diff options
43 files changed, 1046 insertions, 92 deletions
diff --git a/executor/common.h b/executor/common.h index d86011223..b5a1ba593 100644 --- a/executor/common.h +++ b/executor/common.h @@ -765,6 +765,9 @@ int main(void) #if SYZ_USB setup_usb(); #endif +#if SYZ_802154 + setup_802154(); +#endif #if SYZ_HANDLE_SEGV install_segv_handler(); diff --git a/executor/common_linux.h b/executor/common_linux.h index d0638fb51..cb369e2dd 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -108,7 +108,7 @@ static bool write_file(const char* file, const char* what, ...) } #endif -#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || \ +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || SYZ_802154 || \ __NR_syz_genetlink_get_family_id || __NR_syz_80211_inject_frame || __NR_syz_80211_join_ibss #include <arpa/inet.h> #include <net/if.h> @@ -156,7 +156,7 @@ static void netlink_attr(struct nlmsg* nlmsg, int typ, nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } -#if SYZ_EXECUTOR || SYZ_NET_DEVICES +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_802154 static void netlink_nest(struct nlmsg* nlmsg, int typ) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; @@ -203,7 +203,7 @@ static int netlink_send_ext(struct nlmsg* nlmsg, int sock, return ((struct nlmsgerr*)(hdr + 1))->error; } -#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || \ +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || SYZ_802154 || \ __NR_syz_80211_join_ibss || __NR_syz_80211_inject_frame static int netlink_send(struct nlmsg* nlmsg, int sock) { @@ -253,7 +253,7 @@ static int netlink_next_msg(struct nlmsg* nlmsg, unsigned int offset, } #endif -#if SYZ_EXECUTOR || SYZ_NET_DEVICES +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_802154 static void netlink_add_device_impl(struct nlmsg* nlmsg, const char* type, const char* name) { @@ -265,7 +265,9 @@ static void netlink_add_device_impl(struct nlmsg* nlmsg, const char* type, netlink_nest(nlmsg, IFLA_LINKINFO); netlink_attr(nlmsg, IFLA_INFO_KIND, type, strlen(type)); } +#endif +#if SYZ_EXECUTOR || SYZ_NET_DEVICES static void netlink_add_device(struct nlmsg* nlmsg, int sock, const char* type, const char* name) { @@ -392,7 +394,7 @@ static void netlink_add_ipvlan(struct nlmsg* nlmsg, int sock, const char* name, } #endif -#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_802154 static void netlink_device_change(struct nlmsg* nlmsg, int sock, const char* name, bool up, const char* master, const void* mac, int macsize, const char* new_name) @@ -474,7 +476,7 @@ static void netlink_add_neigh(struct nlmsg* nlmsg, int sock, const char* name, #endif #endif -#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || SYZ_802154 static struct nlmsg nlmsg; #endif @@ -1296,8 +1298,6 @@ static void initialize_netdevices(void) // Also init namespace contains the following devices (which presumably can't be // created in non-init namespace), can we use them somehow? // - ifb0/1 - // - wpan0/1 - // - hwsim0 // - teql0 // - eql char netdevsim[16]; @@ -2634,19 +2634,21 @@ static long syz_emit_vhci(volatile long a0, volatile long a1) #include <errno.h> #include <sys/socket.h> -static long syz_genetlink_get_family_id(volatile long name) +static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { - struct nlmsg nlmsg_tmp; - - debug("syz_genetlink_get_family_id(%s)\n", (char*)name); - int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); - if (fd == -1) { - debug("syz_genetlink_get_family_id: socket failed: %d\n", errno); - return -1; + debug("syz_genetlink_get_family_id(%s, %d)\n", (char*)name, (int)sock_arg); + int fd = sock_arg; + if (fd < 0) { + fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); + if (fd == -1) { + debug("syz_genetlink_get_family_id: socket failed: %d\n", errno); + return -1; + } } - + struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name); - close(fd); + if ((int)sock_arg >= 0) + close(fd); if (ret < 0) { debug("syz_genetlink_get_family_id: netlink_query_family_id failed: %d\n", ret); return -1; @@ -4633,6 +4635,58 @@ static void setup_sysctl() } #endif +#if SYZ_EXECUTOR || SYZ_802154 +#include <net/if.h> +#include <string.h> +#include <sys/socket.h> +#include <sys/types.h> + +#define NL802154_CMD_SET_SHORT_ADDR 11 +#define NL802154_ATTR_IFINDEX 3 +#define NL802154_ATTR_SHORT_ADDR 10 + +static void setup_802154() +{ + int sock_route = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (sock_route == -1) + fail("socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) failed"); + int sock_generic = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); + if (sock_generic < 0) + fail("socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) failed"); + int nl802154_family_id = netlink_query_family_id(&nlmsg, sock_generic, "nl802154"); + for (int i = 0; i < 2; i++) { + // wpan0/1 are created by CONFIG_IEEE802154_HWSIM. + // sys/linux/socket_ieee802154.txt knowns about these names and consts. + char devname[] = "wpan0"; + devname[strlen(devname) - 1] += i; + uint64 hwaddr = 0xaaaaaaaaaaaa0002 + (i << 8); + uint16 shortaddr = 0xaaa0 + i; + int ifindex = if_nametoindex(devname); + struct genlmsghdr genlhdr; + memset(&genlhdr, 0, sizeof(genlhdr)); + genlhdr.cmd = NL802154_CMD_SET_SHORT_ADDR; + netlink_init(&nlmsg, nl802154_family_id, 0, &genlhdr, sizeof(genlhdr)); + netlink_attr(&nlmsg, NL802154_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); + netlink_attr(&nlmsg, NL802154_ATTR_SHORT_ADDR, &shortaddr, sizeof(shortaddr)); + int err = netlink_send(&nlmsg, sock_generic); + if (err < 0) { + debug("NL802154_CMD_SET_SHORT_ADDR failed: %s\n", strerror(-err)); + } + netlink_device_change(&nlmsg, sock_route, devname, true, 0, &hwaddr, sizeof(hwaddr), 0); + if (i == 0) { + netlink_add_device_impl(&nlmsg, "lowpan", "lowpan0"); + netlink_done(&nlmsg); + netlink_attr(&nlmsg, IFLA_LINK, &ifindex, sizeof(ifindex)); + int err = netlink_send(&nlmsg, sock_route); + debug("netlink: adding device lowpan0 type lowpan link wpan0: %s\n", strerror(-err)); + (void)err; + } + } + close(sock_route); + close(sock_generic); +} +#endif + #if GOARCH_s390x #include <sys/mman.h> // Ugly way to work around gcc's "error: function called through a non-compatible type". diff --git a/executor/executor.cc b/executor/executor.cc index 31969ff40..71e3e7b71 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -1483,6 +1483,7 @@ void setup_features(char** enable, int n) { // This does any one-time setup for the requested features on the machine. // Note: this can be called multiple times and must be idempotent. + flag_debug = true; #if SYZ_HAVE_FEATURES setup_sysctl(); #endif diff --git a/executor/executor_linux.h b/executor/executor_linux.h index e66c92e3d..57c2638ea 100644 --- a/executor/executor_linux.h +++ b/executor/executor_linux.h @@ -222,4 +222,5 @@ static feature_t features[] = { {"kcsan", setup_kcsan}, {"usb", setup_usb}, {"sysctl", setup_sysctl}, + {"802154", setup_802154}, }; diff --git a/pkg/csource/common.go b/pkg/csource/common.go index 74f12485c..fe1655c13 100644 --- a/pkg/csource/common.go +++ b/pkg/csource/common.go @@ -121,6 +121,7 @@ func commonDefines(p *prog.Prog, opts Options) map[string]bool { "SYZ_REPRO": opts.Repro, "SYZ_TRACE": opts.Trace, "SYZ_WIFI": opts.Wifi, + "SYZ_802154": opts.IEEE802154, "SYZ_SYSCTL": opts.Sysctl, "SYZ_EXECUTOR_USES_SHMEM": sysTarget.ExecutorUsesShmem, "SYZ_EXECUTOR_USES_FORK_SERVER": sysTarget.ExecutorUsesForkServer, diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index 91c69e5d4..b5ebc7a7e 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -2359,7 +2359,7 @@ static bool write_file(const char* file, const char* what, ...) } #endif -#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || \ +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || SYZ_802154 || \ __NR_syz_genetlink_get_family_id || __NR_syz_80211_inject_frame || __NR_syz_80211_join_ibss #include <arpa/inet.h> #include <net/if.h> @@ -2407,7 +2407,7 @@ static void netlink_attr(struct nlmsg* nlmsg, int typ, nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } -#if SYZ_EXECUTOR || SYZ_NET_DEVICES +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_802154 static void netlink_nest(struct nlmsg* nlmsg, int typ) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; @@ -2454,7 +2454,7 @@ static int netlink_send_ext(struct nlmsg* nlmsg, int sock, return ((struct nlmsgerr*)(hdr + 1))->error; } -#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || \ +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || SYZ_802154 || \ __NR_syz_80211_join_ibss || __NR_syz_80211_inject_frame static int netlink_send(struct nlmsg* nlmsg, int sock) { @@ -2504,7 +2504,7 @@ static int netlink_next_msg(struct nlmsg* nlmsg, unsigned int offset, } #endif -#if SYZ_EXECUTOR || SYZ_NET_DEVICES +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_802154 static void netlink_add_device_impl(struct nlmsg* nlmsg, const char* type, const char* name) { @@ -2516,7 +2516,9 @@ static void netlink_add_device_impl(struct nlmsg* nlmsg, const char* type, netlink_nest(nlmsg, IFLA_LINKINFO); netlink_attr(nlmsg, IFLA_INFO_KIND, type, strlen(type)); } +#endif +#if SYZ_EXECUTOR || SYZ_NET_DEVICES static void netlink_add_device(struct nlmsg* nlmsg, int sock, const char* type, const char* name) { @@ -2643,7 +2645,7 @@ static void netlink_add_ipvlan(struct nlmsg* nlmsg, int sock, const char* name, } #endif -#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_802154 static void netlink_device_change(struct nlmsg* nlmsg, int sock, const char* name, bool up, const char* master, const void* mac, int macsize, const char* new_name) @@ -2725,7 +2727,7 @@ static void netlink_add_neigh(struct nlmsg* nlmsg, int sock, const char* name, #endif #endif -#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI +#if SYZ_EXECUTOR || SYZ_NET_DEVICES || SYZ_NET_INJECTION || SYZ_DEVLINK_PCI || SYZ_WIFI || SYZ_802154 static struct nlmsg nlmsg; #endif @@ -6007,19 +6009,21 @@ static long syz_emit_vhci(volatile long a0, volatile long a1) #include <errno.h> #include <sys/socket.h> -static long syz_genetlink_get_family_id(volatile long name) +static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { - struct nlmsg nlmsg_tmp; - - debug("syz_genetlink_get_family_id(%s)\n", (char*)name); - int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); - if (fd == -1) { - debug("syz_genetlink_get_family_id: socket failed: %d\n", errno); - return -1; + debug("syz_genetlink_get_family_id(%s, %d)\n", (char*)name, (int)sock_arg); + int fd = sock_arg; + if (fd < 0) { + fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); + if (fd == -1) { + debug("syz_genetlink_get_family_id: socket failed: %d\n", errno); + return -1; + } } - + struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name); - close(fd); + if ((int)sock_arg >= 0) + close(fd); if (ret < 0) { debug("syz_genetlink_get_family_id: netlink_query_family_id failed: %d\n", ret); return -1; @@ -9404,6 +9408,56 @@ static void setup_sysctl() } #endif +#if SYZ_EXECUTOR || SYZ_802154 +#include <net/if.h> +#include <string.h> +#include <sys/socket.h> +#include <sys/types.h> + +#define NL802154_CMD_SET_SHORT_ADDR 11 +#define NL802154_ATTR_IFINDEX 3 +#define NL802154_ATTR_SHORT_ADDR 10 + +static void setup_802154() +{ + int sock_route = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (sock_route == -1) + fail("socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) failed"); + int sock_generic = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); + if (sock_generic < 0) + fail("socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) failed"); + int nl802154_family_id = netlink_query_family_id(&nlmsg, sock_generic, "nl802154"); + for (int i = 0; i < 2; i++) { + char devname[] = "wpan0"; + devname[strlen(devname) - 1] += i; + uint64 hwaddr = 0xaaaaaaaaaaaa0002 + (i << 8); + uint16 shortaddr = 0xaaa0 + i; + int ifindex = if_nametoindex(devname); + struct genlmsghdr genlhdr; + memset(&genlhdr, 0, sizeof(genlhdr)); + genlhdr.cmd = NL802154_CMD_SET_SHORT_ADDR; + netlink_init(&nlmsg, nl802154_family_id, 0, &genlhdr, sizeof(genlhdr)); + netlink_attr(&nlmsg, NL802154_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); + netlink_attr(&nlmsg, NL802154_ATTR_SHORT_ADDR, &shortaddr, sizeof(shortaddr)); + int err = netlink_send(&nlmsg, sock_generic); + if (err < 0) { + debug("NL802154_CMD_SET_SHORT_ADDR failed: %s\n", strerror(-err)); + } + netlink_device_change(&nlmsg, sock_route, devname, true, 0, &hwaddr, sizeof(hwaddr), 0); + if (i == 0) { + netlink_add_device_impl(&nlmsg, "lowpan", "lowpan0"); + netlink_done(&nlmsg); + netlink_attr(&nlmsg, IFLA_LINK, &ifindex, sizeof(ifindex)); + int err = netlink_send(&nlmsg, sock_route); + debug("netlink: adding device lowpan0 type lowpan link wpan0: %s\n", strerror(-err)); + (void)err; + } + } + close(sock_route); + close(sock_generic); +} +#endif + #if GOARCH_s390x #include <sys/mman.h> #define CAST(f) ({void* p = (void*)f; p; }) @@ -10308,6 +10362,9 @@ int main(void) #if SYZ_USB setup_usb(); #endif +#if SYZ_802154 + setup_802154(); +#endif #if SYZ_HANDLE_SEGV install_segv_handler(); diff --git a/pkg/csource/options.go b/pkg/csource/options.go index df8811559..a0e1fe7ac 100644 --- a/pkg/csource/options.go +++ b/pkg/csource/options.go @@ -44,6 +44,7 @@ type Options struct { USB bool `json:"usb,omitempty"` VhciInjection bool `json:"vhci,omitempty"` Wifi bool `json:"wifi,omitempty"` + IEEE802154 bool `json:"ieee802154,omitempty"` Sysctl bool `json:"sysctl,omitempty"` UseTmpDir bool `json:"tmpdir,omitempty"` @@ -138,6 +139,7 @@ func (opts Options) checkLinuxOnly(OS string) error { "USB": &opts.USB, "VhciInjection": &opts.VhciInjection, "Wifi": &opts.Wifi, + "ieee802154": &opts.IEEE802154, "Fault": &opts.Fault, "Leak": &opts.Leak, "Sysctl": &opts.Sysctl, @@ -172,6 +174,7 @@ func DefaultOpts(cfg *mgrconfig.Config) Options { opts.USB = true opts.VhciInjection = true opts.Wifi = true + opts.IEEE802154 = true opts.Sysctl = true } if cfg.Sandbox == "" || cfg.Sandbox == "setuid" { @@ -257,6 +260,7 @@ func defaultFeatures(value bool) Features { "usb": {"setup and use /dev/raw-gadget for USB emulation", value}, "vhci": {"setup and use /dev/vhci for hci packet injection", value}, "wifi": {"setup and use mac80211_hwsim for wifi emulation", value}, + "ieee802154": {"setup and use mac802154_hwsim for emulation", value}, "sysctl": {"setup sysctl's for fuzzing", value}, } } diff --git a/pkg/csource/options_test.go b/pkg/csource/options_test.go index cd247fada..758e91ea1 100644 --- a/pkg/csource/options_test.go +++ b/pkg/csource/options_test.go @@ -250,6 +250,7 @@ func TestParseFeaturesFlags(t *testing.T) { "usb": true, "vhci": true, "wifi": true, + "ieee802154": true, "sysctl": true, }}, {"none", "none", false, map[string]bool{}}, @@ -264,6 +265,7 @@ func TestParseFeaturesFlags(t *testing.T) { "usb": true, "vhci": true, "wifi": true, + "ieee802154": true, "sysctl": true, }}, {"", "none", true, map[string]bool{}}, @@ -279,6 +281,7 @@ func TestParseFeaturesFlags(t *testing.T) { "usb": true, "vhci": true, "wifi": true, + "ieee802154": true, "sysctl": true, }}, {"tun,net_dev", "none", true, map[string]bool{ @@ -294,6 +297,7 @@ func TestParseFeaturesFlags(t *testing.T) { "usb": true, "vhci": true, "wifi": true, + "ieee802154": true, "sysctl": true, }}, {"close_fds", "none", true, map[string]bool{ diff --git a/pkg/host/features.go b/pkg/host/features.go index 14d4f5c89..d7012e918 100644 --- a/pkg/host/features.go +++ b/pkg/host/features.go @@ -29,6 +29,7 @@ const ( FeatureUSBEmulation FeatureVhciInjection FeatureWifiEmulation + Feature802154Emulation numFeatures ) @@ -69,6 +70,7 @@ func Check(target *prog.Target) (*Features, error) { FeatureUSBEmulation: {Name: "USB emulation", Reason: unsupported}, FeatureVhciInjection: {Name: "hci packet injection", Reason: unsupported}, FeatureWifiEmulation: {Name: "wifi device emulation", Reason: unsupported}, + Feature802154Emulation: {Name: "802.15.4 emulation", Reason: unsupported}, } if noHostChecks(target) { return res, nil @@ -111,6 +113,9 @@ func Setup(target *prog.Target, features *Features, featureFlags csource.Feature if features[FeatureUSBEmulation].Enabled { args = append(args, "usb") } + if featureFlags["ieee802154"].Enabled && features[Feature802154Emulation].Enabled { + args = append(args, "802154") + } _, err := osutil.RunCmd(5*time.Minute, "", executor, args...) return err } diff --git a/pkg/host/features_linux.go b/pkg/host/features_linux.go index fc925c00c..5c45bdcc1 100644 --- a/pkg/host/features_linux.go +++ b/pkg/host/features_linux.go @@ -33,6 +33,7 @@ func init() { checkFeature[FeatureUSBEmulation] = checkUSBEmulation checkFeature[FeatureVhciInjection] = checkVhciInjection checkFeature[FeatureWifiEmulation] = checkWifiEmulation + checkFeature[Feature802154Emulation] = check802154Emulation } func checkCoverage() string { @@ -233,6 +234,13 @@ func checkWifiEmulation() string { return requireKernel(4, 17) } +func check802154Emulation() string { + if err := osutil.IsAccessible("/sys/bus/platform/devices/mac802154_hwsim"); err != nil { + return err.Error() + } + return "" +} + func requireKernel(x, y int) string { info := new(unix.Utsname) if err := unix.Uname(info); err != nil { diff --git a/pkg/host/syscalls_linux.go b/pkg/host/syscalls_linux.go index e31e0dc24..a13af0caa 100644 --- a/pkg/host/syscalls_linux.go +++ b/pkg/host/syscalls_linux.go @@ -223,9 +223,11 @@ func isSyzGenetlinkGetFamilyIDSupported(c *prog.Syscall, target *prog.Target, sa if fd == -1 { return false, fmt.Sprintf("socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) failed: %v", err) } + // TODO: try to obtain actual family ID here. It will disable whole sets of sendmsg syscalls. syscall.Close(fd) return true, "" } + func isSyzMountImageSupported(c *prog.Syscall, target *prog.Target, sandbox string) (bool, string) { if ok, reason := onlySandboxNone(sandbox); !ok { return ok, reason diff --git a/pkg/repro/repro.go b/pkg/repro/repro.go index aca892cb9..4433c84a9 100644 --- a/pkg/repro/repro.go +++ b/pkg/repro/repro.go @@ -204,6 +204,9 @@ func createStartOptions(cfg *mgrconfig.Config, features *host.Features, crashTyp if !features[host.FeatureWifiEmulation].Enabled { opts.Wifi = false } + if !features[host.Feature802154Emulation].Enabled { + opts.IEEE802154 = false + } } return opts } @@ -969,6 +972,13 @@ var cSimplifies = append(progSimplifies, []Simplify{ return true }, func(opts *csource.Options) bool { + if !opts.IEEE802154 { + return false + } + opts.IEEE802154 = false + return true + }, + func(opts *csource.Options) bool { if !opts.UseTmpDir || opts.Sandbox == "namespace" || opts.Cgroups { return false } diff --git a/pkg/runtest/run.go b/pkg/runtest/run.go index 437970768..5a071676a 100644 --- a/pkg/runtest/run.go +++ b/pkg/runtest/run.go @@ -468,6 +468,9 @@ func (ctx *Context) createCTest(p *prog.Prog, sandbox string, threaded bool, tim if ctx.Features[host.FeatureWifiEmulation].Enabled { opts.Wifi = true } + if ctx.Features[host.Feature802154Emulation].Enabled { + opts.IEEE802154 = true + } } src, err := csource.Write(p, opts) if err != nil { diff --git a/sys/linux/dev_nbd.txt b/sys/linux/dev_nbd.txt index 3c42e4c5f..3fe5482dd 100644 --- a/sys/linux/dev_nbd.txt +++ b/sys/linux/dev_nbd.txt @@ -27,12 +27,12 @@ ioctl$NBD_CLEAR_QUE(fd fd_nbd, cmd const[NBD_CLEAR_QUE]) type msghdr_nl_nbd[CMD] msghdr_netlink[netlink_msg_t[genl_nbd_family_id, genlmsghdr_t[CMD], nbd_attr_policy]] -syz_genetlink_get_family_id$nbd(name ptr[in, string["nbd"]]) genl_nbd_family_id +syz_genetlink_get_family_id$nbd(name ptr[in, string["nbd"]], fd sock_nl_generic_init) genl_nbd_family_id -sendmsg$NBD_CMD_CONNECT(fd sock_nl_generic, msg ptr[in, msghdr_nl_nbd[NBD_CMD_CONNECT]], f flags[send_flags]) -sendmsg$NBD_CMD_DISCONNECT(fd sock_nl_generic, msg ptr[in, msghdr_nl_nbd[NBD_CMD_DISCONNECT]], f flags[send_flags]) -sendmsg$NBD_CMD_RECONFIGURE(fd sock_nl_generic, msg ptr[in, msghdr_nl_nbd[NBD_CMD_RECONFIGURE]], f flags[send_flags]) -sendmsg$NBD_CMD_STATUS(fd sock_nl_generic, msg ptr[in, msghdr_nl_nbd[NBD_CMD_STATUS]], f flags[send_flags]) +sendmsg$NBD_CMD_CONNECT(fd sock_nl_generic_init, msg ptr[in, msghdr_nl_nbd[NBD_CMD_CONNECT]], f flags[send_flags]) +sendmsg$NBD_CMD_DISCONNECT(fd sock_nl_generic_init, msg ptr[in, msghdr_nl_nbd[NBD_CMD_DISCONNECT]], f flags[send_flags]) +sendmsg$NBD_CMD_RECONFIGURE(fd sock_nl_generic_init, msg ptr[in, msghdr_nl_nbd[NBD_CMD_RECONFIGURE]], f flags[send_flags]) +sendmsg$NBD_CMD_STATUS(fd sock_nl_generic_init, msg ptr[in, msghdr_nl_nbd[NBD_CMD_STATUS]], f flags[send_flags]) nbd_attr_policy [ NBD_ATTR_INDEX nlattr[NBD_ATTR_INDEX, proc[0, 1, int32]] diff --git a/sys/linux/init.go b/sys/linux/init.go index 15d6f7960..d3373b5ab 100644 --- a/sys/linux/init.go +++ b/sys/linux/init.go @@ -40,6 +40,10 @@ func InitTarget(target *prog.Target) { AF_AX25: target.GetConst("AF_AX25"), AF_NETROM: target.GetConst("AF_NETROM"), AF_ROSE: target.GetConst("AF_ROSE"), + AF_IEEE802154: target.GetConst("AF_IEEE802154"), + AF_NETLINK: target.GetConst("AF_NETLINK"), + SOCK_RAW: target.GetConst("SOCK_RAW"), + NETLINK_GENERIC: target.GetConst("NETLINK_GENERIC"), USB_MAJOR: target.GetConst("USB_MAJOR"), TIOCSSERIAL: target.GetConst("TIOCSSERIAL"), TIOCGSERIAL: target.GetConst("TIOCGSERIAL"), @@ -141,6 +145,10 @@ type arch struct { AF_AX25 uint64 AF_NETROM uint64 AF_ROSE uint64 + AF_IEEE802154 uint64 + AF_NETLINK uint64 + SOCK_RAW uint64 + NETLINK_GENERIC uint64 USB_MAJOR uint64 TIOCSSERIAL uint64 TIOCGSERIAL uint64 @@ -200,8 +208,11 @@ func (arch *arch) neutralize(c *prog.Call) { // Don't let it mess with arbitrary sockets in init namespace. family := c.Args[0].(*prog.ConstArg) switch uint64(uint32(family.Val)) { - case arch.AF_NFC, arch.AF_LLC, arch.AF_BLUETOOTH, + case arch.AF_NFC, arch.AF_LLC, arch.AF_BLUETOOTH, arch.AF_IEEE802154, arch.AF_X25, arch.AF_AX25, arch.AF_NETROM, arch.AF_ROSE: + case arch.AF_NETLINK: + c.Args[1].(*prog.ConstArg).Val = arch.SOCK_RAW + c.Args[2].(*prog.ConstArg).Val = arch.NETLINK_GENERIC default: family.Val = ^uint64(0) } diff --git a/sys/linux/netfilter_ipvs.txt b/sys/linux/netfilter_ipvs.txt index 179d68d72..0a45c8fe9 100644 --- a/sys/linux/netfilter_ipvs.txt +++ b/sys/linux/netfilter_ipvs.txt @@ -12,7 +12,7 @@ include <uapi/linux/ip_vs.h> resource genl_ipvs_family_id[int16] type msghdr_nl_ipvs[CMD] msghdr_netlink[netlink_msg_t[genl_ipvs_family_id, genlmsghdr_t[CMD], ip_vs_cmd_policy]] -syz_genetlink_get_family_id$ipvs(name ptr[in, string["IPVS"]]) genl_ipvs_family_id +syz_genetlink_get_family_id$ipvs(name ptr[in, string["IPVS"]], fd sock_nl_generic) genl_ipvs_family_id sendmsg$IPVS_CMD_NEW_SERVICE(fd sock_nl_generic, msg ptr[in, msghdr_nl_ipvs[IPVS_CMD_NEW_SERVICE]], f flags[send_flags]) sendmsg$IPVS_CMD_SET_SERVICE(fd sock_nl_generic, msg ptr[in, msghdr_nl_ipvs[IPVS_CMD_SET_SERVICE]], f flags[send_flags]) diff --git a/sys/linux/socket.txt b/sys/linux/socket.txt index dbda63c5d..5bb3a74a1 100644 --- a/sys/linux/socket.txt +++ b/sys/linux/socket.txt @@ -55,7 +55,7 @@ sock_pair { } # This sockaddr type corresponds to the struct sockaddr and is 16 bytes or less. -# TODO: add AF_APPLETALK, AF_ATMPVC, AF_X25, AF_ROSE, AF_DECnet, AF_ATMSVC, AF_IRDA, AF_IB, AF_TIPC, AF_IUCV, AF_RXRPC, AF_ISDN, AF_PHONET, AF_IEEE802154, AF_CAIF +# TODO: add AF_APPLETALK, AF_ATMPVC, AF_ROSE, AF_DECnet, AF_ATMSVC, AF_IRDA, AF_IB, AF_IUCV # Note: AF_UNIX, AF_INET6, AF_PACKET, AF_ALG, AF_PPPOX sockaddr is bigger than 16 bytes # Note: AF_NETROM sockaddr is the same as AF_AX25 sockaddr [ @@ -117,6 +117,7 @@ sockaddr_storage [ phonet sockaddr_pn ethernet sockaddr_ethernet qipcrtr sockaddr_qrtr + ieee802154 sockaddr_ieee802154 generic sockaddr_storage_generic ] [size[SOCKADDR_STORAGE_SIZE]] diff --git a/sys/linux/socket_ieee802154.txt b/sys/linux/socket_ieee802154.txt new file mode 100644 index 000000000..e087fc12c --- /dev/null +++ b/sys/linux/socket_ieee802154.txt @@ -0,0 +1,558 @@ +# Copyright 2021 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +# TODO: these descriptions allow some basic testing, but does not seem to cover ingress path and lots of other things. +# Some things that can be improved: +# - supporting net namespaces in 802.15.4 subsystem for proper isolation, reproducubility +# (https://bugzilla.kernel.org/show_bug.cgi?id=211675) +# currently, parallel test processes use the same wpan0/wpan1 global devices in init namespace, +# thus no isolation, reproducubility, coverage guidance does not work +# - supporting phy flags (WPAN_PHY_FLAG_TXPOWER, etc) in mac802154_hwsim +# this will increase coverage that can be achieved with mac802154_hwsim +# - supporting remote coverage in 802.15.4 subsystem, lots of code seems to execute asynchronously +# - figuring out how to achieve coverage of ingress path and describing 802.15.4 packet format +# - there is something called 6lowpan that is related to 802.15.4, need to figure out what it is and how to reach it +# - executor sets wpan0/1 UP in setup_802154, but lots of commands require the device to be DOWN +# since these are in init net namespace, our descriptions in socket_netlink_route.txt can change these devices +# thus commands that require devices to be DOWN don't actually work + +include <linux/net.h> +include <linux/socket.h> +include <uapi/linux/netlink.h> +include <uapi/linux/genetlink.h> +include <net/af_ieee802154.h> +include <net/netlink.h> +include <net/nl802154.h> +include <linux/ieee802154.h> +include <linux/nl802154.h> + +resource sock_802154_raw[sock] +resource sock_802154_dgram[sock] + +syz_init_net_socket$802154_raw(domain const[AF_IEEE802154], type const[SOCK_RAW], proto const[0]) sock_802154_raw +bind$802154_raw(fd sock_802154_raw, addr ptr[in, sockaddr_ieee802154], len bytesize[addr]) +sendmsg$802154_raw(fd sock_802154_raw, msg ptr[in, msghdr_802154], f flags[send_flags]) + +syz_init_net_socket$802154_dgram(domain const[AF_IEEE802154], type const[SOCK_DGRAM], proto const[0]) sock_802154_dgram +connect$802154_dgram(fd sock_802154_dgram, addr ptr[in, sockaddr_ieee802154], len bytesize[addr]) +bind$802154_dgram(fd sock_802154_dgram, addr ptr[in, sockaddr_ieee802154], len bytesize[addr]) +sendmsg$802154_dgram(fd sock_802154_dgram, msg ptr[in, msghdr_802154], f flags[send_flags]) + +setsockopt$WPAN_WANTACK(fd sock_802154_dgram, level const[SOL_IEEE802154], opt const[WPAN_WANTACK], val ptr[in, bool32], len bytesize[val]) +setsockopt$WPAN_WANTLQI(fd sock_802154_dgram, level const[SOL_IEEE802154], opt const[WPAN_WANTLQI], val ptr[in, bool32], len bytesize[val]) +setsockopt$WPAN_SECURITY(fd sock_802154_dgram, level const[SOL_IEEE802154], opt const[WPAN_SECURITY], val ptr[in, flags[ieee802154_security, int32]], len bytesize[val]) +setsockopt$WPAN_SECURITY_LEVEL(fd sock_802154_dgram, level const[SOL_IEEE802154], opt const[WPAN_SECURITY_LEVEL], val ptr[in, int32[WPAN_SECURITY_LEVEL_DEFAULT:IEEE802154_SCF_SECLEVEL_ENC_MIC128]], len bytesize[val]) +getsockopt$WPAN_WANTACK(fd sock_802154_dgram, level const[SOL_IEEE802154], opt const[WPAN_WANTACK], val ptr[out, int32], len ptr[inout, bytesize[val, int32]]) +getsockopt$WPAN_WANTLQI(fd sock_802154_dgram, level const[SOL_IEEE802154], opt const[WPAN_WANTLQI], val ptr[out, int32], len ptr[inout, bytesize[val, int32]]) +getsockopt$WPAN_SECURITY(fd sock_802154_dgram, level const[SOL_IEEE802154], opt const[WPAN_SECURITY], val ptr[out, int32], len ptr[inout, bytesize[val, int32]]) +getsockopt$WPAN_SECURITY_LEVEL(fd sock_802154_dgram, level const[SOL_IEEE802154], opt const[WPAN_SECURITY_LEVEL], val ptr[out, int32], len ptr[inout, bytesize[val, int32]]) + +resource genl_nl802154_family_id[int16] +resource ieee802154_ifindex[int32] +type msghdr_nl802154[CMD, POLICY] msghdr_netlink[netlink_msg_t[genl_nl802154_family_id, genlmsghdr_t[CMD], POLICY]] + +syz_genetlink_get_family_id$nl802154(name ptr[in, string["nl802154"]], fd sock_nl_generic_init) genl_nl802154_family_id +ioctl$sock_SIOCGIFINDEX_802154(fd sock_nl_generic_init, cmd const[SIOCGIFINDEX], arg ptr[inout, ifreq_dev_t[ieee802154_dev_names, ieee802154_ifindex]]) + +sendmsg$NL802154_CMD_GET_WPAN_PHY(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_GET_WPAN_PHY, nl802154_policy_GET_WPAN_PHY]], f flags[send_flags]) +sendmsg$NL802154_CMD_GET_INTERFACE(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_GET_INTERFACE, nl802154_policy_GET_INTERFACE]], f flags[send_flags]) +sendmsg$NL802154_CMD_NEW_INTERFACE(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_NEW_INTERFACE, nl802154_policy_NEW_INTERFACE]], f flags[send_flags]) +# This is disabled as we only have 2 global hwsim devices, if we delete them we are out of devices. +# sendmsg$NL802154_CMD_DEL_INTERFACE(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_DEL_INTERFACE, nl802154_policy_DEL_INTERFACE]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_CHANNEL(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_CHANNEL, nl802154_policy_SET_CHANNEL]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_CCA_MODE(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_CCA_MODE, nl802154_policy_SET_CCA_MODE]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_CCA_ED_LEVEL, nl802154_policy_SET_CCA_ED_LEVEL]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_TX_POWER(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_TX_POWER, nl802154_policy_SET_TX_POWER]], f flags[send_flags]) +# This may be more harmful than useful. Once we move the device from init ns, we won't be able to test it anymore... +sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_WPAN_PHY_NETNS, nl802154_policy_SET_WPAN_PHY_NETNS]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_PAN_ID(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_PAN_ID, nl802154_policy_SET_PAN_ID]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_SHORT_ADDR(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_SHORT_ADDR, nl802154_policy_SET_SHORT_ADDR]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_BACKOFF_EXPONENT, nl802154_policy_SET_BACKOFF_EXPONENT]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_MAX_CSMA_BACKOFFS, nl802154_policy_SET_MAX_CSMA_BACKOFFS]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_MAX_FRAME_RETRIES, nl802154_policy_SET_MAX_FRAME_RETRIES]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_LBT_MODE(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_LBT_MODE, nl802154_policy_SET_LBT_MODE]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_ACKREQ_DEFAULT, nl802154_policy_SET_ACKREQ_DEFAULT]], f flags[send_flags]) +sendmsg$NL802154_CMD_SET_SEC_PARAMS(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_SET_SEC_PARAMS, nl802154_policy_SET_SEC_PARAMS]], f flags[send_flags]) +sendmsg$NL802154_CMD_GET_SEC_KEY(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_GET_SEC_KEY, nl802154_policy_GET_SEC_KEY]], f flags[send_flags]) +sendmsg$NL802154_CMD_NEW_SEC_KEY(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_NEW_SEC_KEY, nl802154_policy_NEW_SEC_KEY]], f flags[send_flags]) +sendmsg$NL802154_CMD_DEL_SEC_KEY(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_DEL_SEC_KEY, nl802154_policy_DEL_SEC_KEY]], f flags[send_flags]) +sendmsg$NL802154_CMD_GET_SEC_DEV(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_GET_SEC_DEV, nl802154_policy_GET_SEC_DEV]], f flags[send_flags]) +sendmsg$NL802154_CMD_NEW_SEC_DEV(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_NEW_SEC_DEV, nl802154_policy_NEW_SEC_DEV]], f flags[send_flags]) +sendmsg$NL802154_CMD_DEL_SEC_DEV(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_DEL_SEC_DEV, nl802154_policy_DEL_SEC_DEV]], f flags[send_flags]) +sendmsg$NL802154_CMD_GET_SEC_DEVKEY(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_GET_SEC_DEVKEY, nl802154_policy_GET_SEC_DEVKEY]], f flags[send_flags]) +sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_NEW_SEC_DEVKEY, nl802154_policy_NEW_SEC_DEVKEY]], f flags[send_flags]) +sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_DEL_SEC_DEVKEY, nl802154_policy_DEL_SEC_DEVKEY]], f flags[send_flags]) +sendmsg$NL802154_CMD_GET_SEC_LEVEL(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_GET_SEC_LEVEL, nl802154_policy_GET_SEC_LEVEL]], f flags[send_flags]) +sendmsg$NL802154_CMD_NEW_SEC_LEVEL(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_NEW_SEC_LEVEL, nl802154_policy_NEW_DEL_SEC_LEVEL]], f flags[send_flags]) +sendmsg$NL802154_CMD_DEL_SEC_LEVEL(fd sock_nl_generic_init, msg ptr[in, msghdr_nl802154[NL802154_CMD_DEL_SEC_LEVEL, nl802154_policy_NEW_DEL_SEC_LEVEL]], f flags[send_flags]) + +nl802154_policy_GET_WPAN_PHY [ + NL802154_ATTR_WPAN_PHY nlattr[NL802154_ATTR_WPAN_PHY, flags[ieee802154_phy_index, int32]] + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] +] [varlen] + +nl802154_policy_GET_INTERFACE [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] +] [varlen] + +nl802154_policy_NEW_INTERFACE [ + NL802154_ATTR_WPAN_PHY nlattr[NL802154_ATTR_WPAN_PHY, flags[ieee802154_phy_index, int32]] + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_IFNAME nlattr[NL802154_ATTR_IFNAME, string[ieee802154_dev_names]] + NL802154_ATTR_IFTYPE nlattr[NL802154_ATTR_IFTYPE, flags[nl802154_iftype, int32]] + NL802154_ATTR_EXTENDED_ADDR nlattr[NL802154_ATTR_EXTENDED_ADDR, ieee802154_hwaddr] +] [varlen] + +nl802154_iftype = NL802154_IFTYPE_UNSPEC, NL802154_IFTYPE_NODE, NL802154_IFTYPE_MONITOR, NL802154_IFTYPE_COORD + +#nl802154_policy_DEL_INTERFACE [ +# NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] +# NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] +#] [varlen] + +nl802154_policy_SET_CHANNEL [ + NL802154_ATTR_WPAN_PHY nlattr[NL802154_ATTR_WPAN_PHY, flags[ieee802154_phy_index, int32]] + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_PAGE nlattr[NL802154_ATTR_PAGE, int8[0:IEEE802154_MAX_PAGE]] + NL802154_ATTR_CHANNEL nlattr[NL802154_ATTR_CHANNEL, int8[0:IEEE802154_MAX_CHANNEL]] +] [varlen] + +nl802154_policy_SET_CCA_MODE [ + NL802154_ATTR_WPAN_PHY nlattr[NL802154_ATTR_WPAN_PHY, flags[ieee802154_phy_index, int32]] + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_CCA_MODE nlattr[NL802154_ATTR_CCA_MODE, flags[nl802154_cca_modes, int32]] + NL802154_ATTR_CCA_OPT nlattr[NL802154_ATTR_CCA_OPT, flags[nl802154_cca_opts, int32]] +] [varlen] + +nl802154_cca_modes = NL802154_CCA_ENERGY, NL802154_CCA_CARRIER, NL802154_CCA_ENERGY_CARRIER, NL802154_CCA_ALOHA, NL802154_CCA_UWB_SHR, NL802154_CCA_UWB_MULTIPLEXED +nl802154_cca_opts = NL802154_CCA_OPT_ENERGY_CARRIER_AND, NL802154_CCA_OPT_ENERGY_CARRIER_OR + +nl802154_policy_SET_CCA_ED_LEVEL [ + NL802154_ATTR_WPAN_PHY nlattr[NL802154_ATTR_WPAN_PHY, flags[ieee802154_phy_index, int32]] + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_CCA_ED_LEVEL nlattr[NL802154_ATTR_CCA_ED_LEVEL, int32[0:16]] +] [varlen] + +nl802154_policy_SET_TX_POWER [ + NL802154_ATTR_WPAN_PHY nlattr[NL802154_ATTR_WPAN_PHY, flags[ieee802154_phy_index, int32]] + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_TX_POWER nlattr[NL802154_ATTR_TX_POWER, int32] +] [varlen] + +nl802154_policy_SET_WPAN_PHY_NETNS [ + NL802154_ATTR_WPAN_PHY nlattr[NL802154_ATTR_WPAN_PHY, flags[ieee802154_phy_index, int32]] + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_PID nlattr[NL802154_ATTR_PID, pid] + NL802154_ATTR_NETNS_FD nlattr[NL802154_ATTR_NETNS_FD, fd_namespace] +] [varlen] + +nl802154_policy_SET_PAN_ID [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_PAN_ID nlattr[NL802154_ATTR_PAN_ID, flags[ieee802154_pan_id, int16]] +] [varlen] + +nl802154_policy_SET_SHORT_ADDR [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_SHORT_ADDR nlattr[NL802154_ATTR_SHORT_ADDR, flags[ieee802154_short_addr, int16]] +] [varlen] + +nl802154_policy_SET_BACKOFF_EXPONENT [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_MIN_BE nlattr[NL802154_ATTR_MIN_BE, int8] + NL802154_ATTR_MAX_BE nlattr[NL802154_ATTR_MAX_BE, int8] +] [varlen] + +nl802154_policy_SET_MAX_CSMA_BACKOFFS [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_MAX_CSMA_BACKOFFS nlattr[NL802154_ATTR_MAX_CSMA_BACKOFFS, int8] +] [varlen] + +nl802154_policy_SET_MAX_FRAME_RETRIES [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_MAX_FRAME_RETRIES nlattr[NL802154_ATTR_MAX_FRAME_RETRIES, int8] +] [varlen] + +nl802154_policy_SET_LBT_MODE [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_LBT_MODE nlattr[NL802154_ATTR_LBT_MODE, bool8] +] [varlen] + +nl802154_policy_SET_ACKREQ_DEFAULT [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_ACKREQ_DEFAULT nlattr[NL802154_ATTR_ACKREQ_DEFAULT, bool8] +] [varlen] + +nl802154_policy_SET_SEC_PARAMS [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_SEC_ENABLED nlattr[NL802154_ATTR_SEC_ENABLED, bool8] + NL802154_ATTR_SEC_OUT_KEY_ID nlnest[NL802154_ATTR_SEC_OUT_KEY_ID, array[nl802154_key_id_policy]] + NL802154_ATTR_SEC_OUT_LEVEL nlattr[NL802154_ATTR_SEC_OUT_LEVEL, int32[0:NL802154_SECLEVEL_MAX]] + NL802154_ATTR_SEC_FRAME_COUNTER nlattr[NL802154_ATTR_SEC_FRAME_COUNTER, int32] +] [varlen] + +nl802154_policy_GET_SEC_KEY [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] +] [varlen] + +nl802154_policy_NEW_SEC_KEY [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_SEC_KEY nlnest[NL802154_ATTR_SEC_KEY, array[nl802154_key_policy]] +] [varlen] + +nl802154_key_policy [ + NL802154_KEY_ATTR_ID nlnest[NL802154_KEY_ATTR_ID, array[nl802154_key_id_policy]] + NL802154_KEY_ATTR_USAGE_FRAMES nlattr[NL802154_KEY_ATTR_USAGE_FRAMES, int8] + NL802154_KEY_ATTR_USAGE_CMDS nlattr[NL802154_KEY_ATTR_USAGE_CMDS, array[int8, 32]] + NL802154_KEY_ATTR_BYTES nlattr[NL802154_KEY_ATTR_BYTES, array[int8, NL802154_KEY_SIZE]] +] [varlen] + +nl802154_key_id_policy [ + NL802154_KEY_ID_ATTR_MODE nlattr[NL802154_KEY_ID_ATTR_MODE, int32[0:NL802154_KEY_ID_MODE_MAX]] + NL802154_KEY_ID_ATTR_INDEX nlattr[NL802154_KEY_ID_ATTR_INDEX, flags[ieee802154_scf_key, int8]] + NL802154_KEY_ID_ATTR_IMPLICIT nlnest[NL802154_KEY_ID_ATTR_IMPLICIT, array[nl802154_dev_addr_policy]] + NL802154_KEY_ID_ATTR_SOURCE_SHORT nlattr[NL802154_KEY_ID_ATTR_SOURCE_SHORT, int32] + NL802154_KEY_ID_ATTR_SOURCE_EXTENDED nlattr[NL802154_KEY_ID_ATTR_SOURCE_EXTENDED, int64] +] [varlen] + +nl802154_dev_addr_policy [ + NL802154_DEV_ADDR_ATTR_PAN_ID nlattr[NL802154_DEV_ADDR_ATTR_PAN_ID, flags[ieee802154_pan_id, int16]] + NL802154_DEV_ADDR_ATTR_MODE nlattr[NL802154_DEV_ADDR_ATTR_MODE, int32[0:NL802154_DEV_ADDR_MAX]] + NL802154_DEV_ADDR_ATTR_SHORT nlattr[NL802154_DEV_ADDR_ATTR_SHORT, flags[ieee802154_short_addr, int16]] + NL802154_DEV_ADDR_ATTR_EXTENDED nlattr[NL802154_DEV_ADDR_ATTR_EXTENDED, ieee802154_hwaddr] +] [varlen] + +nl802154_policy_DEL_SEC_KEY [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_SEC_KEY nlnest[NL802154_ATTR_SEC_KEY, array[nl802154_key_policy]] +] [varlen] + +nl802154_policy_GET_SEC_DEV [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] +] [varlen] + +nl802154_policy_NEW_SEC_DEV [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_SEC_DEVICE nlnest[NL802154_ATTR_SEC_DEVICE, array[nl802154_dev_policy]] +] [varlen] + +nl802154_dev_policy [ + NL802154_DEV_ATTR_FRAME_COUNTER nlattr[NL802154_DEV_ATTR_FRAME_COUNTER, int16] + NL802154_DEV_ATTR_PAN_ID nlattr[NL802154_DEV_ATTR_PAN_ID, flags[ieee802154_pan_id, int16]] + NL802154_DEV_ATTR_SHORT_ADDR nlattr[NL802154_DEV_ATTR_SHORT_ADDR, flags[ieee802154_short_addr, int16]] + NL802154_DEV_ATTR_EXTENDED_ADDR nlattr[NL802154_DEV_ATTR_EXTENDED_ADDR, ieee802154_hwaddr] + NL802154_DEV_ATTR_SECLEVEL_EXEMPT nlattr[NL802154_DEV_ATTR_SECLEVEL_EXEMPT, bool8] + NL802154_DEV_ATTR_KEY_MODE nlattr[NL802154_DEV_ATTR_KEY_MODE, int32[0:NL802154_DEVKEY_MAX]] +] [varlen] + +nl802154_policy_DEL_SEC_DEV [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_SEC_DEVICE nlnest[NL802154_ATTR_SEC_DEVICE, nlattr[NL802154_DEV_ATTR_EXTENDED_ADDR, ieee802154_hwaddr]] +] [varlen] + +nl802154_policy_GET_SEC_DEVKEY [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] +] [varlen] + +nl802154_policy_NEW_SEC_DEVKEY [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_SEC_DEVKEY nlnest[NL802154_ATTR_SEC_DEVKEY, array[nl802154_devkey_policy]] +] [varlen] + +nl802154_devkey_policy [ + NL802154_DEVKEY_ATTR_FRAME_COUNTER nlattr[NL802154_DEVKEY_ATTR_FRAME_COUNTER, int32] + NL802154_DEVKEY_ATTR_EXTENDED_ADDR nlattr[NL802154_DEVKEY_ATTR_EXTENDED_ADDR, ieee802154_hwaddr] + NL802154_DEVKEY_ATTR_ID nlnest[NL802154_DEVKEY_ATTR_ID, array[nl802154_key_id_policy]] +] [varlen] + +nl802154_policy_DEL_SEC_DEVKEY [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_SEC_DEVKEY nlnest[NL802154_ATTR_SEC_DEVKEY, array[nl802154_devkey_policy]] +] [varlen] + +nl802154_policy_GET_SEC_LEVEL [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] +] [varlen] + +nl802154_policy_NEW_DEL_SEC_LEVEL [ + NL802154_ATTR_IFINDEX nlattr[NL802154_ATTR_IFINDEX, ieee802154_ifindex] + NL802154_ATTR_WPAN_DEV nlattr[NL802154_ATTR_WPAN_DEV, flags[ieee802154_dev_index, int64]] + NL802154_ATTR_SEC_LEVEL nlnest[NL802154_ATTR_SEC_LEVEL, array[nl802154_seclevel_policy]] +] [varlen] + +nl802154_seclevel_policy [ + NL802154_SECLEVEL_ATTR_LEVELS nlattr[NL802154_SECLEVEL_ATTR_LEVELS, int8] + NL802154_SECLEVEL_ATTR_FRAME nlattr[NL802154_SECLEVEL_ATTR_FRAME, int32[0:NL802154_FRAME_MAX]] + NL802154_SECLEVEL_ATTR_CMD_FRAME nlattr[NL802154_SECLEVEL_ATTR_CMD_FRAME, int32[0:NL802154_CMD_FRAME_MAX]] + NL802154_SECLEVEL_ATTR_DEV_OVERRIDE nlattr[NL802154_SECLEVEL_ATTR_DEV_OVERRIDE, bool8] +] [varlen] + +resource genl_ieee802154_family_id[int16] +type msghdr_ieee802154[CMD, POLICY] msghdr_netlink[netlink_msg_t[genl_ieee802154_family_id, genlmsghdr_t[CMD], POLICY]] + +syz_genetlink_get_family_id$ieee802154(name ptr[in, string["802.15.4 MAC"]], fd sock_nl_generic_init) genl_ieee802154_family_id + +sendmsg$IEEE802154_LIST_PHY(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LIST_PHY, void]], f flags[send_flags]) +sendmsg$IEEE802154_ADD_IFACE(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_ADD_IFACE, ieee802154_policy_ADD_IFACE]], f flags[send_flags]) +# This is disabled as we only have 2 global hwsim devices, if we delete them we are out of devices. +# sendmsg$IEEE802154_DEL_IFACE(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_DEL_IFACE, ieee802154_policy_DEL_IFACE]], f flags[send_flags]) +sendmsg$IEEE802154_ASSOCIATE_REQ(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_ASSOCIATE_REQ, ieee802154_policy_ASSOCIATE_REQ]], f flags[send_flags]) +sendmsg$IEEE802154_ASSOCIATE_RESP(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_ASSOCIATE_RESP, ieee802154_policy_ASSOCIATE_RESP]], f flags[send_flags]) +sendmsg$IEEE802154_DISASSOCIATE_REQ(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_DISASSOCIATE_REQ, ieee802154_policy_DISASSOCIATE_REQ]], f flags[send_flags]) +sendmsg$IEEE802154_SCAN_REQ(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_SCAN_REQ, ieee802154_policy_SCAN_REQ]], f flags[send_flags]) +sendmsg$IEEE802154_START_REQ(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_START_REQ, ieee802154_policy_START_REQ]], f flags[send_flags]) +sendmsg$IEEE802154_LIST_IFACE(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LIST_IFACE, ieee802154_policy_LIST_IFACE]], f flags[send_flags]) +sendmsg$IEEE802154_SET_MACPARAMS(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_SET_MACPARAMS, ieee802154_policy_SET_MACPARAMS]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_GETPARAMS(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_GETPARAMS, ieee802154_policy_LLSEC_GETPARAMS]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_SETPARAMS(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_SETPARAMS, ieee802154_policy_LLSEC_SETPARAMS]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_LIST_KEY(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_LIST_KEY, void]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_ADD_KEY(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_ADD_KEY, ieee802154_policy_LLSEC_ADD_KEY]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_DEL_KEY(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_DEL_KEY, ieee802154_policy_LLSEC_DEL_KEY]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_LIST_DEV(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_LIST_DEV, void]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_ADD_DEV(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_ADD_DEV, ieee802154_policy_LLSEC_ADD_DEV]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_DEL_DEV(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_DEL_DEV, ieee802154_policy_LLSEC_DEL_DEV]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_LIST_DEVKEY, void]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_ADD_DEVKEY, ieee802154_policy_LLSEC_ADD_DEVKEY]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_DEL_DEVKEY, ieee802154_policy_LLSEC_DEL_DEVKEY]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_LIST_SECLEVEL, void]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_ADD_SECLEVEL, ieee802154_policy_LLSEC_ADD_DEL_SECLEVEL]], f flags[send_flags]) +sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(fd sock_nl_generic_init, msg ptr[in, msghdr_ieee802154[IEEE802154_LLSEC_DEL_SECLEVEL, ieee802154_policy_LLSEC_ADD_DEL_SECLEVEL]], f flags[send_flags]) + +ieee802154_policy_ADD_IFACE [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_PHY_NAME nlattr[IEEE802154_ATTR_PHY_NAME, string[ieee802154_phy_names]] + IEEE802154_ATTR_HW_ADDR nlattr[IEEE802154_ATTR_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_DEV_TYPE nlattr[IEEE802154_ATTR_DEV_TYPE, int8[IEEE802154_DEV_WPAN:IEEE802154_DEV_MONITOR]] +] [varlen] + +#ieee802154_policy_DEL_IFACE [ +# IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] +# IEEE802154_ATTR_PHY_NAME nlattr[IEEE802154_ATTR_PHY_NAME, string[ieee802154_phy_names]] +#] [varlen] + +ieee802154_policy_ASSOCIATE_REQ [ + IEEE802154_ATTR_CHANNEL nlattr[IEEE802154_ATTR_CHANNEL, int8[0:IEEE802154_MAX_CHANNEL]] + IEEE802154_ATTR_COORD_PAN_ID nlattr[IEEE802154_ATTR_COORD_PAN_ID, flags[ieee802154_pan_id, int16]] + IEEE802154_ATTR_COORD_HW_ADDR nlattr[IEEE802154_ATTR_COORD_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_COORD_SHORT_ADDR nlattr[IEEE802154_ATTR_COORD_SHORT_ADDR, flags[ieee802154_short_addr, int16]] + IEEE802154_ATTR_CAPABILITY nlattr[IEEE802154_ATTR_CAPABILITY, int8] + IEEE802154_ATTR_PAGE nlattr[IEEE802154_ATTR_PAGE, int8[0:IEEE802154_MAX_PAGE]] +] [varlen] + +ieee802154_policy_ASSOCIATE_RESP [ + IEEE802154_ATTR_STATUS nlattr[IEEE802154_ATTR_STATUS, int8] + IEEE802154_ATTR_COORD_HW_ADDR nlattr[IEEE802154_ATTR_COORD_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_COORD_SHORT_ADDR nlattr[IEEE802154_ATTR_COORD_SHORT_ADDR, flags[ieee802154_short_addr, int16]] +] [varlen] + +ieee802154_policy_DISASSOCIATE_REQ [ + IEEE802154_ATTR_REASON nlattr[IEEE802154_ATTR_REASON, int8] + IEEE802154_ATTR_COORD_HW_ADDR nlattr[IEEE802154_ATTR_COORD_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_COORD_SHORT_ADDR nlattr[IEEE802154_ATTR_COORD_SHORT_ADDR, flags[ieee802154_short_addr, int16]] +] [varlen] + +ieee802154_policy_SCAN_REQ [ + IEEE802154_ATTR_SCAN_TYPE nlattr[IEEE802154_ATTR_SCAN_TYPE, int8] + IEEE802154_ATTR_CHANNELS nlattr[IEEE802154_ATTR_CHANNELS, int32[0:IEEE802154_MAX_CHANNEL]] + IEEE802154_ATTR_DURATION nlattr[IEEE802154_ATTR_DURATION, int8] + IEEE802154_ATTR_PAGE nlattr[IEEE802154_ATTR_PAGE, int8[0:IEEE802154_MAX_PAGE]] +] [varlen] + +ieee802154_policy_START_REQ [ + IEEE802154_ATTR_COORD_PAN_ID nlattr[IEEE802154_ATTR_COORD_PAN_ID, flags[ieee802154_pan_id, int16]] + IEEE802154_ATTR_COORD_SHORT_ADDR nlattr[IEEE802154_ATTR_COORD_SHORT_ADDR, flags[ieee802154_short_addr, int16]] + IEEE802154_ATTR_CHANNEL nlattr[IEEE802154_ATTR_CHANNEL, int8[0:IEEE802154_MAX_CHANNEL]] + IEEE802154_ATTR_BCN_ORD nlattr[IEEE802154_ATTR_BCN_ORD, int8] + IEEE802154_ATTR_SF_ORD nlattr[IEEE802154_ATTR_SF_ORD, int8] + IEEE802154_ATTR_PAN_COORD nlattr[IEEE802154_ATTR_PAN_COORD, int8] + IEEE802154_ATTR_BAT_EXT nlattr[IEEE802154_ATTR_BAT_EXT, int8] + IEEE802154_ATTR_COORD_REALIGN nlattr[IEEE802154_ATTR_COORD_REALIGN, int8] + IEEE802154_ATTR_PAGE nlattr[IEEE802154_ATTR_PAGE, int8[0:IEEE802154_MAX_PAGE]] +] [varlen] + +ieee802154_policy_LIST_IFACE [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] +] [varlen] + +ieee802154_policy_SET_MACPARAMS [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] + IEEE802154_ATTR_LBT_ENABLED nlattr[IEEE802154_ATTR_LBT_ENABLED, bool8] + IEEE802154_ATTR_CCA_MODE nlattr[IEEE802154_ATTR_CCA_MODE, int8] + IEEE802154_ATTR_CCA_ED_LEVEL nlattr[IEEE802154_ATTR_CCA_ED_LEVEL, int32] + IEEE802154_ATTR_CSMA_RETRIES nlattr[IEEE802154_ATTR_CSMA_RETRIES, int8] + IEEE802154_ATTR_CSMA_MIN_BE nlattr[IEEE802154_ATTR_CSMA_MIN_BE, int8] + IEEE802154_ATTR_CSMA_MAX_BE nlattr[IEEE802154_ATTR_CSMA_MAX_BE, int8] + IEEE802154_ATTR_FRAME_RETRIES nlattr[IEEE802154_ATTR_FRAME_RETRIES, int8] + IEEE802154_ATTR_TXPOWER nlattr[IEEE802154_ATTR_TXPOWER, int8] +] [varlen] + +ieee802154_policy_LLSEC_GETPARAMS [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] +] [varlen] + +ieee802154_policy_LLSEC_SETPARAMS [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] + IEEE802154_ATTR_LLSEC_SECLEVEL nlattr[IEEE802154_ATTR_LLSEC_SECLEVEL, int8[0:7]] + IEEE802154_ATTR_LLSEC_ENABLED nlattr[IEEE802154_ATTR_LLSEC_ENABLED, bool8] + IEEE802154_ATTR_LLSEC_KEY_MODE nlattr[IEEE802154_ATTR_LLSEC_KEY_MODE, flags[ieee802154_scf_key, int8]] + IEEE802154_ATTR_PAN_ID nlattr[IEEE802154_ATTR_PAN_ID, flags[ieee802154_pan_id, int16]] + IEEE802154_ATTR_HW_ADDR nlattr[IEEE802154_ATTR_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_SHORT_ADDR nlattr[IEEE802154_ATTR_SHORT_ADDR, flags[ieee802154_short_addr, int16]] + IEEE802154_ATTR_LLSEC_KEY_ID nlattr[IEEE802154_ATTR_LLSEC_KEY_ID, int8] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT, int32] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED, ieee802154_hwaddr] + IEEE802154_ATTR_LLSEC_FRAME_COUNTER nlattr[IEEE802154_ATTR_LLSEC_FRAME_COUNTER, int32] +] [varlen] + +ieee802154_scf_key = IEEE802154_SCF_KEY_IMPLICIT, IEEE802154_SCF_KEY_INDEX, IEEE802154_SCF_KEY_SHORT_INDEX, IEEE802154_SCF_KEY_HW_INDEX + +ieee802154_policy_LLSEC_ADD_KEY [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] + IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES nlattr[IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES, int8] + IEEE802154_ATTR_LLSEC_KEY_BYTES nlattr[IEEE802154_ATTR_LLSEC_KEY_BYTES, array[int8, 16]] + IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS nlattr[IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS, array[int8, 32]] + IEEE802154_ATTR_LLSEC_KEY_MODE nlattr[IEEE802154_ATTR_LLSEC_KEY_MODE, flags[ieee802154_scf_key, int8]] + IEEE802154_ATTR_PAN_ID nlattr[IEEE802154_ATTR_PAN_ID, flags[ieee802154_pan_id, int16]] + IEEE802154_ATTR_HW_ADDR nlattr[IEEE802154_ATTR_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_SHORT_ADDR nlattr[IEEE802154_ATTR_SHORT_ADDR, flags[ieee802154_short_addr, int16]] + IEEE802154_ATTR_LLSEC_KEY_ID nlattr[IEEE802154_ATTR_LLSEC_KEY_ID, int8] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT, int32] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED, ieee802154_hwaddr] +] [varlen] + +ieee802154_policy_LLSEC_DEL_KEY [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] + IEEE802154_ATTR_LLSEC_KEY_MODE nlattr[IEEE802154_ATTR_LLSEC_KEY_MODE, flags[ieee802154_scf_key, int8]] + IEEE802154_ATTR_PAN_ID nlattr[IEEE802154_ATTR_PAN_ID, flags[ieee802154_pan_id, int16]] + IEEE802154_ATTR_HW_ADDR nlattr[IEEE802154_ATTR_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_SHORT_ADDR nlattr[IEEE802154_ATTR_SHORT_ADDR, flags[ieee802154_short_addr, int16]] + IEEE802154_ATTR_LLSEC_KEY_ID nlattr[IEEE802154_ATTR_LLSEC_KEY_ID, int8] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT, int32] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED, ieee802154_hwaddr] +] [varlen] + +ieee802154_policy_LLSEC_ADD_DEV [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] + IEEE802154_ATTR_LLSEC_FRAME_COUNTER nlattr[IEEE802154_ATTR_LLSEC_FRAME_COUNTER, int32] + IEEE802154_ATTR_HW_ADDR nlattr[IEEE802154_ATTR_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_SHORT_ADDR nlattr[IEEE802154_ATTR_SHORT_ADDR, flags[ieee802154_short_addr, int16]] + IEEE802154_ATTR_PAN_ID nlattr[IEEE802154_ATTR_PAN_ID, flags[ieee802154_pan_id, int16]] + IEEE802154_ATTR_LLSEC_DEV_OVERRIDE nlattr[IEEE802154_ATTR_LLSEC_DEV_OVERRIDE, bool8] + IEEE802154_ATTR_LLSEC_DEV_KEY_MODE nlattr[IEEE802154_ATTR_LLSEC_DEV_KEY_MODE, flags[ieee802154_devkey_mode, int8]] +] [varlen] + +ieee802154_devkey_mode = NL802154_DEVKEY_IGNORE, NL802154_DEVKEY_RESTRICT, NL802154_DEVKEY_RECORD + +ieee802154_policy_LLSEC_DEL_DEV [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] + IEEE802154_ATTR_HW_ADDR nlattr[IEEE802154_ATTR_HW_ADDR, ieee802154_hwaddr] +] [varlen] + +ieee802154_policy_LLSEC_ADD_DEVKEY [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] + IEEE802154_ATTR_LLSEC_FRAME_COUNTER nlattr[IEEE802154_ATTR_LLSEC_FRAME_COUNTER, int32] + IEEE802154_ATTR_HW_ADDR nlattr[IEEE802154_ATTR_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_LLSEC_KEY_MODE nlattr[IEEE802154_ATTR_LLSEC_KEY_MODE, flags[ieee802154_scf_key, int8]] + IEEE802154_ATTR_PAN_ID nlattr[IEEE802154_ATTR_PAN_ID, flags[ieee802154_pan_id, int16]] + IEEE802154_ATTR_SHORT_ADDR nlattr[IEEE802154_ATTR_SHORT_ADDR, flags[ieee802154_short_addr, int16]] + IEEE802154_ATTR_LLSEC_KEY_ID nlattr[IEEE802154_ATTR_LLSEC_KEY_ID, int8] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT, int32] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED, ieee802154_hwaddr] +] [varlen] + +ieee802154_policy_LLSEC_DEL_DEVKEY [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] + IEEE802154_ATTR_HW_ADDR nlattr[IEEE802154_ATTR_HW_ADDR, ieee802154_hwaddr] + IEEE802154_ATTR_LLSEC_KEY_MODE nlattr[IEEE802154_ATTR_LLSEC_KEY_MODE, flags[ieee802154_scf_key, int8]] + IEEE802154_ATTR_PAN_ID nlattr[IEEE802154_ATTR_PAN_ID, flags[ieee802154_pan_id, int16]] + IEEE802154_ATTR_SHORT_ADDR nlattr[IEEE802154_ATTR_SHORT_ADDR, flags[ieee802154_short_addr, int16]] + IEEE802154_ATTR_LLSEC_KEY_ID nlattr[IEEE802154_ATTR_LLSEC_KEY_ID, int8] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT, int32] + IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED nlattr[IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED, ieee802154_hwaddr] +] [varlen] + +ieee802154_policy_LLSEC_ADD_DEL_SECLEVEL [ + IEEE802154_ATTR_DEV_NAME nlattr[IEEE802154_ATTR_DEV_NAME, string[ieee802154_dev_names]] + IEEE802154_ATTR_DEV_INDEX nlattr[IEEE802154_ATTR_DEV_INDEX, ieee802154_ifindex] + IEEE802154_ATTR_LLSEC_FRAME_TYPE nlattr[IEEE802154_ATTR_LLSEC_FRAME_TYPE, int8] + IEEE802154_ATTR_LLSEC_SECLEVELS nlattr[IEEE802154_ATTR_LLSEC_SECLEVELS, int8] + IEEE802154_ATTR_LLSEC_DEV_OVERRIDE nlattr[IEEE802154_ATTR_LLSEC_DEV_OVERRIDE, bool8] + IEEE802154_ATTR_LLSEC_CMD_FRAME_ID nlattr[IEEE802154_ATTR_LLSEC_CMD_FRAME_ID, int8] +] [varlen] + +sockaddr_ieee802154 { + family const[AF_IEEE802154, int16] + addr ieee802154_addr_sa +} + +ieee802154_addr_sa [ + none ieee802154_addr_sa_t[IEEE802154_ADDR_NONE, void] + short ieee802154_addr_sa_t[IEEE802154_ADDR_SHORT, flags[ieee802154_short_addr, int16]] + long ieee802154_addr_sa_t[IEEE802154_ADDR_LONG, ieee802154_hwaddr] +] + +type ieee802154_addr_sa_t[TYP, ADDR] { + addr_type const[TYP, int32] + pan_id flags[ieee802154_pan_id, int16] + addr ADDR +} + +ieee802154_hwaddr { + val flags[ieee802154_hwaddrs, int64] +} [align[1]] + +msghdr_802154 { + addr ptr[in, sockaddr_ieee802154, opt] + addrlen len[addr, int32] + vec ptr[in, iovec[in, array[int8]]] + vlen const[1, intptr] + ctrl const[0, intptr] + ctrllen const[0, intptr] + f flags[send_flags, int32] +} + +# executor/common_linux.h:setup_802154 knowns about these constants. +ieee802154_short_addr = IEEE802154_ADDR_UNDEF, IEEE802154_ADDR_BROADCAST, 0, 0xaaa0, 0xaaa1, 0xaaa2, 0xaaa3 +# Note: the last byte (02) is some flags that need to have a particular value. +ieee802154_hwaddrs = 0, 0xaaaaaaaaaaaa0002, 0xaaaaaaaaaaaa0102, 0xaaaaaaaaaaaa0202, 0xaaaaaaaaaaaa0302 +ieee802154_dev_names = "wpan0", "wpan1", "wpan3", "wpan4" +ieee802154_phy_names = "phy0", "phy1", "phy2", "phy3" +ieee802154_phy_index = 0, 1, 2, 3 +ieee802154_dev_index = 0x0, 0x100000001, 0x200000002, 0x300000003, 0x2, 0x3 +ieee802154_pan_id = IEEE802154_PANID_BROADCAST, 0, 1, 2, 3 +ieee802154_security = WPAN_SECURITY_DEFAULT, WPAN_SECURITY_OFF, WPAN_SECURITY_ON diff --git a/sys/linux/socket_ieee802154.txt.const b/sys/linux/socket_ieee802154.txt.const new file mode 100644 index 000000000..7f0765bf2 --- /dev/null +++ b/sys/linux/socket_ieee802154.txt.const @@ -0,0 +1,211 @@ +# Code generated by syz-sysgen. DO NOT EDIT. +arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x +AF_IEEE802154 = 36 +IEEE802154_ADDR_BROADCAST = 65535 +IEEE802154_ADDR_LONG = 3 +IEEE802154_ADDR_NONE = 0 +IEEE802154_ADDR_SHORT = 2 +IEEE802154_ADDR_UNDEF = 65534 +IEEE802154_ADD_IFACE = 33 +IEEE802154_ASSOCIATE_REQ = 1 +IEEE802154_ASSOCIATE_RESP = 19 +IEEE802154_ATTR_BAT_EXT = 26 +IEEE802154_ATTR_BCN_ORD = 23 +IEEE802154_ATTR_CAPABILITY = 17 +IEEE802154_ATTR_CCA_ED_LEVEL = 36 +IEEE802154_ATTR_CCA_MODE = 35 +IEEE802154_ATTR_CHANNEL = 7 +IEEE802154_ATTR_CHANNELS = 20 +IEEE802154_ATTR_COORD_HW_ADDR = 9 +IEEE802154_ATTR_COORD_PAN_ID = 10 +IEEE802154_ATTR_COORD_REALIGN = 27 +IEEE802154_ATTR_COORD_SHORT_ADDR = 8 +IEEE802154_ATTR_CSMA_MAX_BE = 39 +IEEE802154_ATTR_CSMA_MIN_BE = 38 +IEEE802154_ATTR_CSMA_RETRIES = 37 +IEEE802154_ATTR_DEV_INDEX = 2 +IEEE802154_ATTR_DEV_NAME = 1 +IEEE802154_ATTR_DEV_TYPE = 32 +IEEE802154_ATTR_DURATION = 21 +IEEE802154_ATTR_FRAME_RETRIES = 40 +IEEE802154_ATTR_HW_ADDR = 5 +IEEE802154_ATTR_LBT_ENABLED = 34 +IEEE802154_ATTR_LLSEC_CMD_FRAME_ID = 52 +IEEE802154_ATTR_LLSEC_DEV_KEY_MODE = 55 +IEEE802154_ATTR_LLSEC_DEV_OVERRIDE = 54 +IEEE802154_ATTR_LLSEC_ENABLED = 41 +IEEE802154_ATTR_LLSEC_FRAME_COUNTER = 47 +IEEE802154_ATTR_LLSEC_FRAME_TYPE = 51 +IEEE802154_ATTR_LLSEC_KEY_BYTES = 48 +IEEE802154_ATTR_LLSEC_KEY_ID = 46 +IEEE802154_ATTR_LLSEC_KEY_MODE = 43 +IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED = 45 +IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT = 44 +IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS = 50 +IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES = 49 +IEEE802154_ATTR_LLSEC_SECLEVEL = 42 +IEEE802154_ATTR_LLSEC_SECLEVELS = 53 +IEEE802154_ATTR_PAGE = 29 +IEEE802154_ATTR_PAN_COORD = 25 +IEEE802154_ATTR_PAN_ID = 6 +IEEE802154_ATTR_PHY_NAME = 31 +IEEE802154_ATTR_REASON = 18 +IEEE802154_ATTR_SCAN_TYPE = 19 +IEEE802154_ATTR_SF_ORD = 24 +IEEE802154_ATTR_SHORT_ADDR = 4 +IEEE802154_ATTR_STATUS = 3 +IEEE802154_ATTR_TXPOWER = 33 +IEEE802154_DEV_MONITOR = 1 +IEEE802154_DEV_WPAN = 0 +IEEE802154_DISASSOCIATE_REQ = 3 +IEEE802154_LIST_IFACE = 31 +IEEE802154_LIST_PHY = 32 +IEEE802154_LLSEC_ADD_DEV = 42 +IEEE802154_LLSEC_ADD_DEVKEY = 45 +IEEE802154_LLSEC_ADD_KEY = 39 +IEEE802154_LLSEC_ADD_SECLEVEL = 48 +IEEE802154_LLSEC_DEL_DEV = 43 +IEEE802154_LLSEC_DEL_DEVKEY = 46 +IEEE802154_LLSEC_DEL_KEY = 40 +IEEE802154_LLSEC_DEL_SECLEVEL = 49 +IEEE802154_LLSEC_GETPARAMS = 36 +IEEE802154_LLSEC_LIST_DEV = 41 +IEEE802154_LLSEC_LIST_DEVKEY = 44 +IEEE802154_LLSEC_LIST_KEY = 38 +IEEE802154_LLSEC_LIST_SECLEVEL = 47 +IEEE802154_LLSEC_SETPARAMS = 37 +IEEE802154_MAX_CHANNEL = 26 +IEEE802154_MAX_PAGE = 31 +IEEE802154_PANID_BROADCAST = 65535 +IEEE802154_SCAN_REQ = 9 +IEEE802154_SCF_KEY_HW_INDEX = 3 +IEEE802154_SCF_KEY_IMPLICIT = 0 +IEEE802154_SCF_KEY_INDEX = 1 +IEEE802154_SCF_KEY_SHORT_INDEX = 2 +IEEE802154_SCF_SECLEVEL_ENC_MIC128 = 7 +IEEE802154_SET_MACPARAMS = 35 +IEEE802154_START_REQ = 13 +NL802154_ATTR_ACKREQ_DEFAULT = 26 +NL802154_ATTR_CCA_ED_LEVEL = 14 +NL802154_ATTR_CCA_MODE = 12 +NL802154_ATTR_CCA_OPT = 13 +NL802154_ATTR_CHANNEL = 8 +NL802154_ATTR_EXTENDED_ADDR = 23 +NL802154_ATTR_IFINDEX = 3 +NL802154_ATTR_IFNAME = 4 +NL802154_ATTR_IFTYPE = 5 +NL802154_ATTR_LBT_MODE = 19 +NL802154_ATTR_MAX_BE = 16 +NL802154_ATTR_MAX_CSMA_BACKOFFS = 18 +NL802154_ATTR_MAX_FRAME_RETRIES = 15 +NL802154_ATTR_MIN_BE = 17 +NL802154_ATTR_NETNS_FD = 29 +NL802154_ATTR_PAGE = 7 +NL802154_ATTR_PAN_ID = 9 +NL802154_ATTR_PID = 28 +NL802154_ATTR_SEC_DEVICE = 35 +NL802154_ATTR_SEC_DEVKEY = 36 +NL802154_ATTR_SEC_ENABLED = 30 +NL802154_ATTR_SEC_FRAME_COUNTER = 33 +NL802154_ATTR_SEC_KEY = 37 +NL802154_ATTR_SEC_LEVEL = 34 +NL802154_ATTR_SEC_OUT_KEY_ID = 32 +NL802154_ATTR_SEC_OUT_LEVEL = 31 +NL802154_ATTR_SHORT_ADDR = 10 +NL802154_ATTR_TX_POWER = 11 +NL802154_ATTR_WPAN_DEV = 6 +NL802154_ATTR_WPAN_PHY = 1 +NL802154_CCA_ALOHA = 4 +NL802154_CCA_CARRIER = 2 +NL802154_CCA_ENERGY = 1 +NL802154_CCA_ENERGY_CARRIER = 3 +NL802154_CCA_OPT_ENERGY_CARRIER_AND = 0 +NL802154_CCA_OPT_ENERGY_CARRIER_OR = 1 +NL802154_CCA_UWB_MULTIPLEXED = 6 +NL802154_CCA_UWB_SHR = 5 +NL802154_CMD_DEL_SEC_DEV = 27 +NL802154_CMD_DEL_SEC_DEVKEY = 30 +NL802154_CMD_DEL_SEC_KEY = 24 +NL802154_CMD_DEL_SEC_LEVEL = 33 +NL802154_CMD_FRAME_MAX = 9 +NL802154_CMD_GET_INTERFACE = 5 +NL802154_CMD_GET_SEC_DEV = 25 +NL802154_CMD_GET_SEC_DEVKEY = 28 +NL802154_CMD_GET_SEC_KEY = 22 +NL802154_CMD_GET_SEC_LEVEL = 31 +NL802154_CMD_GET_WPAN_PHY = 1 +NL802154_CMD_NEW_INTERFACE = 7 +NL802154_CMD_NEW_SEC_DEV = 26 +NL802154_CMD_NEW_SEC_DEVKEY = 29 +NL802154_CMD_NEW_SEC_KEY = 23 +NL802154_CMD_NEW_SEC_LEVEL = 32 +NL802154_CMD_SET_ACKREQ_DEFAULT = 19 +NL802154_CMD_SET_BACKOFF_EXPONENT = 16 +NL802154_CMD_SET_CCA_ED_LEVEL = 14 +NL802154_CMD_SET_CCA_MODE = 13 +NL802154_CMD_SET_CHANNEL = 9 +NL802154_CMD_SET_LBT_MODE = 18 +NL802154_CMD_SET_MAX_CSMA_BACKOFFS = 17 +NL802154_CMD_SET_MAX_FRAME_RETRIES = 15 +NL802154_CMD_SET_PAN_ID = 10 +NL802154_CMD_SET_SEC_PARAMS = 21 +NL802154_CMD_SET_SHORT_ADDR = 11 +NL802154_CMD_SET_TX_POWER = 12 +NL802154_CMD_SET_WPAN_PHY_NETNS = 20 +NL802154_DEVKEY_ATTR_EXTENDED_ADDR = 2 +NL802154_DEVKEY_ATTR_FRAME_COUNTER = 1 +NL802154_DEVKEY_ATTR_ID = 3 +NL802154_DEVKEY_IGNORE = 0 +NL802154_DEVKEY_MAX = 2 +NL802154_DEVKEY_RECORD = 2 +NL802154_DEVKEY_RESTRICT = 1 +NL802154_DEV_ADDR_ATTR_EXTENDED = 4 +NL802154_DEV_ADDR_ATTR_MODE = 2 +NL802154_DEV_ADDR_ATTR_PAN_ID = 1 +NL802154_DEV_ADDR_ATTR_SHORT = 3 +NL802154_DEV_ADDR_MAX = 3 +NL802154_DEV_ATTR_EXTENDED_ADDR = 4 +NL802154_DEV_ATTR_FRAME_COUNTER = 1 +NL802154_DEV_ATTR_KEY_MODE = 6 +NL802154_DEV_ATTR_PAN_ID = 2 +NL802154_DEV_ATTR_SECLEVEL_EXEMPT = 5 +NL802154_DEV_ATTR_SHORT_ADDR = 3 +NL802154_FRAME_MAX = 3 +NL802154_IFTYPE_COORD = 2 +NL802154_IFTYPE_MONITOR = 1 +NL802154_IFTYPE_NODE = 0 +NL802154_IFTYPE_UNSPEC = 18446744073709551615 +NL802154_KEY_ATTR_BYTES = 4 +NL802154_KEY_ATTR_ID = 1 +NL802154_KEY_ATTR_USAGE_CMDS = 3 +NL802154_KEY_ATTR_USAGE_FRAMES = 2 +NL802154_KEY_ID_ATTR_IMPLICIT = 3 +NL802154_KEY_ID_ATTR_INDEX = 2 +NL802154_KEY_ID_ATTR_MODE = 1 +NL802154_KEY_ID_ATTR_SOURCE_EXTENDED = 5 +NL802154_KEY_ID_ATTR_SOURCE_SHORT = 4 +NL802154_KEY_ID_MODE_MAX = 3 +NL802154_KEY_SIZE = 16 +NL802154_SECLEVEL_ATTR_CMD_FRAME = 3 +NL802154_SECLEVEL_ATTR_DEV_OVERRIDE = 4 +NL802154_SECLEVEL_ATTR_FRAME = 2 +NL802154_SECLEVEL_ATTR_LEVELS = 1 +NL802154_SECLEVEL_MAX = 7 +SIOCGIFINDEX = 35123 +SOCK_DGRAM = 2, mips64le:1 +SOCK_RAW = 3 +SOL_IEEE802154 = 0 +WPAN_SECURITY = 1 +WPAN_SECURITY_DEFAULT = 0 +WPAN_SECURITY_LEVEL = 2 +WPAN_SECURITY_LEVEL_DEFAULT = 18446744073709551615 +WPAN_SECURITY_OFF = 1 +WPAN_SECURITY_ON = 2 +WPAN_WANTACK = 0 +WPAN_WANTLQI = 3 +__NR_bind = 200, 386:s390x:361, amd64:49, arm:282, mips64le:5048, ppc64le:327 +__NR_connect = 203, 386:s390x:362, amd64:42, arm:283, mips64le:5041, ppc64le:328 +__NR_getsockopt = 209, 386:s390x:365, amd64:55, arm:295, mips64le:5054, ppc64le:340 +__NR_ioctl = 54, amd64:16, arm64:riscv64:29, mips64le:5015 +__NR_sendmsg = 211, 386:s390x:370, amd64:46, arm:296, mips64le:5045, ppc64le:341 +__NR_setsockopt = 208, 386:s390x:366, amd64:54, arm:294, mips64le:5053, ppc64le:339 diff --git a/sys/linux/socket_inet_l2tp.txt b/sys/linux/socket_inet_l2tp.txt index b283ea773..f5f7d0872 100644 --- a/sys/linux/socket_inet_l2tp.txt +++ b/sys/linux/socket_inet_l2tp.txt @@ -47,7 +47,7 @@ sockaddr_l2tpip6 { resource genl_l2tp_family_id[int16] type msghdr_nl_l2tp[CMD] msghdr_netlink[netlink_msg_t[genl_l2tp_family_id, genlmsghdr_t[CMD], l2tp_nl_policy]] -syz_genetlink_get_family_id$l2tp(name ptr[in, string["l2tp"]]) genl_l2tp_family_id +syz_genetlink_get_family_id$l2tp(name ptr[in, string["l2tp"]], fd sock_nl_generic) genl_l2tp_family_id sendmsg$L2TP_CMD_NOOP(fd sock_nl_generic, msg ptr[in, msghdr_nl_l2tp[L2TP_CMD_NOOP]], f flags[send_flags]) sendmsg$L2TP_CMD_TUNNEL_CREATE(fd sock_nl_generic, msg ptr[in, msghdr_nl_l2tp[L2TP_CMD_TUNNEL_CREATE]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic.txt b/sys/linux/socket_netlink_generic.txt index a4f64ac02..2f925733b 100644 --- a/sys/linux/socket_netlink_generic.txt +++ b/sys/linux/socket_netlink_generic.txt @@ -13,6 +13,20 @@ resource sock_nl_generic[sock_netlink] socket$nl_generic(domain const[AF_NETLINK], type const[SOCK_RAW], proto const[NETLINK_GENERIC]) sock_nl_generic +# This is NETLINK_GENERIC created in init_net namespace. Use with extreme care. +# It's very dangerous to use as it allows the fuzzer to bring down network connectivity +# and destroy the machine in other ways. But it's required for ieee802154 testing and +# some other netlink protocols that can be used only in init_net (.netnsok = false). +# It is specifically not derived from fd/sock, so that fuzzer does not try to use it other ways. +# However, it's still easy to abuse it since fd number is low and can easily be used +# as the result of race or something. If this proves to be problematic, we can either +# create a pseudo syscall that creates socket, moves it to a high fd and then changes namespace, +# and/or create a pseudo syscall that both creates the socket and send netlink message, +# or improve kernel to properly support namespaces for ieee802154. +resource sock_nl_generic_init[int32]: -1 + +syz_init_net_socket$nl_generic(domain const[AF_NETLINK], type const[SOCK_RAW], proto const[NETLINK_GENERIC]) sock_nl_generic_init + sendmsg$nl_generic(fd sock_nl_generic, msg ptr[in, msghdr_nl_generic], f flags[send_flags]) type msghdr_nl_generic msghdr_netlink[netlink_msg_t[netlink_random_msg_type, genlmsghdr, nl_generic_attr]] diff --git a/sys/linux/socket_netlink_generic_80211.txt b/sys/linux/socket_netlink_generic_80211.txt index 64cd222a3..7983492db 100644 --- a/sys/linux/socket_netlink_generic_80211.txt +++ b/sys/linux/socket_netlink_generic_80211.txt @@ -28,7 +28,7 @@ type msghdr_nl80211_rdev[CMD, POLICY] msghdr_nl80211[CMD, nl80211_rdev_payload, # TODO: fetch wiphy ids for devices created at executor initialization. Presently we're using small numbers in that hope that syzkaller will hit the right ones. type nl80211_wiphy int32[0:128] -syz_genetlink_get_family_id$nl80211(name ptr[in, string["nl80211"]]) nl80211_family_id +syz_genetlink_get_family_id$nl80211(name ptr[in, string["nl80211"]], fd sock_nl_generic) nl80211_family_id ioctl$sock_SIOCGIFINDEX_80211(fd sock, cmd const[SIOCGIFINDEX], arg ptr[inout, ifreq_dev_t[nl80211_devnames, nl80211_ifindex]]) sendmsg$NL80211_CMD_GET_WIPHY(fd sock_nl_generic, msg ptr[in, msghdr_nl80211_rdev[NL80211_CMD_GET_WIPHY, void]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_batadv.txt b/sys/linux/socket_netlink_generic_batadv.txt index 60fd39dea..6bfc147b0 100644 --- a/sys/linux/socket_netlink_generic_batadv.txt +++ b/sys/linux/socket_netlink_generic_batadv.txt @@ -9,7 +9,7 @@ include <uapi/linux/batman_adv.h> resource genl_batadv_family_id[int16] type msghdr_batadv[CMD] msghdr_netlink[netlink_msg_t[genl_batadv_family_id, genlmsghdr_t[CMD], batadv_netlink_policy]] -syz_genetlink_get_family_id$batadv(name ptr[in, string["batadv"]]) genl_batadv_family_id +syz_genetlink_get_family_id$batadv(name ptr[in, string["batadv"]], fd sock_nl_generic) genl_batadv_family_id sendmsg$BATADV_CMD_GET_MESH(fd sock_nl_generic, msg ptr[in, msghdr_batadv[BATADV_CMD_GET_MESH]], f flags[send_flags]) sendmsg$BATADV_CMD_TP_METER(fd sock_nl_generic, msg ptr[in, msghdr_batadv[BATADV_CMD_TP_METER]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_devlink.txt b/sys/linux/socket_netlink_generic_devlink.txt index 639ad9b3f..0e6dc7669 100644 --- a/sys/linux/socket_netlink_generic_devlink.txt +++ b/sys/linux/socket_netlink_generic_devlink.txt @@ -10,7 +10,7 @@ include <uapi/linux/genetlink.h> include <uapi/linux/devlink.h> resource genl_devlink_family_id[int16] -syz_genetlink_get_family_id$devlink(name ptr[in, string["devlink"]]) genl_devlink_family_id +syz_genetlink_get_family_id$devlink(name ptr[in, string["devlink"]], fd sock_nl_generic) genl_devlink_family_id type msghdr_nl_devlink[CMD, POLICY] msghdr_netlink[netlink_msg_t[genl_devlink_family_id, genlmsghdr_t[CMD], POLICY]] diff --git a/sys/linux/socket_netlink_generic_ethtool.txt b/sys/linux/socket_netlink_generic_ethtool.txt index c1eb3ed31..65a068f71 100644 --- a/sys/linux/socket_netlink_generic_ethtool.txt +++ b/sys/linux/socket_netlink_generic_ethtool.txt @@ -9,7 +9,7 @@ include <uapi/linux/ethtool_netlink.h> resource genl_ethtool_family_id[int16] type msghdr_ethtool[CMD, POLICY] msghdr_netlink[netlink_msg_t[genl_ethtool_family_id, genlmsghdr_t[CMD], POLICY]] -syz_genetlink_get_family_id$ethtool(name ptr[in, string["ethtool"]]) genl_ethtool_family_id +syz_genetlink_get_family_id$ethtool(name ptr[in, string["ethtool"]], fd sock_nl_generic) genl_ethtool_family_id sendmsg$ETHTOOL_MSG_STRSET_GET(fd sock_nl_generic, msg ptr[in, msghdr_ethtool[ETHTOOL_MSG_STRSET_GET, strset_get_policy]], f flags[send_flags]) sendmsg$ETHTOOL_MSG_LINKINFO_GET(fd sock_nl_generic, msg ptr[in, msghdr_ethtool[ETHTOOL_MSG_LINKINFO_GET, header_only_ethnl_policy[ETHTOOL_A_LINKINFO_HEADER]]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_fou.txt b/sys/linux/socket_netlink_generic_fou.txt index 49f449ad8..1fcf05457 100644 --- a/sys/linux/socket_netlink_generic_fou.txt +++ b/sys/linux/socket_netlink_generic_fou.txt @@ -11,7 +11,7 @@ include <uapi/linux/fou.h> resource genl_fou_family_id[int16] type msghdr_nl_fou[CMD] msghdr_netlink[netlink_msg_t[genl_fou_family_id, genlmsghdr_t[CMD], fou_nl_policy]] -syz_genetlink_get_family_id$fou(name ptr[in, string["fou"]]) genl_fou_family_id +syz_genetlink_get_family_id$fou(name ptr[in, string["fou"]], fd sock_nl_generic) genl_fou_family_id sendmsg$FOU_CMD_ADD(fd sock_nl_generic, msg ptr[in, msghdr_nl_fou[FOU_CMD_ADD]], f flags[send_flags]) sendmsg$FOU_CMD_DEL(fd sock_nl_generic, msg ptr[in, msghdr_nl_fou[FOU_CMD_DEL]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_gtp.txt b/sys/linux/socket_netlink_generic_gtp.txt index 918044ce8..287065d87 100644 --- a/sys/linux/socket_netlink_generic_gtp.txt +++ b/sys/linux/socket_netlink_generic_gtp.txt @@ -14,7 +14,7 @@ include <uapi/linux/gtp.h> resource genl_gtp_family_id[int16] type msghdr_nl_gtp[CMD] msghdr_netlink[netlink_msg_t[genl_gtp_family_id, genlmsghdr_t[CMD], gtp_genl_policy]] -syz_genetlink_get_family_id$gtp(name ptr[in, string["gtp"]]) genl_gtp_family_id +syz_genetlink_get_family_id$gtp(name ptr[in, string["gtp"]], fd sock_nl_generic) genl_gtp_family_id sendmsg$GTP_CMD_NEWPDP(fd sock_nl_generic, msg ptr[in, msghdr_nl_gtp[GTP_CMD_NEWPDP]], f flags[send_flags]) sendmsg$GTP_CMD_DELPDP(fd sock_nl_generic, msg ptr[in, msghdr_nl_gtp[GTP_CMD_DELPDP]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_mptcp.txt b/sys/linux/socket_netlink_generic_mptcp.txt index a0ea0351a..c0ef24711 100644 --- a/sys/linux/socket_netlink_generic_mptcp.txt +++ b/sys/linux/socket_netlink_generic_mptcp.txt @@ -11,7 +11,7 @@ include <uapi/linux/mptcp.h> resource genl_mptcp_family_id[int16] type msghdr_nl_mptcp[CMD] msghdr_netlink[netlink_msg_t[genl_mptcp_family_id, genlmsghdr_t[CMD], mptcp_pm_policy]] -syz_genetlink_get_family_id$mptcp(name ptr[in, string["mptcp_pm"]]) genl_mptcp_family_id +syz_genetlink_get_family_id$mptcp(name ptr[in, string["mptcp_pm"]], fd sock_nl_generic) genl_mptcp_family_id sendmsg$MPTCP_PM_CMD_ADD_ADDR(fd sock_nl_generic, msg ptr[in, msghdr_nl_mptcp[MPTCP_PM_CMD_ADD_ADDR]], f flags[send_flags]) sendmsg$MPTCP_PM_CMD_DEL_ADDR(fd sock_nl_generic, msg ptr[in, msghdr_nl_mptcp[MPTCP_PM_CMD_DEL_ADDR]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_net_dm.txt b/sys/linux/socket_netlink_generic_net_dm.txt index f1fd4cde4..9bb9af274 100644 --- a/sys/linux/socket_netlink_generic_net_dm.txt +++ b/sys/linux/socket_netlink_generic_net_dm.txt @@ -11,7 +11,7 @@ include <uapi/linux/net_dropmon.h> resource genl_net_dm_family_id[int16] type msghdr_nl_net_dm[CMD] msghdr_netlink[netlink_msg_t[genl_net_dm_family_id, genlmsghdr_t[CMD], void]] -syz_genetlink_get_family_id$net_dm(name ptr[in, string["NET_DM"]]) genl_net_dm_family_id +syz_genetlink_get_family_id$net_dm(name ptr[in, string["NET_DM"]], fd sock_nl_generic_init) genl_net_dm_family_id -sendmsg$NET_DM_CMD_START(fd sock_nl_generic, msg ptr[in, msghdr_nl_net_dm[NET_DM_CMD_START]], f flags[send_flags]) -sendmsg$NET_DM_CMD_STOP(fd sock_nl_generic, msg ptr[in, msghdr_nl_net_dm[NET_DM_CMD_STOP]], f flags[send_flags]) +sendmsg$NET_DM_CMD_START(fd sock_nl_generic_init, msg ptr[in, msghdr_nl_net_dm[NET_DM_CMD_START]], f flags[send_flags]) +sendmsg$NET_DM_CMD_STOP(fd sock_nl_generic_init, msg ptr[in, msghdr_nl_net_dm[NET_DM_CMD_STOP]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_netlabel.txt b/sys/linux/socket_netlink_generic_netlabel.txt index 1891a8c40..1de6843ab 100644 --- a/sys/linux/socket_netlink_generic_netlabel.txt +++ b/sys/linux/socket_netlink_generic_netlabel.txt @@ -17,16 +17,16 @@ include <net/netlabel/netlabel_calipso.h> resource netlbl_mgmt_family_id[int16] type msghdr_netlbl_mgmt[CMD] msghdr_netlink[netlink_msg_t[netlbl_mgmt_family_id, genlmsghdr_t[CMD], netlbl_mgmt_genl_policy]] -syz_genetlink_get_family_id$netlbl_mgmt(name ptr[in, string["NLBL_MGMT"]]) netlbl_mgmt_family_id +syz_genetlink_get_family_id$netlbl_mgmt(name ptr[in, string["NLBL_MGMT"]], fd sock_nl_generic_init) netlbl_mgmt_family_id -sendmsg$NLBL_MGMT_C_ADD(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_ADD]], f flags[send_flags]) -sendmsg$NLBL_MGMT_C_REMOVE(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_REMOVE]], f flags[send_flags]) -sendmsg$NLBL_MGMT_C_LISTALL(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_LISTALL]], f flags[send_flags]) -sendmsg$NLBL_MGMT_C_ADDDEF(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_ADDDEF]], f flags[send_flags]) -sendmsg$NLBL_MGMT_C_REMOVEDEF(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_REMOVEDEF]], f flags[send_flags]) -sendmsg$NLBL_MGMT_C_LISTDEF(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_LISTDEF]], f flags[send_flags]) -sendmsg$NLBL_MGMT_C_PROTOCOLS(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_PROTOCOLS]], f flags[send_flags]) -sendmsg$NLBL_MGMT_C_VERSION(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_VERSION]], f flags[send_flags]) +sendmsg$NLBL_MGMT_C_ADD(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_ADD]], f flags[send_flags]) +sendmsg$NLBL_MGMT_C_REMOVE(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_REMOVE]], f flags[send_flags]) +sendmsg$NLBL_MGMT_C_LISTALL(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_LISTALL]], f flags[send_flags]) +sendmsg$NLBL_MGMT_C_ADDDEF(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_ADDDEF]], f flags[send_flags]) +sendmsg$NLBL_MGMT_C_REMOVEDEF(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_REMOVEDEF]], f flags[send_flags]) +sendmsg$NLBL_MGMT_C_LISTDEF(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_LISTDEF]], f flags[send_flags]) +sendmsg$NLBL_MGMT_C_PROTOCOLS(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_PROTOCOLS]], f flags[send_flags]) +sendmsg$NLBL_MGMT_C_VERSION(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_mgmt[NLBL_MGMT_C_VERSION]], f flags[send_flags]) netlbl_mgmt_genl_policy [ # NLBL_MGMT_A_VERSION, NLBL_MGMT_A_ADDRSELECTOR, NLBL_MGMT_A_SELECTORLIST are output. @@ -48,16 +48,16 @@ nlbl_mgmt_protocol = NETLBL_NLTYPE_UNLABELED, NETLBL_NLTYPE_CIPSOV4, NETLBL_NLTY resource netlbl_unlabel_family_id[int16] type msghdr_netlbl_unlabel[CMD] msghdr_netlink[netlink_msg_t[netlbl_unlabel_family_id, genlmsghdr_t[CMD], netlbl_unlabel_genl_policy]] -syz_genetlink_get_family_id$netlbl_unlabel(name ptr[in, string["NLBL_UNLBL"]]) netlbl_unlabel_family_id +syz_genetlink_get_family_id$netlbl_unlabel(name ptr[in, string["NLBL_UNLBL"]], fd sock_nl_generic_init) netlbl_unlabel_family_id -sendmsg$NLBL_UNLABEL_C_STATICADD(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICADD]], f flags[send_flags]) -sendmsg$NLBL_UNLABEL_C_STATICREMOVE(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICREMOVE]], f flags[send_flags]) -sendmsg$NLBL_UNLABEL_C_STATICLIST(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICLIST]], f flags[send_flags]) -sendmsg$NLBL_UNLABEL_C_STATICADDDEF(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICADDDEF]], f flags[send_flags]) -sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICREMOVEDEF]], f flags[send_flags]) -sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICLISTDEF]], f flags[send_flags]) -sendmsg$NLBL_UNLABEL_C_ACCEPT(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_ACCEPT]], f flags[send_flags]) -sendmsg$NLBL_UNLABEL_C_LIST(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_LIST]], f flags[send_flags]) +sendmsg$NLBL_UNLABEL_C_STATICADD(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICADD]], f flags[send_flags]) +sendmsg$NLBL_UNLABEL_C_STATICREMOVE(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICREMOVE]], f flags[send_flags]) +sendmsg$NLBL_UNLABEL_C_STATICLIST(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICLIST]], f flags[send_flags]) +sendmsg$NLBL_UNLABEL_C_STATICADDDEF(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICADDDEF]], f flags[send_flags]) +sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICREMOVEDEF]], f flags[send_flags]) +sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_STATICLISTDEF]], f flags[send_flags]) +sendmsg$NLBL_UNLABEL_C_ACCEPT(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_ACCEPT]], f flags[send_flags]) +sendmsg$NLBL_UNLABEL_C_LIST(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_unlabel[NLBL_UNLABEL_C_LIST]], f flags[send_flags]) netlbl_unlabel_genl_policy [ NLBL_UNLABEL_A_ACPTFLG nlattr[NLBL_UNLABEL_A_ACPTFLG, bool8] @@ -74,12 +74,12 @@ netlbl_unlabel_genl_policy [ resource netlbl_cipsov4_family_id[int16] type msghdr_netlbl_cipsov4[CMD] msghdr_netlink[netlink_msg_t[netlbl_cipsov4_family_id, genlmsghdr_t[CMD], netlbl_cipsov4_genl_policy]] -syz_genetlink_get_family_id$netlbl_cipso(name ptr[in, string["NLBL_CIPSOv4"]]) netlbl_cipsov4_family_id +syz_genetlink_get_family_id$netlbl_cipso(name ptr[in, string["NLBL_CIPSOv4"]], fd sock_nl_generic_init) netlbl_cipsov4_family_id -sendmsg$NLBL_CIPSOV4_C_ADD(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_cipsov4[NLBL_CIPSOV4_C_ADD]], f flags[send_flags]) -sendmsg$NLBL_CIPSOV4_C_REMOVE(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_cipsov4[NLBL_CIPSOV4_C_REMOVE]], f flags[send_flags]) -sendmsg$NLBL_CIPSOV4_C_LIST(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_cipsov4[NLBL_CIPSOV4_C_LIST]], f flags[send_flags]) -sendmsg$NLBL_CIPSOV4_C_LISTALL(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_cipsov4[NLBL_CIPSOV4_C_LISTALL]], f flags[send_flags]) +sendmsg$NLBL_CIPSOV4_C_ADD(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_cipsov4[NLBL_CIPSOV4_C_ADD]], f flags[send_flags]) +sendmsg$NLBL_CIPSOV4_C_REMOVE(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_cipsov4[NLBL_CIPSOV4_C_REMOVE]], f flags[send_flags]) +sendmsg$NLBL_CIPSOV4_C_LIST(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_cipsov4[NLBL_CIPSOV4_C_LIST]], f flags[send_flags]) +sendmsg$NLBL_CIPSOV4_C_LISTALL(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_cipsov4[NLBL_CIPSOV4_C_LISTALL]], f flags[send_flags]) netlbl_cipsov4_genl_policy [ NLBL_CIPSOV4_A_DOI nlattr[NLBL_CIPSOV4_A_DOI, flags[cipso_doi, int32]] @@ -107,12 +107,12 @@ cipsov4_tags = CIPSO_V4_TAG_INVALID, CIPSO_V4_TAG_RBITMAP, CIPSO_V4_TAG_ENUM, CI resource netlbl_calipso_family_id[int16] type msghdr_netlbl_calipso[CMD] msghdr_netlink[netlink_msg_t[netlbl_calipso_family_id, genlmsghdr_t[CMD], calipso_genl_policy]] -syz_genetlink_get_family_id$netlbl_calipso(name ptr[in, string["NLBL_CALIPSO"]]) netlbl_calipso_family_id +syz_genetlink_get_family_id$netlbl_calipso(name ptr[in, string["NLBL_CALIPSO"]], fd sock_nl_generic_init) netlbl_calipso_family_id -sendmsg$NLBL_CALIPSO_C_ADD(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_calipso[NLBL_CALIPSO_C_ADD]], f flags[send_flags]) -sendmsg$NLBL_CALIPSO_C_REMOVE(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_calipso[NLBL_CALIPSO_C_REMOVE]], f flags[send_flags]) -sendmsg$NLBL_CALIPSO_C_LIST(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_calipso[NLBL_CALIPSO_C_LIST]], f flags[send_flags]) -sendmsg$NLBL_CALIPSO_C_LISTALL(fd sock_nl_generic, msg ptr[in, msghdr_netlbl_calipso[NLBL_CALIPSO_C_LISTALL]], f flags[send_flags]) +sendmsg$NLBL_CALIPSO_C_ADD(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_calipso[NLBL_CALIPSO_C_ADD]], f flags[send_flags]) +sendmsg$NLBL_CALIPSO_C_REMOVE(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_calipso[NLBL_CALIPSO_C_REMOVE]], f flags[send_flags]) +sendmsg$NLBL_CALIPSO_C_LIST(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_calipso[NLBL_CALIPSO_C_LIST]], f flags[send_flags]) +sendmsg$NLBL_CALIPSO_C_LISTALL(fd sock_nl_generic_init, msg ptr[in, msghdr_netlbl_calipso[NLBL_CALIPSO_C_LISTALL]], f flags[send_flags]) calipso_genl_policy [ NLBL_CALIPSO_A_DOI nlattr[NLBL_CALIPSO_A_DOI, flags[calipso_doi, int32]] diff --git a/sys/linux/socket_netlink_generic_seg6.txt b/sys/linux/socket_netlink_generic_seg6.txt index 488f56544..e9ff9affd 100644 --- a/sys/linux/socket_netlink_generic_seg6.txt +++ b/sys/linux/socket_netlink_generic_seg6.txt @@ -11,7 +11,7 @@ include <uapi/linux/seg6_genl.h> resource genl_seg6_family_id[int16] type msghdr_nl_seg6[CMD] msghdr_netlink[netlink_msg_t[genl_seg6_family_id, genlmsghdr_t[CMD], seg6_genl_policy]] -syz_genetlink_get_family_id$SEG6(name ptr[in, string["SEG6"]]) genl_seg6_family_id +syz_genetlink_get_family_id$SEG6(name ptr[in, string["SEG6"]], fd sock_nl_generic) genl_seg6_family_id sendmsg$SEG6_CMD_SETHMAC(fd sock_nl_generic, msg ptr[in, msghdr_nl_seg6[SEG6_CMD_SETHMAC]], f flags[send_flags]) sendmsg$SEG6_CMD_DUMPHMAC(fd sock_nl_generic, msg ptr[in, msghdr_nl_seg6[SEG6_CMD_DUMPHMAC]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_smc.txt b/sys/linux/socket_netlink_generic_smc.txt index 2c52c93a9..6e88a65fa 100644 --- a/sys/linux/socket_netlink_generic_smc.txt +++ b/sys/linux/socket_netlink_generic_smc.txt @@ -9,7 +9,7 @@ include <uapi/linux/smc.h> resource genl_smc_family_id[int16] type msghdr_nl_smc[CMD] msghdr_netlink[netlink_msg_t[genl_smc_family_id, genlmsghdr_t[CMD], smc_pnet_policy]] -syz_genetlink_get_family_id$smc(name ptr[in, string["SMC_PNETID"]]) genl_smc_family_id +syz_genetlink_get_family_id$smc(name ptr[in, string["SMC_PNETID"]], fd sock_nl_generic) genl_smc_family_id sendmsg$SMC_PNETID_GET(fd sock_nl_generic, msg ptr[in, msghdr_nl_smc[SMC_PNETID_GET]], f flags[send_flags]) sendmsg$SMC_PNETID_ADD(fd sock_nl_generic, msg ptr[in, msghdr_nl_smc[SMC_PNETID_ADD]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_team.txt b/sys/linux/socket_netlink_generic_team.txt index a622b5380..bf549224e 100644 --- a/sys/linux/socket_netlink_generic_team.txt +++ b/sys/linux/socket_netlink_generic_team.txt @@ -13,7 +13,7 @@ resource genl_team_family_id[int16] resource ifindex_team[ifindex] type msghdr_nl_team[CMD] msghdr_netlink[netlink_msg_t[genl_team_family_id, genlmsghdr_t[CMD], team_nl_policy]] -syz_genetlink_get_family_id$team(name ptr[in, string["team"]]) genl_team_family_id +syz_genetlink_get_family_id$team(name ptr[in, string["team"]], fd sock_nl_generic) genl_team_family_id ioctl$ifreq_SIOCGIFINDEX_team(fd sock, cmd const[SIOCGIFINDEX], arg ptr[inout, ifreq_dev_t["team0", ifindex_team]]) sendmsg$TEAM_CMD_NOOP(fd sock_nl_generic, msg ptr[in, msghdr_nl_team[TEAM_CMD_NOOP]], f flags[send_flags]) diff --git a/sys/linux/socket_netlink_generic_wireguard.txt b/sys/linux/socket_netlink_generic_wireguard.txt index ec13712c9..c315b9a5b 100644 --- a/sys/linux/socket_netlink_generic_wireguard.txt +++ b/sys/linux/socket_netlink_generic_wireguard.txt @@ -15,7 +15,7 @@ resource genl_wireguard_family_id[int16] type msghdr_wireguard[CMD] msghdr_netlink[netlink_msg_t[genl_wireguard_family_id, genlmsghdr_t[CMD], device_policy]] -syz_genetlink_get_family_id$wireguard(name ptr[in, string["wireguard"]]) genl_wireguard_family_id +syz_genetlink_get_family_id$wireguard(name ptr[in, string["wireguard"]], fd sock_nl_generic) genl_wireguard_family_id sendmsg$WG_CMD_GET_DEVICE(fd sock_nl_generic, msg ptr[in, msghdr_wireguard[WG_CMD_GET_DEVICE]], f flags[send_flags]) sendmsg$WG_CMD_SET_DEVICE(fd sock_nl_generic, msg ptr[in, msghdr_wireguard[WG_CMD_SET_DEVICE]], f flags[send_flags]) diff --git a/sys/linux/socket_tipc_netlink.txt b/sys/linux/socket_tipc_netlink.txt index 39704ea45..8093dea9e 100644 --- a/sys/linux/socket_tipc_netlink.txt +++ b/sys/linux/socket_tipc_netlink.txt @@ -9,7 +9,7 @@ type tipc_net_addr int32be resource genl_tipc_family_id[int16] -syz_genetlink_get_family_id$tipc(name ptr[in, string["TIPC"]]) genl_tipc_family_id +syz_genetlink_get_family_id$tipc(name ptr[in, string["TIPC"]], fd sock_nl_generic) genl_tipc_family_id sendmsg$TIPC_CMD_SET_LINK_TOL(fd sock_nl_generic, msg ptr[in, msghdr_nl_tipc[TIPC_CMD_SET_LINK_TOL, tipc_tlv_desc[TIPC_TLV_LINK_CONFIG, tipc_link_config]]], f flags[send_flags]) sendmsg$TIPC_CMD_SET_LINK_PRI(fd sock_nl_generic, msg ptr[in, msghdr_nl_tipc[TIPC_CMD_SET_LINK_PRI, tipc_tlv_desc[TIPC_TLV_LINK_CONFIG, tipc_link_config]]], f flags[send_flags]) @@ -102,7 +102,7 @@ tipc_aead_key { } resource genl_tipc2_family_id[int16] -syz_genetlink_get_family_id$tipc2(name ptr[in, string["TIPCv2"]]) genl_tipc2_family_id +syz_genetlink_get_family_id$tipc2(name ptr[in, string["TIPCv2"]], fd sock_nl_generic) genl_tipc2_family_id type msghdr_nl_tipc2[CMD] msghdr_netlink[netlink_msg_t[genl_tipc2_family_id, genlmsghdr_t[CMD], tipc_nl_policy]] diff --git a/sys/linux/test/80211_scan b/sys/linux/test/80211_scan index 32247fea3..8e5310795 100644 --- a/sys/linux/test/80211_scan +++ b/sys/linux/test/80211_scan @@ -1,7 +1,7 @@ # requires: -sandbox=namespace r0 = socket$nl_generic(0x10, 0x3, 0x10) -r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') +r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00', 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0}) # Set station mode for wlan1. diff --git a/sys/linux/test/80211_setup_ap b/sys/linux/test/80211_setup_ap index be18aa80c..7e15ee267 100644 --- a/sys/linux/test/80211_setup_ap +++ b/sys/linux/test/80211_setup_ap @@ -1,5 +1,5 @@ r0 = socket$nl_generic(0x10, 0x3, 0x10) -r1 = syz_genetlink_get_family_id$nl80211(&AUTO='nl80211\x00') +r1 = syz_genetlink_get_family_id$nl80211(&AUTO='nl80211\x00', 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &AUTO={'wlan0\x00', <r2=>0x0}) # Set AP mode for wlan0. diff --git a/sys/linux/test/80211_setup_mesh b/sys/linux/test/80211_setup_mesh index f7652f0a4..8ea51d705 100644 --- a/sys/linux/test/80211_setup_mesh +++ b/sys/linux/test/80211_setup_mesh @@ -1,5 +1,5 @@ r0 = socket$nl_generic(0x10, 0x3, 0x10) -r1 = syz_genetlink_get_family_id$nl80211(&AUTO='nl80211\x00') +r1 = syz_genetlink_get_family_id$nl80211(&AUTO='nl80211\x00', 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &AUTO={'wlan0\x00', <r2=>0x0}) # Set mesh mode for wlan0. diff --git a/sys/linux/test/80211_setup_station b/sys/linux/test/80211_setup_station index 6fb2d0225..89d84f747 100644 --- a/sys/linux/test/80211_setup_station +++ b/sys/linux/test/80211_setup_station @@ -1,7 +1,7 @@ # requires: -sandbox=namespace r0 = socket$nl_generic(0x10, 0x3, 0x10) -r1 = syz_genetlink_get_family_id$nl80211(&AUTO='nl80211\x00') +r1 = syz_genetlink_get_family_id$nl80211(&AUTO='nl80211\x00', 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &AUTO={'wlan1\x00', <r2=>0x0}) # Set station mode for wlan1. diff --git a/sys/linux/test/tipc b/sys/linux/test/tipc index 98424f23e..f002df653 100644 --- a/sys/linux/test/tipc +++ b/sys/linux/test/tipc @@ -1,5 +1,5 @@ # This badly crashes kernel, so for now sendmsg call is disabled. r0 = socket$nl_generic(0x10, 0x3, 0x10) -r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') +r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00', 0xffffffffffffffff) #sendmsg$TIPC_NL_BEARER_ENABLE(r0, &AUTO={0x0, 0x0, &AUTO={&AUTO={AUTO, r1, 0x1, 0x123, 0x234, {0x3, 0x0, 0x0}, [@TIPC_NLA_BEARER={AUTO, AUTO, [@TIPC_NLA_BEARER_NAME={AUTO, AUTO, @udp='udp:syz0'}, @TIPC_NLA_BEARER_UDP_OPTS={AUTO, AUTO, {{AUTO, AUTO, @in={AUTO, 0x4e20, @loopback=AUTO}}, {AUTO, AUTO, @in={AUTO, 0x4e20, @loopback=AUTO}}}}]}]}, AUTO}, 0x1, 0x0, 0x0, 0x0}, 0x0) diff --git a/sys/syz-extract/linux.go b/sys/syz-extract/linux.go index 53dd8b09a..c7f1f02e3 100644 --- a/sys/syz-extract/linux.go +++ b/sys/syz-extract/linux.go @@ -98,6 +98,8 @@ func (*linux) prepareArch(arch *Arch) error { // security/smack/smack.h requires this to build. "-e", "SECURITY", "-e", "SECURITY_SMACK", + // include/net/nl802154.h does not define some consts without this. + "-e", "IEEE802154", "-e", "IEEE802154_NL802154_EXPERIMENTAL", ) if err != nil { return err diff --git a/tools/syz-prog2c/prog2c.go b/tools/syz-prog2c/prog2c.go index 680b5ce64..6c298d479 100644 --- a/tools/syz-prog2c/prog2c.go +++ b/tools/syz-prog2c/prog2c.go @@ -95,6 +95,7 @@ func main() { USB: features["usb"].Enabled, VhciInjection: features["vhci"].Enabled, Wifi: features["wifi"].Enabled, + IEEE802154: features["ieee802154"].Enabled, UseTmpDir: *flagUseTmpDir, HandleSegv: *flagHandleSegv, Repro: *flagRepro, diff --git a/tools/syz-reprolist/reprolist.go b/tools/syz-reprolist/reprolist.go index 585eea449..44dae95fe 100644 --- a/tools/syz-reprolist/reprolist.go +++ b/tools/syz-reprolist/reprolist.go @@ -239,6 +239,9 @@ func createProg2CArgs(bug *dashapi.BugReport, opts csource.Options, file string) enable = append(enable, "wifi") flags = append(flags, "-wifi") } + if opts.IEEE802154 { + enable = append(enable, "wifi") + } if !haveEnableFlag { args = append(args, flags...) } else if len(enable) != 0 { |