GSoC status report - #4 of 10

Srikavin Ramkumar srikavinramkumar at gmail.com
Tue Jul 6 06:58:03 UTC 2021 

Hi,

Accomplishments:

Last week, I continued to work on the code generation. I've added partial
support for variant syscalls (where the types of arguments change based on a
'cmd' argument, like prctl, fnctl, etc.). I spent most of the week adding a
preprocessing stage that creates system call tree based on the specified 
variant information.

As an example, the following syzlang definition

    include <fcntl.h>

    fcntl(filedes fd, cmd xor_flags[fcntl_cmds, F_???], arg kernel_ulong_t) kernel_ulong_t

    fcntl$F_DUPFD(filedes fd, cmd const[F_DUPFD], arg kernel_ulong_t) fd
    fcntl$F_DUPFD_CLOEXEC(filedes fd, cmd const[F_DUPFD_CLOEXEC], arg kernel_ulong_t) fd

is automatically transformed into the following:

    /* AUTOMATICALLY GENERATED FROM defs/example2.syzlang - DO NOT EDIT */

    #include <stddef.h>
    #include "defs.h"

    #include <fcntl.h>
    static int
    var_fcntl_F_DUPFD(struct tcb *tcp)
    {
        /* arg: filedes (fd) */
        printfd(tcp, (tcp)->u_arg[0]);
        tprint_arg_next();

        /* arg: cmd (const) */
        #error UNHANDLED TYPE: const
        tprint_arg_next();

        /* arg: arg (kernel_ulong_t) */
        PRINT_VAL_U((kernel_ulong_t) (tcp)->u_arg[2]);

        return RVAL_DECODED | RVAL_FD;
    }

    static int
    var_fcntl_F_DUPFD_CLOEXEC(struct tcb *tcp)
    {
        /* arg: filedes (fd) */
        printfd(tcp, (tcp)->u_arg[0]);
        tprint_arg_next();

        /* arg: cmd (const) */
        #error UNHANDLED TYPE: const
        tprint_arg_next();

        /* arg: arg (kernel_ulong_t) */
        PRINT_VAL_U((kernel_ulong_t) (tcp)->u_arg[2]);

        return RVAL_DECODED | RVAL_FD;
    }

    static int
    var_fcntl(struct tcb *tcp)
    {
        /* arg: filedes (fd) */
        printfd(tcp, (tcp)->u_arg[0]);
        tprint_arg_next();

        /* arg: cmd (xor_flags) */
        printxval(fcntl_cmds, (tcp)->u_arg[1], "F_???");
        tprint_arg_next();

        /* arg: arg (kernel_ulong_t) */
        PRINT_VAL_U((kernel_ulong_t) (tcp)->u_arg[2]);

        return RVAL_DECODED;
    }

    SYS_FUNC(fcntl) {
        if (((tcp)->u_arg[1]) == (F_DUPFD)) {
            return var_fcntl_F_DUPFD(tcp);
        }
        else if (((tcp)->u_arg[1]) == (F_DUPFD_CLOEXEC)) {
            return var_fcntl_F_DUPFD_CLOEXEC(tcp);
        }
        else {
            return var_fcntl(tcp);
        }
    }


There's still more to be done for variant types. Currently, the const argument
is not printed, but I plan to use the parent's type for that parameter to
generate a decoder. 

I also plan to add support for auxiliary return strings based on the specified
return value in the syzlang description file.

Priorities:
 - Continue working on the code generation
   - Add support for variant syscall types where argument types depend on the
     first argument (like prctl and ioctl))
      - Use const parameters to distinguish variants and generate a decoder that
        delegates to generated variant decoders based on syscall arg values.
   - Add support for auxiliary strings
   - Add way to define decoders for specified types in syzlang files
   - Automatically generate struct decoding for simple structs
 - Incorporate code generation with the build process
 - Finalize CLI arguments, and add usage documentation

-- Srikavin

More information about the Strace-devel mailing list