| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
./tools/syz-env bin/golangci-lint run ./... --fix
|
| |
|
|
| |
New code will be limited to max 7 function params.
|
| |
|
|
|
|
|
|
|
|
| |
This is nice on its own, but this will also help to prevent
lots of problems when we export more info from the clang tool in future.
The clang tool does not know what will end up in the final descriptions,
so it exports info about all consts that it encounters.
As the result we pull in lots of includes/defines, and lots of kernel
includes/defines are broken or create problems.
So the fewer we have, the better.
|
| | |
|
| |
|
|
|
| |
Permit structs to recursively contain itself in arrays.
This is needed for netlink. Amusingly several netlink policies contain itself.
|
| |
|
|
|
|
|
|
|
| |
We already do this in most cases except for template structs (nlattr notably).
Add consts that are used in template structs to all files that use them.
This helps to avoid flakiness, and allows to replace descriptions files
with other descriptions files without regenerating all const files.
This also fixes check for presence of descriptions for sys/linux/auto.txt.json.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds support for using the value of constants in conditional
fields in addition to integers and flags. Intuitively, this probably
looks like it shouldn't be needed: constants are known so the condition
can be resolved ahead of time. It is however useful in the case of
templates (example in the next commit) where the type of a field may be
interchangeably an integer or a constant:
type example_t[TYPE] {
f1 TYPE
f2 int32 (if[value[f1] == 3])
}
type example1 example_t[int64]
type example2 example_t[const[0, int64]]
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
|
| |
|
|
| |
Fix for recurseField() pass that fails due to 'fmt' argument not having a type specifier, if used inside a structure.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit ed571339c6ff ("pkg/compiler: support if[expr] attributes") added
support for conditional fields in structs and unions. Conditions however
cannot refer to flags, as in the following example:
struct {
f0 flags[some_flags, int32]
f1 int32 (if[value[f0] & FLAG1])
} [packed]
It will fail to compile with:
flags does not refer to an integer
This commit adds support for that syntax.
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The expression may either include integers/consts or reference other
fields in the structure via value[field1:field2:field3].
The fields on this path must all belong to structures and must not have
any if conditions themselves.
For unions, mandate that the last field has no conditions (it will be
the default one).
For structs, convert conditional fields into fields of a union type of
the following form:
anonymous_union [
value T (if[expression])
void void
]
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Earlier only len[parent, T] was supported and meant the size of the
whole structure.
Logically, len[parent:b, T] should be equivalent to just len[b, T].
Let len[parent:parent:a, T] refer to the structure that encloses the
current one.
Support len fields inside unions.
|
| |
|
|
| |
Signed-off-by: cui fliter <imcusg@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the requirement that nested flags must be at the end of
the list of values. For example,
flags1 = 1, 2, 3, 4, flags2
flags2 cannot be moved to another position in the list. The goal is to
simplify parsing of the list by humans.
Enforcing that the nested flags be at the end (vs. the beginning) makes
things a bit easier for the parser. If we enforced that they should be
at the beginning, then the parser would need to look further forward to
determine if a flags definition is an integer flags or a string flags.
flags1 = flags2, flags3, flags4, 5, 6
In this example, the parser would need to look to the 4th value in the
list to tell that it's an integer flags.
Suggested-by: Aleksandr Nogikh <nogikh@google.com>
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
|
| |
|
|
|
|
|
|
| |
structFieldAttrs is filled with empty attrDesc structs and is never
changed at runtime. structFieldAttrs[X].CheckConsts is therefore
always nil.
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
|
| |
|
|
|
|
|
|
| |
Since both flags and consts can be used as type-options for integers, we
want to avoid ambiguity by preventing a flag and a const from having the
same name.
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds support for the following syntax:
int_flags = 1, 5, 8, 9
int32[int_flags]
which is equivalent to:
int_flags = 1, 5, 8, 9
flags[int_flags, int32]
The second int type argument, align, is not allowed if the first
argument is a flag. The compiler will also error if the first argument
appears to be a flag (is ident and has no colon), but can't be found in
the map of flags.
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Type args can currently have only one type of kindInt, kindIdent,
kindString, or kindAny. The descriptions are checked against expected
type arg kinds, with kindAny meaning that anything is allowed (often
restricted with custom checks).
Concretely, it means that in a description as follows, arg1 and arg2
can each take a single kind of values.
type[arg1, arg2]
This is limiting if we want arg1 to be able to take both an int or
flags. We thus need type args to support having mixed kinds. This
commit achieves this by turning the kind constants into bit flags.
This will be useful in a subsequent commit, but we can also already use
it for one existing type arg, the first of string types:
string[literal_or_flags, size]
literal_or_flags changes from kindAny to kindIdent|kindString and we can
remove the custom check that used to enforce this.
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
|
| |
|
|
|
|
|
|
| |
The problem mentioned in the previous commit is actually not only
ANY-specific, it's only by a happy coincidence that all our descriptions
already avoided such situations.
Enforce this rule at the compilation stage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We had a problem -- using inout ANYUNION leads to syzkaller generating
copyout instructions for fmt[X, resource] types.
Add a validation rule to detect this during tests.
Fix this by supporting (in) for union fields. Previously, all union
field direction attributes were banned as they were making things more
complicated.
The (in) attribute is definitely safe and allows for more flexibility.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
builtin
Create the `BufferCompressed` kind of `BufferType`, which will be used
to represent compressed data. Create the corresponding `compressed_image`
syzlang builtin, which is backed by `BufferCompressed`. For now, no
syscalls use this feature - this will be introduced in future commits.
We have to be careful to decompress the data before mutating, and
re-compress before storing. We make sure that any deserialised
`BufferCompressed` data is valid too.
`BufferCompressed` arguments are mutated using a generic heatmap. In
future, we could add variants of `BufferCompressed` or populate the
`BufferType` sub-kind, using it to choose different kinds of heatmap for
different uncompressed data formats.
Various operations on compressed data must be forbidden, so we check for
`BufferCompressed` in key places. We also have to ensure `compressed_image`
can only be used in syscalls that are marked `no_{generate,minimize}`.
Therefore, we add a generic compiler check which allows type
descriptions to require attributes on the syscalls which use them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a bunch of hacks in syz-extract, syz-sysgen and syz-check
with respect to description files unsupported on some arches,
or that must not be part of make extract.
Add 2 meta attribtues to files:
meta noextract
Tells `make extract` to not extract constants for this file.
Though, `syz-extract` can still be invoked manually on this file.
meta arches["arch1", "arch2"]
Restricts this file only to the given set of architectures.
`make extract` and ``make generate` will not use it on other architectures.
Later we can potentially use meta attributes to specify git tree/commit
that must be used for extraction. Maybe something else.
Fixes #2754
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Don't consider syscalls that return resources in unions/arrays as constructors.
Unions and arrays are problematic because we don't have directed generation
in prog.randGen.createResource() and can fail to generate a syscall that
returns a particular resource (generate a wrong union option that does not
contain the necessary resource). This leads to the following panics:
panic: failed to create a resource ifindex with ioctl$sock_SIOCGIFCONF
Require each resource to have a constructor syscall that returns the resource
outside of unions/arrays.
|
| |
|
|
| |
Add missing space before brackets.
|
| |
|
|
| |
These types in explict out fields is either unnecessary details or bugs in descriptions.
|
| |
|
|
|
|
| |
Direction attributes on unions work in a confusing way and don't do
what users may think they do. Now we have out_overlay attribute
for structs that allows to have overlapping input and output fields.
|
| | |
|
| |
|
|
|
|
|
|
| |
It's a somewhat common mistake to write comments instead of directives:
#include <foo>
#define FOO BAR
because that's how it's done in C.
Warn about such cases.
|
| |
|
|
|
| |
Fix another cases where recurion is finite but fan out factor is large,
so our recursion check would take 5^10 iterations to handle this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a bug found by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17240
We handled the case of infinite recursion in templates
but only if the full type name matches precisely (A -> B -> A).
In this case the name constantly changes due to different
template arguments. Per se this is a not an error
(and we have real cases that use this, e.g. when an nlattr_t
contains nested nlattr_t's), but it's an error if it recurses
infinitely. Restrict recursion on the same template to 10 levels.
|
| |
|
|
|
| |
Discovered by go-fuzz/OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27599
|
| |
|
|
|
|
| |
There is no point in having flags when values are equal.
This can only mean a typo or other bug. Check for such cases
and fix 3 existing precedents.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
If a resource is never used as an input, it is not useful.
It's effectively the same as using an integer.
Detect such cases, they are quite confusing.
Fix all existing errors in descriptions.
This uncovered some interesting bugs as well,
e.g. use of a completely unrelated fd subtype after copy-paste
(while the resource that was supposed to be used there is completely unused).
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Currently we have special support for each type of builtin node.
This is complex and does not scale (we may want other types in future).
Prepend the builtin descriptions to the user descriptions instead.
This requires a bit of special support, like not reporting
any builtin descriptions as unused, but otherwise much simpler and more flexible.
Does not produce any diff in generated descriptions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remvoe FieldName from Type and add a separate Field type
that holds field name. Use Field for struct fields, union options
and syscalls arguments, only these really have names.
Reduces size of sys/linux/gen/amd64.go from 5665583 to 5201321 (-8.2%).
Allows to not create new type for squashed any pointer.
But main advantages will follow, e.g. removing StructDesc,
using TypeRef in Arg, etc.
Update #1580
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having Dir is Type is handy, but forces us to duplicate lots of types.
E.g. if a struct is referenced as both in and out, then we need to
have 2 copies and 2 copies of structs/types it includes.
If also prevents us from having the struct type as struct identity
(because we can have up to 3 of them).
Revert to the old way we used to do it: propagate Dir as we walk
syscall arguments. This moves lots of dir passing from pkg/compiler
to prog package.
Now Arg contains the dir, so once we build the tree, we can use dirs
as before.
Reduces size of sys/linux/gen/amd64.go from 6058336 to 5661150 (-6.6%).
Update #1580
|
| |
|
|
|
|
| |
Add common infrastructure for syscall attributes.
Add few attributes we want, but they are not implemented for now
(don't affect behavior, this will follow).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introduce common infrastructure for describing and parsing attribute
instead of custom per-attribute code scattered across several locations.
Change align attribute syntax from the weird align_N to align[N].
This also allows to use literal constants as N.
Introduce notion of builtin constants.
Currently we have only PTR_SIZE, which is needed to replace
align_ptr with align[PTR_SIZE].
|
| |
|
|
|
| |
Move the const from the compiler.
In preparation for future changes.
|
| |
|
|
| |
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
|
|
|
|
|
|
| |
Without this fix, the compiler throws an error 'template argument BASE is
not used' for the following typedef.
type templ1[BASE] BASE
foo(a ptr[in, templ1[int64]])
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
|
|
|
|
|
| |
Currently we replace a template argument and then recurse
into the new type AST to see if there is more to replace.
If the description is buggy and the template argument
contains itself, then we will recurse infintiely trying
to replace it more and more.
Use post-order traversal when replacing template argument to fix this.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Similar to C offsetof gives offset of a field
from the beginning of the parent struct.
We have several TODOs in descriptions asking for this.
|
| |
|
|
| |
This allows to use len[syscall:arg] expressions.
|
