpleFileSystemProtocolGuid
EFI_GUID gEfiSimpleFileSystemProtocolGuid
Definition UserGlobalVar.c:130
ASAN_CHECK_MEMORY_REGION
#define ASAN_CHECK_MEMORY_REGION(addr, size)
Definition UserGlobalVar.h:21
gEfiFileSystemVolumeLabelInfoIdGuid
EFI_GUID gEfiFileSystemVolumeLabelInfoIdGuid
Definition UserGlobalVar.c:127
SetPoolAllocationSizeLimit
VOID SetPoolAllocationSizeLimit(UINTN AllocationSize)
Definition UserBaseMemoryLib.c:66
mPageAllocations
UINTN mPageAllocations
Definition UserBaseMemoryLib.c:33
mPoolAllocations
UINTN mPoolAllocations
Definition UserBaseMemoryLib.c:32
ConfigureMemoryAllocations
VOID ConfigureMemoryAllocations(IN CONST UINT8 *Data, IN UINTN Size, IN OUT UINT32 *ConfigSize)
Definition UserBaseMemoryLib.c:41
ASSERT
#define ASSERT(x)
Definition coder.h:55
Len
#define Len
Definition deflate.h:82
uint8_t
UINT8 uint8_t
Definition libDER_config.h:24
uint32_t
UINT32 uint32_t
Definition libDER_config.h:26
ENTRY_POINT
int ENTRY_POINT(void)
Definition ocpasswordgen.c:52