GSoC status report - #3 of 10

Srikavin Ramkumar srikavinramkumar at gmail.com
Tue Jun 29 06:57:02 UTC 2021 

Hi,

This is status update #3, for real this time.

Accomplishments:

Last week, I continued to work on the code generation. I've added support for
pointer types (such as strings, paths, int *, etc). A little more work needs to
be done for cases with more than 1 'out' pointer since we need to store the values
at the given address (using set_tcb_priv_data) when entering the syscall and then
decode the value after exiting the syscall. 

As an example, the following syzlang definition

    read(fd fd, buf ptr[out, stringnoz[ref[@ret]]], count size_t) int

is automatically transformed into the following:

    // Debug Location: defs/example.syzlang:1:1 Node Type: AST_SYSCALL
    SYS_FUNC(read)
    {
        if (entering(tcp)) {
            /* arg: fd (fd) */
            printfd(tcp, (tcp)->u_arg[0]);
            tprint_arg_next();
    
            return 0;
        }
        /* arg: buf (stringnoz *) */
        if (syserror(tcp)) {
            printaddr((tcp)->u_arg[1]);
        } else {
            printstrn(tcp, (tcp)->u_arg[1], (tcp)->u_rval);
        }
        tprint_arg_next();
    
        /* arg: count (size_t) */
        PRINT_VAL_U((size_t) (tcp)->u_arg[2]);
    
        return RVAL_DECODED;
    }
    
I also added support for flags using existing xlat definitions:

    access(file ptr[in, path], flags or_flags[access_modes, ?_OK])

is converted into the following:

    // Debug Location: defs/example.syzlang:1:1 Node Type: AST_SYSCALL
    SYS_FUNC(access)
    {
        /* arg: file (char *) */
        printpath(tcp, (tcp)->u_arg[0]);
        tprint_arg_next();

        /* arg: flags (or_flags) */
        printflags(access_modes, (tcp)->u_arg[1], "?_OK");

        return RVAL_DECODED;
    }


I also improved the output of warning messages during the codegen phase, and
added return flags (like RVAL_FD, RVAL_TGID, etc.) when a syscall returns the
corresponding type:
    
    gettid() tid

results in

    // Debug Location: defs/example.syzlang:1:1 Node Type: AST_SYSCALL
    SYS_FUNC(gettid)
    {
        return RVAL_DECODED | RVAL_TID;
    }

Priorities:
 - Continue working on the code generation
   - Improve support for pointer types
   - Add support for variant syscall types where argument types depend on the
     first argument (like prctl and ioctl))
      - Preprocess the AST to group variants together
      - Use const parameters to distinguish variants and generate a decoder that
        delegates to generated variant decoders based on syscall arg values.
   - Add way to define decoders for specified types in syzlang files
   - Automatically generate struct decoding for simple structs
 - Incorporate code generation with the build process
 - Finalize CLI arguments, and add usage documentation

-- Srikavin

More information about the Strace-devel mailing list