diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2020-09-08 08:25:27 +0300 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-09-22 10:12:23 +0200 |
| commit | 9133037195b4eb6ca586ff9fd3810ae3a780b931 (patch) | |
| tree | 19393a1d33c80f2764670e74b2d8cb685dfba244 /pkg/host/syscalls_linux.go | |
| parent | 1125444eb8aaf143cd81dc90e502a059385e2455 (diff) | |
all: integrate with mac80211_hwsim
Two virtual wireless devices are instantiated during network devices
initialization.
A new flag (-wifi) is added that controls whether these virtual wifi
devices are instantiated and configured during proc initialization.
Also, two new pseudo syscalls are added:
1. syz_80211_inject_frame(mac_addr, packet, packet_len) -- injects an
arbitrary packet into the wireless stack. It is injected as if it
originated from the device identitied by mac_addr.
2. syz_80211_join_ibss(interface_name, ssid, ssid_len, mode) --
puts a specific network interface into IBSS state and joins an IBSS
network.
Arguments of syz_80211_join_ibss:
1) interface_name -- null-terminated string that identifies
a wireless interface
2) ssid, ssid_len -- SSID of an IBSS network to join to
3) mode -- mode of syz_80211_join_ibss operation (see below)
Modes of operation:
JOIN_IBSS_NO_SCAN (0x0) -- channel scan is not performed and
syz_80211_join_ibss waits until the interface reaches IF_OPER_UP.
JOIN_IBSS_BG_SCAN (0x1) -- channel scan is performed (takes ~ 9
seconds), syz_80211_join_ibss does not await IF_OPER_UP.
JOIN_IBSS_BG_NO_SCAN (0x2) -- channel scan is not performed,
syz_80211_join_ibss does not await IF_OPER_UP.
Local testing ensured that these syscalls are indeed able to set up an
operating network and inject packets into mac80211.
Diffstat (limited to 'pkg/host/syscalls_linux.go')
| -rw-r--r-- | pkg/host/syscalls_linux.go | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/pkg/host/syscalls_linux.go b/pkg/host/syscalls_linux.go index 192e88100..c66342ddf 100644 --- a/pkg/host/syscalls_linux.go +++ b/pkg/host/syscalls_linux.go @@ -186,6 +186,11 @@ func isVhciInjectionSupported(c *prog.Syscall, target *prog.Target, sandbox stri return reason == "", reason } +func isWifiEmulationSupported(c *prog.Syscall, target *prog.Target, sandbox string) (bool, string) { + reason := checkWifiEmulation() + return reason == "", reason +} + func isSyzKvmSetupCPUSupported(c *prog.Syscall, target *prog.Target, sandbox string) (bool, string) { switch c.Name { case "syz_kvm_setup_cpu$x86": @@ -284,9 +289,11 @@ var syzkallSupport = map[string]func(*prog.Syscall, *prog.Target, string) (bool, "syz_io_uring_setup": isSyzIoUringSupported, // syz_memcpy_off is only used for io_uring descriptions, thus, enable it // only if io_uring syscalls are enabled. - "syz_memcpy_off": isSyzIoUringSupported, - "syz_btf_id_by_name": isBtfVmlinuxSupported, - "syz_fuse_handle_req": isSyzFuseSupported, + "syz_memcpy_off": isSyzIoUringSupported, + "syz_btf_id_by_name": isBtfVmlinuxSupported, + "syz_fuse_handle_req": isSyzFuseSupported, + "syz_80211_inject_frame": isWifiEmulationSupported, + "syz_80211_join_ibss": isWifiEmulationSupported, } func isSupportedSyzkall(c *prog.Syscall, target *prog.Target, sandbox string) (bool, string) { |