diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2025-01-17 10:39:49 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2025-01-22 17:12:18 +0000 |
| commit | 8aaf5d60aa0b3ddb05e117f52c0e30ec246b7aad (patch) | |
| tree | 63ddc4520d1e4b865925a014d3401b5e15c1fed3 /tools/syz-declextract/testdata/file_operations.c | |
| parent | ac680c7cc91ea82316471433537f3101c2af39ea (diff) | |
tools/syz-declextract: support function scopes
Extract info about function scopes formed by switch'es on function arguments.
For example if we have:
void foo(..., int cmd, ...)
{
...
switch (cmd) {
case FOO:
... block 1 ...
case BAR:
... block 2 ...
}
...
}
We record that any data flow within block 1 is only relevant
when foo's arg cmd has value FOO, similarly for block 2 and BAR.
This allows to do 3 things:
1. Locate ioctl commands that are switched on within transitively
called functions.
2. Infer return value for each ioctl command.
3. Infer argument type when it's not specified in _IO macro.
This will also allow to infer other multiplexed syscalls.
Descriptions generated on Linux commit c4b9570cfb63501.
Diffstat (limited to 'tools/syz-declextract/testdata/file_operations.c')
| -rw-r--r-- | tools/syz-declextract/testdata/file_operations.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/tools/syz-declextract/testdata/file_operations.c b/tools/syz-declextract/testdata/file_operations.c index 0dd8b9b21..136e608dd 100644 --- a/tools/syz-declextract/testdata/file_operations.c +++ b/tools/syz-declextract/testdata/file_operations.c @@ -10,7 +10,15 @@ static void foo_read() {} static void foo_write() {} static void foo_mmap() {} -static void foo_ioctl(unsigned int cmd) { +static void foo_ioctl2(unsigned int cmd, unsigned long arg) { + switch (cmd) { + case FOO_IOCTL6: + case FOO_IOCTL7: + default: + } +} + +static void foo_ioctl(void* file, unsigned int cmd, unsigned long arg) { switch (cmd) { case FOO_IOCTL1: case FOO_IOCTL2: @@ -18,6 +26,7 @@ static void foo_ioctl(unsigned int cmd) { case FOO_IOCTL4: case FOO_IOCTL5: } + foo_ioctl2(cmd, arg); } const struct file_operations foo = { @@ -31,7 +40,7 @@ const struct file_operations foo = { static void proc_open() {} static void proc_read() {} static void proc_write() {} -static void proc_ioctl(unsigned int cmd) {} +static void proc_ioctl(void* file, unsigned int cmd, unsigned long arg) {} const struct file_operations proc_ops[] = { { @@ -47,7 +56,7 @@ const struct file_operations proc_ops[] = { #define UNUSED_IOCTL2 _IO('c', 2) -static void unused_ioctl(unsigned int cmd) { +static void unused_ioctl(void* file, unsigned int cmd, unsigned long arg) { switch (cmd) { case UNUSED_IOCTL1: case UNUSED_IOCTL2: |