tools/syz-declextract: support function scopes

Extract info about function scopes formed by switch'es on function arguments. For example if we have: void foo(..., int cmd, ...) { ... switch (cmd) { case FOO: ... block 1 ... case BAR: ... block 2 ... } ... } We record that any data flow within block 1 is only relevant when foo's arg cmd has value FOO, similarly for block 2 and BAR. This allows to do 3 things: 1. Locate ioctl commands that are switched on within transitively called functions. 2. Infer return value for each ioctl command. 3. Infer argument type when it's not specified in _IO macro. This will also allow to infer other multiplexed syscalls. Descriptions generated on Linux commit c4b9570cfb63501.
author: Dmitry Vyukov <dvyukov@google.com> 2025-01-17 10:39:49 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2025-01-22 17:12:18 +0000
commit: 8aaf5d60aa0b3ddb05e117f52c0e30ec246b7aad (patch)
tree: 63ddc4520d1e4b865925a014d3401b5e15c1fed3 /sys/syz-extract
parent: ac680c7cc91ea82316471433537f3101c2af39ea (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/syz-extract/linux.go b/sys/syz-extract/linux.go
index ae3892efe..28354dcbb 100644
--- a/sys/syz-extract/linux.go
+++ b/sys/syz-extract/linux.go
@@ -140,6 +140,7 @@ func (*linux) processFile(arch *Arch, info *compiler.ConstInfo) (map[string]uint
 		"-D__KERNEL__",
 		"-DKBUILD_MODNAME=\"-\"",
 		"-DKBUILD_MODFILE=\"-\"",
+		"-D__LINUX_ARM_ARCH__=7", // arm does not build w/o this
 		"-I" + sourceDir + "/arch/" + headerArch + "/include",
 		"-I" + buildDir + "/arch/" + headerArch + "/include/generated/uapi",
 		"-I" + buildDir + "/arch/" + headerArch + "/include/generated",
author	Dmitry Vyukov <dvyukov@google.com>	2025-01-17 10:39:49 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2025-01-22 17:12:18 +0000
commit	8aaf5d60aa0b3ddb05e117f52c0e30ec246b7aad (patch)
tree	63ddc4520d1e4b865925a014d3401b5e15c1fed3 /sys/syz-extract
parent	ac680c7cc91ea82316471433537f3101c2af39ea (diff)