diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2025-01-17 10:39:49 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2025-01-22 17:12:18 +0000 |
| commit | 8aaf5d60aa0b3ddb05e117f52c0e30ec246b7aad (patch) | |
| tree | 63ddc4520d1e4b865925a014d3401b5e15c1fed3 /tools/syz-declextract/testdata | |
| parent | ac680c7cc91ea82316471433537f3101c2af39ea (diff) | |
tools/syz-declextract: support function scopes
Extract info about function scopes formed by switch'es on function arguments.
For example if we have:
void foo(..., int cmd, ...)
{
...
switch (cmd) {
case FOO:
... block 1 ...
case BAR:
... block 2 ...
}
...
}
We record that any data flow within block 1 is only relevant
when foo's arg cmd has value FOO, similarly for block 2 and BAR.
This allows to do 3 things:
1. Locate ioctl commands that are switched on within transitively
called functions.
2. Infer return value for each ioctl command.
3. Infer argument type when it's not specified in _IO macro.
This will also allow to infer other multiplexed syscalls.
Descriptions generated on Linux commit c4b9570cfb63501.
Diffstat (limited to 'tools/syz-declextract/testdata')
| -rw-r--r-- | tools/syz-declextract/testdata/arch/x86/syscalls.tbl | 2 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/file_operations.c | 15 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/file_operations.c.json | 313 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/file_operations.c.txt | 3 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/functions.c.json | 433 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/include/fs.h | 7 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/include/uapi/file_operations.h | 4 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/io_uring.c.json | 49 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/netlink.c.json | 49 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/scopes.c | 30 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/scopes.c.info | 1 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/scopes.c.json | 286 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/scopes.c.txt | 7 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/syscall.c.json | 14 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/types.c.info | 2 | ||||
| -rw-r--r-- | tools/syz-declextract/testdata/types.c.json | 215 |
16 files changed, 1040 insertions, 390 deletions
diff --git a/tools/syz-declextract/testdata/arch/x86/syscalls.tbl b/tools/syz-declextract/testdata/arch/x86/syscalls.tbl index 7f728f3f2..605db1316 100644 --- a/tools/syz-declextract/testdata/arch/x86/syscalls.tbl +++ b/tools/syz-declextract/testdata/arch/x86/syscalls.tbl @@ -6,3 +6,5 @@ 3 64 types_syscall sys_types_syscall 4 64 align_syscall sys_align_syscall 5 64 functions sys_functions +6 64 scopes0 sys_scopes0 + diff --git a/tools/syz-declextract/testdata/file_operations.c b/tools/syz-declextract/testdata/file_operations.c index 0dd8b9b21..136e608dd 100644 --- a/tools/syz-declextract/testdata/file_operations.c +++ b/tools/syz-declextract/testdata/file_operations.c @@ -10,7 +10,15 @@ static void foo_read() {} static void foo_write() {} static void foo_mmap() {} -static void foo_ioctl(unsigned int cmd) { +static void foo_ioctl2(unsigned int cmd, unsigned long arg) { + switch (cmd) { + case FOO_IOCTL6: + case FOO_IOCTL7: + default: + } +} + +static void foo_ioctl(void* file, unsigned int cmd, unsigned long arg) { switch (cmd) { case FOO_IOCTL1: case FOO_IOCTL2: @@ -18,6 +26,7 @@ static void foo_ioctl(unsigned int cmd) { case FOO_IOCTL4: case FOO_IOCTL5: } + foo_ioctl2(cmd, arg); } const struct file_operations foo = { @@ -31,7 +40,7 @@ const struct file_operations foo = { static void proc_open() {} static void proc_read() {} static void proc_write() {} -static void proc_ioctl(unsigned int cmd) {} +static void proc_ioctl(void* file, unsigned int cmd, unsigned long arg) {} const struct file_operations proc_ops[] = { { @@ -47,7 +56,7 @@ const struct file_operations proc_ops[] = { #define UNUSED_IOCTL2 _IO('c', 2) -static void unused_ioctl(unsigned int cmd) { +static void unused_ioctl(void* file, unsigned int cmd, unsigned long arg) { switch (cmd) { case UNUSED_IOCTL1: case UNUSED_IOCTL2: diff --git a/tools/syz-declextract/testdata/file_operations.c.json b/tools/syz-declextract/testdata/file_operations.c.json index c8fd5a9dc..e7dfd31f6 100644 --- a/tools/syz-declextract/testdata/file_operations.c.json +++ b/tools/syz-declextract/testdata/file_operations.c.json @@ -4,53 +4,174 @@ "name": "foo_ioctl", "file": "file_operations.c", "is_static": true, - "loc": 7 + "scopes": [ + { + "arg": -1, + "loc": 2, + "calls": [ + "foo_ioctl2" + ], + "facts": [ + { + "src": { + "argument": { + "func": "foo_ioctl", + "arg": 1 + } + }, + "dst": { + "argument": { + "func": "foo_ioctl2", + "arg": 0 + } + } + }, + { + "src": { + "argument": { + "func": "foo_ioctl", + "arg": 2 + } + }, + "dst": { + "argument": { + "func": "foo_ioctl2", + "arg": 1 + } + } + } + ] + }, + { + "arg": 1, + "values": [ + "FOO_IOCTL1", + "FOO_IOCTL2", + "FOO_IOCTL3", + "FOO_IOCTL4", + "FOO_IOCTL5" + ], + "loc": 5 + } + ] + }, + { + "name": "foo_ioctl2", + "file": "file_operations.c", + "is_static": true, + "scopes": [ + { + "arg": -1, + "loc": 1 + }, + { + "arg": 0, + "values": [ + "FOO_IOCTL6", + "FOO_IOCTL7" + ], + "loc": 3 + } + ] }, { "name": "foo_mmap", "file": "file_operations.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "foo_open", "file": "file_operations.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "foo_read", "file": "file_operations.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "foo_write", "file": "file_operations.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "proc_ioctl", "file": "file_operations.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "proc_open", "file": "file_operations.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "proc_read", "file": "file_operations.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "proc_write", "file": "file_operations.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "unused_ioctl", "file": "file_operations.c", "is_static": true, - "loc": 4 + "scopes": [ + { + "arg": -1, + "loc": 1 + }, + { + "arg": 1, + "values": [ + "UNUSED_IOCTL1", + "UNUSED_IOCTL2" + ], + "loc": 2 + } + ] } ], "consts": [ @@ -80,6 +201,16 @@ "value": 3221775109 }, { + "name": "FOO_IOCTL6", + "filename": "include/uapi/file_operations.h", + "value": 25350 + }, + { + "name": "FOO_IOCTL7", + "filename": "include/uapi/file_operations.h", + "value": 25351 + }, + { "name": "UNUSED_IOCTL1", "filename": "include/uapi/unused_ioctl.h", "value": 25345 @@ -129,63 +260,6 @@ "write": "foo_write", "mmap": "foo_mmap", "ioctl": "foo_ioctl", - "ioctl_cmds": [ - { - "name": "FOO_IOCTL5", - "type": { - "ptr": { - "elem": { - "struct": "foo_ioctl_arg" - } - } - } - }, - { - "name": "FOO_IOCTL4", - "type": { - "ptr": { - "elem": { - "struct": "foo_ioctl_arg" - } - } - } - }, - { - "name": "FOO_IOCTL3", - "type": { - "ptr": { - "elem": { - "struct": "foo_ioctl_arg" - }, - "is_const": true - } - } - }, - { - "name": "FOO_IOCTL2", - "type": { - "ptr": { - "elem": { - "int": { - "byte_size": 4, - "name": "int", - "base": "int" - } - }, - "is_const": true - } - } - }, - { - "name": "FOO_IOCTL1", - "type": { - "int": { - "byte_size": 1, - "is_const": true - } - } - } - ], "source_file": "file_operations.c" }, { @@ -206,27 +280,100 @@ { "name": "unused_file_operations", "ioctl": "unused_ioctl", - "ioctl_cmds": [ - { - "name": "UNUSED_IOCTL2", - "type": { + "source_file": "file_operations.c" + } + ], + "ioctls": [ + { + "name": "FOO_IOCTL1", + "type": { + "int": { + "byte_size": 1, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL2", + "type": { + "ptr": { + "elem": { "int": { - "byte_size": 1, - "is_const": true + "byte_size": 4, + "name": "int", + "base": "int" } + }, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL3", + "type": { + "ptr": { + "elem": { + "struct": "foo_ioctl_arg" + }, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL4", + "type": { + "ptr": { + "elem": { + "struct": "foo_ioctl_arg" } - }, - { - "name": "UNUSED_IOCTL1", - "type": { - "int": { - "byte_size": 1, - "is_const": true - } + } + } + }, + { + "name": "FOO_IOCTL5", + "type": { + "ptr": { + "elem": { + "struct": "foo_ioctl_arg" } } - ], - "source_file": "file_operations.c" + } + }, + { + "name": "FOO_IOCTL6", + "type": { + "int": { + "byte_size": 1, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL7", + "type": { + "int": { + "byte_size": 1, + "is_const": true + } + } + }, + { + "name": "UNUSED_IOCTL1", + "type": { + "int": { + "byte_size": 1, + "is_const": true + } + } + }, + { + "name": "UNUSED_IOCTL2", + "type": { + "int": { + "byte_size": 1, + "is_const": true + } + } } ] }
\ No newline at end of file diff --git a/tools/syz-declextract/testdata/file_operations.c.txt b/tools/syz-declextract/testdata/file_operations.c.txt index e94856980..f37a386db 100644 --- a/tools/syz-declextract/testdata/file_operations.c.txt +++ b/tools/syz-declextract/testdata/file_operations.c.txt @@ -6,6 +6,7 @@ type auto_todo int8 include <vdso/bits.h> include <linux/types.h> +include <linux/usbdevice_fs.h> include <include/uapi/file_operations.h> resource fd_foo_file_operations[fd] @@ -18,6 +19,8 @@ ioctl$auto_FOO_IOCTL2(fd fd_foo_file_operations, cmd const[FOO_IOCTL2], arg ptr[ ioctl$auto_FOO_IOCTL3(fd fd_foo_file_operations, cmd const[FOO_IOCTL3], arg ptr[in, foo_ioctl_arg$auto]) ioctl$auto_FOO_IOCTL4(fd fd_foo_file_operations, cmd const[FOO_IOCTL4], arg ptr[inout, foo_ioctl_arg$auto]) ioctl$auto_FOO_IOCTL5(fd fd_foo_file_operations, cmd const[FOO_IOCTL5], arg ptr[inout, foo_ioctl_arg$auto]) +ioctl$auto_FOO_IOCTL6(fd fd_foo_file_operations, cmd const[FOO_IOCTL6], arg const[0]) +ioctl$auto_FOO_IOCTL7(fd fd_foo_file_operations, cmd const[FOO_IOCTL7], arg const[0]) foo_ioctl_arg$auto { a int32 diff --git a/tools/syz-declextract/testdata/functions.c.json b/tools/syz-declextract/testdata/functions.c.json index eb1b3b880..ecb95affc 100644 --- a/tools/syz-declextract/testdata/functions.c.json +++ b/tools/syz-declextract/testdata/functions.c.json @@ -3,256 +3,317 @@ { "name": "__do_sys_functions", "file": "functions.c", - "loc": 2, - "calls": [ - "__fget_light", - "func_baz" - ], - "facts": [ - { - "src": { - "argument": { - "func": "__do_sys_functions", - "arg": 0 - } - }, - "dst": { - "argument": { - "func": "__fget_light", - "arg": 0 - } - } - }, + "scopes": [ { - "src": { - "return": { - "func": "func_baz" + "arg": -1, + "loc": 2, + "calls": [ + "__fget_light", + "func_baz" + ], + "facts": [ + { + "src": { + "argument": { + "func": "__do_sys_functions", + "arg": 0 + } + }, + "dst": { + "argument": { + "func": "__fget_light", + "arg": 0 + } + } + }, + { + "src": { + "return": { + "func": "func_baz" + } + }, + "dst": { + "return": { + "func": "__do_sys_functions" + } + } } - }, - "dst": { - "return": { - "func": "__do_sys_functions" - } - } + ] } ] }, { "name": "__fget_light", - "file": "functions.c" + "file": "functions.c", + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "alloc_fd", "file": "functions.c", - "loc": 1 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] }, { "name": "atomic_load32", "file": "include/types.h", "is_static": true, - "loc": 1 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] }, { "name": "atomic_load64", "file": "include/types.h", - "loc": 1 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] }, { "name": "from_kuid", "file": "functions.c", - "loc": 1 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] }, { "name": "func_bar", "file": "functions.c", "is_static": true, - "loc": 1, - "calls": [ - "func_foo" + "scopes": [ + { + "arg": -1, + "loc": 1, + "calls": [ + "func_foo" + ] + } ] }, { "name": "func_baz", "file": "functions.c", - "loc": 8, - "calls": [ - "func_foo", - "func_bar", - "from_kuid", - "alloc_fd" - ], - "facts": [ + "scopes": [ { - "src": { - "return": { - "func": "from_kuid" + "arg": -1, + "loc": 8, + "calls": [ + "func_foo", + "func_bar", + "func_bar", + "from_kuid", + "alloc_fd" + ], + "facts": [ + { + "src": { + "return": { + "func": "from_kuid" + } + }, + "dst": { + "return": { + "func": "func_baz" + } + } + }, + { + "src": { + "return": { + "func": "alloc_fd" + } + }, + "dst": { + "return": { + "func": "func_baz" + } + } } - }, - "dst": { - "return": { - "func": "func_baz" - } - } - }, - { - "src": { - "return": { - "func": "alloc_fd" - } - }, - "dst": { - "return": { - "func": "func_baz" - } - } + ] } ] }, { "name": "func_foo", "file": "functions.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "func_qux", "file": "functions.c", - "loc": 2, - "calls": [ - "alloc_fd" - ], - "facts": [ + "scopes": [ { - "src": { - "return": { - "func": "alloc_fd" + "arg": -1, + "loc": 2, + "calls": [ + "alloc_fd" + ], + "facts": [ + { + "src": { + "return": { + "func": "alloc_fd" + } + }, + "dst": { + "local": { + "name": "fd" + } + } + }, + { + "src": { + "local": { + "name": "fd" + } + }, + "dst": { + "return": { + "func": "func_qux" + } + } } - }, - "dst": { - "local": { - "name": "fd" - } - } - }, - { - "src": { - "local": { - "name": "fd" - } - }, - "dst": { - "return": { - "func": "func_qux" - } - } + ] } ] }, { "name": "typing", "file": "functions.c", - "loc": 5, - "calls": [ - "typing1" - ], - "facts": [ - { - "src": { - "argument": { - "func": "typing", - "arg": 1 - } - }, - "dst": { - "argument": { - "func": "typing1", - "arg": 0 - } - } - }, - { - "src": { - "field": { - "struct": "Typed", - "field": "a" - } - }, - "dst": { - "argument": { - "func": "typing1", - "arg": 1 - } - } - }, - { - "src": { - "field": { - "struct": "Typed", - "field": "b" - } - }, - "dst": { - "field": { - "struct": "Typed", - "field": "a" - } - } - }, - { - "src": { - "local": { - "name": "l" - } - }, - "dst": { - "field": { - "struct": "Typed", - "field": "c" - } - } - }, + "scopes": [ { - "src": { - "return": { - "func": "typing1" + "arg": -1, + "loc": 5, + "calls": [ + "typing1" + ], + "facts": [ + { + "src": { + "field": { + "struct": "Typed", + "field": "b" + } + }, + "dst": { + "field": { + "struct": "Typed", + "field": "a" + } + } + }, + { + "src": { + "return": { + "func": "typing1" + } + }, + "dst": { + "local": { + "name": "l" + } + } + }, + { + "src": { + "argument": { + "func": "typing", + "arg": 1 + } + }, + "dst": { + "argument": { + "func": "typing1", + "arg": 0 + } + } + }, + { + "src": { + "field": { + "struct": "Typed", + "field": "a" + } + }, + "dst": { + "argument": { + "func": "typing1", + "arg": 1 + } + } + }, + { + "src": { + "local": { + "name": "l" + } + }, + "dst": { + "field": { + "struct": "Typed", + "field": "c" + } + } + }, + { + "src": { + "local": { + "name": "l" + } + }, + "dst": { + "return": { + "func": "typing" + } + } } - }, - "dst": { - "local": { - "name": "l" - } - } - }, - { - "src": { - "local": { - "name": "l" - } - }, - "dst": { - "return": { - "func": "typing" - } - } + ] } ] }, { "name": "typing1", "file": "functions.c", - "loc": 1, - "facts": [ + "scopes": [ { - "src": { - "argument": { - "func": "typing1", - "arg": 0 + "arg": -1, + "loc": 1, + "facts": [ + { + "src": { + "argument": { + "func": "typing1", + "arg": 0 + } + }, + "dst": { + "return": { + "func": "typing1" + } + } } - }, - "dst": { - "return": { - "func": "typing1" - } - } + ] } ] } diff --git a/tools/syz-declextract/testdata/include/fs.h b/tools/syz-declextract/testdata/include/fs.h index a5c838595..33782d1ee 100644 --- a/tools/syz-declextract/testdata/include/fs.h +++ b/tools/syz-declextract/testdata/include/fs.h @@ -7,6 +7,11 @@ struct file_operations { void (*write)(void); void (*read_iter)(void); void (*write_iter)(void); - void (*unlocked_ioctl)(unsigned int); + void (*unlocked_ioctl)(void*, unsigned int, unsigned long); void (*mmap)(void); }; + +int alloc_fd(); +void __fget_light(int fd); +int from_kuid(); + diff --git a/tools/syz-declextract/testdata/include/uapi/file_operations.h b/tools/syz-declextract/testdata/include/uapi/file_operations.h index 6a2a8d259..f81d6886d 100644 --- a/tools/syz-declextract/testdata/include/uapi/file_operations.h +++ b/tools/syz-declextract/testdata/include/uapi/file_operations.h @@ -8,6 +8,10 @@ #define FOO_IOCTL3 _IOR('c', 3, struct foo_ioctl_arg) #define FOO_IOCTL4 _IOW('c', 4, struct foo_ioctl_arg) #define FOO_IOCTL5 _IOWR('c', 5, struct foo_ioctl_arg) +#define FOO_IOCTL6 _IO('c', 6) +#define FOO_IOCTL7 _IO('c', 7) +#define FOO_IOCTL8 _IO('c', 8) +#define FOO_IOCTL9 _IO('c', 9) struct foo_ioctl_arg { int a, b; diff --git a/tools/syz-declextract/testdata/io_uring.c.json b/tools/syz-declextract/testdata/io_uring.c.json index da91ce1b6..60ac44818 100644 --- a/tools/syz-declextract/testdata/io_uring.c.json +++ b/tools/syz-declextract/testdata/io_uring.c.json @@ -2,31 +2,66 @@ "functions": [ { "name": "io_eopnotsupp_prep", - "file": "io_uring.c" + "file": "io_uring.c", + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "io_nop", - "file": "io_uring.c" + "file": "io_uring.c", + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "io_nop_prep", - "file": "io_uring.c" + "file": "io_uring.c", + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "io_read", - "file": "io_uring.c" + "file": "io_uring.c", + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "io_readv_prep", - "file": "io_uring.c" + "file": "io_uring.c", + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "io_write", - "file": "io_uring.c" + "file": "io_uring.c", + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "io_writev_prep", - "file": "io_uring.c" + "file": "io_uring.c", + "scopes": [ + { + "arg": -1 + } + ] } ], "consts": [ diff --git a/tools/syz-declextract/testdata/netlink.c.json b/tools/syz-declextract/testdata/netlink.c.json index 35b2a79b5..9571730f7 100644 --- a/tools/syz-declextract/testdata/netlink.c.json +++ b/tools/syz-declextract/testdata/netlink.c.json @@ -4,37 +4,72 @@ "name": "atomic_load32", "file": "include/types.h", "is_static": true, - "loc": 1 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] }, { "name": "atomic_load64", "file": "include/types.h", - "loc": 1 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] }, { "name": "bar_cmd", "file": "netlink.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "bar_doit", "file": "netlink.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "bar_post_doit", "file": "netlink.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "bar_pre_doit", "file": "netlink.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] }, { "name": "foo_cmd", "file": "netlink.c", - "is_static": true + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] } ], "consts": [ diff --git a/tools/syz-declextract/testdata/scopes.c b/tools/syz-declextract/testdata/scopes.c new file mode 100644 index 000000000..56c1638d1 --- /dev/null +++ b/tools/syz-declextract/testdata/scopes.c @@ -0,0 +1,30 @@ +// Copyright 2024 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +#include "include/fs.h" +#include "include/syscall.h" +#include "include/uapi/file_operations.h" + +SYSCALL_DEFINE1(scopes0, int x, long cmd, long aux) { + int tmp = 0; + __fget_light(aux); + switch (cmd) { + case FOO_IOCTL1: + __fget_light(x); + break; + case FOO_IOCTL2: + case FOO_IOCTL3: + tmp = alloc_fd(); + return tmp; + case FOO_IOCTL4 ... FOO_IOCTL4 + 2: + tmp++; + break; + case 100 ... 102: + tmp++; + break; + default: + tmp = cmd; + break; + } + return tmp; +} diff --git a/tools/syz-declextract/testdata/scopes.c.info b/tools/syz-declextract/testdata/scopes.c.info new file mode 100644 index 000000000..f3a8f9cf3 --- /dev/null +++ b/tools/syz-declextract/testdata/scopes.c.info @@ -0,0 +1 @@ +SYSCALL scopes0 func:__do_sys_scopes0 loc:20 access:unknown manual_desc:false auto_desc:true file:scopes.c subsystem:kernel diff --git a/tools/syz-declextract/testdata/scopes.c.json b/tools/syz-declextract/testdata/scopes.c.json new file mode 100644 index 000000000..2a497dbe1 --- /dev/null +++ b/tools/syz-declextract/testdata/scopes.c.json @@ -0,0 +1,286 @@ +{ + "functions": [ + { + "name": "__do_sys_scopes0", + "file": "scopes.c", + "scopes": [ + { + "arg": -1, + "loc": 4, + "calls": [ + "__fget_light" + ], + "facts": [ + { + "src": { + "argument": { + "func": "__do_sys_scopes0", + "arg": 2 + } + }, + "dst": { + "argument": { + "func": "__fget_light", + "arg": 0 + } + } + }, + { + "src": { + "local": { + "name": "tmp" + } + }, + "dst": { + "return": { + "func": "__do_sys_scopes0" + } + } + } + ] + }, + { + "arg": 1, + "values": [ + "FOO_IOCTL1" + ], + "loc": 3, + "calls": [ + "__fget_light" + ], + "facts": [ + { + "src": { + "argument": { + "func": "__do_sys_scopes0", + "arg": 0 + } + }, + "dst": { + "argument": { + "func": "__fget_light", + "arg": 0 + } + } + } + ] + }, + { + "arg": 1, + "values": [ + "FOO_IOCTL2", + "FOO_IOCTL3" + ], + "loc": 4, + "calls": [ + "alloc_fd" + ], + "facts": [ + { + "src": { + "return": { + "func": "alloc_fd" + } + }, + "dst": { + "local": { + "name": "tmp" + } + } + }, + { + "src": { + "local": { + "name": "tmp" + } + }, + "dst": { + "return": { + "func": "__do_sys_scopes0" + } + } + } + ] + }, + { + "arg": 1, + "values": [ + "FOO_IOCTL4", + "1074291461", + "1074291462" + ], + "loc": 3 + }, + { + "arg": 1, + "values": [ + "100", + "101", + "102" + ], + "loc": 3 + }, + { + "arg": 1, + "loc": 3, + "facts": [ + { + "src": { + "argument": { + "func": "__do_sys_scopes0", + "arg": 1 + } + }, + "dst": { + "local": { + "name": "tmp" + } + } + } + ] + } + ] + } + ], + "consts": [ + { + "name": "FOO_IOCTL1", + "filename": "include/uapi/file_operations.h", + "value": 25345 + }, + { + "name": "FOO_IOCTL2", + "filename": "include/uapi/file_operations.h", + "value": 2147771138 + }, + { + "name": "FOO_IOCTL3", + "filename": "include/uapi/file_operations.h", + "value": 2148033283 + }, + { + "name": "FOO_IOCTL4", + "filename": "include/uapi/file_operations.h", + "value": 1074291460 + } + ], + "structs": [ + { + "name": "foo_ioctl_arg", + "byte_size": 8, + "align": 4, + "fields": [ + { + "name": "a", + "counted_by": -1, + "type": { + "int": { + "byte_size": 4, + "name": "int", + "base": "int" + } + } + }, + { + "name": "b", + "counted_by": -1, + "type": { + "int": { + "byte_size": 4, + "name": "int", + "base": "int" + } + } + } + ] + } + ], + "syscalls": [ + { + "func": "__do_sys_scopes0", + "args": [ + { + "name": "x", + "counted_by": -1, + "type": { + "int": { + "byte_size": 4, + "name": "int", + "base": "int" + } + } + }, + { + "name": "cmd", + "counted_by": -1, + "type": { + "int": { + "byte_size": 8, + "name": "long", + "base": "long" + } + } + }, + { + "name": "aux", + "counted_by": -1, + "type": { + "int": { + "byte_size": 8, + "name": "long", + "base": "long" + } + } + } + ], + "source_file": "scopes.c" + } + ], + "ioctls": [ + { + "name": "FOO_IOCTL1", + "type": { + "int": { + "byte_size": 1, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL2", + "type": { + "ptr": { + "elem": { + "int": { + "byte_size": 4, + "name": "int", + "base": "int" + } + }, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL3", + "type": { + "ptr": { + "elem": { + "struct": "foo_ioctl_arg" + }, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL4", + "type": { + "ptr": { + "elem": { + "struct": "foo_ioctl_arg" + } + } + } + } + ] +}
\ No newline at end of file diff --git a/tools/syz-declextract/testdata/scopes.c.txt b/tools/syz-declextract/testdata/scopes.c.txt new file mode 100644 index 000000000..aec7f7f2d --- /dev/null +++ b/tools/syz-declextract/testdata/scopes.c.txt @@ -0,0 +1,7 @@ +# Code generated by syz-declextract. DO NOT EDIT. + +meta automatic + +type auto_todo int8 + +scopes0$auto(x int32, cmd intptr, aux intptr) diff --git a/tools/syz-declextract/testdata/syscall.c.json b/tools/syz-declextract/testdata/syscall.c.json index 735ac7dc9..4e466a3ae 100644 --- a/tools/syz-declextract/testdata/syscall.c.json +++ b/tools/syz-declextract/testdata/syscall.c.json @@ -3,12 +3,22 @@ { "name": "__do_sys_chmod", "file": "syscall.c", - "loc": 1 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] }, { "name": "__do_sys_open", "file": "syscall.c", - "loc": 1 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] } ], "syscalls": [ diff --git a/tools/syz-declextract/testdata/types.c.info b/tools/syz-declextract/testdata/types.c.info index ac9903fbe..7c4e66ca1 100644 --- a/tools/syz-declextract/testdata/types.c.info +++ b/tools/syz-declextract/testdata/types.c.info @@ -1,2 +1,2 @@ SYSCALL align_syscall func:__do_sys_align_syscall loc:1 access:unknown manual_desc:false auto_desc:true file:types.c subsystem:kernel -SYSCALL types_syscall func:__do_sys_types_syscall loc:2 access:unknown manual_desc:false auto_desc:true file:types.c subsystem:kernel +SYSCALL types_syscall func:__do_sys_types_syscall loc:1 access:unknown manual_desc:false auto_desc:true file:types.c subsystem:kernel diff --git a/tools/syz-declextract/testdata/types.c.json b/tools/syz-declextract/testdata/types.c.json index 6c479dffb..90d3be2a9 100644 --- a/tools/syz-declextract/testdata/types.c.json +++ b/tools/syz-declextract/testdata/types.c.json @@ -3,115 +3,130 @@ { "name": "__do_sys_align_syscall", "file": "types.c", - "loc": 1 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] }, { "name": "__do_sys_types_syscall", "file": "types.c", - "loc": 2 + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] }, { "name": "anon_flow", "file": "types.c", - "loc": 8, - "facts": [ - { - "src": { - "argument": { - "func": "anon_flow", - "arg": 0 - } - }, - "dst": { - "field": { - "struct": "11253655576479126316", - "field": "x" - } - } - }, - { - "src": { - "argument": { - "func": "anon_flow", - "arg": 0 - } - }, - "dst": { - "field": { - "struct": "11253655576479126318", - "field": "y" - } - } - }, - { - "src": { - "argument": { - "func": "anon_flow", - "arg": 0 - } - }, - "dst": { - "field": { - "struct": "11253655576479126319", - "field": "w" - } - } - }, - { - "src": { - "argument": { - "func": "anon_flow", - "arg": 0 - } - }, - "dst": { - "field": { - "struct": "11253655576479126309", - "field": "f" - } - } - }, - { - "src": { - "argument": { - "func": "anon_flow", - "arg": 0 - } - }, - "dst": { - "field": { - "struct": "11253655576479126322", - "field": "a" - } - } - }, - { - "src": { - "argument": { - "func": "anon_flow", - "arg": 0 - } - }, - "dst": { - "field": { - "struct": "11253655576479126323", - "field": "a" - } - } - }, - { - "src": { - "argument": { - "func": "anon_flow", - "arg": 0 - } - }, - "dst": { - "field": { - "struct": "11253655576479126324", - "field": "b" + "scopes": [ + { + "arg": -1, + "loc": 8, + "facts": [ + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126316", + "field": "x" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126318", + "field": "y" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126319", + "field": "w" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126309", + "field": "f" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126322", + "field": "a" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126323", + "field": "a" + } + } + }, + { + "src": { + "argument": { + "func": "anon_flow", + "arg": 0 + } + }, + "dst": { + "field": { + "struct": "11253655576479126324", + "field": "b" + } + } } - } + ] } ] } |