From 4bbea2300f8f58831f7bed4ab592f661185b0f93 Mon Sep 17 00:00:00 2001 From: Baozeng Ding Date: Mon, 25 Jan 2016 19:08:04 +0800 Subject: sys: support /dev/random and /dev/net/tun --- AUTHORS | 2 +- CONTRIBUTORS | 1 + Makefile | 2 +- sys/decl.go | 4 +- sys/random.txt | 19 ++++++++ sys/socket.txt | 5 ++ sys/tun.txt | 139 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ sysgen/sysgen.go | 4 ++ 8 files changed, 173 insertions(+), 3 deletions(-) create mode 100755 sys/random.txt create mode 100755 sys/tun.txt diff --git a/AUTHORS b/AUTHORS index 52cbdeb9f..5491e3af7 100644 --- a/AUTHORS +++ b/AUTHORS @@ -6,4 +6,4 @@ # Email addresses for individuals are tracked elsewhere to avoid spam. Google Inc. - +Baozeng Ding diff --git a/CONTRIBUTORS b/CONTRIBUTORS index 2abb5d93e..e5dc4a21a 100644 --- a/CONTRIBUTORS +++ b/CONTRIBUTORS @@ -7,3 +7,4 @@ Google Inc. Dmitry Vyukov Andrey Konovalov David Drysdale + Baozeng Ding diff --git a/Makefile b/Makefile index 3d310d793..70c0482ac 100644 --- a/Makefile +++ b/Makefile @@ -38,7 +38,7 @@ generate: go run sysgen/*.go -linux=$(LINUX) sys/sys.txt sys/socket.txt sys/tty.txt sys/perf.txt \ sys/key.txt sys/bpf.txt sys/fuse.txt sys/dri.txt sys/kdbus.txt sys/sctp.txt \ sys/kvm.txt sys/sndseq.txt sys/sndtimer.txt sys/sndcontrol.txt sys/input.txt \ - sys/netlink.txt + sys/netlink.txt sys/tun.txt sys/random.txt format: go fmt ./... diff --git a/sys/decl.go b/sys/decl.go index c5448af12..29539df11 100644 --- a/sys/decl.go +++ b/sys/decl.go @@ -108,6 +108,8 @@ const ( FdSndTimer FdSndControl FdInputEvent + FdTun + FdRandom IPCMsq IPCSem @@ -137,7 +139,7 @@ func ResourceSubkinds(kind ResourceKind) []ResourceSubkind { FdDRI, FdFuse, FdKdbus, FdBpfMap, FdBpfProg, FdPerf, FdUserFault, FdAlg, FdAlgConn, FdNfcRaw, FdNfcLlcp, FdBtHci, FdBtSco, FdBtL2cap, FdBtRfcomm, FdBtHidp, FdBtCmtp, FdBtBnep, FdUnix, FdSctp, FdNetlink, FdKvm, FdKvmVm, - FdKvmCpu, FdSndSeq, FdSndTimer, FdSndControl, FdInputEvent} + FdKvmCpu, FdSndSeq, FdSndTimer, FdSndControl, FdInputEvent, FdTun, FdRandom} case ResIPC: return []ResourceSubkind{IPCMsq, IPCSem, IPCShm} case ResIOCtx, ResKey, ResInotifyDesc, ResPid, ResUid, ResGid, ResTimerid, ResIocbPtr, ResDrmCtx: diff --git a/sys/random.txt b/sys/random.txt new file mode 100755 index 000000000..2d1cbf1d6 --- /dev/null +++ b/sys/random.txt @@ -0,0 +1,19 @@ +# Copyright 2015 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +include + +syz_open_dev$random(dev strconst["/dev/random"], id const[0], flags flags[open_flags]) fd[random] +syz_open_dev$urandom(dev strconst["/dev/urandom"], id const[0], flags flags[open_flags]) fd[random] + +ioctl$RNDGETENTCNT(fd fd[random], cmd const[RNDGETENTCNT], arg ptr[out, int32]) +ioctl$RNDADDTOENTCNT(fd fd[random], cmd const[RNDADDTOENTCNT], arg ptr[in, int32]) +ioctl$RNDADDENTROPY(fd fd[random], cmd const[RNDADDENTROPY], arg ptr[in, rnd_entpropy]) +ioctl$RNDZAPENTCNT(fd fd[random], cmd const[RNDZAPENTCNT], arg ptr[in, int32]) +ioctl$RNDCLEARPOOL(fd fd[random], cmd const[RNDCLEARPOOL], arg ptr[in, int32]) + +rnd_entpropy { + entcnt int32 + size len[pool, int32] + pool array[int8] +} diff --git a/sys/socket.txt b/sys/socket.txt index 2fbdfbc64..e1d7fb80d 100644 --- a/sys/socket.txt +++ b/sys/socket.txt @@ -134,6 +134,11 @@ sockaddr_storage_in6 { pad array[const[0, int64], 12] } +sockaddr_storage [ + in sockaddr_storage_in + in6 sockaddr_storage_in6 +] + send_msghdr { addr ptr[in, sockaddr, opt] addrlen len[addr, int32] diff --git a/sys/tun.txt b/sys/tun.txt new file mode 100755 index 000000000..8872b3633 --- /dev/null +++ b/sys/tun.txt @@ -0,0 +1,139 @@ +# Copyright 2015 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +include +include + +syz_open_dev$tun(dev strconst["/dev/net/tun"], id const[0], flags flags[open_flags]) fd[tun] +write$tun(fd fd[tun], buf tun_buffer[in], count len[buf]) len[buf] + +ioctl$TUNGETFEATURES(fd fd[tun], cmd const[TUNGETFEATURES], arg ptr[out, int32]) +ioctl$TUNSETQUEUE(fd fd[tun], cmd const[TUNSETQUEUE], arg ptr[in, ifreq]) +ioctl$TUNSETIFF(fd fd[tun], cmd const[TUNSETIFF], arg ptr[in, ifreq]) +ioctl$TUNSETIFINDEX(fd fd[tun], cmd const[TUNSETIFINDEX], arg ptr[in, int32]) +ioctl$TUNGETIFF(fd fd[tun], cmd const[TUNGETIFF], arg ptr[in, int32]) +ioctl$TUNSETNOCSUM(fd fd[tun], cmd const[TUNSETNOCSUM], arg ptr[in, int32]) +ioctl$TUNSETPERSIST(fd fd[tun], cmd const[TUNSETPERSIST], arg ptr[in, int32]) +ioctl$TUNSETOWNER(fd fd[tun], cmd const[TUNSETOWNER], arg ptr[in, uid]) +ioctl$TUNSETLINK(fd fd[tun], cmd const[TUNSETLINK], arg ptr[in, int32]) +ioctl$TUNSETOFFLOAD(fd fd[tun], cmd const[TUNSETOFFLOAD], arg ptr[in, int32]) +ioctl$TUNSETTXFILTER(fd fd[tun], cmd const[TUNSETTXFILTER], arg ptr[in, tun_filter]) +ioctl$SIOCGIFHWADDR(fd fd[tun], cmd const[SIOCGIFHWADDR], arg ptr[in, ifreq]) +ioctl$SIOCSIFHWADDR(fd fd[tun], cmd const[SIOCSIFHWADDR], arg ptr[in, ifreq]) +ioctl$TUNGETSNDBUF(fd fd[tun], cmd const[TUNGETSNDBUF], arg ptr[out, int32]) +ioctl$TUNSETSNDBUF(fd fd[tun], cmd const[TUNSETSNDBUF], arg ptr[in, int32]) +ioctl$TUNGETVNETHDRSZ(fd fd[tun], cmd const[TUNGETVNETHDRSZ], arg ptr[out, int32]) +ioctl$TUNSETVNETHDRSZ(fd fd[tun], cmd const[TUNSETVNETHDRSZ], arg ptr[in, int32]) +ioctl$TUNATTACHFILTER(fd fd[tun], cmd const[TUNATTACHFILTER], arg ptr[in, sock_fprog]) +ioctl$TUNDETACHFILTER(fd fd[tun], cmd const[TUNDETACHFILTER], arg ptr[in, int32]) +ioctl$TTUNGETFILTER(fd fd[tun], cmd const[TUNGETFILTER], arg ptr[out, int32]) + +tun_buffer { + pi tun_pi[opt] + hdr virtio_net_hdr[opt] +} + +tun_pi { + flags flags[ifru_flags, int32] + proto int16 +} + +virtio_net_hdr { + flags flags[virtio_net_flags, int8] + gsotype flags[virtio_net_types, int8] + hdrlen int16 + gsosize int16 + start int16 + offset int16 +} + +tun_filter { + flags flags[ifru_flags, int32] + count len[addr, int32] + addr ptr[in, array[int8, 6]] +} + +ifreq { + name array[int8, 16] + u ifr_ifru +} + +ifr_ifru [ + addr sockaddr_storage + flags flags[ifru_flags, int16] + mtu int32 + map ifmap + data array[int8, 16] + setting if_settings +] + +ifmap { + start int32 + end int32 + base int16 + irq int8 + dma int8 + port int8 +} + +if_settings { + type int32 + size int32 + u ifs_ifsu +} + +ifs_ifsu [ + hdlc ptr[in, raw_hdlc_proto] + cisco ptr[in, cisco_proto] + fr ptr[in, fr_proto] + pvc ptr[in, fr_proto_pvc] + pvcinfo ptr[in, fr_proto_pvc_info] + sync ptr[in, sync_serial_settings] + tel ptr[in, te1_settings] +] + +raw_hdlc_proto { + encode int16 + parity int16 +} + +cisco_proto{ + val int32 + timeout int32 +} + +fr_proto { + t391 int32 + t392 int32 + n391 int32 + n392 int32 + n393 int32 + lmi int16 + dce int16 +} + +fr_proto_pvc { + dlcl int32 +} + +fr_proto_pvc_info { + dlci int32 + master array[int8, 16] +} + +sync_serial_settings { + rate int32 + type int32 + loop int16 +} + +te1_settings { + rate int32 + type int32 + loop int16 + slot int16 +} + +virtio_net_flags = VIRTIO_NET_HDR_F_NEEDS_CSUM, VIRTIO_NET_HDR_F_DATA_VALID +virtio_net_types = VIRTIO_NET_HDR_GSO_NONE, VIRTIO_NET_HDR_GSO_TCPV4, VIRTIO_NET_HDR_GSO_UDP, VIRTIO_NET_HDR_GSO_TCPV6, VIRTIO_NET_HDR_GSO_ECN +ifru_flags = IFF_TUN, IFF_TAP, IFF_NO_PI, IFF_ONE_QUEUE, IFF_VNET_HDR, IFF_TUN_EXCL, IFF_MULTI_QUEUE, IFF_ATTACH_QUEUE, IFF_DETACH_QUEUE, IFF_PERSIST, IFF_NOFILTER diff --git a/sysgen/sysgen.go b/sysgen/sysgen.go index d9da1a773..a25655f79 100644 --- a/sysgen/sysgen.go +++ b/sysgen/sysgen.go @@ -450,6 +450,10 @@ func fmtFdKind(s string) string { return "FdSndControl" case "evdev": return "FdInputEvent" + case "tun": + return "FdTun" + case "random": + return "FdRandom" default: failf("bad fd type %v", s) return "" -- cgit mrf-deployment