From 8aaf5d60aa0b3ddb05e117f52c0e30ec246b7aad Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Fri, 17 Jan 2025 10:39:49 +0100
Subject: tools/syz-declextract: support function scopes

Extract info about function scopes formed by switch'es on function arguments.
For example if we have:

void foo(..., int cmd, ...)
{
  ...
  switch (cmd) {
  case FOO:
    ... block 1 ...
  case BAR:
    ... block 2 ...
  }
  ...
}

We record that any data flow within block 1 is only relevant
when foo's arg cmd has value FOO, similarly for block 2 and BAR.

This allows to do 3 things:
1. Locate ioctl commands that are switched on within transitively
   called functions.
2. Infer return value for each ioctl command.
3. Infer argument type when it's not specified in _IO macro.

This will also allow to infer other multiplexed syscalls.

Descriptions generated on Linux commit c4b9570cfb63501.
---
 pkg/declextract/declextract.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'pkg/declextract/declextract.go')

diff --git a/pkg/declextract/declextract.go b/pkg/declextract/declextract.go
index 16b2d6cca..fbd585389 100644
--- a/pkg/declextract/declextract.go
+++ b/pkg/declextract/declextract.go
@@ -34,6 +34,7 @@ func Run(out *Output, probe *ifaceprobe.Info, syscallRename map[string][]string,
 		syscallRename: syscallRename,
 		structs:       make(map[string]*Struct),
 		funcs:         make(map[string]*Function),
+		ioctls:        make(map[string]*Type),
 		facts:         make(map[string]*typingNode),
 		uniqualizer:   make(map[string]int),
 		debugTrace:    trace,
@@ -65,6 +66,7 @@ type context struct {
 	syscallRename map[string][]string // syscall function -> syscall names
 	structs       map[string]*Struct
 	funcs         map[string]*Function
+	ioctls        map[string]*Type
 	facts         map[string]*typingNode
 	includes      []string
 	defines       []define
@@ -137,11 +139,13 @@ func (ctx *context) processConsts() map[string]string {
 	ctx.includes = append([]string{
 		"vdso/bits.h",
 		"linux/types.h",
+		"linux/usbdevice_fs.h", // to fix broken include/uapi/linux/usbdevice_fs.h
 		"net/netlink.h",
 	}, ctx.includes...)
 	// Also pretend they are used.
 	includeUse["__NR_read"] = "vdso/bits.h"
 	includeUse["__NR_write"] = "linux/types.h"
+	includeUse["__NR_openat"] = "linux/usbdevice_fs.h"
 	includeUse["__NR_close"] = "net/netlink.h"
 	return includeUse
 }
-- 
cgit mrf-deployment