2017-01-25 15:18:05 +00:00
|
|
|
// Copyright 2017 syzkaller project authors. All rights reserved.
|
|
|
|
|
// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
|
|
package prog
|
|
|
|
|
|
|
|
|
|
import (
|
2017-01-30 18:17:38 +00:00
|
|
|
"encoding/binary"
|
2017-01-25 15:18:05 +00:00
|
|
|
"fmt"
|
|
|
|
|
"unsafe"
|
|
|
|
|
|
|
|
|
|
"github.com/google/syzkaller/sys"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type IPChecksum struct {
|
|
|
|
|
acc uint32
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (csum *IPChecksum) Update(data []byte) {
|
|
|
|
|
length := len(data) - 1
|
|
|
|
|
for i := 0; i < length; i += 2 {
|
|
|
|
|
csum.acc += uint32(data[i]) << 8
|
|
|
|
|
csum.acc += uint32(data[i+1])
|
|
|
|
|
}
|
|
|
|
|
if len(data)%2 == 1 {
|
|
|
|
|
csum.acc += uint32(data[length]) << 8
|
|
|
|
|
}
|
|
|
|
|
for csum.acc > 0xffff {
|
|
|
|
|
csum.acc = (csum.acc >> 16) + (csum.acc & 0xffff)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (csum *IPChecksum) Digest() uint16 {
|
|
|
|
|
return ^uint16(csum.acc)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func ipChecksum(data []byte) uint16 {
|
|
|
|
|
var csum IPChecksum
|
|
|
|
|
csum.Update(data)
|
|
|
|
|
return csum.Digest()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func bitmaskLen(bfLen uint64) uint64 {
|
|
|
|
|
return (1 << bfLen) - 1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func bitmaskLenOff(bfOff, bfLen uint64) uint64 {
|
|
|
|
|
return bitmaskLen(bfLen) << bfOff
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func storeByBitmask8(addr *uint8, value uint8, bfOff uint64, bfLen uint64) {
|
|
|
|
|
if bfOff == 0 && bfLen == 0 {
|
|
|
|
|
*addr = value
|
|
|
|
|
} else {
|
|
|
|
|
newValue := *addr
|
|
|
|
|
newValue &= ^uint8(bitmaskLenOff(bfOff, bfLen))
|
|
|
|
|
newValue |= (value & uint8(bitmaskLen(bfLen))) << bfOff
|
|
|
|
|
*addr = newValue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func storeByBitmask16(addr *uint16, value uint16, bfOff uint64, bfLen uint64) {
|
|
|
|
|
if bfOff == 0 && bfLen == 0 {
|
|
|
|
|
*addr = value
|
|
|
|
|
} else {
|
|
|
|
|
newValue := *addr
|
|
|
|
|
newValue &= ^uint16(bitmaskLenOff(bfOff, bfLen))
|
|
|
|
|
newValue |= (value & uint16(bitmaskLen(bfLen))) << bfOff
|
|
|
|
|
*addr = newValue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func storeByBitmask32(addr *uint32, value uint32, bfOff uint64, bfLen uint64) {
|
|
|
|
|
if bfOff == 0 && bfLen == 0 {
|
|
|
|
|
*addr = value
|
|
|
|
|
} else {
|
|
|
|
|
newValue := *addr
|
|
|
|
|
newValue &= ^uint32(bitmaskLenOff(bfOff, bfLen))
|
|
|
|
|
newValue |= (value & uint32(bitmaskLen(bfLen))) << bfOff
|
|
|
|
|
*addr = newValue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func storeByBitmask64(addr *uint64, value uint64, bfOff uint64, bfLen uint64) {
|
|
|
|
|
if bfOff == 0 && bfLen == 0 {
|
|
|
|
|
*addr = value
|
|
|
|
|
} else {
|
|
|
|
|
newValue := *addr
|
|
|
|
|
newValue &= ^uint64(bitmaskLenOff(bfOff, bfLen))
|
|
|
|
|
newValue |= (value & uint64(bitmaskLen(bfLen))) << bfOff
|
|
|
|
|
*addr = newValue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-30 18:17:38 +00:00
|
|
|
func encodeArg(arg *Arg, pid int) []byte {
|
2017-01-25 15:18:05 +00:00
|
|
|
bytes := make([]byte, arg.Size())
|
|
|
|
|
foreachSubargOffset(arg, func(arg *Arg, offset uintptr) {
|
|
|
|
|
switch arg.Kind {
|
|
|
|
|
case ArgConst:
|
|
|
|
|
addr := unsafe.Pointer(&bytes[offset])
|
|
|
|
|
val := arg.Value(pid)
|
|
|
|
|
bfOff := uint64(arg.Type.BitfieldOffset())
|
|
|
|
|
bfLen := uint64(arg.Type.BitfieldLength())
|
|
|
|
|
switch arg.Size() {
|
|
|
|
|
case 1:
|
|
|
|
|
storeByBitmask8((*uint8)(addr), uint8(val), bfOff, bfLen)
|
|
|
|
|
case 2:
|
|
|
|
|
storeByBitmask16((*uint16)(addr), uint16(val), bfOff, bfLen)
|
|
|
|
|
case 4:
|
|
|
|
|
storeByBitmask32((*uint32)(addr), uint32(val), bfOff, bfLen)
|
|
|
|
|
case 8:
|
|
|
|
|
storeByBitmask64((*uint64)(addr), uint64(val), bfOff, bfLen)
|
|
|
|
|
default:
|
|
|
|
|
panic(fmt.Sprintf("bad arg size %v, arg: %+v\n", arg.Size(), arg))
|
|
|
|
|
}
|
|
|
|
|
case ArgData:
|
|
|
|
|
copy(bytes[offset:], arg.Data)
|
|
|
|
|
default:
|
|
|
|
|
panic(fmt.Sprintf("bad arg kind %v, arg: %+v, type: %+v", arg.Kind, arg, arg.Type))
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
return bytes
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-30 18:17:38 +00:00
|
|
|
func getFieldByName(arg *Arg, name string) *Arg {
|
2017-01-25 15:18:05 +00:00
|
|
|
for _, field := range arg.Inner {
|
2017-01-30 18:17:38 +00:00
|
|
|
if field.Type.FieldName() == name {
|
|
|
|
|
return field
|
2017-01-25 15:18:05 +00:00
|
|
|
}
|
|
|
|
|
}
|
2017-01-30 18:17:38 +00:00
|
|
|
panic(fmt.Sprintf("failed to find %v field in %v", name, arg.Type.Name()))
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-06 18:27:17 +00:00
|
|
|
func calcChecksumInet(packet, csumField *Arg, pid int) *Arg {
|
2017-02-02 18:19:32 +00:00
|
|
|
bytes := encodeArg(packet, pid)
|
2017-01-25 15:18:05 +00:00
|
|
|
csum := ipChecksum(bytes)
|
|
|
|
|
newCsumField := *csumField
|
|
|
|
|
newCsumField.Val = uintptr(csum)
|
2017-02-02 18:19:32 +00:00
|
|
|
return &newCsumField
|
2017-01-25 15:18:05 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-02 14:58:15 +00:00
|
|
|
func extractHeaderParamsIPv4(arg *Arg) (*Arg, *Arg) {
|
2017-01-30 18:17:38 +00:00
|
|
|
srcAddr := getFieldByName(arg, "src_ip")
|
|
|
|
|
if srcAddr.Size() != 4 {
|
|
|
|
|
panic(fmt.Sprintf("src_ip field in %v must be 4 bytes", arg.Type.Name()))
|
|
|
|
|
}
|
|
|
|
|
dstAddr := getFieldByName(arg, "dst_ip")
|
|
|
|
|
if dstAddr.Size() != 4 {
|
|
|
|
|
panic(fmt.Sprintf("dst_ip field in %v must be 4 bytes", arg.Type.Name()))
|
|
|
|
|
}
|
2017-02-02 14:58:15 +00:00
|
|
|
return srcAddr, dstAddr
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func extractHeaderParamsIPv6(arg *Arg) (*Arg, *Arg) {
|
|
|
|
|
srcAddr := getFieldByName(arg, "src_ip")
|
|
|
|
|
if srcAddr.Size() != 16 {
|
|
|
|
|
panic(fmt.Sprintf("src_ip field in %v must be 4 bytes", arg.Type.Name()))
|
|
|
|
|
}
|
|
|
|
|
dstAddr := getFieldByName(arg, "dst_ip")
|
|
|
|
|
if dstAddr.Size() != 16 {
|
|
|
|
|
panic(fmt.Sprintf("dst_ip field in %v must be 4 bytes", arg.Type.Name()))
|
2017-01-30 18:17:38 +00:00
|
|
|
}
|
2017-02-02 14:58:15 +00:00
|
|
|
return srcAddr, dstAddr
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-02 18:19:32 +00:00
|
|
|
func composePseudoHeaderIPv4(tcpPacket, srcAddr, dstAddr *Arg, protocol uint8, pid int) []byte {
|
2017-02-02 14:58:15 +00:00
|
|
|
header := []byte{}
|
|
|
|
|
header = append(header, encodeArg(srcAddr, pid)...)
|
|
|
|
|
header = append(header, encodeArg(dstAddr, pid)...)
|
2017-02-02 18:19:32 +00:00
|
|
|
header = append(header, []byte{0, protocol}...)
|
2017-02-02 14:58:15 +00:00
|
|
|
length := []byte{0, 0}
|
|
|
|
|
binary.BigEndian.PutUint16(length, uint16(tcpPacket.Size()))
|
|
|
|
|
header = append(header, length...)
|
|
|
|
|
return header
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-02 18:19:32 +00:00
|
|
|
func composePseudoHeaderIPv6(tcpPacket, srcAddr, dstAddr *Arg, protocol uint8, pid int) []byte {
|
2017-02-02 14:58:15 +00:00
|
|
|
header := []byte{}
|
|
|
|
|
header = append(header, encodeArg(srcAddr, pid)...)
|
|
|
|
|
header = append(header, encodeArg(dstAddr, pid)...)
|
|
|
|
|
length := []byte{0, 0, 0, 0}
|
|
|
|
|
binary.BigEndian.PutUint32(length, uint32(tcpPacket.Size()))
|
|
|
|
|
header = append(header, length...)
|
2017-02-02 18:19:32 +00:00
|
|
|
header = append(header, []byte{0, 0, 0, protocol}...)
|
2017-02-02 14:58:15 +00:00
|
|
|
return header
|
2017-01-30 18:17:38 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-02 18:19:32 +00:00
|
|
|
func findCsumFieldUDP(udpPacket *Arg) *Arg {
|
|
|
|
|
csumField := getFieldByName(udpPacket, "csum")
|
|
|
|
|
if typ, ok := csumField.Type.(*sys.CsumType); !ok {
|
|
|
|
|
panic(fmt.Sprintf("checksum field has bad type %v, arg: %+v", csumField.Type, csumField))
|
|
|
|
|
} else if typ.Kind != sys.CsumUDP {
|
|
|
|
|
panic(fmt.Sprintf("checksum field has bad kind %v, arg: %+v", typ.Kind, csumField))
|
|
|
|
|
}
|
|
|
|
|
return csumField
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func findCsumFieldTCP(tcpPacket *Arg) *Arg {
|
2017-01-30 18:17:38 +00:00
|
|
|
tcpHeaderField := getFieldByName(tcpPacket, "header")
|
|
|
|
|
csumField := getFieldByName(tcpHeaderField, "csum")
|
|
|
|
|
if typ, ok := csumField.Type.(*sys.CsumType); !ok {
|
|
|
|
|
panic(fmt.Sprintf("checksum field has bad type %v, arg: %+v", csumField.Type, csumField))
|
|
|
|
|
} else if typ.Kind != sys.CsumTCP {
|
|
|
|
|
panic(fmt.Sprintf("checksum field has bad kind %v, arg: %+v", typ.Kind, csumField))
|
|
|
|
|
}
|
2017-02-02 18:19:32 +00:00
|
|
|
return csumField
|
|
|
|
|
}
|
2017-01-30 18:17:38 +00:00
|
|
|
|
2017-02-02 18:19:32 +00:00
|
|
|
func calcChecksumTCPUDP(packet, csumField *Arg, pseudoHeader []byte, pid int) *Arg {
|
2017-01-30 18:17:38 +00:00
|
|
|
var csum IPChecksum
|
2017-02-02 14:58:15 +00:00
|
|
|
csum.Update(pseudoHeader)
|
2017-02-02 18:19:32 +00:00
|
|
|
csum.Update(encodeArg(packet, pid))
|
2017-01-30 18:17:38 +00:00
|
|
|
newCsumField := *csumField
|
|
|
|
|
newCsumField.Val = uintptr(csum.Digest())
|
2017-02-02 18:19:32 +00:00
|
|
|
return &newCsumField
|
2017-01-30 18:17:38 +00:00
|
|
|
}
|
|
|
|
|
|
2017-01-25 15:18:05 +00:00
|
|
|
func calcChecksumsCall(c *Call, pid int) map[*Arg]*Arg {
|
2017-01-30 18:17:38 +00:00
|
|
|
var csumMap map[*Arg]*Arg
|
|
|
|
|
ipv4HeaderParsed := false
|
2017-02-02 14:58:15 +00:00
|
|
|
ipv6HeaderParsed := false
|
|
|
|
|
var ipSrcAddr *Arg
|
|
|
|
|
var ipDstAddr *Arg
|
2017-02-02 18:19:32 +00:00
|
|
|
tcp := false
|
2017-02-06 18:27:17 +00:00
|
|
|
|
|
|
|
|
// Calculate inet checksums.
|
|
|
|
|
foreachArgArray(&c.Args, nil, func(arg, base *Arg, _ *[]*Arg) {
|
|
|
|
|
if _, ok := arg.Type.(*sys.StructType); ok {
|
|
|
|
|
for _, field := range arg.Inner {
|
|
|
|
|
if typ, ok1 := field.Type.(*sys.CsumType); ok1 {
|
|
|
|
|
if typ.Kind == sys.CsumInet {
|
|
|
|
|
newCsumField := calcChecksumInet(arg, field, pid)
|
|
|
|
|
if csumMap == nil {
|
|
|
|
|
csumMap = make(map[*Arg]*Arg)
|
|
|
|
|
}
|
|
|
|
|
csumMap[field] = newCsumField
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Calculate tcp and udp checksums.
|
2017-01-25 15:18:05 +00:00
|
|
|
foreachArgArray(&c.Args, nil, func(arg, base *Arg, _ *[]*Arg) {
|
2017-02-02 18:19:32 +00:00
|
|
|
// syz_csum_* structs are used in tests
|
|
|
|
|
switch arg.Type.Name() {
|
|
|
|
|
case "ipv4_header", "syz_csum_ipv4_header":
|
2017-02-02 14:58:15 +00:00
|
|
|
ipSrcAddr, ipDstAddr = extractHeaderParamsIPv4(arg)
|
2017-01-30 18:17:38 +00:00
|
|
|
ipv4HeaderParsed = true
|
2017-02-02 18:19:32 +00:00
|
|
|
case "ipv6_packet", "syz_csum_ipv6_header":
|
2017-02-02 14:58:15 +00:00
|
|
|
ipSrcAddr, ipDstAddr = extractHeaderParamsIPv6(arg)
|
|
|
|
|
ipv6HeaderParsed = true
|
2017-02-02 18:19:32 +00:00
|
|
|
case "tcp_packet", "syz_csum_tcp_packet":
|
|
|
|
|
tcp = true
|
|
|
|
|
fallthrough
|
|
|
|
|
case "udp_packet", "syz_csum_udp_packet":
|
2017-02-02 14:58:15 +00:00
|
|
|
if !ipv4HeaderParsed && !ipv6HeaderParsed {
|
2017-02-02 18:19:32 +00:00
|
|
|
panic(fmt.Sprintf("%s is being parsed before ipv4 or ipv6 header", arg.Type.Name()))
|
|
|
|
|
}
|
|
|
|
|
var csumField *Arg
|
|
|
|
|
var protocol uint8
|
|
|
|
|
if tcp {
|
|
|
|
|
csumField = findCsumFieldTCP(arg)
|
|
|
|
|
protocol = 6 // IPPROTO_TCP
|
|
|
|
|
} else {
|
|
|
|
|
csumField = findCsumFieldUDP(arg)
|
|
|
|
|
protocol = 17 // IPPROTO_UDP
|
2017-02-02 14:58:15 +00:00
|
|
|
}
|
|
|
|
|
var pseudoHeader []byte
|
|
|
|
|
if ipv4HeaderParsed {
|
2017-02-02 18:19:32 +00:00
|
|
|
pseudoHeader = composePseudoHeaderIPv4(arg, ipSrcAddr, ipDstAddr, protocol, pid)
|
2017-02-02 14:58:15 +00:00
|
|
|
} else {
|
2017-02-02 18:19:32 +00:00
|
|
|
pseudoHeader = composePseudoHeaderIPv6(arg, ipSrcAddr, ipDstAddr, protocol, pid)
|
|
|
|
|
}
|
|
|
|
|
if csumMap == nil {
|
|
|
|
|
csumMap = make(map[*Arg]*Arg)
|
2017-01-25 15:18:05 +00:00
|
|
|
}
|
2017-02-02 18:19:32 +00:00
|
|
|
newCsumField := calcChecksumTCPUDP(arg, csumField, pseudoHeader, pid)
|
2017-01-30 18:17:38 +00:00
|
|
|
csumMap[csumField] = newCsumField
|
2017-01-25 15:18:05 +00:00
|
|
|
}
|
|
|
|
|
})
|
2017-01-30 18:17:38 +00:00
|
|
|
return csumMap
|
2017-01-25 15:18:05 +00:00
|
|
|
}
|
