1*1f5207b7SJohn Levon #include "smatch.h"
2*1f5207b7SJohn Levon #include "linearize.h"
3*1f5207b7SJohn Levon
4*1f5207b7SJohn Levon static int my_id;
5*1f5207b7SJohn Levon static struct symbol *cur_syscall;
6*1f5207b7SJohn Levon
expression_type_name(enum expression_type type)7*1f5207b7SJohn Levon static const char *expression_type_name(enum expression_type type)
8*1f5207b7SJohn Levon {
9*1f5207b7SJohn Levon static const char *expression_type_name[] = {
10*1f5207b7SJohn Levon [EXPR_VALUE] = "EXPR_VALUE",
11*1f5207b7SJohn Levon [EXPR_STRING] = "EXPR_STRING",
12*1f5207b7SJohn Levon [EXPR_SYMBOL] = "EXPR_SYMBOL",
13*1f5207b7SJohn Levon [EXPR_TYPE] = "EXPR_TYPE",
14*1f5207b7SJohn Levon [EXPR_BINOP] = "EXPR_BINOP",
15*1f5207b7SJohn Levon [EXPR_ASSIGNMENT] = "EXPR_ASSIGNMENT",
16*1f5207b7SJohn Levon [EXPR_LOGICAL] = "EXPR_LOGICAL",
17*1f5207b7SJohn Levon [EXPR_DEREF] = "EXPR_DEREF",
18*1f5207b7SJohn Levon [EXPR_PREOP] = "EXPR_PREOP",
19*1f5207b7SJohn Levon [EXPR_POSTOP] = "EXPR_POSTOP",
20*1f5207b7SJohn Levon [EXPR_CAST] = "EXPR_CAST",
21*1f5207b7SJohn Levon [EXPR_FORCE_CAST] = "EXPR_FORCE_CAST",
22*1f5207b7SJohn Levon [EXPR_IMPLIED_CAST] = "EXPR_IMPLIED_CAST",
23*1f5207b7SJohn Levon [EXPR_SIZEOF] = "EXPR_SIZEOF",
24*1f5207b7SJohn Levon [EXPR_ALIGNOF] = "EXPR_ALIGNOF",
25*1f5207b7SJohn Levon [EXPR_PTRSIZEOF] = "EXPR_PTRSIZEOF",
26*1f5207b7SJohn Levon [EXPR_CONDITIONAL] = "EXPR_CONDITIONAL",
27*1f5207b7SJohn Levon [EXPR_SELECT] = "EXPR_SELECT",
28*1f5207b7SJohn Levon [EXPR_STATEMENT] = "EXPR_STATEMENT",
29*1f5207b7SJohn Levon [EXPR_CALL] = "EXPR_CALL",
30*1f5207b7SJohn Levon [EXPR_COMMA] = "EXPR_COMMA",
31*1f5207b7SJohn Levon [EXPR_COMPARE] = "EXPR_COMPARE",
32*1f5207b7SJohn Levon [EXPR_LABEL] = "EXPR_LABEL",
33*1f5207b7SJohn Levon [EXPR_INITIALIZER] = "EXPR_INITIALIZER",
34*1f5207b7SJohn Levon [EXPR_IDENTIFIER] = "EXPR_IDENTIFIER",
35*1f5207b7SJohn Levon [EXPR_INDEX] = "EXPR_INDEX",
36*1f5207b7SJohn Levon [EXPR_POS] = "EXPR_POS",
37*1f5207b7SJohn Levon [EXPR_FVALUE] = "EXPR_FVALUE",
38*1f5207b7SJohn Levon [EXPR_SLICE] = "EXPR_SLICE",
39*1f5207b7SJohn Levon [EXPR_OFFSETOF] = "EXPR_OFFSETOF",
40*1f5207b7SJohn Levon };
41*1f5207b7SJohn Levon return expression_type_name[type] ?: "UNKNOWN_EXPRESSION_TYPE";
42*1f5207b7SJohn Levon }
43*1f5207b7SJohn Levon
prefix()44*1f5207b7SJohn Levon static inline void prefix() {
45*1f5207b7SJohn Levon printf("%s:%d %s() ", get_filename(), get_lineno(), get_function());
46*1f5207b7SJohn Levon }
47*1f5207b7SJohn Levon
match_syscall_definition(struct symbol * sym)48*1f5207b7SJohn Levon static void match_syscall_definition(struct symbol *sym)
49*1f5207b7SJohn Levon {
50*1f5207b7SJohn Levon // struct symbol *arg;
51*1f5207b7SJohn Levon char *macro;
52*1f5207b7SJohn Levon char *name;
53*1f5207b7SJohn Levon int is_syscall = 0;
54*1f5207b7SJohn Levon
55*1f5207b7SJohn Levon macro = get_macro_name(sym->pos);
56*1f5207b7SJohn Levon if (macro &&
57*1f5207b7SJohn Levon (strncmp("SYSCALL_DEFINE", macro, strlen("SYSCALL_DEFINE")) == 0 ||
58*1f5207b7SJohn Levon strncmp("COMPAT_SYSCALL_DEFINE", macro, strlen("COMPAT_SYSCALL_DEFINE")) == 0))
59*1f5207b7SJohn Levon is_syscall = 1;
60*1f5207b7SJohn Levon
61*1f5207b7SJohn Levon name = get_function();
62*1f5207b7SJohn Levon
63*1f5207b7SJohn Levon /*
64*1f5207b7SJohn Levon if (!option_no_db && get_state(my_id, "this_function", NULL) != &called) {
65*1f5207b7SJohn Levon if (name && strncmp(name, "sys_", 4) == 0)
66*1f5207b7SJohn Levon is_syscall = 1;
67*1f5207b7SJohn Levon }
68*1f5207b7SJohn Levon */
69*1f5207b7SJohn Levon
70*1f5207b7SJohn Levon /* Ignore compat_sys b/c syzkaller doesn't fuzz these?
71*1f5207b7SJohn Levon if (name && strncmp(name, "compat_sys_", 11) == 0)
72*1f5207b7SJohn Levon is_syscall = 1;
73*1f5207b7SJohn Levon */
74*1f5207b7SJohn Levon
75*1f5207b7SJohn Levon if (!is_syscall)
76*1f5207b7SJohn Levon return;
77*1f5207b7SJohn Levon printf("-------------------------\n");
78*1f5207b7SJohn Levon printf("\nsyscall found: %s at: ", name);
79*1f5207b7SJohn Levon prefix(); printf("\n");
80*1f5207b7SJohn Levon cur_syscall = sym;
81*1f5207b7SJohn Levon
82*1f5207b7SJohn Levon /*
83*1f5207b7SJohn Levon FOR_EACH_PTR(sym->ctype.base_type->arguments, arg) {
84*1f5207b7SJohn Levon set_state(my_id, arg->ident->name, arg, &user_data_set);
85*1f5207b7SJohn Levon } END_FOR_EACH_PTR(arg);
86*1f5207b7SJohn Levon */
87*1f5207b7SJohn Levon }
88*1f5207b7SJohn Levon
match_after_syscall(struct symbol * sym)89*1f5207b7SJohn Levon static void match_after_syscall(struct symbol *sym) {
90*1f5207b7SJohn Levon if (cur_syscall && sym == cur_syscall) {
91*1f5207b7SJohn Levon printf("\n"); prefix();
92*1f5207b7SJohn Levon printf("exiting scope of syscall %s\n", get_function());
93*1f5207b7SJohn Levon printf("-------------------------\n");
94*1f5207b7SJohn Levon cur_syscall = NULL;
95*1f5207b7SJohn Levon }
96*1f5207b7SJohn Levon }
97*1f5207b7SJohn Levon
print_member_type(struct expression * expr)98*1f5207b7SJohn Levon static void print_member_type(struct expression *expr)
99*1f5207b7SJohn Levon {
100*1f5207b7SJohn Levon char *member;
101*1f5207b7SJohn Levon
102*1f5207b7SJohn Levon member = get_member_name(expr);
103*1f5207b7SJohn Levon if (!member)
104*1f5207b7SJohn Levon return;
105*1f5207b7SJohn Levon // sm_msg("info: uses %s", member);
106*1f5207b7SJohn Levon prefix();
107*1f5207b7SJohn Levon printf("info: uses %s\n", member);
108*1f5207b7SJohn Levon free_string(member);
109*1f5207b7SJohn Levon }
110*1f5207b7SJohn Levon
match_condition(struct expression * expr)111*1f5207b7SJohn Levon static void match_condition(struct expression *expr) {
112*1f5207b7SJohn Levon if (!cur_syscall)
113*1f5207b7SJohn Levon return;
114*1f5207b7SJohn Levon
115*1f5207b7SJohn Levon /*
116*1f5207b7SJohn Levon prefix();
117*1f5207b7SJohn Levon printf("found conditional %s on line %d\n", expression_type_name(expr->type), get_lineno());
118*1f5207b7SJohn Levon printf("expr_str: %s\n", expr_to_str(expr));
119*1f5207b7SJohn Levon */
120*1f5207b7SJohn Levon
121*1f5207b7SJohn Levon /*
122*1f5207b7SJohn Levon switch (expr->type) {
123*1f5207b7SJohn Levon case EXPR_COMPARE:
124*1f5207b7SJohn Levon match_condition(expr->left);
125*1f5207b7SJohn Levon match_condition(expr->right);
126*1f5207b7SJohn Levon break;
127*1f5207b7SJohn Levon case EXPR_SYMBOL:
128*1f5207b7SJohn Levon printf("symbol: %s\n", expr->symbol_name->name);
129*1f5207b7SJohn Levon break;
130*1f5207b7SJohn Levon case EXPR_CALL:
131*1f5207b7SJohn Levon break;
132*1f5207b7SJohn Levon }
133*1f5207b7SJohn Levon */
134*1f5207b7SJohn Levon
135*1f5207b7SJohn Levon prefix(); printf("-- condition found\n");
136*1f5207b7SJohn Levon
137*1f5207b7SJohn Levon if (expr->type == EXPR_COMPARE || expr->type == EXPR_BINOP
138*1f5207b7SJohn Levon || expr->type == EXPR_LOGICAL
139*1f5207b7SJohn Levon || expr->type == EXPR_ASSIGNMENT
140*1f5207b7SJohn Levon || expr->type == EXPR_COMMA) {
141*1f5207b7SJohn Levon match_condition(expr->left);
142*1f5207b7SJohn Levon match_condition(expr->right);
143*1f5207b7SJohn Levon return;
144*1f5207b7SJohn Levon }
145*1f5207b7SJohn Levon print_member_type(expr);
146*1f5207b7SJohn Levon
147*1f5207b7SJohn Levon }
148*1f5207b7SJohn Levon
match_function_call(struct expression * expr)149*1f5207b7SJohn Levon static void match_function_call(struct expression *expr) {
150*1f5207b7SJohn Levon if (!cur_syscall)
151*1f5207b7SJohn Levon return;
152*1f5207b7SJohn Levon prefix();
153*1f5207b7SJohn Levon printf("function call %s\n", expression_type_name(expr->type));
154*1f5207b7SJohn Levon }
155*1f5207b7SJohn Levon
check_implicit_dependencies_tester(int id)156*1f5207b7SJohn Levon void check_implicit_dependencies_tester(int id)
157*1f5207b7SJohn Levon {
158*1f5207b7SJohn Levon my_id = id;
159*1f5207b7SJohn Levon
160*1f5207b7SJohn Levon if (option_project != PROJ_KERNEL)
161*1f5207b7SJohn Levon return;
162*1f5207b7SJohn Levon
163*1f5207b7SJohn Levon add_hook(&match_syscall_definition, AFTER_DEF_HOOK);
164*1f5207b7SJohn Levon add_hook(&match_after_syscall, AFTER_FUNC_HOOK);
165*1f5207b7SJohn Levon add_hook(&match_condition, CONDITION_HOOK);
166*1f5207b7SJohn Levon add_hook(&match_function_call, FUNCTION_CALL_HOOK);
167*1f5207b7SJohn Levon }
168*1f5207b7SJohn Levon
169