| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
syz-declextract accumulated a bunch of code health problems
so that now it's hard to change/extend it, lots of new features
can only be added in in hacky ways and cause lots of code duplication.
It's also completly untested. Rewrite the tool to:
- move as much code as possible to Go (working with the clang tool
is painful for a number of reasons)
- allow testing and add unit tests (first layer of tests test
what information is produced by the clang tool, second layer
of tests test how that information is transformed to descriptions)
- allow extending the clang tool output to export arbitrary info
in non-hacky way (now it produces arbitrary JSON instead of a mix
of incomplete descriptions and interfaces)
- remove code duplication in the clang tool and provide common
infrastructure to add new analysis w/o causing more duplication
- provide more convinient primitives in the clang tool
- improve code style consistency and stick to the LLVM code style
(in particular, variable names must start with a capital letter,
single-statement blocks are not surrounded with {})
- remove intermixing of code that works on different levels
(currently we have AST analysis + busness logic + printfs
all intermixed with each other)
- provide several helper Go packages for better code structuring
(e.g. pkg/clangtool just runs the tool on source files in parallel
and returns results, this already separates a bunch of low-level
logic from the rest of the code under a simple abstraction)
I've tried to make the output match the current output as much as possible
so that the diff is managable (in some cases at the cost of code quality,
this should be fixed in future commits). There are still some differences,
but hopefully they are managable for review (more includes/defines,
reordered some netlink attributes).
Fixed minor bugs are fixed along the way, but mostly NFC:
1. Some unions were incorrectly emitted as [varlen]
(C unions are never varlen).
2. Only a of [packed], [align[N]] attributes was emitted
for struct (both couldn't be emitted).
|
| |
|
|
| |
They can clash with our manual flags names.
|
| | |
|
| |
|
|
| |
These are not accepted as inputs (NLA_REJECT is usually used in dump operation).
|
| | |
|
| |
|
|
|
|
|
| |
Allow to specialize "intptr".
Pass isSyscallParam to int*Subtype b/c if they need to return const/flags,
they will need isSyscallParam.
Move makeConst/Flags/etc to before int*Subtype b/c they may need to use them.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove const/volatile qualifiers from types before generating name.
Currently for some kernel I am getting this otherwise:
const sigset_t$auto_record {
sig intptr
}
__aio_sigset$auto_record {
sigmask ptr[in, const sigset_t$auto_record]
sigsetsize intptr
}
|
| | |
|
| |
|
|
|
| |
If flags is a struct field, it needs base type.
Add the base type.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Extracting declaration name is trickier than removing casts.
If the initialized type is a union, then the expression may
also contain InitListExpr and other nodes.
Remove all of them in a more robust way.
|
| | |
|
| | |
|
| |
|
|
| |
For now for netlink only.
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently we have a number of hacks to deal with unused bits:
- remove some netlink syscalls if no policy union present
- generate the huge union for unused policies
- manually remove 1 struct
But we still got more unused structs after recent changes.
Properly remove all unused bits using the compiler knowledge.
This is both simpler and more reliable.
|
| | |
|
| |
|
|
|
| |
Factor it out into a easier to use function,
and improve encapsulation.
|
| | |
|
| |
|
|
|
| |
Move AST matcher setup to each interface extractor.
This keeps related things together.
|
| |
|
|
|
|
|
|
| |
Produce both descriptions and interface list in one run
(it's slow, we don't want/need to run the tool twice).
Produce output in json format.
Later we will add more properties, and will do more processing of the list.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
final descriptions
Minimal descriptions are netlink commands and syscall names, while final descriptions are complete syzkaller
descriptions.
|
| | |
|
| | |
|
| |
|
|
|
| |
Introduce generic methods that can be used to extract structs and use them on Netlink policies to extract structs from
the len field.
|
| |
|
|
|
|
|
| |
NLA policy type field is now treated as an expression and then translated into an NLA type. Previously, it was treated
as a simple Enum, which was not always the case. This makes for much better type extraction. Fields `len` and `name` are
now used to better specify the type, for example NLA_BINARY of len 8 is an array[int8, 0:8]. And a policy that ends with
NS_FD is an fd_namespace.
|
| |
|
|
|
| |
Split the Matcher into two classes for system calls and netlinks. Made the system call extraction more robust by
avoiding using constants and extracting their values instead.
|
| |
|
|
|
| |
Extract genl_family and generate descriptions based on the attached policies and commands.
Fix Issue with the go tool where the clang tool would fail and remain undetected.
|
| |
|
|
| |
modify syz-declextract to extract information about netlinks and generate descriptions
|
| |
|
|
|
|
|
|
|
| |
and filter syscalls based on architectures
Start generating descriptions directly in syz-declextract. Automatically generated descriptions are marked with "auto"
attribute and parameter names are changed if they use a reserved keyword. By default, all parameters are of type intptr;
This is intended to change later. "run" now produces deterministic output and filters system calls to only allow ones
supported by syzkaller supported architectures, and renames any system calls that need to be renamed.
|
| |
|
|
|
|
| |
compilation database
Run multiple instances of syz-declextract only on files specifed by a compilation database.
|
| |
|
|
|
| |
Clang tool that uses AST matchers to extract relevant metadata about Linux system calls. The tool is to be extended
later to support more interfaces, collect more relevant metadata and to automatically generate syzkaller descriptions
|
| |
|
