Merge "Refactor off COW header v3" into main
diff --git a/bootstat/bootstat.cpp b/bootstat/bootstat.cpp
index 3b8866e..2d55e5a 100644
--- a/bootstat/bootstat.cpp
+++ b/bootstat/bootstat.cpp
@@ -461,6 +461,14 @@
{"reboot,smpl_timeout,pmic,main", 229},
{"reboot,ota,.*", 230},
{"reboot,periodic,.*", 231},
+ {"reboot,early,abl", 232},
+ {"reboot,early,bl2", 233},
+ {"reboot,longkey,pmic_cold", 234},
+ {"reboot,longkey,master_dc", 235},
+ {"reboot,ocp2,pmic,if", 236},
+ {"reboot,ocp,pmic,if", 237},
+ {"reboot,fship", 238},
+ {"reboot,ocp,.*", 239},
};
// Converts a string value representing the reason the system booted to an
diff --git a/debuggerd/common/include/dump_type.h b/debuggerd/common/include/dump_type.h
index a3e171b..82ef7b6 100644
--- a/debuggerd/common/include/dump_type.h
+++ b/debuggerd/common/include/dump_type.h
@@ -28,26 +28,24 @@
kDebuggerdTombstoneProto,
};
-inline std::ostream& operator<<(std::ostream& stream, const DebuggerdDumpType& rhs) {
- switch (rhs) {
+inline const char* get_dump_type_name(const DebuggerdDumpType& dump_type) {
+ switch (dump_type) {
case kDebuggerdNativeBacktrace:
- stream << "kDebuggerdNativeBacktrace";
- break;
+ return "kDebuggerdNativeBacktrace";
case kDebuggerdTombstone:
- stream << "kDebuggerdTombstone";
- break;
+ return "kDebuggerdTombstone";
case kDebuggerdJavaBacktrace:
- stream << "kDebuggerdJavaBacktrace";
- break;
+ return "kDebuggerdJavaBacktrace";
case kDebuggerdAnyIntercept:
- stream << "kDebuggerdAnyIntercept";
- break;
+ return "kDebuggerdAnyIntercept";
case kDebuggerdTombstoneProto:
- stream << "kDebuggerdTombstoneProto";
- break;
+ return "kDebuggerdTombstoneProto";
default:
- stream << "[unknown]";
+ return "[unknown]";
}
+}
+inline std::ostream& operator<<(std::ostream& stream, const DebuggerdDumpType& rhs) {
+ stream << get_dump_type_name(rhs);
return stream;
}
diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp
index 19ff7eb..c3e1302 100644
--- a/debuggerd/debuggerd_test.cpp
+++ b/debuggerd/debuggerd_test.cpp
@@ -114,7 +114,7 @@
R"(#\d\d pc [0-9a-f]+\s+ \S+ (\(offset 0x[0-9a-f]+\) )?\()" frame_name R"(\+)");
static void tombstoned_intercept(pid_t target_pid, unique_fd* intercept_fd, unique_fd* output_fd,
- InterceptStatus* status, DebuggerdDumpType intercept_type) {
+ InterceptResponse* response, DebuggerdDumpType intercept_type) {
intercept_fd->reset(socket_local_client(kTombstonedInterceptSocketName,
ANDROID_SOCKET_NAMESPACE_RESERVED, SOCK_SEQPACKET));
if (intercept_fd->get() == -1) {
@@ -155,18 +155,15 @@
FAIL() << "failed to send output fd to tombstoned: " << strerror(errno);
}
- InterceptResponse response;
- rc = TEMP_FAILURE_RETRY(read(intercept_fd->get(), &response, sizeof(response)));
+ rc = TEMP_FAILURE_RETRY(read(intercept_fd->get(), response, sizeof(*response)));
if (rc == -1) {
FAIL() << "failed to read response from tombstoned: " << strerror(errno);
} else if (rc == 0) {
FAIL() << "failed to read response from tombstoned (EOF)";
- } else if (rc != sizeof(response)) {
- FAIL() << "received packet of unexpected length from tombstoned: expected " << sizeof(response)
+ } else if (rc != sizeof(*response)) {
+ FAIL() << "received packet of unexpected length from tombstoned: expected " << sizeof(*response)
<< ", received " << rc;
}
-
- *status = response.status;
}
static bool pac_supported() {
@@ -225,9 +222,10 @@
FAIL() << "crasher hasn't been started";
}
- InterceptStatus status;
- tombstoned_intercept(crasher_pid, &this->intercept_fd, output_fd, &status, intercept_type);
- ASSERT_EQ(InterceptStatus::kRegistered, status);
+ InterceptResponse response = {};
+ tombstoned_intercept(crasher_pid, &this->intercept_fd, output_fd, &response, intercept_type);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
}
void CrasherTest::FinishIntercept(int* result) {
@@ -1744,9 +1742,10 @@
pid_t pid = 123'456'789 + i;
unique_fd intercept_fd, output_fd;
- InterceptStatus status;
- tombstoned_intercept(pid, &intercept_fd, &output_fd, &status, kDebuggerdTombstone);
- ASSERT_EQ(InterceptStatus::kRegistered, status);
+ InterceptResponse response = {};
+ tombstoned_intercept(pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
{
unique_fd tombstoned_socket, input_fd;
@@ -1778,9 +1777,10 @@
pid_t pid = pid_base + dump;
unique_fd intercept_fd, output_fd;
- InterceptStatus status;
- tombstoned_intercept(pid, &intercept_fd, &output_fd, &status, kDebuggerdTombstone);
- ASSERT_EQ(InterceptStatus::kRegistered, status);
+ InterceptResponse response = {};
+ tombstoned_intercept(pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error messeage: " << response.error_message;
// Pretend to crash, and then immediately close the socket.
unique_fd sockfd(socket_local_client(kTombstonedCrashSocketName,
@@ -1811,9 +1811,10 @@
pid_t pid = pid_base + dump;
unique_fd intercept_fd, output_fd;
- InterceptStatus status;
- tombstoned_intercept(pid, &intercept_fd, &output_fd, &status, kDebuggerdTombstone);
- ASSERT_EQ(InterceptStatus::kRegistered, status);
+ InterceptResponse response = {};
+ tombstoned_intercept(pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
{
unique_fd tombstoned_socket, input_fd;
@@ -1838,16 +1839,17 @@
}
}
-TEST(tombstoned, java_trace_intercept_smoke) {
+TEST(tombstoned, intercept_java_trace_smoke) {
// Using a "real" PID is a little dangerous here - if the test fails
// or crashes, we might end up getting a bogus / unreliable stack
// trace.
const pid_t self = getpid();
unique_fd intercept_fd, output_fd;
- InterceptStatus status;
- tombstoned_intercept(self, &intercept_fd, &output_fd, &status, kDebuggerdJavaBacktrace);
- ASSERT_EQ(InterceptStatus::kRegistered, status);
+ InterceptResponse response = {};
+ tombstoned_intercept(self, &intercept_fd, &output_fd, &response, kDebuggerdJavaBacktrace);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
// First connect to tombstoned requesting a native tombstone. This
// should result in a "regular" FD and not the installed intercept.
@@ -1869,25 +1871,96 @@
ASSERT_STREQ("java", outbuf);
}
-TEST(tombstoned, multiple_intercepts) {
+TEST(tombstoned, intercept_multiple_dump_types) {
const pid_t fake_pid = 1'234'567;
unique_fd intercept_fd, output_fd;
- InterceptStatus status;
- tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &status, kDebuggerdJavaBacktrace);
- ASSERT_EQ(InterceptStatus::kRegistered, status);
+ InterceptResponse response = {};
+ tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdJavaBacktrace);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
unique_fd intercept_fd_2, output_fd_2;
- tombstoned_intercept(fake_pid, &intercept_fd_2, &output_fd_2, &status, kDebuggerdNativeBacktrace);
- ASSERT_EQ(InterceptStatus::kFailedAlreadyRegistered, status);
+ tombstoned_intercept(fake_pid, &intercept_fd_2, &output_fd_2, &response,
+ kDebuggerdNativeBacktrace);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
+}
+
+TEST(tombstoned, intercept_bad_pid) {
+ const pid_t fake_pid = -1;
+ unique_fd intercept_fd, output_fd;
+ InterceptResponse response = {};
+ tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdNativeBacktrace);
+ ASSERT_EQ(InterceptStatus::kFailed, response.status)
+ << "Error message: " << response.error_message;
+ ASSERT_MATCH(response.error_message, "bad pid");
+}
+
+TEST(tombstoned, intercept_bad_dump_types) {
+ const pid_t fake_pid = 1'234'567;
+ unique_fd intercept_fd, output_fd;
+ InterceptResponse response = {};
+ tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response,
+ static_cast<DebuggerdDumpType>(20));
+ ASSERT_EQ(InterceptStatus::kFailed, response.status)
+ << "Error message: " << response.error_message;
+ ASSERT_MATCH(response.error_message, "bad dump type \\[unknown\\]");
+
+ tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdAnyIntercept);
+ ASSERT_EQ(InterceptStatus::kFailed, response.status)
+ << "Error message: " << response.error_message;
+ ASSERT_MATCH(response.error_message, "bad dump type kDebuggerdAnyIntercept");
+
+ tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstoneProto);
+ ASSERT_EQ(InterceptStatus::kFailed, response.status)
+ << "Error message: " << response.error_message;
+ ASSERT_MATCH(response.error_message, "bad dump type kDebuggerdTombstoneProto");
+}
+
+TEST(tombstoned, intercept_already_registered) {
+ const pid_t fake_pid = 1'234'567;
+ unique_fd intercept_fd1, output_fd1;
+ InterceptResponse response = {};
+ tombstoned_intercept(fake_pid, &intercept_fd1, &output_fd1, &response, kDebuggerdTombstone);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
+
+ unique_fd intercept_fd2, output_fd2;
+ tombstoned_intercept(fake_pid, &intercept_fd2, &output_fd2, &response, kDebuggerdTombstone);
+ ASSERT_EQ(InterceptStatus::kFailedAlreadyRegistered, response.status)
+ << "Error message: " << response.error_message;
+ ASSERT_MATCH(response.error_message, "already registered, type kDebuggerdTombstone");
+}
+
+TEST(tombstoned, intercept_tombstone_proto_matched_to_tombstone) {
+ const pid_t fake_pid = 1'234'567;
+
+ unique_fd intercept_fd, output_fd;
+ InterceptResponse response = {};
+ tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
+
+ const char data[] = "tombstone_proto";
+ unique_fd tombstoned_socket, input_fd;
+ ASSERT_TRUE(
+ tombstoned_connect(fake_pid, &tombstoned_socket, &input_fd, kDebuggerdTombstoneProto));
+ ASSERT_TRUE(android::base::WriteFully(input_fd.get(), data, sizeof(data)));
+ tombstoned_notify_completion(tombstoned_socket.get());
+
+ char outbuf[sizeof(data)];
+ ASSERT_TRUE(android::base::ReadFully(output_fd.get(), outbuf, sizeof(outbuf)));
+ ASSERT_STREQ("tombstone_proto", outbuf);
}
TEST(tombstoned, intercept_any) {
const pid_t fake_pid = 1'234'567;
unique_fd intercept_fd, output_fd;
- InterceptStatus status;
- tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &status, kDebuggerdNativeBacktrace);
- ASSERT_EQ(InterceptStatus::kRegistered, status);
+ InterceptResponse response = {};
+ tombstoned_intercept(fake_pid, &intercept_fd, &output_fd, &response, kDebuggerdNativeBacktrace);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
const char any[] = "any";
unique_fd tombstoned_socket, input_fd;
@@ -1900,6 +1973,77 @@
ASSERT_STREQ("any", outbuf);
}
+TEST(tombstoned, intercept_any_failed_with_multiple_intercepts) {
+ const pid_t fake_pid = 1'234'567;
+
+ InterceptResponse response = {};
+ unique_fd intercept_fd1, output_fd1;
+ tombstoned_intercept(fake_pid, &intercept_fd1, &output_fd1, &response, kDebuggerdNativeBacktrace);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
+
+ unique_fd intercept_fd2, output_fd2;
+ tombstoned_intercept(fake_pid, &intercept_fd2, &output_fd2, &response, kDebuggerdJavaBacktrace);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
+
+ unique_fd tombstoned_socket, input_fd;
+ ASSERT_FALSE(tombstoned_connect(fake_pid, &tombstoned_socket, &input_fd, kDebuggerdAnyIntercept));
+}
+
+TEST(tombstoned, intercept_multiple_verify_intercept) {
+ // Need to use our pid for java since that will verify the pid.
+ const pid_t fake_pid = getpid();
+
+ InterceptResponse response = {};
+ unique_fd intercept_fd1, output_fd1;
+ tombstoned_intercept(fake_pid, &intercept_fd1, &output_fd1, &response, kDebuggerdNativeBacktrace);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
+
+ unique_fd intercept_fd2, output_fd2;
+ tombstoned_intercept(fake_pid, &intercept_fd2, &output_fd2, &response, kDebuggerdJavaBacktrace);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
+
+ unique_fd intercept_fd3, output_fd3;
+ tombstoned_intercept(fake_pid, &intercept_fd3, &output_fd3, &response, kDebuggerdTombstone);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
+
+ const char native_data[] = "native";
+ unique_fd tombstoned_socket1, input_fd1;
+ ASSERT_TRUE(
+ tombstoned_connect(fake_pid, &tombstoned_socket1, &input_fd1, kDebuggerdNativeBacktrace));
+ ASSERT_TRUE(android::base::WriteFully(input_fd1.get(), native_data, sizeof(native_data)));
+ tombstoned_notify_completion(tombstoned_socket1.get());
+
+ char native_outbuf[sizeof(native_data)];
+ ASSERT_TRUE(android::base::ReadFully(output_fd1.get(), native_outbuf, sizeof(native_outbuf)));
+ ASSERT_STREQ("native", native_outbuf);
+
+ const char java_data[] = "java";
+ unique_fd tombstoned_socket2, input_fd2;
+ ASSERT_TRUE(
+ tombstoned_connect(fake_pid, &tombstoned_socket2, &input_fd2, kDebuggerdJavaBacktrace));
+ ASSERT_TRUE(android::base::WriteFully(input_fd2.get(), java_data, sizeof(java_data)));
+ tombstoned_notify_completion(tombstoned_socket2.get());
+
+ char java_outbuf[sizeof(java_data)];
+ ASSERT_TRUE(android::base::ReadFully(output_fd2.get(), java_outbuf, sizeof(java_outbuf)));
+ ASSERT_STREQ("java", java_outbuf);
+
+ const char tomb_data[] = "tombstone";
+ unique_fd tombstoned_socket3, input_fd3;
+ ASSERT_TRUE(tombstoned_connect(fake_pid, &tombstoned_socket3, &input_fd3, kDebuggerdTombstone));
+ ASSERT_TRUE(android::base::WriteFully(input_fd3.get(), tomb_data, sizeof(tomb_data)));
+ tombstoned_notify_completion(tombstoned_socket3.get());
+
+ char tomb_outbuf[sizeof(tomb_data)];
+ ASSERT_TRUE(android::base::ReadFully(output_fd3.get(), tomb_outbuf, sizeof(tomb_outbuf)));
+ ASSERT_STREQ("tombstone", tomb_outbuf);
+}
+
TEST(tombstoned, interceptless_backtrace) {
// Generate 50 backtraces, and then check to see that we haven't created 50 new tombstones.
auto get_tombstone_timestamps = []() -> std::map<int, time_t> {
@@ -2132,10 +2276,11 @@
TEST(tombstoned, proto_intercept) {
const pid_t self = getpid();
unique_fd intercept_fd, output_fd;
- InterceptStatus status;
- tombstoned_intercept(self, &intercept_fd, &output_fd, &status, kDebuggerdTombstone);
- ASSERT_EQ(InterceptStatus::kRegistered, status);
+ InterceptResponse response = {};
+ tombstoned_intercept(self, &intercept_fd, &output_fd, &response, kDebuggerdTombstone);
+ ASSERT_EQ(InterceptStatus::kRegistered, response.status)
+ << "Error message: " << response.error_message;
unique_fd tombstoned_socket, text_fd, proto_fd;
ASSERT_TRUE(
diff --git a/debuggerd/protocol.h b/debuggerd/protocol.h
index b60cf5b..212d6dc 100644
--- a/debuggerd/protocol.h
+++ b/debuggerd/protocol.h
@@ -65,7 +65,7 @@
};
enum class InterceptStatus : uint8_t {
- // Returned when an intercept of a different type has already been
+ // Returned when an intercept of the same type has already been
// registered (and is active) for a given PID.
kFailedAlreadyRegistered,
// Returned in all other failure cases.
diff --git a/debuggerd/tombstoned/intercept_manager.cpp b/debuggerd/tombstoned/intercept_manager.cpp
index 613e6f5..ac7b431 100644
--- a/debuggerd/tombstoned/intercept_manager.cpp
+++ b/debuggerd/tombstoned/intercept_manager.cpp
@@ -19,7 +19,10 @@
#include <inttypes.h>
#include <sys/types.h>
+#include <limits>
+#include <memory>
#include <unordered_map>
+#include <utility>
#include <event2/event.h>
#include <event2/listener.h>
@@ -36,8 +39,7 @@
using android::base::unique_fd;
static void intercept_close_cb(evutil_socket_t sockfd, short event, void* arg) {
- auto intercept = reinterpret_cast<Intercept*>(arg);
- InterceptManager* intercept_manager = intercept->intercept_manager;
+ std::unique_ptr<Intercept> intercept(reinterpret_cast<Intercept*>(arg));
CHECK_EQ(sockfd, intercept->sockfd.get());
@@ -46,131 +48,108 @@
// Ownership of intercept differs based on whether we've registered it with InterceptManager.
if (!intercept->registered) {
- delete intercept;
- } else {
- auto it = intercept_manager->intercepts.find(intercept->intercept_pid);
- if (it == intercept_manager->intercepts.end()) {
- LOG(FATAL) << "intercept close callback called after intercept was already removed?";
- }
- if (it->second.get() != intercept) {
- LOG(FATAL) << "intercept close callback has different Intercept from InterceptManager?";
- }
-
- const char* reason;
- if ((event & EV_TIMEOUT) != 0) {
- reason = "due to timeout";
- } else {
- reason = "due to input";
- }
-
- LOG(INFO) << "intercept for pid " << intercept->intercept_pid << " and type "
- << intercept->dump_type << " terminated: " << reason;
- intercept_manager->intercepts.erase(it);
+ LOG(WARNING) << "intercept for pid " << intercept->pid << " and type " << intercept->dump_type
+ << " closed before being registered.";
+ return;
}
+
+ const char* reason = (event & EV_TIMEOUT) ? "due to timeout" : "due to input";
+ LOG(INFO) << "intercept for pid " << intercept->pid << " and type " << intercept->dump_type
+ << " terminated: " << reason;
}
-static bool is_intercept_request_valid(const InterceptRequest& request) {
- if (request.pid <= 0 || request.pid > std::numeric_limits<pid_t>::max()) {
- return false;
+void InterceptManager::Unregister(Intercept* intercept) {
+ CHECK(intercept->registered);
+ auto pid_entry = intercepts.find(intercept->pid);
+ if (pid_entry == intercepts.end()) {
+ LOG(FATAL) << "No intercepts found for pid " << intercept->pid;
+ }
+ auto& dump_type_hash = pid_entry->second;
+ auto dump_type_entry = dump_type_hash.find(intercept->dump_type);
+ if (dump_type_entry == dump_type_hash.end()) {
+ LOG(FATAL) << "Unknown intercept " << intercept->pid << " " << intercept->dump_type;
+ }
+ if (intercept != dump_type_entry->second) {
+ LOG(FATAL) << "Mismatch pointer trying to unregister intercept " << intercept->pid << " "
+ << intercept->dump_type;
}
- if (request.dump_type < 0 || request.dump_type > kDebuggerdJavaBacktrace) {
- return false;
+ dump_type_hash.erase(dump_type_entry);
+ if (dump_type_hash.empty()) {
+ intercepts.erase(pid_entry);
}
-
- return true;
}
static void intercept_request_cb(evutil_socket_t sockfd, short ev, void* arg) {
- auto intercept = reinterpret_cast<Intercept*>(arg);
+ std::unique_ptr<Intercept> intercept(reinterpret_cast<Intercept*>(arg));
InterceptManager* intercept_manager = intercept->intercept_manager;
CHECK_EQ(sockfd, intercept->sockfd.get());
if ((ev & EV_TIMEOUT) != 0) {
LOG(WARNING) << "tombstoned didn't receive InterceptRequest before timeout";
- goto fail;
+ return;
} else if ((ev & EV_READ) == 0) {
LOG(WARNING) << "tombstoned received unexpected event on intercept socket";
- goto fail;
+ return;
}
- {
- unique_fd rcv_fd;
- InterceptRequest intercept_request;
- ssize_t result =
- ReceiveFileDescriptors(sockfd, &intercept_request, sizeof(intercept_request), &rcv_fd);
+ unique_fd rcv_fd;
+ InterceptRequest intercept_request;
+ ssize_t result =
+ ReceiveFileDescriptors(sockfd, &intercept_request, sizeof(intercept_request), &rcv_fd);
- if (result == -1) {
- PLOG(WARNING) << "failed to read from intercept socket";
- goto fail;
- } else if (result != sizeof(intercept_request)) {
- LOG(WARNING) << "intercept socket received short read of length " << result << " (expected "
- << sizeof(intercept_request) << ")";
- goto fail;
- }
-
- // Move the received FD to the upper half, in order to more easily notice FD leaks.
- int moved_fd = fcntl(rcv_fd.get(), F_DUPFD, 512);
- if (moved_fd == -1) {
- LOG(WARNING) << "failed to move received fd (" << rcv_fd.get() << ")";
- goto fail;
- }
- rcv_fd.reset(moved_fd);
-
- // We trust the other side, so only do minimal validity checking.
- if (!is_intercept_request_valid(intercept_request)) {
- InterceptResponse response = {};
- response.status = InterceptStatus::kFailed;
- snprintf(response.error_message, sizeof(response.error_message), "invalid intercept request");
- TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response)));
- goto fail;
- }
-
- intercept->intercept_pid = intercept_request.pid;
- intercept->dump_type = intercept_request.dump_type;
-
- // Check if it's already registered.
- if (intercept_manager->intercepts.count(intercept_request.pid) > 0) {
- InterceptResponse response = {};
- response.status = InterceptStatus::kFailedAlreadyRegistered;
- snprintf(response.error_message, sizeof(response.error_message),
- "pid %" PRId32 " already intercepted, type %d", intercept_request.pid,
- intercept_request.dump_type);
- TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response)));
- LOG(WARNING) << response.error_message;
- goto fail;
- }
-
- // Let the other side know that the intercept has been registered, now that we know we can't
- // fail. tombstoned is single threaded, so this isn't racy.
- InterceptResponse response = {};
- response.status = InterceptStatus::kRegistered;
- if (TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response))) == -1) {
- PLOG(WARNING) << "failed to notify interceptor of registration";
- goto fail;
- }
-
- intercept->output_fd = std::move(rcv_fd);
- intercept_manager->intercepts[intercept_request.pid] = std::unique_ptr<Intercept>(intercept);
- intercept->registered = true;
-
- LOG(INFO) << "registered intercept for pid " << intercept_request.pid << " and type "
- << intercept_request.dump_type;
-
- // Register a different read event on the socket so that we can remove intercepts if the socket
- // closes (e.g. if a user CTRL-C's the process that requested the intercept).
- event_assign(intercept->intercept_event, intercept_manager->base, sockfd, EV_READ | EV_TIMEOUT,
- intercept_close_cb, arg);
-
- struct timeval timeout = {.tv_sec = 10 * android::base::HwTimeoutMultiplier(), .tv_usec = 0};
- event_add(intercept->intercept_event, &timeout);
+ if (result == -1) {
+ PLOG(WARNING) << "failed to read from intercept socket";
+ return;
+ }
+ if (result != sizeof(intercept_request)) {
+ LOG(WARNING) << "intercept socket received short read of length " << result << " (expected "
+ << sizeof(intercept_request) << ")";
+ return;
}
- return;
+ // Move the received FD to the upper half, in order to more easily notice FD leaks.
+ int moved_fd = fcntl(rcv_fd.get(), F_DUPFD, 512);
+ if (moved_fd == -1) {
+ LOG(WARNING) << "failed to move received fd (" << rcv_fd.get() << ")";
+ return;
+ }
+ rcv_fd.reset(moved_fd);
-fail:
- delete intercept;
+ // See if we can properly register the intercept.
+ InterceptResponse response = {};
+ if (!intercept_manager->CanRegister(intercept_request, response)) {
+ TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response)));
+ LOG(WARNING) << response.error_message;
+ return;
+ }
+
+ // Let the other side know that the intercept has been registered, now that we know we can't
+ // fail. tombstoned is single threaded, so this isn't racy.
+ response.status = InterceptStatus::kRegistered;
+ if (TEMP_FAILURE_RETRY(write(sockfd, &response, sizeof(response))) == -1) {
+ PLOG(WARNING) << "failed to notify interceptor of registration";
+ return;
+ }
+
+ intercept->pid = intercept_request.pid;
+ intercept->dump_type = intercept_request.dump_type;
+ intercept->output_fd = std::move(rcv_fd);
+ intercept_manager->Register(intercept.get());
+
+ LOG(INFO) << "registered intercept for pid " << intercept_request.pid << " and type "
+ << intercept_request.dump_type;
+
+ // Register a different read event on the socket so that we can remove intercepts if the socket
+ // closes (e.g. if a user CTRL-C's the process that requested the intercept).
+ event_assign(intercept->intercept_event, intercept_manager->base, sockfd, EV_READ | EV_TIMEOUT,
+ intercept_close_cb, arg);
+
+ // If no request comes in, then this will close the intercept and free the pointer.
+ struct timeval timeout = {.tv_sec = 10 * android::base::HwTimeoutMultiplier(), .tv_usec = 0};
+ event_add(intercept->intercept_event, &timeout);
+ intercept.release();
}
static void intercept_accept_cb(evconnlistener* listener, evutil_socket_t sockfd, sockaddr*, int,
@@ -187,41 +166,97 @@
event_add(intercept_event, &timeout);
}
+Intercept::~Intercept() {
+ event_free(intercept_event);
+ if (registered) {
+ CHECK(intercept_manager != nullptr);
+ intercept_manager->Unregister(this);
+ }
+}
+
InterceptManager::InterceptManager(event_base* base, int intercept_socket) : base(base) {
this->listener = evconnlistener_new(base, intercept_accept_cb, this, LEV_OPT_CLOSE_ON_FREE,
/* backlog */ -1, intercept_socket);
}
-bool dump_types_compatible(DebuggerdDumpType interceptor, DebuggerdDumpType dump) {
- if (interceptor == dump) {
- return true;
+static DebuggerdDumpType canonical_dump_type(const DebuggerdDumpType dump_type) {
+ // kDebuggerdTombstone and kDebuggerdTombstoneProto should be treated as
+ // a single dump_type for intercepts (kDebuggerdTombstone).
+ if (dump_type == kDebuggerdTombstoneProto) {
+ return kDebuggerdTombstone;
}
-
- if (interceptor == kDebuggerdTombstone && dump == kDebuggerdTombstoneProto) {
- return true;
- }
-
- return false;
+ return dump_type;
}
-bool InterceptManager::GetIntercept(pid_t pid, DebuggerdDumpType dump_type,
- android::base::unique_fd* out_fd) {
- auto it = this->intercepts.find(pid);
- if (it == this->intercepts.end()) {
+Intercept* InterceptManager::Get(const pid_t pid, const DebuggerdDumpType dump_type) {
+ auto pid_entry = intercepts.find(pid);
+ if (pid_entry == intercepts.end()) {
+ return nullptr;
+ }
+
+ const auto& dump_type_hash = pid_entry->second;
+ auto dump_type_entry = dump_type_hash.find(canonical_dump_type(dump_type));
+ if (dump_type_entry == dump_type_hash.end()) {
+ if (dump_type != kDebuggerdAnyIntercept) {
+ return nullptr;
+ }
+ // If doing a dump with an any intercept, only allow an any to match
+ // a single intercept. If there are multiple dump types with intercepts
+ // then there would be no way to figure out which to use.
+ if (dump_type_hash.size() != 1) {
+ LOG(WARNING) << "Cannot intercept using kDebuggerdAnyIntercept: there is more than one "
+ "intercept registered for pid "
+ << pid;
+ return nullptr;
+ }
+ dump_type_entry = dump_type_hash.begin();
+ }
+ return dump_type_entry->second;
+}
+
+bool InterceptManager::CanRegister(const InterceptRequest& request, InterceptResponse& response) {
+ if (request.pid <= 0 || request.pid > std::numeric_limits<pid_t>::max()) {
+ response.status = InterceptStatus::kFailed;
+ snprintf(response.error_message, sizeof(response.error_message),
+ "invalid intercept request: bad pid %" PRId32, request.pid);
+ return false;
+ }
+ if (request.dump_type < 0 || request.dump_type > kDebuggerdJavaBacktrace) {
+ response.status = InterceptStatus::kFailed;
+ snprintf(response.error_message, sizeof(response.error_message),
+ "invalid intercept request: bad dump type %s", get_dump_type_name(request.dump_type));
return false;
}
- if (dump_type == kDebuggerdAnyIntercept) {
- LOG(INFO) << "found registered intercept of type " << it->second->dump_type
- << " for requested type kDebuggerdAnyIntercept";
- } else if (!dump_types_compatible(it->second->dump_type, dump_type)) {
- LOG(WARNING) << "found non-matching intercept of type " << it->second->dump_type
- << " for requested type: " << dump_type;
+ if (Get(request.pid, request.dump_type) != nullptr) {
+ response.status = InterceptStatus::kFailedAlreadyRegistered;
+ snprintf(response.error_message, sizeof(response.error_message),
+ "pid %" PRId32 " already registered, type %s", request.pid,
+ get_dump_type_name(request.dump_type));
return false;
}
- auto intercept = std::move(it->second);
- this->intercepts.erase(it);
+ return true;
+}
+
+void InterceptManager::Register(Intercept* intercept) {
+ CHECK(!intercept->registered);
+ auto& dump_type_hash = intercepts[intercept->pid];
+ dump_type_hash[canonical_dump_type(intercept->dump_type)] = intercept;
+ intercept->registered = true;
+}
+
+bool InterceptManager::FindIntercept(pid_t pid, DebuggerdDumpType dump_type,
+ android::base::unique_fd* out_fd) {
+ Intercept* intercept = Get(pid, dump_type);
+ if (intercept == nullptr) {
+ return false;
+ }
+
+ if (dump_type != intercept->dump_type) {
+ LOG(INFO) << "found registered intercept of type " << intercept->dump_type
+ << " for requested type " << dump_type;
+ }
LOG(INFO) << "found intercept fd " << intercept->output_fd.get() << " for pid " << pid
<< " and type " << intercept->dump_type;
@@ -230,5 +265,8 @@
TEMP_FAILURE_RETRY(write(intercept->sockfd, &response, sizeof(response)));
*out_fd = std::move(intercept->output_fd);
+ // Delete the intercept data, which will unregister the intercept and remove the timeout event.
+ delete intercept;
+
return true;
}
diff --git a/debuggerd/tombstoned/intercept_manager.h b/debuggerd/tombstoned/intercept_manager.h
index a11d565..dc13aa9 100644
--- a/debuggerd/tombstoned/intercept_manager.h
+++ b/debuggerd/tombstoned/intercept_manager.h
@@ -28,17 +28,17 @@
#include "dump_type.h"
struct InterceptManager;
+struct InterceptRequest;
+struct InterceptResponse;
struct Intercept {
- ~Intercept() {
- event_free(intercept_event);
- }
+ ~Intercept();
InterceptManager* intercept_manager = nullptr;
event* intercept_event = nullptr;
android::base::unique_fd sockfd;
- pid_t intercept_pid = -1;
+ pid_t pid = -1;
android::base::unique_fd output_fd;
bool registered = false;
DebuggerdDumpType dump_type = kDebuggerdNativeBacktrace;
@@ -46,12 +46,17 @@
struct InterceptManager {
event_base* base;
- std::unordered_map<pid_t, std::unique_ptr<Intercept>> intercepts;
+ std::unordered_map<pid_t, std::unordered_map<DebuggerdDumpType, Intercept*>> intercepts;
evconnlistener* listener = nullptr;
InterceptManager(event_base* _Nonnull base, int intercept_socket);
InterceptManager(InterceptManager& copy) = delete;
InterceptManager(InterceptManager&& move) = delete;
- bool GetIntercept(pid_t pid, DebuggerdDumpType dump_type, android::base::unique_fd* out_fd);
+ bool CanRegister(const InterceptRequest& request, InterceptResponse& response);
+ Intercept* Get(const pid_t pid, const DebuggerdDumpType dump_type);
+ void Register(Intercept* intercept);
+ void Unregister(Intercept* intercept);
+
+ bool FindIntercept(pid_t pid, DebuggerdDumpType dump_type, android::base::unique_fd* out_fd);
};
diff --git a/debuggerd/tombstoned/tombstoned.cpp b/debuggerd/tombstoned/tombstoned.cpp
index 50558f7..cf7904f 100644
--- a/debuggerd/tombstoned/tombstoned.cpp
+++ b/debuggerd/tombstoned/tombstoned.cpp
@@ -283,9 +283,7 @@
static void perform_request(std::unique_ptr<Crash> crash) {
unique_fd output_fd;
- bool intercepted =
- intercept_manager->GetIntercept(crash->crash_pid, crash->crash_type, &output_fd);
- if (intercepted) {
+ if (intercept_manager->FindIntercept(crash->crash_pid, crash->crash_type, &output_fd)) {
if (crash->crash_type == kDebuggerdTombstoneProto) {
crash->output.proto = CrashArtifact::devnull();
}
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 56b90b9..ac2a20f 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -1053,8 +1053,10 @@
return false;
}
sparse_file_destroy(s);
+ buf->file_type = FB_BUFFER_SPARSE;
} else {
buf->image_size = sz;
+ buf->file_type = FB_BUFFER_FD;
}
lseek(fd.get(), 0, SEEK_SET);
@@ -1191,6 +1193,15 @@
should_flash_in_userspace(source, partition)) {
return;
}
+
+ // If the image is sparse, moving the footer will simply corrupt the sparse
+ // format, so currently we don't support moving the footer on sparse files.
+ if (buf->file_type == FB_BUFFER_SPARSE) {
+ LOG(ERROR) << "Warning: skip copying " << partition << " image avb footer due to sparse "
+ << "image.";
+ return;
+ }
+
// If overflows and negative, it should be < buf->sz.
int64_t partition_size = static_cast<int64_t>(get_partition_size(partition));
diff --git a/fastboot/fastboot.h b/fastboot/fastboot.h
index 2c40890..6a49970 100644
--- a/fastboot/fastboot.h
+++ b/fastboot/fastboot.h
@@ -57,7 +57,8 @@
};
struct fastboot_buffer {
- enum fb_buffer_type type;
+ fb_buffer_type type;
+ fb_buffer_type file_type;
std::vector<SparsePtr> files;
int64_t sz;
unique_fd fd;
diff --git a/fs_mgr/fs_mgr_overlayfs_control.cpp b/fs_mgr/fs_mgr_overlayfs_control.cpp
index 2cc0d2d..50d8280 100644
--- a/fs_mgr/fs_mgr_overlayfs_control.cpp
+++ b/fs_mgr/fs_mgr_overlayfs_control.cpp
@@ -144,7 +144,8 @@
if (fs_mgr_overlayfs_already_mounted(mount_point)) {
return true;
}
- auto fsrec_mount_point = overlay + "/" + android::base::Basename(mount_point) + "/";
+ const auto base = GetEncodedBaseDirForMountPoint(mount_point);
+ auto fsrec_mount_point = overlay + "/" + base + "/";
AutoSetFsCreateCon createcon(kOverlayfsFileContext);
if (!createcon.Ok()) {
@@ -286,10 +287,10 @@
}
auto cleanup_all = mount_point.empty();
- const auto partition_name = android::base::Basename(mount_point);
- const auto oldpath = top + (cleanup_all ? "" : ("/" + partition_name));
+ const auto base = GetEncodedBaseDirForMountPoint(mount_point);
+ const auto oldpath = top + (cleanup_all ? "" : ("/" + base));
const auto newpath = cleanup_all ? overlay + "/." + kOverlayTopDir + ".teardown"
- : top + "/." + partition_name + ".teardown";
+ : top + "/." + base + ".teardown";
auto ret = fs_mgr_rm_all(newpath);
if (!rename(oldpath.c_str(), newpath.c_str())) {
if (change) *change = true;
diff --git a/fs_mgr/fs_mgr_overlayfs_mount.cpp b/fs_mgr/fs_mgr_overlayfs_mount.cpp
index 9f17c06..ae7ed4c 100644
--- a/fs_mgr/fs_mgr_overlayfs_mount.cpp
+++ b/fs_mgr/fs_mgr_overlayfs_mount.cpp
@@ -60,6 +60,7 @@
constexpr char kLowerdirOption[] = "lowerdir=";
constexpr char kUpperdirOption[] = "upperdir=";
+constexpr char kWorkdirOption[] = "workdir=";
bool fs_mgr_is_dsu_running() {
// Since android::gsi::CanBootIntoGsi() or android::gsi::MarkSystemAsGsi() is
@@ -89,6 +90,14 @@
return {kScratchMountPoint, kCacheMountPoint};
}
+std::string GetEncodedBaseDirForMountPoint(const std::string& mount_point) {
+ std::string normalized_path;
+ if (mount_point.empty() || !android::base::Realpath(mount_point, &normalized_path)) {
+ return "";
+ }
+ return android::base::StringReplace(normalized_path, "/", "@", true);
+}
+
static bool fs_mgr_is_dir(const std::string& path) {
struct stat st;
return !stat(path.c_str(), &st) && S_ISDIR(st.st_mode);
@@ -202,21 +211,6 @@
return has_shared_blocks;
}
-static std::string fs_mgr_get_overlayfs_candidate(const std::string& mount_point) {
- if (!fs_mgr_is_dir(mount_point)) return "";
- const auto base = android::base::Basename(mount_point) + "/";
- for (const auto& overlay_mount_point : OverlayMountPoints()) {
- auto dir = overlay_mount_point + "/" + kOverlayTopDir + "/" + base;
- auto upper = dir + kUpperName;
- if (!fs_mgr_is_dir(upper)) continue;
- auto work = dir + kWorkName;
- if (!fs_mgr_is_dir(work)) continue;
- if (access(work.c_str(), R_OK | W_OK)) continue;
- return dir;
- }
- return "";
-}
-
const std::string fs_mgr_mount_point(const std::string& mount_point) {
if ("/"s != mount_point) return mount_point;
return "/system";
@@ -225,16 +219,30 @@
// default options for mount_point, returns empty string for none available.
static std::string fs_mgr_get_overlayfs_options(const FstabEntry& entry) {
const auto mount_point = fs_mgr_mount_point(entry.mount_point);
- auto candidate = fs_mgr_get_overlayfs_candidate(mount_point);
- if (candidate.empty()) return "";
- auto ret = kLowerdirOption + mount_point + "," + kUpperdirOption + candidate + kUpperName +
- ",workdir=" + candidate + kWorkName + android::fs_mgr::CheckOverlayfs().mount_flags;
- for (const auto& flag : android::base::Split(entry.fs_options, ",")) {
- if (android::base::StartsWith(flag, "context=")) {
- ret += "," + flag;
- }
+ if (!fs_mgr_is_dir(mount_point)) {
+ return "";
}
- return ret;
+ const auto base = GetEncodedBaseDirForMountPoint(mount_point);
+ if (base.empty()) {
+ return "";
+ }
+ for (const auto& overlay_mount_point : OverlayMountPoints()) {
+ const auto dir = overlay_mount_point + "/" + kOverlayTopDir + "/" + base + "/";
+ const auto upper = dir + kUpperName;
+ const auto work = dir + kWorkName;
+ if (!fs_mgr_is_dir(upper) || !fs_mgr_is_dir(work) || access(work.c_str(), R_OK | W_OK)) {
+ continue;
+ }
+ auto ret = kLowerdirOption + mount_point + "," + kUpperdirOption + upper + "," +
+ kWorkdirOption + work + android::fs_mgr::CheckOverlayfs().mount_flags;
+ for (const auto& flag : android::base::Split(entry.fs_options, ",")) {
+ if (android::base::StartsWith(flag, "context=")) {
+ ret += "," + flag;
+ }
+ }
+ return ret;
+ }
+ return "";
}
bool AutoSetFsCreateCon::Set(const std::string& context) {
@@ -373,54 +381,86 @@
auto retval = true;
- struct move_entry {
+ struct MoveEntry {
std::string mount_point;
std::string dir;
bool shared_flag;
};
- std::vector<move_entry> move;
+
+ std::vector<MoveEntry> moved_mounts;
auto parent_private = false;
auto parent_made_private = false;
auto dev_private = false;
auto dev_made_private = false;
- for (auto& entry : ReadMountinfoFromFile("/proc/self/mountinfo")) {
+
+ // There could be multiple mount entries with the same mountpoint.
+ // Group these entries together with stable_sort, and keep only the last entry of a group.
+ // Only move mount the last entry in an over mount group, because the other entries are
+ // overshadowed and only the filesystem mounted with the last entry participates in file
+ // pathname resolution.
+ auto mountinfo = ReadMountinfoFromFile("/proc/self/mountinfo");
+ std::stable_sort(mountinfo.begin(), mountinfo.end(), [](const auto& lhs, const auto& rhs) {
+ return lhs.mount_point < rhs.mount_point;
+ });
+ std::reverse(mountinfo.begin(), mountinfo.end());
+ auto erase_from = std::unique(
+ mountinfo.begin(), mountinfo.end(),
+ [](const auto& lhs, const auto& rhs) { return lhs.mount_point == rhs.mount_point; });
+ mountinfo.erase(erase_from, mountinfo.end());
+ std::reverse(mountinfo.begin(), mountinfo.end());
+ // mountinfo is reversed twice, so still is in lexical sorted order.
+
+ for (const auto& entry : mountinfo) {
if ((entry.mount_point == mount_point) && !entry.shared_flag) {
parent_private = true;
}
if ((entry.mount_point == "/dev") && !entry.shared_flag) {
dev_private = true;
}
+ }
+ // Need to make the original mountpoint MS_PRIVATE, so that the overlayfs can be MS_MOVE.
+ // This could happen if its parent mount is remounted later.
+ if (!parent_private) {
+ parent_made_private = fs_mgr_overlayfs_set_shared_mount(mount_point, false);
+ }
+
+ for (const auto& entry : mountinfo) {
+ // Find all immediate submounts.
if (!android::base::StartsWith(entry.mount_point, mount_point + "/")) {
continue;
}
- if (std::find_if(move.begin(), move.end(), [&entry](const auto& it) {
- return android::base::StartsWith(entry.mount_point, it.mount_point + "/");
- }) != move.end()) {
+ // Exclude duplicated or more specific entries.
+ if (std::find_if(moved_mounts.begin(), moved_mounts.end(), [&entry](const auto& it) {
+ return it.mount_point == entry.mount_point ||
+ android::base::StartsWith(entry.mount_point, it.mount_point + "/");
+ }) != moved_mounts.end()) {
continue;
}
+ // mountinfo is in lexical order, so no need to worry about |entry| being a parent mount of
+ // entries of |moved_mounts|.
// use as the bound directory in /dev.
- AutoSetFsCreateCon createcon;
- auto new_context = fs_mgr_get_context(entry.mount_point);
- if (new_context.empty() || !createcon.Set(new_context)) {
- continue;
- }
- move_entry new_entry = {std::move(entry.mount_point), "/dev/TemporaryDir-XXXXXX",
- entry.shared_flag};
- const auto target = mkdtemp(new_entry.dir.data());
- if (!createcon.Restore()) {
- return false;
- }
- if (!target) {
- retval = false;
- PERROR << "temporary directory for MS_BIND";
- continue;
+ MoveEntry new_entry{entry.mount_point, "/dev/TemporaryDir-XXXXXX", entry.shared_flag};
+ {
+ AutoSetFsCreateCon createcon;
+ auto new_context = fs_mgr_get_context(entry.mount_point);
+ if (new_context.empty() || !createcon.Set(new_context)) {
+ continue;
+ }
+ const auto target = mkdtemp(new_entry.dir.data());
+ if (!target) {
+ retval = false;
+ PERROR << "temporary directory for MS_MOVE";
+ continue;
+ }
+ if (!createcon.Restore()) {
+ retval = false;
+ rmdir(new_entry.dir.c_str());
+ continue;
+ }
}
- if (!parent_private && !parent_made_private) {
- parent_made_private = fs_mgr_overlayfs_set_shared_mount(mount_point, false);
- }
if (new_entry.shared_flag) {
new_entry.shared_flag = fs_mgr_overlayfs_set_shared_mount(new_entry.mount_point, false);
}
@@ -429,9 +469,10 @@
if (new_entry.shared_flag) {
fs_mgr_overlayfs_set_shared_mount(new_entry.mount_point, true);
}
+ rmdir(new_entry.dir.c_str());
continue;
}
- move.emplace_back(std::move(new_entry));
+ moved_mounts.push_back(std::move(new_entry));
}
// hijack __mount() report format to help triage
@@ -455,7 +496,7 @@
}
// Move submounts back.
- for (const auto& entry : move) {
+ for (const auto& entry : moved_mounts) {
if (!dev_private && !dev_made_private) {
dev_made_private = fs_mgr_overlayfs_set_shared_mount("/dev", false);
}
@@ -650,22 +691,13 @@
!fs_mgr_wants_overlayfs(&new_entry)) {
continue;
}
- auto new_mount_point = fs_mgr_mount_point(entry.mount_point);
- auto duplicate_or_more_specific = false;
- for (auto it = candidates.begin(); it != candidates.end();) {
- auto it_mount_point = fs_mgr_mount_point(it->mount_point);
- if ((it_mount_point == new_mount_point) ||
- (android::base::StartsWith(new_mount_point, it_mount_point + "/"))) {
- duplicate_or_more_specific = true;
- break;
- }
- if (android::base::StartsWith(it_mount_point, new_mount_point + "/")) {
- it = candidates.erase(it);
- } else {
- ++it;
- }
+ const auto new_mount_point = fs_mgr_mount_point(new_entry.mount_point);
+ if (std::find_if(candidates.begin(), candidates.end(), [&](const auto& it) {
+ return fs_mgr_mount_point(it.mount_point) == new_mount_point;
+ }) != candidates.end()) {
+ continue;
}
- if (!duplicate_or_more_specific) candidates.emplace_back(std::move(new_entry));
+ candidates.push_back(std::move(new_entry));
}
return candidates;
}
@@ -699,7 +731,7 @@
return false;
}
auto ret = true;
- auto scratch_can_be_mounted = true;
+ auto scratch_can_be_mounted = !fs_mgr_overlayfs_already_mounted(kScratchMountPoint, false);
for (const auto& entry : fs_mgr_overlayfs_candidate_list(*fstab)) {
if (fs_mgr_is_verity_enabled(entry)) continue;
auto mount_point = fs_mgr_mount_point(entry.mount_point);
diff --git a/fs_mgr/fs_mgr_overlayfs_mount.h b/fs_mgr/fs_mgr_overlayfs_mount.h
index f0afac1..98b9007 100644
--- a/fs_mgr/fs_mgr_overlayfs_mount.h
+++ b/fs_mgr/fs_mgr_overlayfs_mount.h
@@ -58,3 +58,4 @@
bool fs_mgr_overlayfs_already_mounted(const std::string& mount_point, bool overlay_only = true);
bool fs_mgr_wants_overlayfs(android::fs_mgr::FstabEntry* entry);
android::fs_mgr::Fstab fs_mgr_overlayfs_candidate_list(const android::fs_mgr::Fstab& fstab);
+std::string GetEncodedBaseDirForMountPoint(const std::string& mount_point);
diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp
index 4b3a5d3..18892f9 100644
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@@ -88,17 +88,6 @@
return entry.mount_point;
}
-const FstabEntry* GetWrappedEntry(const Fstab& overlayfs_candidates, const FstabEntry& entry) {
- auto mount_point = system_mount_point(entry);
- auto it = std::find_if(overlayfs_candidates.begin(), overlayfs_candidates.end(),
- [&mount_point](const auto& entry) {
- return android::base::StartsWith(mount_point,
- system_mount_point(entry) + "/");
- });
- if (it == overlayfs_candidates.end()) return nullptr;
- return &(*it);
-}
-
class MyLogger {
public:
explicit MyLogger(bool verbose) : verbose_(verbose) {}
@@ -196,9 +185,6 @@
if (auto candidate_entry = GetEntryForMountPoint(&candidates, entry.mount_point)) {
return candidate_entry->fs_type == entry.fs_type;
}
- if (GetWrappedEntry(candidates, entry)) {
- return false;
- }
return true;
}
@@ -252,11 +238,6 @@
}
const FstabEntry* entry = &*it;
- if (auto wrap = GetWrappedEntry(candidates, *entry); wrap != nullptr) {
- LOG(INFO) << "partition " << arg << " covered by overlayfs for " << wrap->mount_point
- << ", switching";
- entry = wrap;
- }
// If it's already remounted, include it so it gets gracefully skipped
// later on.
diff --git a/fs_mgr/liblp/Android.bp b/fs_mgr/liblp/Android.bp
index 996ffd7..24eebdf 100644
--- a/fs_mgr/liblp/Android.bp
+++ b/fs_mgr/liblp/Android.bp
@@ -93,8 +93,8 @@
srcs: [
"builder_test.cpp",
"super_layout_builder_test.cpp",
- "test_partition_opener.cpp",
"utility_test.cpp",
+ ":TestPartitionOpener_group",
],
}
@@ -122,3 +122,8 @@
name: "vts_kernel_liblp_test",
defaults: ["liblp_test_defaults"],
}
+
+filegroup {
+ name: "TestPartitionOpener_group",
+ srcs: [ "test_partition_opener.cpp"],
+}
diff --git a/fs_mgr/liblp/fuzzer/Android.bp b/fs_mgr/liblp/fuzzer/Android.bp
new file mode 100644
index 0000000..a9e3509
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/Android.bp
@@ -0,0 +1,201 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+cc_defaults {
+ name: "liblp_fuzz_defaults",
+ header_libs: [
+ "libstorage_literals_headers",
+ ],
+ shared_libs: [
+ "liblp",
+ "libbase",
+ "liblog",
+ ],
+ static_libs: [
+ "libcutils",
+ ],
+ include_dirs: [
+ "system/core/fs_mgr/liblp",
+ ],
+ fuzz_config: {
+ cc: [
+ "android-media-fuzzing-reports@google.com",
+ ],
+ componentid: 59148,
+ hotlists: ["4593311"],
+ description: "The fuzzers target the APIs of all liblp modules",
+ vector: "local_no_privileges_required",
+ service_privilege: "privileged",
+ users: "multi_user",
+ fuzzed_code_usage: "shipped"
+ }
+}
+
+cc_fuzz {
+ name: "liblp_builder_fuzzer",
+ srcs: ["liblp_builder_fuzzer.cpp"],
+ defaults: ["liblp_fuzz_defaults"],
+}
+
+cc_fuzz {
+ name: "liblp_super_layout_builder_fuzzer",
+ srcs: ["liblp_super_layout_builder_fuzzer.cpp"],
+ defaults: ["liblp_fuzz_defaults"],
+}
+
+python_binary_host {
+ name: "image_gen_rand",
+ srcs: ["image_gen_rand.py"],
+}
+
+genrule_defaults {
+ name: "test_data_gen_defaults",
+ tools: [
+ "image_gen_rand",
+ ],
+}
+
+// Fake dtb image.
+genrule {
+ name: "test_dtb",
+ defaults: ["test_data_gen_defaults"],
+ out: ["test_dtb.img"],
+ cmd: "$(location image_gen_rand) --seed dtb --length 1024 > $(out)",
+}
+
+// Fake bootconfig image.
+genrule {
+ name: "test_bootconfig",
+ defaults: ["test_data_gen_defaults"],
+ out: ["test_bootconfig.img"],
+ cmd: "$(location image_gen_rand) --seed bootconfig --length 1024 > $(out)",
+}
+
+// Fake vendor ramdisk with type "none".
+genrule {
+ name: "test_vendor_ramdisk_none",
+ defaults: ["test_data_gen_defaults"],
+ out: ["test_vendor_ramdisk_none.img"],
+ cmd: "$(location image_gen_rand) --seed vendor_ramdisk_none --length 1024 > $(out)",
+}
+
+// Fake vendor ramdisk with type "platform".
+genrule {
+ name: "test_vendor_ramdisk_platform",
+ defaults: ["test_data_gen_defaults"],
+ out: ["test_vendor_ramdisk_platform.img"],
+ cmd: "$(location image_gen_rand) --seed vendor_ramdisk_platform --length 1024 > $(out)",
+}
+
+// Fake replacement ramdisk.
+genrule {
+ name: "test_vendor_ramdisk_replace",
+ defaults: ["test_data_gen_defaults"],
+ out: ["test_vendor_ramdisk_replace.img"],
+ cmd: "$(location image_gen_rand) --seed replace --length 3072 > $(out)",
+}
+
+// Genrules for test vendor boot images.
+fastboot_sign_test_image = "$(location avbtool) add_hash_footer --salt 00 --image $(out) " +
+ "--partition_name vendor_boot --partition_size $$(( 1 * 1024 * 1024 ))"
+
+genrule_defaults {
+ name: "test_vendor_boot_gen_defaults",
+ defaults: ["test_data_gen_defaults"],
+ tools: [
+ "avbtool",
+ "mkbootimg",
+ ],
+}
+
+genrule {
+ name: "test_vendor_boot_v3",
+ defaults: ["test_vendor_boot_gen_defaults"],
+ out: ["test_vendor_boot_v3.img"],
+ srcs: [
+ ":test_dtb",
+ ":test_vendor_ramdisk_none",
+ ],
+ cmd: "$(location mkbootimg) --header_version 3 " +
+ "--vendor_ramdisk $(location :test_vendor_ramdisk_none) " +
+ "--dtb $(location :test_dtb) " +
+ "--vendor_boot $(out) && " +
+ fastboot_sign_test_image,
+}
+
+genrule {
+ name: "test_vendor_boot_v4_without_frag",
+ defaults: ["test_vendor_boot_gen_defaults"],
+ out: ["test_vendor_boot_v4_without_frag.img"],
+ srcs: [
+ ":test_dtb",
+ ":test_vendor_ramdisk_none",
+ ":test_bootconfig",
+ ],
+ cmd: "$(location mkbootimg) --header_version 4 " +
+ "--vendor_ramdisk $(location :test_vendor_ramdisk_none) " +
+ "--dtb $(location :test_dtb) " +
+ "--vendor_bootconfig $(location :test_bootconfig) " +
+ "--vendor_boot $(out) && " +
+ fastboot_sign_test_image,
+}
+
+genrule {
+ name: "test_vendor_boot_v4_with_frag",
+ defaults: ["test_vendor_boot_gen_defaults"],
+ out: ["test_vendor_boot_v4_with_frag.img"],
+ srcs: [
+ ":test_dtb",
+ ":test_vendor_ramdisk_none",
+ ":test_vendor_ramdisk_platform",
+ ":test_bootconfig",
+ ],
+ cmd: "$(location mkbootimg) --header_version 4 " +
+ "--dtb $(location :test_dtb) " +
+ "--vendor_bootconfig $(location :test_bootconfig) " +
+ "--ramdisk_type none --ramdisk_name none_ramdisk " +
+ "--vendor_ramdisk_fragment $(location :test_vendor_ramdisk_none) " +
+ "--ramdisk_type platform --ramdisk_name platform_ramdisk " +
+ "--vendor_ramdisk_fragment $(location :test_vendor_ramdisk_platform) " +
+ "--vendor_boot $(out) && " +
+ fastboot_sign_test_image,
+}
+
+cc_fuzz {
+ name: "liblp_apis_fuzzer",
+ srcs: [
+ "liblp_apis_fuzzer.cpp",
+ ":TestPartitionOpener_group",
+ ],
+ defaults: ["liblp_fuzz_defaults"],
+ shared_libs: [
+ "libsparse",
+ ],
+ data: [
+ ":test_dtb",
+ ":test_bootconfig",
+ ":test_vendor_ramdisk_none",
+ ":test_vendor_ramdisk_platform",
+ ":test_vendor_ramdisk_replace",
+ ":test_vendor_boot_v3",
+ ":test_vendor_boot_v4_without_frag",
+ ":test_vendor_boot_v4_with_frag",
+ ],
+ cflags: [
+ "-Wno-unused-parameter",
+ ],
+}
diff --git a/fs_mgr/liblp/fuzzer/README.md b/fs_mgr/liblp/fuzzer/README.md
new file mode 100644
index 0000000..f831e2e
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/README.md
@@ -0,0 +1,136 @@
+# Fuzzers for liblp
+## Table of contents
++ [liblp_builder_fuzzer](#Builder)
++ [liblp_super_layout_builder_fuzzer](#SuperBuilder)
++ [liblp_apis_fuzzer](#APIs)
+
+# <a name="Builder"></a> Fuzzer for LiblpBuilder
+
+LiblpBuilder supports the following parameters:
+1. kAttributeTypes (parameter name: "attribute")
+2. blockDevSize (parameter name: "blockdev_size")
+3. metadataMaxSize (parameter name: "metadata_max_size")
+4. metadataSlotCount (parameter name: "metadata_slot_count")
+5. partitionName (parameter name: "partition_name")
+6. superBlockDeviceName (parameter name: "block_device_name")
+7. blockDeviceInfoSize (parameter name: "block_device_info_size")
+8. alignment (parameter name: "alignment")
+9. alignmentOffset (parameter name: "alignment_offset")
+10. logicalBlockSize (parameter name: "logical_block_size")
+11. maxMetadataSize (parameter name: "max_metadata_size")
+12. numSlots (parameter name: "metadata_slot_count")
+13. deviceIndex (parameter name: "device_index")
+14. start (parameter name: "start")
+15. end (parameter name: "end")
+16. addedGroupName (parameter name: "group_name")
+17. partitionGroupName (parameter name: "partition_name")
+18. numSectors (parameter name: "num_sectors")
+19. physicalSector (parameter name: "physical_sector")
+20. resizedPartitionSize (parameter name: "requested_size")
+
+| Parameter| Valid Values| Configured Value|
+|------------- |-------------| ----- |
+|`kAttributeTypes`| 1.`LP_PARTITION_ATTR_NONE`,<br/> 2.`LP_PARTITION_ATTR_READONLY`,<br/> 3.`LP_PARTITION_ATTR_SLOT_SUFFIXED`,<br/> 4.`LP_PARTITION_ATTR_UPDATED`,<br/> 5.`LP_PARTITION_ATTR_DISABLED`|Value obtained from FuzzedDataProvider|
+|`blockDevSize`| Integer value from `0` to `100000`|Value obtained from FuzzedDataProvider|
+|`metadataMaxSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+|`metadataSlotCount`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|
+|`partitionName`| String |Value obtained from FuzzedDataProvider|
+|`superBlockDeviceName`| String |Value obtained from FuzzedDataProvider|
+|`blockDeviceInfoSize`| Integer |Value obtained from FuzzedDataProvider|
+|`alignment`| Integer |Value obtained from FuzzedDataProvider|
+|`alignmentOffset`| Integer |Value obtained from FuzzedDataProvider|
+|`logicalBlockSize`| Integer |Value obtained from FuzzedDataProvider|
+|`maxMetadataSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+|`numSlots`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|
+|`deviceIndex`| Integer |Value obtained from FuzzedDataProvider|
+|`start`| Integer |Value obtained from FuzzedDataProvider|
+|`end`| Integer |Value obtained from FuzzedDataProvider|
+|`partitionGroupName`| String |Value obtained from FuzzedDataProvider|
+|`numSectors`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|
+|`physicalSector`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|
+|`resizedPartitionSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+
+#### Steps to run
+1. Build the fuzzer
+```
+ $ mm -j$(nproc) liblp_builder_fuzzer
+```
+2. Run on device
+```
+ $ adb sync data
+ $ adb shell /data/fuzz/arm64/liblp_builder_fuzzer/liblp_builder_fuzzer
+```
+
+# <a name="SuperBuilder"></a> Fuzzer for LiblpSuperLayoutBuilder
+
+SuperLayoutBuilder supports the following parameters:
+1. kAttributeTypes (parameter name: "attribute")
+2. blockDevSize (parameter name: "blockdev_size")
+3. metadataMaxSize (parameter name: "metadata_max_size")
+4. metadataSlotCount (parameter name: "metadata_slot_count")
+5. partitionName (parameter name: "partition_name")
+6. data (parameter name: "data")
+7. imageName (parameter name: "image_name")
+
+| Parameter| Valid Values| Configured Value|
+|------------- |-------------| ----- |
+|`kAttributeTypes`| 1.`LP_PARTITION_ATTR_NONE`,<br/> 2.`LP_PARTITION_ATTR_READONLY`,<br/> 3.`LP_PARTITION_ATTR_SLOT_SUFFIXED`,<br/> 4.`LP_PARTITION_ATTR_UPDATED`,<br/> 5.`LP_PARTITION_ATTR_DISABLED`|Value obtained from FuzzedDataProvider|
+|`blockDevSize`| Integer value from `0` to `100000`|Value obtained from FuzzedDataProvider|
+|`metadataMaxSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+|`metadataSlotCount`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|
+|`partitionName`| String |Value obtained from FuzzedDataProvider|
+|`data`| String |Value obtained from FuzzedDataProvider|
+|`imageName`| String |Value obtained from FuzzedDataProvider|
+
+#### Steps to run
+1. Build the fuzzer
+```
+ $ mm -j$(nproc) liblp_super_layout_builder_fuzzer
+```
+2. Run on device
+```
+ $ adb sync data
+ $ adb shell /data/fuzz/arm64/liblp_super_layout_builder_fuzzer/liblp_super_layout_builder_fuzzer
+```
+
+# <a name="APIs"></a> Fuzzer for LiblpApis
+
+LiblpAPIs supports the following parameters:
+1. blockDeviceInfoSize (parameter name: "block_device_info_size")
+2. alignment (parameter name: "alignment")
+3. alignmentOffset (parameter name: "alignment_offset")
+4. logicalBlockSize (parameter name: "logical_block_size")
+5. blockDevSize (parameter name: "blockdev_size")
+6. metadataMaxSize (parameter name: "metadata_max_size")
+7. metadataSlotCount (parameter name: "metadata_slot_count")
+8. blockDeviceInfoName (parameter name: "block_device_info_name")
+9. numSectors (parameter name: "num_sectors")
+10. physicalSector (parameter name: "physical_sector")
+11. sparsify (parameter name: "sparsify")
+12. buffer (parameter name: "data")
+
+| Parameter| Valid Values| Configured Value|
+|------------- |-------------| ----- |
+|`blockDeviceInfoSize`| Integer |Value obtained from FuzzedDataProvider|
+|`alignment`| Integer |Value obtained from FuzzedDataProvider|
+|`alignmentOffset`| Integer |Value obtained from FuzzedDataProvider|
+|`logicalBlockSize`| Integer |Value obtained from FuzzedDataProvider|
+|`blockDevSize`| Integer value in multiples of `LP_SECTOR_SIZE`|Value obtained from FuzzedDataProvider|
+|`metadataMaxSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|
+|`metadataSlotCount`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|
+|`blockDeviceInfoName`| String |Value obtained from FuzzedDataProvider|
+|`numSectors`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|
+|`physicalSector`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|
+|`alignment`| Bool |Value obtained from FuzzedDataProvider|
+|`alignment`| Vector |Value obtained from FuzzedDataProvider|
+
+#### Steps to run
+1. Build the fuzzer
+```
+ $ mm -j$(nproc) liblp_apis_fuzzer
+```
+2. Run on device
+```
+ $ adb sync data
+ $ adb shell /data/fuzz/arm64/liblp_apis_fuzzer/liblp_apis_fuzzer
+```
diff --git a/fs_mgr/liblp/fuzzer/image_gen_rand.py b/fs_mgr/liblp/fuzzer/image_gen_rand.py
new file mode 100644
index 0000000..6e85472
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/image_gen_rand.py
@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2023 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Write given number of random bytes, generated with optional seed.
+"""
+
+import random, argparse
+
+if __name__ == '__main__':
+ parser = argparse.ArgumentParser(description=__doc__)
+ parser.add_argument('--seed', help='Seed to random generator')
+ parser.add_argument('--length', type=int, required=True, help='Length of output')
+ args = parser.parse_args()
+
+ if args.seed:
+ random.seed(args.seed)
+
+ print(''.join(chr(random.randrange(0,0xff)) for _ in range(args.length)))
diff --git a/fs_mgr/liblp/fuzzer/liblp_apis_fuzzer.cpp b/fs_mgr/liblp/fuzzer/liblp_apis_fuzzer.cpp
new file mode 100644
index 0000000..b6fbc14
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/liblp_apis_fuzzer.cpp
@@ -0,0 +1,243 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <android-base/file.h>
+#include <fcntl.h>
+#include <fuzzer/FuzzedDataProvider.h>
+#include <liblp/builder.h>
+#include <liblp/partition_opener.h>
+#include <linux/memfd.h>
+#include <sys/syscall.h>
+#include <writer.h>
+#include "images.h"
+#include "test_partition_opener.h"
+
+using namespace std;
+using namespace android;
+using namespace android::fs_mgr;
+using unique_fd = android::base::unique_fd;
+
+static constexpr size_t kDiskSize = 131072;
+static constexpr size_t kMetadataSize = 512;
+static constexpr size_t kMetadataSlots = 2;
+static constexpr uint32_t kMaxBytes = 20;
+static constexpr uint32_t kValidAlignment = 0;
+static constexpr uint32_t kValidAlignmentOffset = 0;
+static constexpr uint32_t kValidLogicalBlockSize = 4096;
+static constexpr uint32_t kMinMetadataSize = 0;
+static constexpr uint32_t kMaxMetadataSize = 10000;
+static constexpr uint32_t kMinSlot = 0;
+static constexpr uint32_t kMaxSlot = 10;
+static constexpr uint32_t kMinFactor = 0;
+static constexpr uint32_t kMaxFactor = 10;
+static constexpr uint32_t kMetadataGeometrySize = 4096;
+static constexpr uint64_t kValidNumSectors = 1901568;
+static constexpr uint64_t kValidPhysicalSector = 3608576;
+static constexpr uint64_t kMinSectorValue = 1;
+static constexpr uint64_t kMaxSectorValue = 1000000;
+static constexpr uint64_t kMaxBufferSize = 100000;
+
+const string kImageFile = "image_file";
+const string kSuperName = "super";
+const string kSystemPartitionName = "system";
+const string kPartitionName = "builder_partition";
+const string kSuperPartitionName = "super_partition";
+
+const string kSuffix[] = {"_a", "_b", "a", "b"};
+
+class LiplpApisFuzzer {
+ public:
+ LiplpApisFuzzer(const uint8_t* data, size_t size) : mFdp(data, size){};
+ void process();
+
+ private:
+ void setupBuilder();
+ BlockDeviceInfo getBlockDevice();
+ FuzzedDataProvider mFdp;
+ unique_ptr<MetadataBuilder> mBuilder;
+ string mBlockDeviceInfoName;
+ string mSuperPartitionName;
+ string mPartitionName;
+ const string mImagePaths[10] = {
+ "data/test_dtb.img",
+ "data/test_bootconfig.img",
+ "data/test_vendor_ramdisk_none.img",
+ "data/test_vendor_ramdisk_platform.img",
+ "data/test_vendor_ramdisk_replace.img",
+ "data/test_vendor_boot_v4_with_frag.img",
+ "data/test_vendor_boot_v4_without_frag.img",
+ "data/test_vendor_boot_v3.img",
+ "dev/null",
+ mFdp.ConsumeRandomLengthString(kMaxBytes),
+ };
+};
+
+BlockDeviceInfo LiplpApisFuzzer::getBlockDevice() {
+ mBlockDeviceInfoName =
+ mFdp.ConsumeBool() ? kSuperName : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ uint64_t blockDeviceInfoSize =
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint64_t>() : kDiskSize;
+ uint32_t alignment = mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidAlignment;
+ uint32_t alignmentOffset =
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidAlignmentOffset;
+ uint32_t logicalBlockSize =
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidLogicalBlockSize;
+
+ BlockDeviceInfo superInfo{mBlockDeviceInfoName, blockDeviceInfoSize, alignment, alignmentOffset,
+ logicalBlockSize};
+ return superInfo;
+}
+
+void LiplpApisFuzzer::setupBuilder() {
+ uint64_t randomBlockDevSize =
+ mFdp.ConsumeIntegralInRange<uint64_t>(kMinFactor, kMaxFactor) * LP_SECTOR_SIZE;
+ uint64_t blockDevSize = mFdp.ConsumeBool() ? randomBlockDevSize : kDiskSize;
+ uint32_t randomMetadataMaxSize =
+ mFdp.ConsumeIntegralInRange<uint32_t>(kMinMetadataSize, kMaxMetadataSize);
+ uint32_t metadataMaxSize = mFdp.ConsumeBool() ? kMetadataSize : randomMetadataMaxSize;
+ uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+ mBuilder = MetadataBuilder::New(blockDevSize, metadataMaxSize, metadataSlotCount);
+
+ if (mBuilder.get()) {
+ mBuilder->AddPartition(kSystemPartitionName, LP_PARTITION_ATTR_READONLY);
+
+ mPartitionName =
+ mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : kPartitionName;
+ if (!mPartitionName.size()) {
+ mPartitionName = kPartitionName;
+ }
+ mSuperPartitionName = mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes)
+ : kSuperPartitionName;
+ if (!mSuperPartitionName.size()) {
+ mSuperPartitionName = kSuperPartitionName;
+ }
+
+ Partition* super = mBuilder->AddPartition(mSuperPartitionName, LP_PARTITION_ATTR_READONLY);
+ mBuilder->AddPartition(mPartitionName, LP_PARTITION_ATTR_READONLY);
+
+ int64_t numSectors = mFdp.ConsumeBool() ? mFdp.ConsumeIntegralInRange<uint64_t>(
+ kMinSectorValue, kMaxSectorValue)
+ : kValidNumSectors;
+ int64_t physicalSector = mFdp.ConsumeBool() ? mFdp.ConsumeIntegralInRange<uint64_t>(
+ kMinSectorValue, kMaxSectorValue)
+ : kValidPhysicalSector;
+
+ mBuilder->AddLinearExtent(super, mBlockDeviceInfoName, numSectors, physicalSector);
+ }
+}
+
+void LiplpApisFuzzer::process() {
+ BlockDeviceInfo superInfo = getBlockDevice();
+ unique_fd fd(syscall(__NR_memfd_create, "image_file", MFD_ALLOW_SEALING));
+ setupBuilder();
+
+ TestPartitionOpener opener(
+ {{mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : kSuperName, fd}},
+ {{mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : kSuperName,
+ superInfo}});
+
+ if (mBuilder.get()) {
+ unique_ptr<LpMetadata> metadata = mBuilder->Export();
+ const LpMetadata& metadataValue = *metadata.get();
+
+ map<string, string> images = {};
+ if (mFdp.ConsumeBool()) {
+ images[mSuperPartitionName] = mFdp.PickValueInArray(mImagePaths);
+ }
+
+ while (mFdp.remaining_bytes()) {
+ auto invokeAPIs = mFdp.PickValueInArray<const function<void()>>({
+ [&]() { WriteToImageFile(fd, metadataValue); },
+ [&]() { WriteToImageFile(kImageFile.c_str(), metadataValue); },
+ [&]() { FlashPartitionTable(opener, kSuperName, metadataValue); },
+ [&]() {
+ UpdatePartitionTable(opener, mPartitionName, metadataValue,
+ mFdp.ConsumeBool() ? 0 : 1 /* slot_number */);
+ },
+ [&]() {
+ ReadMetadata(mPartitionName, mFdp.ConsumeBool() ? 0 : 1 /* slot_number */);
+ },
+ [&]() { FlashPartitionTable(mPartitionName, metadataValue); },
+ [&]() {
+ UpdatePartitionTable(mPartitionName, metadataValue,
+ mFdp.ConsumeBool() ? 0 : 1 /* slot_number */);
+ },
+ [&]() {
+ WriteToImageFile(kImageFile.c_str(), metadataValue,
+ metadata->geometry.logical_block_size, images,
+ mFdp.ConsumeBool() ? true : false /* sparsify */);
+ },
+
+ [&]() {
+ WriteSplitImageFiles(kImageFile.c_str(), metadataValue,
+ metadata->geometry.logical_block_size, images,
+ mFdp.ConsumeBool() ? true : false /* sparsify */);
+ },
+ [&]() { ReadFromImageFile(kImageFile.c_str()); },
+ [&]() { IsEmptySuperImage(kImageFile.c_str()); },
+ [&]() {
+ uint64_t bufferSize = mFdp.ConsumeIntegralInRange<uint64_t>(
+ 2 * kMetadataGeometrySize, kMaxBufferSize);
+ vector<uint8_t> buffer = mFdp.ConsumeBytes<uint8_t>(kMaxBytes);
+ buffer.resize(bufferSize);
+ ReadFromImageBlob(buffer.data(), buffer.size());
+ },
+ [&]() {
+ uint32_t groupVectorSize = metadata->groups.size();
+ uint32_t randomGroupIndex =
+ mFdp.ConsumeIntegralInRange<uint32_t>(0, groupVectorSize);
+ GetPartitionGroupName(metadata->groups[randomGroupIndex]);
+ },
+ [&]() {
+ uint32_t blockDeviceVectorSize = metadata->block_devices.size();
+ uint32_t randomBlockDeviceIndex =
+ mFdp.ConsumeIntegralInRange<uint32_t>(0, blockDeviceVectorSize);
+ GetBlockDevicePartitionName(
+ metadata->block_devices[randomBlockDeviceIndex]);
+ },
+ [&]() { GetMetadataSuperBlockDevice(metadataValue); },
+ [&]() {
+ string suffix = mFdp.ConsumeBool()
+ ? mFdp.PickValueInArray<string>(kSuffix)
+ : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ SlotNumberForSlotSuffix(suffix);
+ },
+ [&]() {
+ auto entry = FindPartition(metadataValue, kSystemPartitionName);
+ GetPartitionSize(metadataValue, *entry);
+ },
+ [&]() { GetPartitionSlotSuffix(mPartitionName); },
+ [&]() { FindPartition(metadataValue, mPartitionName); },
+ [&]() {
+ uint32_t partitionVectorSize = metadata->partitions.size();
+ uint32_t randomPartitionIndex =
+ mFdp.ConsumeIntegralInRange<uint32_t>(0, partitionVectorSize);
+ GetPartitionName(metadata->partitions[randomPartitionIndex]);
+ },
+ [&]() { GetTotalSuperPartitionSize(metadataValue); },
+ [&]() { GetBlockDevicePartitionNames(metadataValue); },
+ });
+ invokeAPIs();
+ }
+ remove(kImageFile.c_str());
+ }
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ LiplpApisFuzzer liplpApisFuzzer(data, size);
+ liplpApisFuzzer.process();
+ return 0;
+}
diff --git a/fs_mgr/liblp/fuzzer/liblp_builder_fuzzer.cpp b/fs_mgr/liblp/fuzzer/liblp_builder_fuzzer.cpp
new file mode 100644
index 0000000..e5fbe27
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/liblp_builder_fuzzer.cpp
@@ -0,0 +1,438 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <liblp/builder.h>
+#include <liblp/property_fetcher.h>
+#include <storage_literals/storage_literals.h>
+
+using namespace android::fs_mgr;
+using namespace std;
+using namespace android::storage_literals;
+
+static constexpr uint64_t kValidBlockSize = 4096 * 50;
+static constexpr uint64_t kBlockDeviceInfoSize = 1024 * 1024;
+static constexpr uint64_t kValidBlockDeviceInfoSize = 8_GiB;
+static constexpr uint64_t kValidMaxGroupSize = 40960;
+static constexpr uint64_t kMinBlockDevValue = 0;
+static constexpr uint64_t kMaxBlockDevValue = 100000;
+static constexpr uint64_t kMinSectorValue = 1;
+static constexpr uint64_t kMaxSectorValue = 1000000;
+static constexpr uint64_t kMinValue = 0;
+static constexpr uint64_t kMaxValue = 10000;
+static constexpr uint64_t kValidNumSectors = 1901568;
+static constexpr uint64_t kValidPhysicalSector = 3608576;
+static constexpr uint64_t kMinElements = 0;
+static constexpr uint64_t kMaxElements = 10;
+static constexpr uint32_t kValidAlignment = 786432;
+static constexpr uint32_t kValidMetadataSize = 40960;
+static constexpr uint32_t kValidAlignmentOffset = 229376;
+static constexpr uint32_t kValidLogicalBlockSize = 4096;
+static constexpr uint32_t kValidMaxMetadataSize = 65536;
+static constexpr uint32_t kMinMetadataValue = 0;
+static constexpr uint32_t kMaxMetadataValue = 10000;
+static constexpr uint32_t kZeroAlignment = 0;
+static constexpr uint32_t kZeroAlignmentOffset = 0;
+static constexpr uint32_t kMaxBytes = 20;
+static constexpr uint32_t kMinSlot = 0;
+static constexpr uint32_t kMaxSlot = 10;
+static constexpr uint32_t kMinBuilder = 0;
+static constexpr uint32_t kMaxBuilder = 4;
+
+const uint64_t kAttributeTypes[] = {
+ LP_PARTITION_ATTR_NONE, LP_PARTITION_ATTR_READONLY, LP_PARTITION_ATTR_SLOT_SUFFIXED,
+ LP_PARTITION_ATTR_UPDATED, LP_PARTITION_ATTR_DISABLED,
+};
+
+const string kFuzzPartitionName = "fuzz_partition_name";
+const string kSuperPartitionName = "super_partition";
+const string kDeviceInfoName = "super";
+const string kDefaultGroupName = "default";
+
+class BuilderFuzzer {
+ public:
+ BuilderFuzzer(const uint8_t* data, size_t size) : mFdp(data, size){};
+ void process();
+
+ private:
+ FuzzedDataProvider mFdp;
+ void invokeBuilderAPIs();
+ void selectRandomBuilder(int32_t randomBuilder, string superBlockDeviceName);
+ void setupBuilder(string superBlockDeviceName);
+ void callChangePartitionGroup();
+ void callVerifyExtentsAgainstSourceMetadata();
+ vector<BlockDeviceInfo> mBlockDevices;
+ unique_ptr<MetadataBuilder> mBuilder;
+ string mResizePartitionName;
+ string mGroupNames[4] = {
+ "default",
+ "group_a",
+ "group_b",
+ mFdp.ConsumeRandomLengthString(kMaxBytes),
+ };
+ string mPartitionNames[5] = {
+ "system_a",
+ "vendor_a",
+ "system_b",
+ "vendor_b",
+ mFdp.ConsumeRandomLengthString(kMaxBytes),
+ };
+ Partition* mPartition;
+ Partition* mFuzzPartition;
+ Partition* mResizePartition;
+ template <typename T>
+ T getParamValue(T validValue) {
+ T parameter = validValue;
+ if (mFdp.ConsumeBool()) {
+ parameter = mFdp.ConsumeIntegralInRange<T>(kMinValue, kMaxValue);
+ }
+ return parameter;
+ }
+};
+
+void BuilderFuzzer::selectRandomBuilder(int32_t randomBuilder, string superBlockDeviceName) {
+ switch (randomBuilder) {
+ case 0: {
+ uint32_t maxMetadataSize = getParamValue(kValidMaxMetadataSize);
+ uint32_t numSlots = mFdp.ConsumeBool()
+ ? kMaxSlot
+ : mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+ mBuilder = MetadataBuilder::New(mBlockDevices, superBlockDeviceName, maxMetadataSize,
+ numSlots);
+ break;
+ }
+ case 1: {
+ uint64_t blockDevSize =
+ mFdp.ConsumeIntegralInRange<uint64_t>(kMinBlockDevValue, kMaxBlockDevValue);
+ uint32_t metadataMaxSize =
+ mFdp.ConsumeIntegralInRange<uint32_t>(kMinMetadataValue, kMaxMetadataValue);
+ uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+ mBuilder = MetadataBuilder::New(blockDevSize, metadataMaxSize, metadataSlotCount);
+ break;
+ }
+ case 2: {
+ uint64_t blockDevSize = getParamValue(kValidBlockSize);
+ uint32_t metadataSize = getParamValue(kValidMetadataSize);
+ uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+ mBuilder = MetadataBuilder::New(blockDevSize, metadataSize, metadataSlotCount);
+ break;
+ }
+ case 3: {
+ string superPartitionName = mFdp.ConsumeBool()
+ ? kSuperPartitionName
+ : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ mBuilder = MetadataBuilder::New(PartitionOpener(), superPartitionName,
+ mFdp.ConsumeIntegralInRange(0, 1) /* slot_number */);
+ break;
+ }
+ case 4: {
+ string superPartitionName = mFdp.ConsumeBool()
+ ? kSuperPartitionName
+ : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ mBuilder = MetadataBuilder::New(
+ superPartitionName,
+ mFdp.ConsumeIntegralInRange<uint32_t>(0, 1) /* slot_number */);
+ break;
+ }
+ }
+}
+
+void BuilderFuzzer::setupBuilder(string superBlockDeviceName) {
+ uint64_t blockDeviceInfoSize =
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint64_t>() : kValidBlockDeviceInfoSize;
+ uint32_t alignment = mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidAlignment;
+ uint32_t alignmentOffset =
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidAlignmentOffset;
+ uint32_t logicalBlockSize =
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>() : kValidLogicalBlockSize;
+ BlockDeviceInfo super(superBlockDeviceName, blockDeviceInfoSize, alignment, alignmentOffset,
+ logicalBlockSize);
+ mBlockDevices.push_back(super);
+
+ mBuilder->AddGroup(kDefaultGroupName, mFdp.ConsumeIntegral<uint64_t>() /* max_size */);
+ mPartition = mBuilder->AddPartition(kSuperPartitionName, LP_PARTITION_ATTR_READONLY);
+
+ mFuzzPartition = mBuilder->AddPartition(kFuzzPartitionName, kDefaultGroupName,
+ LP_PARTITION_ATTR_READONLY);
+
+ string mResizePartitionName = mFdp.ConsumeRandomLengthString(kMaxBytes);
+ if (!mResizePartitionName.size()) {
+ mResizePartitionName = "resize_partition";
+ }
+ mResizePartition = mBuilder->AddPartition(mResizePartitionName, kDefaultGroupName,
+ LP_PARTITION_ATTR_READONLY);
+
+ string changePartitionDeviceInfoName =
+ mFdp.ConsumeBool() ? kDeviceInfoName : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ BlockDeviceInfo changePartitionDeviceInfo(
+ changePartitionDeviceInfoName,
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint64_t>() : kBlockDeviceInfoSize /* size */,
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>()
+ : kZeroAlignmentOffset /* alignment */,
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>()
+ : kZeroAlignmentOffset /* alignment_offset */,
+ mFdp.ConsumeBool() ? mFdp.ConsumeIntegral<uint32_t>()
+ : kValidLogicalBlockSize /* logical_block_size */);
+ mBlockDevices.push_back(changePartitionDeviceInfo);
+}
+
+void BuilderFuzzer::callChangePartitionGroup() {
+ string group1 = mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : "group1";
+ uint64_t group1Size = getParamValue(0);
+
+ string group2 = mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : "group2";
+ uint64_t group2Size = getParamValue(0);
+
+ bool group1Added = mBuilder->AddGroup(group1, group1Size);
+ bool group2Added = mBuilder->AddGroup(group2, group2Size);
+
+ string changeGroupPartitionName = mFdp.ConsumeRandomLengthString(kMaxBytes);
+ if (changeGroupPartitionName.size() && group1Added && group2Added) {
+ Partition* changeGroupPartition = mBuilder->AddPartition(changeGroupPartitionName, group1,
+ LP_PARTITION_ATTR_READONLY);
+ if (changeGroupPartition) {
+ mBuilder->ChangePartitionGroup(changeGroupPartition, group2);
+ }
+ }
+}
+
+void BuilderFuzzer::callVerifyExtentsAgainstSourceMetadata() {
+ uint64_t sourceBlockDevSize = getParamValue(kValidBlockSize);
+ uint32_t sourceMetadataMaxSize = getParamValue(kValidMetadataSize);
+ uint32_t sourceSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(0, 2);
+ auto sourceBuilder =
+ MetadataBuilder::New(sourceBlockDevSize, sourceMetadataMaxSize, sourceSlotCount);
+
+ uint64_t targetBlockDevSize = getParamValue(kValidBlockSize);
+ uint32_t targetMetadataMaxSize = getParamValue(kValidMetadataSize);
+ uint32_t targetSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(0, 2);
+ auto targetBuilder =
+ MetadataBuilder::New(targetBlockDevSize, targetMetadataMaxSize, targetSlotCount);
+
+ if (sourceBuilder && targetBuilder) {
+ int64_t sourceGroups = mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+ for (int64_t idx = 0; idx < sourceGroups; ++idx) {
+ sourceBuilder->AddGroup(
+ mFdp.PickValueInArray(mGroupNames),
+ mFdp.ConsumeBool() ? kValidMaxGroupSize : mFdp.ConsumeIntegral<uint64_t>());
+ }
+
+ int64_t sourcePartitions = mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+ for (int64_t idx = 0; idx < sourcePartitions; ++idx) {
+ sourceBuilder->AddPartition(mFdp.PickValueInArray(mPartitionNames),
+ LP_PARTITION_ATTR_READONLY);
+ }
+
+ int64_t targetGroups = mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+ for (int64_t idx = 0; idx < targetGroups; ++idx) {
+ targetBuilder->AddGroup(
+ mFdp.PickValueInArray(mGroupNames),
+ mFdp.ConsumeBool() ? kValidMaxGroupSize : mFdp.ConsumeIntegral<uint64_t>());
+ }
+
+ int64_t targetPartitions = mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+ for (int64_t idx = 0; idx < targetPartitions; ++idx) {
+ targetBuilder->AddPartition(mFdp.PickValueInArray(mPartitionNames),
+ LP_PARTITION_ATTR_READONLY);
+ }
+
+ MetadataBuilder::VerifyExtentsAgainstSourceMetadata(
+ *sourceBuilder, mFdp.ConsumeBool() ? 0 : 1 /* source_slot_number */, *targetBuilder,
+ mFdp.ConsumeBool() ? 0 : 1 /* target_slot_number */,
+ vector<string>{"system", "vendor", mFdp.ConsumeRandomLengthString(kMaxBytes)});
+ }
+}
+
+void BuilderFuzzer::invokeBuilderAPIs() {
+ string superBlockDeviceName =
+ mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes) : kDeviceInfoName;
+ uint32_t randomBuilder = mFdp.ConsumeIntegralInRange<uint32_t>(kMinBuilder, kMaxBuilder);
+ selectRandomBuilder(randomBuilder, superBlockDeviceName);
+
+ if (mBuilder.get()) {
+ setupBuilder(superBlockDeviceName);
+
+ while (mFdp.remaining_bytes()) {
+ auto invokeAPIs = mFdp.PickValueInArray<const function<void()>>({
+ [&]() { callChangePartitionGroup(); },
+ [&]() {
+ string addedGroupName = mFdp.PickValueInArray(mGroupNames);
+ mBuilder->AddGroup(addedGroupName,
+ mFdp.ConsumeIntegralInRange<uint64_t>(
+ kMinValue, kMaxValue) /* max_size */);
+ },
+ [&]() {
+ string partitionName = mFdp.PickValueInArray(mPartitionNames);
+ Partition* addedPartition = mBuilder->AddPartition(
+ partitionName, mFdp.PickValueInArray(kAttributeTypes));
+ },
+ [&]() {
+ int64_t numSectors = mFdp.ConsumeBool()
+ ? mFdp.ConsumeIntegralInRange<uint64_t>(
+ kMinSectorValue, kMaxSectorValue)
+ : kValidNumSectors;
+ int64_t physicalSector = mFdp.ConsumeBool()
+ ? mFdp.ConsumeIntegralInRange<uint64_t>(
+ kMinSectorValue, kMaxSectorValue)
+ : kValidPhysicalSector;
+
+ int64_t numExtents =
+ mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+ bool extentAdded = false;
+ for (int64_t i = 0; i <= numExtents; ++i) {
+ extentAdded = mBuilder->AddLinearExtent(mFuzzPartition, kDeviceInfoName,
+ numSectors, physicalSector);
+ }
+
+ if (extentAdded) {
+ unique_ptr<LpMetadata> metadata = mBuilder->Export();
+ uint64_t alignedSize =
+ mFdp.ConsumeIntegralInRange<uint64_t>(kMinValue, kMaxValue);
+ mFuzzPartition->GetBeginningExtents(LP_SECTOR_SIZE * numExtents);
+ }
+ },
+ [&]() { callVerifyExtentsAgainstSourceMetadata(); },
+ [&]() { mBuilder->ListPartitionsInGroup(mFdp.PickValueInArray(mGroupNames)); },
+ [&]() {
+ int64_t maxSize = mFdp.ConsumeIntegral<uint64_t>();
+ mBuilder->ChangeGroupSize(mFdp.PickValueInArray(mGroupNames), maxSize);
+ },
+ [&]() {
+ string deviceInfoName = mFdp.ConsumeBool()
+ ? kDeviceInfoName
+ : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ mBuilder->GetBlockDeviceInfo(deviceInfoName, &mBlockDevices[1]);
+ },
+ [&]() {
+ string deviceInfoName = mFdp.ConsumeBool()
+ ? kDeviceInfoName
+ : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ mBuilder->UpdateBlockDeviceInfo(deviceInfoName, mBlockDevices[1]);
+ },
+ [&]() {
+ unique_ptr<LpMetadata> metadata = mBuilder->Export();
+ mBuilder->ImportPartitions(*metadata.get(),
+ {mFdp.PickValueInArray(mPartitionNames)});
+ },
+ [&]() { mBuilder->HasBlockDevice(mFdp.PickValueInArray(mPartitionNames)); },
+ [&]() { mBuilder->SetVirtualABDeviceFlag(); },
+ [&]() { mBuilder->SetAutoSlotSuffixing(); },
+ [&]() { mBuilder->ListGroups(); },
+ [&]() { mBuilder->UsedSpace(); },
+ [&]() { mBuilder->RequireExpandedMetadataHeader(); },
+ [&]() {
+ uint64_t resizedPartitionSize = getParamValue(0);
+ mBuilder->ResizePartition(mResizePartition, resizedPartitionSize);
+ },
+ [&]() {
+ uint32_t sourceSlot = mFdp.ConsumeBool() ? 0 : 1;
+ uint32_t targetSlot = mFdp.ConsumeBool() ? 0 : 1;
+ PartitionOpener partitionOpener;
+ string sourcePartition =
+ mFdp.ConsumeBool() ? kFuzzPartitionName : kDeviceInfoName;
+
+ MetadataBuilder::NewForUpdate(partitionOpener, sourcePartition, sourceSlot,
+ targetSlot);
+ partitionOpener.GetDeviceString(mFdp.PickValueInArray(mPartitionNames));
+ },
+ [&]() {
+ unique_ptr<LpMetadata> metadata = mBuilder->Export();
+ MetadataBuilder::New(*metadata.get());
+ },
+ [&]() { mBuilder->AllocatableSpace(); },
+ [&]() {
+ PartitionOpener pOpener;
+ string superPartitionName =
+ mFdp.ConsumeBool() ? kSuperPartitionName
+ : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ pOpener.Open(superPartitionName, O_RDONLY);
+ pOpener.GetInfo(superPartitionName, &mBlockDevices[0]);
+ },
+ [&]() {
+ PartitionOpener pOpener;
+ string superPartitionName =
+ mFdp.ConsumeBool() ? kSuperPartitionName
+ : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ pOpener.Open(superPartitionName, O_RDONLY);
+ pOpener.GetDeviceString(superPartitionName);
+ },
+ [&]() {
+ Interval::Intersect(
+ Interval(mFdp.ConsumeIntegral<uint64_t>() /* device _index */,
+ mFdp.ConsumeIntegral<uint64_t>() /* start */,
+ mFdp.ConsumeIntegral<uint64_t>()) /* end */,
+ Interval(mFdp.ConsumeIntegral<uint64_t>() /* device _index */,
+ mFdp.ConsumeIntegral<uint64_t>() /* start */,
+ mFdp.ConsumeIntegral<uint64_t>() /* end */));
+ },
+ [&]() {
+ vector<Interval> intervalVectorA;
+ int64_t internalVectorAElements =
+ mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+ for (int64_t idx = 0; idx < internalVectorAElements; ++idx) {
+ intervalVectorA.push_back(
+ Interval(mFdp.ConsumeIntegral<uint64_t>() /* device _index */,
+ mFdp.ConsumeIntegral<uint64_t>() /* start */,
+ mFdp.ConsumeIntegral<uint64_t>() /* end */));
+ }
+
+ vector<Interval> intervalVectorB;
+ int64_t internalVectorBElements =
+ mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);
+ for (int64_t idx = 0; idx < internalVectorBElements; ++idx) {
+ intervalVectorB.push_back(
+ Interval(mFdp.ConsumeIntegral<uint64_t>() /* device _index */,
+ mFdp.ConsumeIntegral<uint64_t>() /* start */,
+ mFdp.ConsumeIntegral<uint64_t>() /* end */));
+ }
+
+ Interval::Intersect(intervalVectorA, intervalVectorB);
+ },
+ [&]() {
+ uint64_t numSectors =
+ mFdp.ConsumeIntegralInRange<uint64_t>(kMinValue, kMaxValue);
+ uint32_t deviceIndex =
+ mFdp.ConsumeIntegralInRange<uint32_t>(kMinValue, kMaxValue);
+ uint64_t physicalSector =
+ mFdp.ConsumeIntegralInRange<uint64_t>(kMinValue, kMaxValue);
+ LinearExtent extent(numSectors, deviceIndex, physicalSector);
+ extent.AsInterval();
+ },
+ [&]() {
+ IPropertyFetcher::OverrideForTesting(std::make_unique<PropertyFetcher>());
+ },
+ });
+ invokeAPIs();
+ }
+ if (mFdp.ConsumeBool()) {
+ mBuilder->RemoveGroupAndPartitions(mFdp.PickValueInArray(mGroupNames));
+ } else {
+ string removePartition = mFdp.PickValueInArray(mPartitionNames);
+ mBuilder->RemovePartition(removePartition);
+ }
+ }
+}
+
+void BuilderFuzzer::process() {
+ invokeBuilderAPIs();
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ BuilderFuzzer builderFuzzer(data, size);
+ builderFuzzer.process();
+ return 0;
+}
diff --git a/fs_mgr/liblp/fuzzer/liblp_super_layout_builder_fuzzer.cpp b/fs_mgr/liblp/fuzzer/liblp_super_layout_builder_fuzzer.cpp
new file mode 100644
index 0000000..887093c
--- /dev/null
+++ b/fs_mgr/liblp/fuzzer/liblp_super_layout_builder_fuzzer.cpp
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <android-base/unique_fd.h>
+#include <fcntl.h>
+#include <fuzzer/FuzzedDataProvider.h>
+#include <liblp/metadata_format.h>
+#include <liblp/super_layout_builder.h>
+#include <linux/memfd.h>
+#include <storage_literals/storage_literals.h>
+#include <sys/syscall.h>
+
+using namespace android::fs_mgr;
+using namespace std;
+using unique_fd = android::base::unique_fd;
+using namespace android::storage_literals;
+
+static constexpr uint64_t kSuperLayoutValidBlockDevSize = 4_MiB;
+static constexpr uint64_t kMinBlockDevValue = 0;
+static constexpr uint64_t kMaxBlockDevValue = 100000;
+static constexpr uint64_t kMinElements = 0;
+static constexpr uint64_t kMaxElements = 10;
+static constexpr uint32_t kSuperLayoutValidMetadataSize = 8_KiB;
+static constexpr uint32_t kMinMetadataValue = 0;
+static constexpr uint32_t kMaxMetadataValue = 10000;
+static constexpr uint32_t kMaxBytes = 20;
+static constexpr uint32_t kMinSlot = 0;
+static constexpr uint32_t kMaxSlot = 10;
+static constexpr uint32_t kMinOpen = 0;
+static constexpr uint32_t kMaxOpen = 2;
+
+const uint64_t kAttributeTypes[] = {
+ LP_PARTITION_ATTR_NONE, LP_PARTITION_ATTR_READONLY, LP_PARTITION_ATTR_SLOT_SUFFIXED,
+ LP_PARTITION_ATTR_UPDATED, LP_PARTITION_ATTR_DISABLED,
+};
+
+class SuperLayoutBuilderFuzzer {
+ public:
+ SuperLayoutBuilderFuzzer(const uint8_t* data, size_t size) : mFdp(data, size){};
+ void process();
+
+ private:
+ FuzzedDataProvider mFdp;
+ void invokeSuperLayoutBuilderAPIs();
+ void callRandomOpen(int32_t open);
+ void addMultiplePartitions(int32_t numPartitions);
+ void setupSuperLayoutBuilder(string fuzzPartitionName);
+ SuperLayoutBuilder mSuperLayoutBuilder;
+ unique_ptr<MetadataBuilder> mSuperBuilder;
+ unique_ptr<LpMetadata> mMetadata;
+ bool mOpenSuccess = false;
+};
+
+void SuperLayoutBuilderFuzzer::setupSuperLayoutBuilder(string fuzzPartitionName) {
+ uint64_t randomBlockDevSize =
+ mFdp.ConsumeIntegralInRange<uint64_t>(kMinBlockDevValue, kMaxBlockDevValue);
+ uint64_t blockDevSize = mFdp.ConsumeBool() ? kSuperLayoutValidBlockDevSize : randomBlockDevSize;
+ uint32_t randomMetadataMaxSize =
+ mFdp.ConsumeIntegralInRange<uint32_t>(kMinMetadataValue, kMaxMetadataValue);
+ uint32_t metadataMaxSize =
+ mFdp.ConsumeBool() ? kSuperLayoutValidMetadataSize : randomMetadataMaxSize;
+ uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);
+ mSuperBuilder = MetadataBuilder::New(blockDevSize, metadataMaxSize, metadataSlotCount);
+
+ if (mSuperBuilder.get()) {
+ if (mFdp.ConsumeBool()) {
+ int32_t numPartitions =
+ mFdp.ConsumeIntegralInRange<int32_t>(kMinElements, kMaxElements);
+ addMultiplePartitions(numPartitions);
+ }
+
+ uint32_t randomOpen = mFdp.ConsumeIntegralInRange<uint32_t>(kMinOpen, kMaxOpen);
+ callRandomOpen(randomOpen);
+
+ if (!fuzzPartitionName.size()) {
+ fuzzPartitionName = "builder_partition";
+ }
+ }
+}
+
+void SuperLayoutBuilderFuzzer::addMultiplePartitions(int32_t numPartitions) {
+ for (int32_t idx = 0; idx < numPartitions; ++idx) {
+ string partitionName = mFdp.ConsumeBool() ? mFdp.ConsumeRandomLengthString(kMaxBytes)
+ : "builder_partition";
+ mSuperBuilder->AddPartition(partitionName, mFdp.PickValueInArray(kAttributeTypes));
+ }
+}
+
+void SuperLayoutBuilderFuzzer::callRandomOpen(int32_t open) {
+ mMetadata = mSuperBuilder->Export();
+ switch (open) {
+ case 0: {
+ vector<uint8_t> imageData = mFdp.ConsumeBytes<uint8_t>(kMaxBytes);
+ mOpenSuccess = mSuperLayoutBuilder.Open((void*)(imageData.data()), imageData.size());
+ break;
+ }
+ case 1: {
+ mOpenSuccess = mSuperLayoutBuilder.Open(*mMetadata.get());
+ break;
+ }
+ case 2: {
+ unique_fd fd(syscall(__NR_memfd_create, "image_file", 0));
+ WriteToImageFile(fd, *mMetadata.get());
+ mOpenSuccess = mSuperLayoutBuilder.Open(fd);
+ break;
+ }
+ }
+}
+
+void SuperLayoutBuilderFuzzer::invokeSuperLayoutBuilderAPIs() {
+ string imageName = mFdp.ConsumeRandomLengthString(kMaxBytes);
+ string fuzzPartitionName =
+ mFdp.ConsumeBool() ? "builder_partition" : mFdp.ConsumeRandomLengthString(kMaxBytes);
+ setupSuperLayoutBuilder(fuzzPartitionName);
+ if (mOpenSuccess) {
+ while (mFdp.remaining_bytes()) {
+ auto invokeSuperAPIs = mFdp.PickValueInArray<const function<void()>>({
+ [&]() { mSuperLayoutBuilder.GetImageLayout(); },
+ [&]() {
+ mSuperLayoutBuilder.AddPartition(fuzzPartitionName, imageName,
+ mFdp.ConsumeIntegral<uint64_t>());
+ },
+ });
+ invokeSuperAPIs();
+ }
+ }
+}
+
+void SuperLayoutBuilderFuzzer::process() {
+ invokeSuperLayoutBuilderAPIs();
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ SuperLayoutBuilderFuzzer superLayoutBuilderFuzzer(data, size);
+ superLayoutBuilderFuzzer.process();
+ return 0;
+}
diff --git a/init/persistent_properties.cpp b/init/persistent_properties.cpp
index 8efb72c..e89244f 100644
--- a/init/persistent_properties.cpp
+++ b/init/persistent_properties.cpp
@@ -115,24 +115,6 @@
}
}
-PersistentProperties LoadPersistentPropertiesFromMemory() {
- PersistentProperties persistent_properties;
- __system_property_foreach(
- [](const prop_info* pi, void* cookie) {
- __system_property_read_callback(
- pi,
- [](void* cookie, const char* name, const char* value, unsigned serial) {
- if (StartsWith(name, "persist.")) {
- auto properties = reinterpret_cast<PersistentProperties*>(cookie);
- AddPersistentProperty(name, value, properties);
- }
- },
- cookie);
- },
- &persistent_properties);
- return persistent_properties;
-}
-
Result<std::string> ReadPersistentPropertyFile() {
const std::string temp_filename = persistent_property_filename + ".tmp";
if (access(temp_filename.c_str(), F_OK) == 0) {
@@ -221,6 +203,24 @@
return {};
}
+PersistentProperties LoadPersistentPropertiesFromMemory() {
+ PersistentProperties persistent_properties;
+ __system_property_foreach(
+ [](const prop_info* pi, void* cookie) {
+ __system_property_read_callback(
+ pi,
+ [](void* cookie, const char* name, const char* value, unsigned serial) {
+ if (StartsWith(name, "persist.")) {
+ auto properties = reinterpret_cast<PersistentProperties*>(cookie);
+ AddPersistentProperty(name, value, properties);
+ }
+ },
+ cookie);
+ },
+ &persistent_properties);
+ return persistent_properties;
+}
+
// Persistent properties are not written often, so we rather not keep any data in memory and read
// then rewrite the persistent property file for each update.
void WritePersistentProperty(const std::string& name, const std::string& value) {
diff --git a/init/persistent_properties.h b/init/persistent_properties.h
index a6f80e6..7e9d438 100644
--- a/init/persistent_properties.h
+++ b/init/persistent_properties.h
@@ -29,6 +29,7 @@
PersistentProperties* persistent_properties);
PersistentProperties LoadPersistentProperties();
void WritePersistentProperty(const std::string& name, const std::string& value);
+PersistentProperties LoadPersistentPropertiesFromMemory();
// Exposed only for testing
Result<PersistentProperties> LoadPersistentPropertyFile();
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 38cbea3..b08a904 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1400,8 +1400,6 @@
// Apply staged and persistent properties
bool has_staged_prop = false;
auto const staged_prefix = std::string_view("next_boot.");
- auto const staged_persist_prefix = std::string_view("next_boot.persist.");
- auto persist_props_map = std::unordered_map<std::string, std::string>();
auto persistent_properties = LoadPersistentProperties();
for (const auto& property_record : persistent_properties.properties()) {
@@ -1412,23 +1410,16 @@
has_staged_prop = true;
auto actual_prop_name = prop_name.substr(staged_prefix.size());
InitPropertySet(actual_prop_name, prop_value);
- if (StartsWith(prop_name, staged_persist_prefix)) {
- persist_props_map[actual_prop_name] = prop_value;
- }
- } else if (!persist_props_map.count(prop_name)) {
+ } else {
InitPropertySet(prop_name, prop_value);
}
}
// Update persist prop file if there are staged props
if (has_staged_prop) {
- PersistentProperties updated_persist_props;
- for (auto const& [prop_name, prop_value] : persist_props_map) {
- AddPersistentProperty(prop_name, prop_value, &updated_persist_props);
- }
-
+ PersistentProperties props = LoadPersistentPropertiesFromMemory();
// write current updated persist prop file
- auto result = WritePersistentPropertyFile(updated_persist_props);
+ auto result = WritePersistentPropertyFile(props);
if (!result.ok()) {
LOG(ERROR) << "Could not store persistent property: " << result.error();
}
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 9095b85..1f211dd 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -503,10 +503,6 @@
<< ") failed";
}
}
-
- if (auto result = WriteFile("/sys/fs/selinux/checkreqprot", "0"); !result.ok()) {
- LOG(FATAL) << "Unable to write to /sys/fs/selinux/checkreqprot: " << result.error();
- }
}
constexpr size_t kKlogMessageSize = 1024;
diff --git a/libvndksupport/linker.cpp b/libvndksupport/linker.cpp
index ad4fb31..b2b257e 100644
--- a/libvndksupport/linker.cpp
+++ b/libvndksupport/linker.cpp
@@ -75,7 +75,7 @@
}
return handle;
} else {
- ALOGD("Loading %s from current namespace instead of sphal namespace.", name);
+ ALOGW("Loading %s from current namespace instead of sphal namespace.", name);
return dlopen(name, flag);
}
}
diff --git a/trusty/keymaster/fuzz/Android.bp b/trusty/keymaster/fuzz/Android.bp
index 5f24bc6..b10f727 100644
--- a/trusty/keymaster/fuzz/Android.bp
+++ b/trusty/keymaster/fuzz/Android.bp
@@ -26,7 +26,9 @@
"-DTRUSTY_APP_FILENAME=\"keymaster.syms.elf\"",
],
fuzz_config: {
- cc: ["trong@google.com"],
+ cc: ["trong@google.com", "drysdale@google.com"],
+ componentid: 1084733,
+ hotlists: ["4271696"],
},
// The initial corpus for this fuzzer was derived by dumping messages from
diff --git a/trusty/keymint/fuzz/Android.bp b/trusty/keymint/fuzz/Android.bp
new file mode 100644
index 0000000..de73db7
--- /dev/null
+++ b/trusty/keymint/fuzz/Android.bp
@@ -0,0 +1,37 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_fuzz {
+ name: "trusty_keymint_fuzzer",
+ defaults: ["trusty_fuzzer_defaults"],
+ srcs: [":trusty_tipc_fuzzer"],
+ cflags: [
+ "-DTRUSTY_APP_PORT=\"com.android.trusty.keymint\"",
+ "-DTRUSTY_APP_UUID=\"5f902ace-5e5c-4cd8-ae54-87b88c22ddaf\"",
+ "-DTRUSTY_APP_FILENAME=\"keymint_app.syms.elf\"",
+ ],
+ fuzz_config: {
+ cc: ["drysdale@google.com"],
+ componentid: 1084733,
+ hotlists: ["4271696"],
+ },
+
+ // The initial corpus for this fuzzer was derived by dumping messages from
+ // the HAL service while running the VTS tests for KeyMint.
+ corpus: ["corpus/*"],
+}
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-821180-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-821180-0
new file mode 100644
index 0000000..18fce25
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-821180-0
@@ -0,0 +1 @@
+�
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82128140-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82128140-0
new file mode 100644
index 0000000..906f640
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82128140-0
@@ -0,0 +1 @@
+�@
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82128143-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82128143-0
new file mode 100644
index 0000000..d629eaa
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82128143-0
@@ -0,0 +1 @@
+�Cfoo
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-0
new file mode 100644
index 0000000..3aa32ab
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-0
@@ -0,0 +1 @@
+�X@�TÄdý£%r³�õ«�ã1:á�éz¹ð7�êXØÿ$é�Óûõv`ô4¨ÂÝrc«ØJ!Rq¯»3?ZD
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-1
new file mode 100644
index 0000000..1937534
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82128158-1
@@ -0,0 +1,2 @@
+�X@vE�)Y¼0jIê»: <q*÷Ö㺧
+#ï}øê4C�T$dñ¬�ô"£Y�OÇ�¨�SÖò; eP´�
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-0
new file mode 100644
index 0000000..0490f22
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-1
new file mode 100644
index 0000000..ea95a46
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-2
new file mode 100644
index 0000000..ffe61a4
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-3
new file mode 100644
index 0000000..1e27673
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138285-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-0
new file mode 100644
index 0000000..8ab6a9b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-1
new file mode 100644
index 0000000..dfac273
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-2
new file mode 100644
index 0000000..3f0d405
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-3
new file mode 100644
index 0000000..aef020a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138286-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-0
new file mode 100644
index 0000000..1036580
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-1
new file mode 100644
index 0000000..b0ead45
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-2
new file mode 100644
index 0000000..8375478
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-3
new file mode 100644
index 0000000..32224ee
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138287-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-0
new file mode 100644
index 0000000..0d3285a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-1
new file mode 100644
index 0000000..73a0a5b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-2
new file mode 100644
index 0000000..135ba17
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-3
new file mode 100644
index 0000000..827854e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138288-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-0
new file mode 100644
index 0000000..668b59c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-1
new file mode 100644
index 0000000..e20dcdb
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-2
new file mode 100644
index 0000000..b23c619
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-3
new file mode 100644
index 0000000..0a51e01
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138289-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-0
new file mode 100644
index 0000000..be73ca3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-1
new file mode 100644
index 0000000..625ce23
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-2
new file mode 100644
index 0000000..5ae5b06
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-3
new file mode 100644
index 0000000..665818c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828a-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-0
new file mode 100644
index 0000000..021de9d
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-1
new file mode 100644
index 0000000..85394c2
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-2
new file mode 100644
index 0000000..1c07c9f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-3
new file mode 100644
index 0000000..03094b3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828b-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-0
new file mode 100644
index 0000000..3fda800
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-1
new file mode 100644
index 0000000..9bedcf6
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-2
new file mode 100644
index 0000000..49f8faf
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-3
new file mode 100644
index 0000000..38f360c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828c-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-0
new file mode 100644
index 0000000..16388b3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-1
new file mode 100644
index 0000000..5238d4a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-2
new file mode 100644
index 0000000..ce98ac3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-3
new file mode 100644
index 0000000..b0bdc3e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828d-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-0
new file mode 100644
index 0000000..58cfa24
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-1
new file mode 100644
index 0000000..ffe3bb3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-2
new file mode 100644
index 0000000..93f7d1c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-3
new file mode 100644
index 0000000..ad6744f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828e-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-0
new file mode 100644
index 0000000..ce8515f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-1
new file mode 100644
index 0000000..dd1d192
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-2
new file mode 100644
index 0000000..c82d9a1
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-3
new file mode 100644
index 0000000..93246f8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8213828f-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-0
new file mode 100644
index 0000000..8865ca7
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-1
new file mode 100644
index 0000000..36369f7
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138290-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82138292-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82138292-0
new file mode 100644
index 0000000..ffcffbf
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82138292-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-0
new file mode 100644
index 0000000..3741bdf
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-1
new file mode 100644
index 0000000..74f74cd
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-2
new file mode 100644
index 0000000..0ed4888
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-3
new file mode 100644
index 0000000..e933e1c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148485-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-0
new file mode 100644
index 0000000..88c2106
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-1
new file mode 100644
index 0000000..004c63a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-2
new file mode 100644
index 0000000..939c477
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-3
new file mode 100644
index 0000000..2a7a322
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148486-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-0
new file mode 100644
index 0000000..4d4ed45
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-1
new file mode 100644
index 0000000..5a5d90d
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-2
new file mode 100644
index 0000000..d966664
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-3
new file mode 100644
index 0000000..746a2df
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148487-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-0
new file mode 100644
index 0000000..fbde04e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-1
new file mode 100644
index 0000000..a8ec9fe
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-2
new file mode 100644
index 0000000..e00aa32
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-3
new file mode 100644
index 0000000..1c414e4
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148488-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-0
new file mode 100644
index 0000000..6ce48a5
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-1
new file mode 100644
index 0000000..623ba78
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-2
new file mode 100644
index 0000000..3e1a756
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-3
new file mode 100644
index 0000000..9fda99a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82148489-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-0
new file mode 100644
index 0000000..9d8c18f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-1
new file mode 100644
index 0000000..c88132a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-2
new file mode 100644
index 0000000..8b735f4
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-3
new file mode 100644
index 0000000..33148a1
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848a-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-8214848b-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848b-0
new file mode 100644
index 0000000..a43a7fc
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-8214848b-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-0
new file mode 100644
index 0000000..66898a7
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-1
new file mode 100644
index 0000000..9c2b989
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-2
new file mode 100644
index 0000000..8b2a6dd
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-3
new file mode 100644
index 0000000..60bb113
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82158659-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-0
new file mode 100644
index 0000000..e68e281
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-0
@@ -0,0 +1 @@
+�X4just some garbage data which is not a valid key blob:oÿý¦Hclientid:oÿýCGappdata
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-1
new file mode 100644
index 0000000..6b94220
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82168258-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-0
new file mode 100644
index 0000000..8c41bfd
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-1
new file mode 100644
index 0000000..69305d2
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-2
new file mode 100644
index 0000000..c09cc84
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-3
new file mode 100644
index 0000000..63d07cb
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178158-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-0
new file mode 100644
index 0000000..5d7d27a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-1
new file mode 100644
index 0000000..79515cc
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-2
new file mode 100644
index 0000000..c5f577c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-3
new file mode 100644
index 0000000..c93b24c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82178159-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-0
new file mode 100644
index 0000000..cf90447
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-1
new file mode 100644
index 0000000..02233d7
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-2
new file mode 100644
index 0000000..f39c953
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-3
new file mode 100644
index 0000000..438b2be
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181a84-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-0
new file mode 100644
index 0000000..3f81237
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-1
new file mode 100644
index 0000000..3fad357
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-2
new file mode 100644
index 0000000..5967cad
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-3
new file mode 100644
index 0000000..705537b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82181e83-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-0
new file mode 100644
index 0000000..204f7a8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-0
@@ -0,0 +1 @@
+�1�?�TöÖÉDFfoobar
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-1
new file mode 100644
index 0000000..239a31b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-1
@@ -0,0 +1 @@
+�1;OiìÁÈ^Æ'Ffoobar
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-2
new file mode 100644
index 0000000..88586f0
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-2
@@ -0,0 +1 @@
+�1�YéÍ. Ffoobar
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-3
new file mode 100644
index 0000000..06fb12a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183184-3
@@ -0,0 +1 @@
+�1��úbxAN`Ffoobar
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-0
new file mode 100644
index 0000000..9f819e8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-0
@@ -0,0 +1 @@
+�2;*Æõ(ÚÐ÷Y�øaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-1
new file mode 100644
index 0000000..305a056
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-2
new file mode 100644
index 0000000..509b24b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-2
@@ -0,0 +1 @@
+�2�_ÛÈK�5]rY�÷aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-3
new file mode 100644
index 0000000..75d713d
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183284-3
@@ -0,0 +1,2 @@
+�2;
+E=¤®þY�ùaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-0
new file mode 100644
index 0000000..b96374f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-1
new file mode 100644
index 0000000..e07515e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-1
@@ -0,0 +1 @@
+�3��Á6Ø.[�LHello World!@
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-2
new file mode 100644
index 0000000..fb70126
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-3
new file mode 100644
index 0000000..2ec8700
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183386-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-0
new file mode 100644
index 0000000..7f4913f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-0
@@ -0,0 +1 @@
+�4;zÁ«�Êñ
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-1 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-1
new file mode 100644
index 0000000..9a89501
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-1
@@ -0,0 +1 @@
+�4��ßÂ÷�6
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-2 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-2
new file mode 100644
index 0000000..219dbb2
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-3 b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-3
new file mode 100644
index 0000000..f3875ac
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82183481-3
@@ -0,0 +1 @@
+�4� 訢�%
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82184180-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82184180-0
new file mode 100644
index 0000000..a0a6c55
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82184180-0
@@ -0,0 +1 @@
+�A
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-reqs-82184281-0 b/trusty/keymint/fuzz/corpus/keymint-reqs-82184281-0
new file mode 100644
index 0000000..775bb4b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-reqs-82184281-0
@@ -0,0 +1 @@
+�Bô
\ No newline at end of file
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00035504-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00035504-0
new file mode 100644
index 0000000..8900169
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00035504-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-001e170d-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-001e170d-0
new file mode 100644
index 0000000..1d6adc0
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-001e170d-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00303031-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00303031-0
new file mode 100644
index 0000000..05965d9
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00303031-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00313563-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00313563-0
new file mode 100644
index 0000000..00d3a67
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00313563-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00333233-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00333233-0
new file mode 100644
index 0000000..608e178
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00333233-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00365a17-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00365a17-0
new file mode 100644
index 0000000..2b4acb2
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00365a17-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-003cc0cc-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-003cc0cc-0
new file mode 100644
index 0000000..2cfcec8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-003cc0cc-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-003e7b1a-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-003e7b1a-0
new file mode 100644
index 0000000..7beac8c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-003e7b1a-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0042-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0042-0
new file mode 100644
index 0000000..57302ad
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0042-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00646630-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00646630-0
new file mode 100644
index 0000000..4ecce85
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00646630-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-0
new file mode 100644
index 0000000..3d4a9d3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-1 b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-1
new file mode 100644
index 0000000..9a6182a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-2 b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-2
new file mode 100644
index 0000000..3375a2e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-3 b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-3
new file mode 100644
index 0000000..41359da
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00820081-3
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822180-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822180-0
new file mode 100644
index 0000000..0ebe5ae
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822180-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822280-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822280-0
new file mode 100644
index 0000000..a797c20
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822280-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822580-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822580-0
new file mode 100644
index 0000000..3691795
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822580-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822680-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822680-0
new file mode 100644
index 0000000..dd5cbf3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822680-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822780-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822780-0
new file mode 100644
index 0000000..4b79060
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822780-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822880-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822880-0
new file mode 100644
index 0000000..e7eab4c
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822880-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822980-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822980-0
new file mode 100644
index 0000000..0072b55
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822980-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822a80-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822a80-0
new file mode 100644
index 0000000..9a60d67
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822a80-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822b80-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822b80-0
new file mode 100644
index 0000000..88cba54
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822b80-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00822c80-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00822c80-0
new file mode 100644
index 0000000..deeb51f
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00822c80-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823080-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823080-0
new file mode 100644
index 0000000..15f1535
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823080-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823480-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823480-0
new file mode 100644
index 0000000..291df50
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823480-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823819-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823819-0
new file mode 100644
index 0000000..75cefc8
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823819-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082381d-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082381d-0
new file mode 100644
index 0000000..ce61cd9
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082381d-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082381e-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082381e-0
new file mode 100644
index 0000000..9aa2664
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082381e-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823820-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823820-0
new file mode 100644
index 0000000..151c1f4
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823820-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823825-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823825-0
new file mode 100644
index 0000000..0356eee
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823825-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823827-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823827-0
new file mode 100644
index 0000000..26ea013
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823827-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082382b-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082382b-0
new file mode 100644
index 0000000..c2ca980
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082382b-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823833-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823833-0
new file mode 100644
index 0000000..1d8f61e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823833-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823836-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823836-0
new file mode 100644
index 0000000..98dd9b0
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823836-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823837-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823837-0
new file mode 100644
index 0000000..da79a71
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823837-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823838-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823838-0
new file mode 100644
index 0000000..101d1be
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823838-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823839-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823839-0
new file mode 100644
index 0000000..9297110
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823839-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082383a-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082383a-0
new file mode 100644
index 0000000..4cfc804
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082383a-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082383e-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082383e-0
new file mode 100644
index 0000000..6fbc978
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082383e-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823840-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823840-0
new file mode 100644
index 0000000..4f73211
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823840-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823841-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823841-0
new file mode 100644
index 0000000..eb9bc2a
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823841-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823846-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823846-0
new file mode 100644
index 0000000..8f40430
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823846-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082384d-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384d-0
new file mode 100644
index 0000000..242516e
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384d-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082384e-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384e-0
new file mode 100644
index 0000000..72f2930
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384e-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-0082384f-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384f-0
new file mode 100644
index 0000000..7cb67c3
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-0082384f-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823850-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823850-0
new file mode 100644
index 0000000..25251cc
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823850-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00823903-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00823903-0
new file mode 100644
index 0000000..42e4206
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00823903-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-009a81fa-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-009a81fa-0
new file mode 100644
index 0000000..b5ffa78
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-009a81fa-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-00b5ae79-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-00b5ae79-0
new file mode 100644
index 0000000..c5f085b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-00b5ae79-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-0 b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-0
new file mode 100644
index 0000000..598a377
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-0
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-1 b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-1
new file mode 100644
index 0000000..37f4af5
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-1
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-2 b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-2
new file mode 100644
index 0000000..5568f4b
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-2
Binary files differ
diff --git a/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-3 b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-3
new file mode 100644
index 0000000..34a5f23
--- /dev/null
+++ b/trusty/keymint/fuzz/corpus/keymint-rsps-01820081-3
Binary files differ