static void bpf_prog_load(union bpf_attr *attr) { unsigned long *insns = NULL, len = 0; attr->prog_type = RAND_ARRAY(bpf_prog_types); switch (attr->prog_type) { case BPF_PROG_TYPE_SOCKET_FILTER: bpf_gen_filter(&insns, &len); break; default: // this will go away when all the other cases are enumerated insns = zmalloc(page_size); generate_rand_bytes((unsigned char *)insns, len); break; } attr->insn_cnt = len; attr->insns = (u64) insns; attr->license = (u64) license; attr->log_level = 0; attr->log_size = rnd() % page_size; attr->log_buf = (u64) get_writable_address(page_size); attr->kern_version = rnd(); // TODO: stick uname in here. }
void socket_setsockopt(struct sockopt *so, __unused__ struct socket_triplet *triplet) { so->level = SOL_SOCKET; so->optname = RAND_ARRAY(socket_opts); /* Adjust length according to operation set. */ switch (so->optname) { case SO_LINGER: so->optlen = sizeof(struct linger); break; case SO_RCVTIMEO: case SO_SNDTIMEO: so->optlen = sizeof(struct timeval); break; case SO_ATTACH_FILTER: { unsigned long *optval = NULL, optlen = 0; bpf_gen_filter(&optval, &optlen); so->optval = (unsigned long) optval; so->optlen = optlen; break; } default: break; } }
void bluetooth_setsockopt(struct sockopt *so) { switch(rand() % 5) { case 0: so->level = SOL_HCI; break; case 1: so->level = SOL_L2CAP; break; case 2: so->level = SOL_SCO; break; case 3: so->level = SOL_RFCOMM; break; case 4: /* leave level unchanged */ ;; default: break; } switch (so->level) { case SOL_HCI: so->optname = RAND_ARRAY(bluetooth_hci_opts); break; case SOL_L2CAP: so->optname = RAND_ARRAY(bluetooth_l2cap_opts); break; case SOL_SCO: /* no options currently */ break; case SOL_RFCOMM: so->optname = RAND_ARRAY(bluetooth_rfcomm_opts); break; case SOL_BLUETOOTH: so->optname = RAND_ARRAY(bluetooth_opts); break; default: break; } }
static void netlink_gen_sockaddr(struct sockaddr **addr, socklen_t *addrlen) { struct sockaddr_nl *nl; const unsigned long nl_groups[] = { RTNLGRP_NONE, RTNLGRP_LINK, RTNLGRP_NOTIFY, RTNLGRP_NEIGH, RTNLGRP_TC, RTNLGRP_IPV4_IFADDR, RTNLGRP_IPV4_MROUTE, RTNLGRP_IPV4_ROUTE, RTNLGRP_IPV4_RULE, RTNLGRP_IPV6_IFADDR, RTNLGRP_IPV6_MROUTE, RTNLGRP_IPV6_ROUTE, RTNLGRP_IPV6_IFINFO, RTNLGRP_DECnet_IFADDR, RTNLGRP_NOP2, RTNLGRP_DECnet_ROUTE, RTNLGRP_DECnet_RULE, RTNLGRP_NOP4, RTNLGRP_IPV6_PREFIX, RTNLGRP_IPV6_RULE, RTNLGRP_ND_USEROPT, RTNLGRP_PHONET_IFADDR, RTNLGRP_PHONET_ROUTE, RTNLGRP_DCB, RTNLGRP_IPV4_NETCONF, RTNLGRP_IPV6_NETCONF, RTNLGRP_MDB, RTNLGRP_MPLS_ROUTE, RTNLGRP_NSID, RTNLGRP_MPLS_NETCONF, }; nl = zmalloc(sizeof(struct sockaddr_nl)); nl->nl_family = PF_NETLINK; nl->nl_pid = 0; // destination is always kernel nl->nl_groups = RAND_ARRAY(nl_groups); *addr = (struct sockaddr *) nl; *addrlen = sizeof(struct sockaddr_nl); }
static void rxrpc_setsockopt(struct sockopt *so, __unused__ struct socket_triplet *triplet) { so->level = SOL_RXRPC; so->optname = RAND_ARRAY(rxrpc_opts); }
static void rose_setsockopt(struct sockopt *so, __unused__ struct socket_triplet *triplet) { so->level = SOL_ROSE; so->optname = RAND_ARRAY(rose_opts); }
static void irda_setsockopt(struct sockopt *so, __unused__ struct socket_triplet *triplet) { so->level = SOL_IRDA; so->optname = RAND_ARRAY(irda_opts); }
void dccp_setsockopt(struct sockopt *so) { so->optname = RAND_ARRAY(dccp_opts); }
void icmpv6_setsockopt(struct sockopt *so) { so->optname = RAND_ARRAY(icmpv6_opts); }
static void sanitise_bpf(struct syscallrecord *rec) { union bpf_attr *attr; unsigned long bpf_map_types[] = { BPF_MAP_TYPE_HASH, BPF_MAP_TYPE_ARRAY, BPF_MAP_TYPE_PROG_ARRAY, BPF_MAP_TYPE_PERF_EVENT_ARRAY, BPF_MAP_TYPE_PERCPU_HASH, BPF_MAP_TYPE_PERCPU_ARRAY, BPF_MAP_TYPE_STACK_TRACE, BPF_MAP_TYPE_CGROUP_ARRAY, BPF_MAP_TYPE_LRU_HASH, BPF_MAP_TYPE_LRU_HASH, BPF_MAP_TYPE_LRU_PERCPU_HASH, BPF_MAP_TYPE_LPM_TRIE, }; attr = zmalloc(sizeof(union bpf_attr)); rec->a2 = (unsigned long) attr; switch (rec->a1) { case BPF_MAP_CREATE: attr->map_type = RAND_ARRAY(bpf_map_types); attr->key_size = rnd() % 1024; attr->value_size = rnd() % (1024 * 64); attr->max_entries = rnd() % 1024; attr->flags = RAND_RANGE(0, 4); rec->a3 = 20; break; case BPF_MAP_LOOKUP_ELEM: attr->map_fd = get_rand_bpf_fd(); attr->key = RAND_RANGE(0, 10); attr->value = rnd(); rec->a3 = 32; break; case BPF_MAP_UPDATE_ELEM: attr->map_fd = get_rand_bpf_fd(); attr->key = RAND_RANGE(0, 10); attr->value = rnd(); attr->next_key = rnd(); attr->flags = RAND_RANGE(0, 4); rec->a3 = 32; break; case BPF_MAP_DELETE_ELEM: attr->map_fd = get_rand_bpf_fd(); attr->key = RAND_RANGE(0, 10); rec->a3 = 32; break; case BPF_MAP_GET_NEXT_KEY: attr->map_fd = get_rand_bpf_fd(); attr->key = RAND_RANGE(0, 10); attr->value = rnd(); rec->a3 = 32; break; case BPF_OBJ_PIN: case BPF_OBJ_GET: attr->map_fd = get_rand_bpf_fd(); rec->a3 = 32; break; case BPF_PROG_LOAD: bpf_prog_load(attr); rec->a3 = 48; break; default: break; } }
void netlink_setsockopt(struct sockopt *so) { so->optname = RAND_ARRAY(netlink_opts); }
void atm_setsockopt(struct sockopt *so) { so->optname = RAND_ARRAY(atm_opts); }
static void netlink_setsockopt(struct sockopt *so, __unused__ struct socket_triplet *triplet) { so->level = SOL_NETLINK; so->optname = RAND_ARRAY(netlink_opts); }
void rxrpc_setsockopt(struct sockopt *so) { so->optname = RAND_ARRAY(rxrpc_opts); }
static void caif_setsockopt(struct sockopt *so, __unused__ struct socket_triplet *triplet) { so->level = SOL_CAIF; so->optname = RAND_ARRAY(caif_opts); }
static void atm_setsockopt(struct sockopt *so, __unused__ struct socket_triplet *triplet) { so->level = SOL_ATM; so->optname = RAND_ARRAY(atm_opts); }
void rose_setsockopt(struct sockopt *so) { so->optname = RAND_ARRAY(rose_opts); }
void tcp_setsockopt(struct sockopt *so, __unused__ struct socket_triplet *triplet) { so->optname = RAND_ARRAY(tcp_opts); }
void tipc_setsockopt(struct sockopt *so) { so->optname = RAND_ARRAY(tipc_opts); so->optlen = sizeof(__u32); }
void llc_setsockopt(struct sockopt *so) { so->optname = RAND_ARRAY(llc_opts); }