From 1aed810c86069f8b9b117ccccf083e98bf0da74c Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Tue, 8 Apr 2025 14:11:26 +0200 Subject: tools/syz-declextract: extend test data Add few interesting cases for scope analysis. Move functions related to resource to the header file, they must be visible in every file to work. --- .../testdata/file_operations.c.json | 32 ++++ tools/syz-declextract/testdata/functions.c | 12 +- tools/syz-declextract/testdata/functions.c.json | 9 +- tools/syz-declextract/testdata/include/fs.h | 12 +- tools/syz-declextract/testdata/scopes.c | 15 ++ tools/syz-declextract/testdata/scopes.c.info | 2 +- tools/syz-declextract/testdata/scopes.c.json | 174 +++++++++++++++++++++ tools/syz-declextract/testdata/scopes.c.txt | 22 +-- 8 files changed, 250 insertions(+), 28 deletions(-) (limited to 'tools') diff --git a/tools/syz-declextract/testdata/file_operations.c.json b/tools/syz-declextract/testdata/file_operations.c.json index e7dfd31f6..dd0415fd2 100644 --- a/tools/syz-declextract/testdata/file_operations.c.json +++ b/tools/syz-declextract/testdata/file_operations.c.json @@ -1,5 +1,26 @@ { "functions": [ + { + "name": "__fget_light", + "file": "include/fs.h", + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] + }, + { + "name": "alloc_fd", + "file": "include/fs.h", + "is_static": true, + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] + }, { "name": "foo_ioctl", "file": "file_operations.c", @@ -114,6 +135,17 @@ } ] }, + { + "name": "from_kuid", + "file": "include/fs.h", + "is_static": true, + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] + }, { "name": "proc_ioctl", "file": "file_operations.c", diff --git a/tools/syz-declextract/testdata/functions.c b/tools/syz-declextract/testdata/functions.c index fd06fb455..30e544702 100644 --- a/tools/syz-declextract/testdata/functions.c +++ b/tools/syz-declextract/testdata/functions.c @@ -1,6 +1,7 @@ // Copyright 2024 syzkaller project authors. All rights reserved. // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. +#include "include/fs.h" #include "include/types.h" #include "include/syscall.h" @@ -11,17 +12,6 @@ static void func_bar() { func_foo(); } -int alloc_fd() { - return 1; -} - -void __fget_light(int fd) { -} - -int from_kuid() { - return 1; -} - int func_baz(int f) { func_foo(); if (f) diff --git a/tools/syz-declextract/testdata/functions.c.json b/tools/syz-declextract/testdata/functions.c.json index ecb95affc..6d636233e 100644 --- a/tools/syz-declextract/testdata/functions.c.json +++ b/tools/syz-declextract/testdata/functions.c.json @@ -44,7 +44,8 @@ }, { "name": "__fget_light", - "file": "functions.c", + "file": "include/fs.h", + "is_static": true, "scopes": [ { "arg": -1 @@ -53,7 +54,8 @@ }, { "name": "alloc_fd", - "file": "functions.c", + "file": "include/fs.h", + "is_static": true, "scopes": [ { "arg": -1, @@ -84,7 +86,8 @@ }, { "name": "from_kuid", - "file": "functions.c", + "file": "include/fs.h", + "is_static": true, "scopes": [ { "arg": -1, diff --git a/tools/syz-declextract/testdata/include/fs.h b/tools/syz-declextract/testdata/include/fs.h index 33782d1ee..b4eba0bd7 100644 --- a/tools/syz-declextract/testdata/include/fs.h +++ b/tools/syz-declextract/testdata/include/fs.h @@ -11,7 +11,13 @@ struct file_operations { void (*mmap)(void); }; -int alloc_fd(); -void __fget_light(int fd); -int from_kuid(); +static int alloc_fd() { + return 1; +} +static void __fget_light(int fd) { +} + +static int from_kuid() { + return 1; +} diff --git a/tools/syz-declextract/testdata/scopes.c b/tools/syz-declextract/testdata/scopes.c index 56c1638d1..d53ca391d 100644 --- a/tools/syz-declextract/testdata/scopes.c +++ b/tools/syz-declextract/testdata/scopes.c @@ -5,6 +5,17 @@ #include "include/syscall.h" #include "include/uapi/file_operations.h" +static int scopes_helper(long cmd, long aux) { + switch (cmd) { + case FOO_IOCTL7: + return alloc_fd(); + case FOO_IOCTL8: + __fget_light(aux); + break; + } + return 0; +} + SYSCALL_DEFINE1(scopes0, int x, long cmd, long aux) { int tmp = 0; __fget_light(aux); @@ -19,6 +30,10 @@ SYSCALL_DEFINE1(scopes0, int x, long cmd, long aux) { case FOO_IOCTL4 ... FOO_IOCTL4 + 2: tmp++; break; + case FOO_IOCTL7: + case FOO_IOCTL8: + tmp = scopes_helper(cmd, x); + break; case 100 ... 102: tmp++; break; diff --git a/tools/syz-declextract/testdata/scopes.c.info b/tools/syz-declextract/testdata/scopes.c.info index f3a8f9cf3..8f18c7352 100644 --- a/tools/syz-declextract/testdata/scopes.c.info +++ b/tools/syz-declextract/testdata/scopes.c.info @@ -1 +1 @@ -SYSCALL scopes0 func:__do_sys_scopes0 loc:20 access:unknown manual_desc:false auto_desc:true file:scopes.c subsystem:kernel +SYSCALL scopes0 func:__do_sys_scopes0 loc:32 access:unknown manual_desc:false auto_desc:true file:scopes.c subsystem:kernel diff --git a/tools/syz-declextract/testdata/scopes.c.json b/tools/syz-declextract/testdata/scopes.c.json index 2a497dbe1..ab03673b0 100644 --- a/tools/syz-declextract/testdata/scopes.c.json +++ b/tools/syz-declextract/testdata/scopes.c.json @@ -111,6 +111,59 @@ ], "loc": 3 }, + { + "arg": 1, + "values": [ + "FOO_IOCTL7", + "FOO_IOCTL8" + ], + "loc": 4, + "calls": [ + "scopes_helper" + ], + "facts": [ + { + "src": { + "return": { + "func": "scopes_helper" + } + }, + "dst": { + "local": { + "name": "tmp" + } + } + }, + { + "src": { + "argument": { + "func": "__do_sys_scopes0", + "arg": 1 + } + }, + "dst": { + "argument": { + "func": "scopes_helper", + "arg": 0 + } + } + }, + { + "src": { + "argument": { + "func": "__do_sys_scopes0", + "arg": 0 + } + }, + "dst": { + "argument": { + "func": "scopes_helper", + "arg": 1 + } + } + } + ] + }, { "arg": 1, "values": [ @@ -140,6 +193,99 @@ ] } ] + }, + { + "name": "__fget_light", + "file": "include/fs.h", + "is_static": true, + "scopes": [ + { + "arg": -1 + } + ] + }, + { + "name": "alloc_fd", + "file": "include/fs.h", + "is_static": true, + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] + }, + { + "name": "from_kuid", + "file": "include/fs.h", + "is_static": true, + "scopes": [ + { + "arg": -1, + "loc": 1 + } + ] + }, + { + "name": "scopes_helper", + "file": "scopes.c", + "is_static": true, + "scopes": [ + { + "arg": -1, + "loc": 2 + }, + { + "arg": 0, + "values": [ + "FOO_IOCTL7" + ], + "loc": 2, + "calls": [ + "alloc_fd" + ], + "facts": [ + { + "src": { + "return": { + "func": "alloc_fd" + } + }, + "dst": { + "return": { + "func": "scopes_helper" + } + } + } + ] + }, + { + "arg": 0, + "values": [ + "FOO_IOCTL8" + ], + "loc": 3, + "calls": [ + "__fget_light" + ], + "facts": [ + { + "src": { + "argument": { + "func": "scopes_helper", + "arg": 1 + } + }, + "dst": { + "argument": { + "func": "__fget_light", + "arg": 0 + } + } + } + ] + } + ] } ], "consts": [ @@ -162,6 +308,16 @@ "name": "FOO_IOCTL4", "filename": "include/uapi/file_operations.h", "value": 1074291460 + }, + { + "name": "FOO_IOCTL7", + "filename": "include/uapi/file_operations.h", + "value": 25351 + }, + { + "name": "FOO_IOCTL8", + "filename": "include/uapi/file_operations.h", + "value": 25352 } ], "structs": [ @@ -281,6 +437,24 @@ } } } + }, + { + "name": "FOO_IOCTL7", + "type": { + "int": { + "byte_size": 1, + "is_const": true + } + } + }, + { + "name": "FOO_IOCTL8", + "type": { + "int": { + "byte_size": 1, + "is_const": true + } + } } ] } \ No newline at end of file diff --git a/tools/syz-declextract/testdata/scopes.c.txt b/tools/syz-declextract/testdata/scopes.c.txt index 3a0c20709..e58d91f7b 100644 --- a/tools/syz-declextract/testdata/scopes.c.txt +++ b/tools/syz-declextract/testdata/scopes.c.txt @@ -6,13 +6,15 @@ type auto_todo int8 include -scopes0$auto(x int32, cmd intptr, aux intptr) -scopes0$auto_100(x int32, cmd const[100], aux intptr) -scopes0$auto_101(x int32, cmd const[101], aux intptr) -scopes0$auto_102(x int32, cmd const[102], aux intptr) -scopes0$auto_1074291461(x int32, cmd const[1074291461], aux intptr) -scopes0$auto_1074291462(x int32, cmd const[1074291462], aux intptr) -scopes0$auto_FOO_IOCTL1(x int32, cmd const[FOO_IOCTL1], aux intptr) -scopes0$auto_FOO_IOCTL2(x int32, cmd const[FOO_IOCTL2], aux intptr) -scopes0$auto_FOO_IOCTL3(x int32, cmd const[FOO_IOCTL3], aux intptr) -scopes0$auto_FOO_IOCTL4(x int32, cmd const[FOO_IOCTL4], aux intptr) +scopes0$auto(x fd, cmd intptr, aux fd) fd +scopes0$auto_100(x fd, cmd const[100], aux fd) fd +scopes0$auto_101(x fd, cmd const[101], aux fd) fd +scopes0$auto_102(x fd, cmd const[102], aux fd) fd +scopes0$auto_1074291461(x fd, cmd const[1074291461], aux fd) fd +scopes0$auto_1074291462(x fd, cmd const[1074291462], aux fd) fd +scopes0$auto_FOO_IOCTL1(x fd, cmd const[FOO_IOCTL1], aux fd) fd +scopes0$auto_FOO_IOCTL2(x fd, cmd const[FOO_IOCTL2], aux fd) fd +scopes0$auto_FOO_IOCTL3(x fd, cmd const[FOO_IOCTL3], aux fd) fd +scopes0$auto_FOO_IOCTL4(x fd, cmd const[FOO_IOCTL4], aux fd) fd +scopes0$auto_FOO_IOCTL7(x fd, cmd const[FOO_IOCTL7], aux fd) fd +scopes0$auto_FOO_IOCTL8(x fd, cmd const[FOO_IOCTL8], aux fd) fd -- cgit mrf-deployment