From c756ba4e975097bf74b952367e2cd1a8db466c69 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Mon, 2 Dec 2024 10:57:36 +0100 Subject: tools/syz-declextract: extract file_operations descriptions Extend the clang tool to locate file_operations variables and arrays and dump open/read/write/mmap/ioctl callbacks for each. It also tries to extract set of ioctl commands and argument types for them in a simple best-effort way (for now). It just locates switch in the ioctl callback and extracts each case as a command. --- tools/syz-declextract/testdata/file_operations.c | 45 ++++++++ .../testdata/file_operations.c.info | 0 .../testdata/file_operations.c.json | 118 +++++++++++++++++++++ .../syz-declextract/testdata/file_operations.c.txt | 10 ++ tools/syz-declextract/testdata/include/fs.h | 12 +++ .../testdata/include/uapi/file_operations.h | 14 +++ .../syz-declextract/testdata/include/uapi/ioctl.h | 24 +++++ 7 files changed, 223 insertions(+) create mode 100644 tools/syz-declextract/testdata/file_operations.c create mode 100644 tools/syz-declextract/testdata/file_operations.c.info create mode 100644 tools/syz-declextract/testdata/file_operations.c.json create mode 100644 tools/syz-declextract/testdata/file_operations.c.txt create mode 100644 tools/syz-declextract/testdata/include/fs.h create mode 100644 tools/syz-declextract/testdata/include/uapi/file_operations.h create mode 100644 tools/syz-declextract/testdata/include/uapi/ioctl.h (limited to 'tools/syz-declextract/testdata') diff --git a/tools/syz-declextract/testdata/file_operations.c b/tools/syz-declextract/testdata/file_operations.c new file mode 100644 index 000000000..04d548f98 --- /dev/null +++ b/tools/syz-declextract/testdata/file_operations.c @@ -0,0 +1,45 @@ +// Copyright 2024 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +#include "include/fs.h" +#include "include/uapi/file_operations.h" + +static void foo_open() {} +static void foo_read() {} +static void foo_write() {} +static void foo_mmap() {} + +static void foo_ioctl(unsigned int cmd) { + switch (cmd) { + case FOO_IOCTL1: + case FOO_IOCTL2: + case FOO_IOCTL3: + case FOO_IOCTL4: + case FOO_IOCTL5: + } +} + +const struct file_operations foo = { + .open = foo_open, + .read = foo_read, + .write = foo_write, + .unlocked_ioctl = foo_ioctl, + .mmap = foo_mmap, +}; + +static void proc_open() {} +static void proc_read() {} +static void proc_write() {} +static void proc_ioctl(unsigned int cmd) {} + +const struct file_operations proc_ops[] = { + { + .open = proc_open, + .read_iter = proc_read, + .write_iter = proc_write, + }, + { + .open = proc_open, + .unlocked_ioctl = proc_ioctl, + }, +}; diff --git a/tools/syz-declextract/testdata/file_operations.c.info b/tools/syz-declextract/testdata/file_operations.c.info new file mode 100644 index 000000000..e69de29bb diff --git a/tools/syz-declextract/testdata/file_operations.c.json b/tools/syz-declextract/testdata/file_operations.c.json new file mode 100644 index 000000000..e5ddad2b2 --- /dev/null +++ b/tools/syz-declextract/testdata/file_operations.c.json @@ -0,0 +1,118 @@ +{ + "includes": [ + "include/uapi/file_operations.h" + ], + "structs": [ + { + "name": "foo_ioctl_arg", + "byte_size": 8, + "fields": [ + { + "name": "a", + "counted_by": -1, + "type": { + "int": { + "byte_size": 4, + "name": "int", + "base": "int" + } + } + }, + { + "name": "b", + "counted_by": -1, + "type": { + "int": { + "byte_size": 4, + "name": "int", + "base": "int" + } + } + } + ] + } + ], + "file_ops": [ + { + "name": "foo_file_operations", + "open": "foo_open", + "read": "foo_read", + "write": "foo_write", + "mmap": "foo_mmap", + "ioctl": "foo_ioctl", + "ioctl_cmds": [ + { + "name": "FOO_IOCTL5", + "type": { + "ptr": { + "elem": { + "struct": "foo_ioctl_arg" + } + } + } + }, + { + "name": "FOO_IOCTL4", + "type": { + "ptr": { + "elem": { + "struct": "foo_ioctl_arg" + } + } + } + }, + { + "name": "FOO_IOCTL3", + "type": { + "ptr": { + "elem": { + "struct": "foo_ioctl_arg" + }, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL2", + "type": { + "ptr": { + "elem": { + "int": { + "byte_size": 4, + "name": "int", + "base": "int" + } + }, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL1", + "type": { + "int": { + "byte_size": 1, + "is_const": true + } + } + } + ], + "source_file": "file_operations.c" + }, + { + "name": "proc_ops_file_operations", + "open": "proc_open", + "read": "proc_read", + "write": "proc_write", + "mmap": "proc_open", + "source_file": "file_operations.c" + }, + { + "name": "proc_ops_file_operations1", + "open": "proc_open", + "mmap": "proc_open", + "ioctl": "proc_ioctl", + "source_file": "file_operations.c" + } + ] +} \ No newline at end of file diff --git a/tools/syz-declextract/testdata/file_operations.c.txt b/tools/syz-declextract/testdata/file_operations.c.txt new file mode 100644 index 000000000..f2fb3ed1c --- /dev/null +++ b/tools/syz-declextract/testdata/file_operations.c.txt @@ -0,0 +1,10 @@ +# Code generated by syz-declextract. DO NOT EDIT. + +meta automatic + +type auto_todo intptr + +include +include +include +include diff --git a/tools/syz-declextract/testdata/include/fs.h b/tools/syz-declextract/testdata/include/fs.h new file mode 100644 index 000000000..a5c838595 --- /dev/null +++ b/tools/syz-declextract/testdata/include/fs.h @@ -0,0 +1,12 @@ +// Copyright 2024 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +struct file_operations { + void (*open)(void); + void (*read)(void); + void (*write)(void); + void (*read_iter)(void); + void (*write_iter)(void); + void (*unlocked_ioctl)(unsigned int); + void (*mmap)(void); +}; diff --git a/tools/syz-declextract/testdata/include/uapi/file_operations.h b/tools/syz-declextract/testdata/include/uapi/file_operations.h new file mode 100644 index 000000000..6a2a8d259 --- /dev/null +++ b/tools/syz-declextract/testdata/include/uapi/file_operations.h @@ -0,0 +1,14 @@ +// Copyright 2024 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +#include "ioctl.h" + +#define FOO_IOCTL1 _IO('c', 1) +#define FOO_IOCTL2 _IOR('c', 2, int) +#define FOO_IOCTL3 _IOR('c', 3, struct foo_ioctl_arg) +#define FOO_IOCTL4 _IOW('c', 4, struct foo_ioctl_arg) +#define FOO_IOCTL5 _IOWR('c', 5, struct foo_ioctl_arg) + +struct foo_ioctl_arg { + int a, b; +}; diff --git a/tools/syz-declextract/testdata/include/uapi/ioctl.h b/tools/syz-declextract/testdata/include/uapi/ioctl.h new file mode 100644 index 000000000..fae14a74e --- /dev/null +++ b/tools/syz-declextract/testdata/include/uapi/ioctl.h @@ -0,0 +1,24 @@ +// Copyright 2024 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +#define _IOC_NONE 0U +#define _IOC_WRITE 1U +#define _IOC_READ 2U + +#define _IOC_NRBITS 8 +#define _IOC_TYPEBITS 8 +#define _IOC_SIZEBITS 14 +#define _IOC_DIRBITS 2 + +#define _IOC_NRSHIFT 0 +#define _IOC_TYPESHIFT (_IOC_NRSHIFT+_IOC_NRBITS) +#define _IOC_SIZESHIFT (_IOC_TYPESHIFT+_IOC_TYPEBITS) +#define _IOC_DIRSHIFT (_IOC_SIZESHIFT+_IOC_SIZEBITS) + +#define _IOC(dir, type, nr, size) (((dir) << _IOC_DIRSHIFT) | ((type) << _IOC_TYPESHIFT) | \ + ((nr) << _IOC_NRSHIFT) | ((size) << _IOC_SIZESHIFT)) + +#define _IO(type, nr) _IOC(_IOC_NONE, (type), (nr), 0) +#define _IOR(type, nr, arg) _IOC(_IOC_READ, (type), (nr), (sizeof(arg))) +#define _IOW(type, nr, arg) _IOC(_IOC_WRITE, (type), (nr), (sizeof(arg))) +#define _IOWR(type, nr, arg) _IOC(_IOC_READ|_IOC_WRITE, (type), (nr), (sizeof(arg))) -- cgit mrf-deployment