Changes to abstract shared memory

7 files changed, 56 insertions, 113 deletions

diff --git a/frida_mode/include/shm.h b/frida_mode/include/shm.h
new file mode 100644
index 00000000..8338ccba
--- /dev/null
+++ b/frida_mode/include/shm.h
@@ -0,0 +1,9 @@
+#ifndef _SHM_H
+#define _SHM_H
+
+#include <stddef.h>
+
+void *shm_create(size_t size);
+
+#endif
+
diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c
index 0e286eab..e1e4ac22 100644
--- a/frida_mode/src/instrument/instrument.c
+++ b/frida_mode/src/instrument/instrument.c
@@ -1,7 +1,5 @@
 #include <fcntl.h>
 #include <unistd.h>
-#include <sys/shm.h>
-#include <sys/mman.h>
 #include <sys/syscall.h>
 
 #include "frida-gumjs.h"
@@ -17,6 +15,7 @@
 #include "persistent.h"
 #include "prefetch.h"
 #include "ranges.h"
+#include "shm.h"
 #include "stalker.h"
 #include "stats.h"
 #include "util.h"
@@ -348,29 +347,7 @@ void instrument_init(void) {
   transformer = gum_stalker_transformer_make_from_callback(
       instrument_basic_block, NULL, NULL);
 
-  if (instrument_unique) {
-
-    int shm_id =
-        shmget(IPC_PRIVATE, __afl_map_size, IPC_CREAT | IPC_EXCL | 0600);
-    if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); }
-
-    edges_notified = shmat(shm_id, NULL, 0);
-    g_assert(edges_notified != MAP_FAILED);
-
-    /*
-     * Configure the shared memory region to be removed once the process
-     * dies.
-     */
-    if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
-
-      FATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
-
-    }
-
-    /* Clear it, not sure it's necessary, just seems like good practice */
-    memset(edges_notified, '\0', __afl_map_size);
-
-  }
+  if (instrument_unique) { edges_notified = shm_create(__afl_map_size); }
 
   if (instrument_use_fixed_seed) {
 
diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c
index e20923c4..905e0ae9 100644
--- a/frida_mode/src/prefetch.c
+++ b/frida_mode/src/prefetch.c
@@ -1,12 +1,11 @@
 #include <errno.h>
-#include <sys/shm.h>
-#include <sys/mman.h>
 
 #include "frida-gumjs.h"
 
 #include "entry.h"
 #include "intercept.h"
 #include "prefetch.h"
+#include "shm.h"
 #include "stalker.h"
 #include "util.h"
 
@@ -285,33 +284,7 @@ void prefetch_init(void) {
    * with the coverage bitmap region and fork will take care of ensuring both
    * the parent and child see the same consistent memory region.
    */
-  prefetch_shm_id =
-      shmget(IPC_PRIVATE, sizeof(prefetch_data_t), IPC_CREAT | IPC_EXCL | 0600);
-  if (prefetch_shm_id < 0) {
-
-    FFATAL("prefetch_shm_id < 0 - errno: %d\n", errno);
-
-  }
-
-  prefetch_data = shmat(prefetch_shm_id, NULL, 0);
-  g_assert(prefetch_data != MAP_FAILED);
-
-  /*
-   * Configure the shared memory region to be removed once the process dies.
-   * This doesn't work on Android, so we skip it. Would could end up leaking
-   * shared memory regions though.
-   */
-#ifndef __ANDROID__
-  if (shmctl(prefetch_shm_id, IPC_RMID, NULL) < 0) {
-
-    FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
-
-  }
-
-#endif
-
-  /* Clear it, not sure it's necessary, just seems like good practice */
-  memset(prefetch_data, '\0', sizeof(prefetch_data_t));
+  prefetch_data = shm_create(sizeof(prefetch_data_t));
 
   prefetch_hook_fork();
 
diff --git a/frida_mode/src/shm.c b/frida_mode/src/shm.c
new file mode 100644
index 00000000..c76427cb
--- /dev/null
+++ b/frida_mode/src/shm.c
@@ -0,0 +1,36 @@
+#include "shm.h"
+#include "util.h"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/ipc.h>
+#include <sys/mman.h>
+#include <sys/shm.h>
+
+void *shm_create(size_t size) {
+
+  int shm_id =
+      shmget(IPC_PRIVATE, size, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR);
+  if (shm_id < 0) { FFATAL("shm_id < 0 - errno: %d\n", errno); }
+
+  void *addr = shmat(shm_id, NULL, 0);
+  if (addr == MAP_FAILED) { FFATAL("addr == MAP_FAILED - errno: %d\n", errno); }
+
+  /*
+   * Configure the shared memory region to be removed once the process
+   * dies.
+   */
+  if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
+
+    FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
+
+  }
+
+  /* Clear it, not sure it's necessary, just seems like good practice */
+  memset(addr, '\0', size);
+
+  return addr;
+
+}
+
diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c
index af08cd71..1d3520bc 100644
--- a/frida_mode/src/stats/stats.c
+++ b/frida_mode/src/stats/stats.c
@@ -2,17 +2,16 @@
 #include <fcntl.h>
 #include <stdio.h>
 #include <unistd.h>
-#include <sys/shm.h>
 #include <sys/mman.h>
 
 #include "frida-gumjs.h"
 
 #include "config.h"
-#include "util.h"
-
 #include "entry.h"
+#include "shm.h"
 #include "stalker.h"
 #include "stats.h"
+#include "util.h"
 
 #define MICRO_TO_SEC 1000000
 
@@ -360,27 +359,10 @@ void stats_init(void) {
 
   g_free(path);
 
-  int shm_id =
-      shmget(IPC_PRIVATE, sizeof(stats_data_t), IPC_CREAT | IPC_EXCL | 0600);
-  if (shm_id < 0) { FFATAL("shm_id < 0 - errno: %d\n", errno); }
-
-  stats_data = shmat(shm_id, NULL, 0);
-  g_assert(stats_data != MAP_FAILED);
-
   GumStalkerObserver *observer = stalker_get_observer();
   stats_observer_init(observer);
 
-  /*
-   * Configure the shared memory region to be removed once the process dies.
-   */
-  if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
-
-    FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
-
-  }
-
-  /* Clear it, not sure it's necessary, just seems like good practice */
-  memset(stats_data, '\0', sizeof(stats_data_t));
+  stats_data = shm_create(sizeof(stats_data_t));
 
   starts_arch_init();
 
diff --git a/frida_mode/src/stats/stats_arm64.c b/frida_mode/src/stats/stats_arm64.c
index 313ab47a..ea283dbe 100644
--- a/frida_mode/src/stats/stats_arm64.c
+++ b/frida_mode/src/stats/stats_arm64.c
@@ -1,9 +1,9 @@
-#include <sys/shm.h>
 #include <sys/mman.h>
 
 #include "frida-gumjs.h"
 
 #include "ranges.h"
+#include "shm.h"
 #include "stats.h"
 #include "util.h"
 
@@ -44,24 +44,7 @@ static stats_data_arch_t *stats_data_arch = NULL;
 
 void starts_arch_init(void) {
 
-  int shm_id = shmget(IPC_PRIVATE, sizeof(stats_data_arch_t),
-                      IPC_CREAT | IPC_EXCL | 0600);
-  if (shm_id < 0) { FFATAL("shm_id < 0 - errno: %d\n", errno); }
-
-  stats_data_arch = shmat(shm_id, NULL, 0);
-  g_assert(stats_data_arch != MAP_FAILED);
-
-  /*
-   * Configure the shared memory region to be removed once the process dies.
-   */
-  if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
-
-    FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
-
-  }
-
-  /* Clear it, not sure it's necessary, just seems like good practice */
-  memset(stats_data_arch, '\0', sizeof(stats_data_arch_t));
+  stats_data_arch = shm_create(sizeof(stats_data_arch_t));
 
 }
 
diff --git a/frida_mode/src/stats/stats_x86_64.c b/frida_mode/src/stats/stats_x86_64.c
index 761ca133..e2fb7b80 100644
--- a/frida_mode/src/stats/stats_x86_64.c
+++ b/frida_mode/src/stats/stats_x86_64.c
@@ -1,9 +1,9 @@
-#include <sys/shm.h>
 #include <sys/mman.h>
 
 #include "frida-gumjs.h"
 
 #include "ranges.h"
+#include "shm.h"
 #include "stats.h"
 #include "util.h"
 
@@ -46,24 +46,7 @@ static stats_data_arch_t *stats_data_arch = NULL;
 
 void starts_arch_init(void) {
 
-  int shm_id = shmget(IPC_PRIVATE, sizeof(stats_data_arch_t),
-                      IPC_CREAT | IPC_EXCL | 0600);
-  if (shm_id < 0) { FFATAL("shm_id < 0 - errno: %d\n", errno); }
-
-  stats_data_arch = shmat(shm_id, NULL, 0);
-  g_assert(stats_data_arch != MAP_FAILED);
-
-  /*
-   * Configure the shared memory region to be removed once the process dies.
-   */
-  if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
-
-    FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
-
-  }
-
-  /* Clear it, not sure it's necessary, just seems like good practice */
-  memset(stats_data_arch, '\0', sizeof(stats_data_arch_t));
+  stats_data_arch = shm_create(sizeof(stats_data_arch_t));
 
 }