diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2025-01-17 10:39:49 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2025-01-22 17:12:18 +0000 |
| commit | 8aaf5d60aa0b3ddb05e117f52c0e30ec246b7aad (patch) | |
| tree | 63ddc4520d1e4b865925a014d3401b5e15c1fed3 /pkg/declextract/declextract.go | |
| parent | ac680c7cc91ea82316471433537f3101c2af39ea (diff) | |
tools/syz-declextract: support function scopes
Extract info about function scopes formed by switch'es on function arguments.
For example if we have:
void foo(..., int cmd, ...)
{
...
switch (cmd) {
case FOO:
... block 1 ...
case BAR:
... block 2 ...
}
...
}
We record that any data flow within block 1 is only relevant
when foo's arg cmd has value FOO, similarly for block 2 and BAR.
This allows to do 3 things:
1. Locate ioctl commands that are switched on within transitively
called functions.
2. Infer return value for each ioctl command.
3. Infer argument type when it's not specified in _IO macro.
This will also allow to infer other multiplexed syscalls.
Descriptions generated on Linux commit c4b9570cfb63501.
Diffstat (limited to 'pkg/declextract/declextract.go')
| -rw-r--r-- | pkg/declextract/declextract.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/declextract/declextract.go b/pkg/declextract/declextract.go index 16b2d6cca..fbd585389 100644 --- a/pkg/declextract/declextract.go +++ b/pkg/declextract/declextract.go @@ -34,6 +34,7 @@ func Run(out *Output, probe *ifaceprobe.Info, syscallRename map[string][]string, syscallRename: syscallRename, structs: make(map[string]*Struct), funcs: make(map[string]*Function), + ioctls: make(map[string]*Type), facts: make(map[string]*typingNode), uniqualizer: make(map[string]int), debugTrace: trace, @@ -65,6 +66,7 @@ type context struct { syscallRename map[string][]string // syscall function -> syscall names structs map[string]*Struct funcs map[string]*Function + ioctls map[string]*Type facts map[string]*typingNode includes []string defines []define @@ -137,11 +139,13 @@ func (ctx *context) processConsts() map[string]string { ctx.includes = append([]string{ "vdso/bits.h", "linux/types.h", + "linux/usbdevice_fs.h", // to fix broken include/uapi/linux/usbdevice_fs.h "net/netlink.h", }, ctx.includes...) // Also pretend they are used. includeUse["__NR_read"] = "vdso/bits.h" includeUse["__NR_write"] = "linux/types.h" + includeUse["__NR_openat"] = "linux/usbdevice_fs.h" includeUse["__NR_close"] = "net/netlink.h" return includeUse } |