| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Run make extract on next-20251111.
|
| |
|
|
|
|
| |
Add open callback if there are no other unique callbacks.
This happens for e.g. seq files which only have unique open,
while read is a common seq_read callback.
|
| |
|
|
|
|
| |
Export each syscall variant (e.g. fcnt$*) as a separate interface.
Effectively these are separate syscalls. We will want this for
ioctl as well (it's not 1 interface).
|
| |
|
|
| |
Update auto.txt and consts on v6.15-rc1.
|
| |
|
|
|
|
|
| |
This commit removes CRYPTO_ALG_TYPE_COMPRESS from socket_alg.txt since
it was recently removed from the kernel source tree
(fce8b8d crypto: remove obsolete 'comp' compression API). It also
updates a number of other consts that make extract detected.
|
| |
|
|
|
|
|
|
| |
Use function scope information extracted in the previous commit
to infer multiplexed syscalls (fcntl, prctl, ...) and infer
their arguments.
Descriptions generated on Linux commit c4b9570cfb63501.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extract info about function scopes formed by switch'es on function arguments.
For example if we have:
void foo(..., int cmd, ...)
{
...
switch (cmd) {
case FOO:
... block 1 ...
case BAR:
... block 2 ...
}
...
}
We record that any data flow within block 1 is only relevant
when foo's arg cmd has value FOO, similarly for block 2 and BAR.
This allows to do 3 things:
1. Locate ioctl commands that are switched on within transitively
called functions.
2. Infer return value for each ioctl command.
3. Infer argument type when it's not specified in _IO macro.
This will also allow to infer other multiplexed syscalls.
Descriptions generated on Linux commit c4b9570cfb63501.
|
| |
|
|
|
|
|
|
|
|
| |
This is nice on its own, but this will also help to prevent
lots of problems when we export more info from the clang tool in future.
The clang tool does not know what will end up in the final descriptions,
so it exports info about all consts that it encounters.
As the result we pull in lots of includes/defines, and lots of kernel
includes/defines are broken or create problems.
So the fewer we have, the better.
|
| |
|
|
|
|
|
|
| |
Emit descriptions for special files in /dev, /sys, /proc, and ./.
pkg/declextract combines file_operations info produced by the clang tool
with the dynamic probing info produced by pkg/ifaceprobe in order
to produce complete descriptions for special files.
|
| |
|
|
| |
Emit families w/o policy, emit duplicate commands.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
syz-declextract accumulated a bunch of code health problems
so that now it's hard to change/extend it, lots of new features
can only be added in in hacky ways and cause lots of code duplication.
It's also completly untested. Rewrite the tool to:
- move as much code as possible to Go (working with the clang tool
is painful for a number of reasons)
- allow testing and add unit tests (first layer of tests test
what information is produced by the clang tool, second layer
of tests test how that information is transformed to descriptions)
- allow extending the clang tool output to export arbitrary info
in non-hacky way (now it produces arbitrary JSON instead of a mix
of incomplete descriptions and interfaces)
- remove code duplication in the clang tool and provide common
infrastructure to add new analysis w/o causing more duplication
- provide more convinient primitives in the clang tool
- improve code style consistency and stick to the LLVM code style
(in particular, variable names must start with a capital letter,
single-statement blocks are not surrounded with {})
- remove intermixing of code that works on different levels
(currently we have AST analysis + busness logic + printfs
all intermixed with each other)
- provide several helper Go packages for better code structuring
(e.g. pkg/clangtool just runs the tool on source files in parallel
and returns results, this already separates a bunch of low-level
logic from the rest of the code under a simple abstraction)
I've tried to make the output match the current output as much as possible
so that the diff is managable (in some cases at the cost of code quality,
this should be fixed in future commits). There are still some differences,
but hopefully they are managable for review (more includes/defines,
reordered some netlink attributes).
Fixed minor bugs are fixed along the way, but mostly NFC:
1. Some unions were incorrectly emitted as [varlen]
(C unions are never varlen).
2. Only a of [packed], [align[N]] attributes was emitted
for struct (both couldn't be emitted).
|
| |
|
|
|
|
|
| |
Update to upstream commit 228a1157fb9f.
VFIO_TYPE1_NESTING_IOMMU const was removed in 35890f85573c.
Remove it from descriptions.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
We already do this in most cases except for template structs (nlattr notably).
Add consts that are used in template structs to all files that use them.
This helps to avoid flakiness, and allows to replace descriptions files
with other descriptions files without regenerating all const files.
This also fixes check for presence of descriptions for sys/linux/auto.txt.json.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Currently syscall selection is non-deterministic and we frequently
choose wrond ones. This leads to flaky argument names/types,
and wrong argument types (e.g. int16 instead of uid,
old_utimbuf32 instead of utimbuf, etc).
Make syscall selection robust and correct.
|
| |
|
|
| |
Regenerate descriptions on kernel commit 715ca9dd687f89ddaac8ec8ccb3b5e5a30311a99.
|
| |
|
|
| |
syz-declextract
|
| | |
|
| |
|
|
| |
Added the result of running syz-declextract. Added auto-manual.txt containing necessary manually written descriptions.
|
| |
|
|
| |
default config of the Linux kernel
|
|
|
and filter syscalls based on architectures
Start generating descriptions directly in syz-declextract. Automatically generated descriptions are marked with "auto"
attribute and parameter names are changed if they use a reserved keyword. By default, all parameters are of type intptr;
This is intended to change later. "run" now produces deterministic output and filters system calls to only allow ones
supported by syzkaller supported architectures, and renames any system calls that need to be renamed.
|
