| blob | ad4f60785223bf9fd58defc2a5b6d1a3bb765721 |
1 #!/bin/bash
3 # mark some paramaters as coming from user space
5 /* we only care about the main ->read/write() functions. */
6 delete from caller_info where function = '(struct file_operations)->read' and file != 'fs/read_write.c';
7 delete from caller_info where function = '(struct file_operations)->write' and file != 'fs/read_write.c';
8 delete from function_ptr where function = '(struct file_operations)->read';
9 delete from function_ptr where function = '(struct file_operations)->write';
11 /* delete these function pointers which cause false positives */
12 delete from caller_info where function = '(struct file_operations)->open' and type != 0;
13 delete from caller_info where function = '(struct notifier_block)->notifier_call' and type != 0;
14 delete from caller_info where function = '(struct mISDNchannel)->send' and type != 0;
15 delete from caller_info where function = '(struct irq_router)->get' and type != 0;
16 delete from caller_info where function = '(struct irq_router)->set' and type != 0;
17 delete from caller_info where function = '(struct net_device_ops)->ndo_change_mtu' and caller = 'i40e_dbg_netdev_ops_write';
18 delete from caller_info where function = '(struct timer_list)->function' and type != 0;
20 /* type 1003 is USER_DATA */
21 delete from caller_info where caller = 'hid_input_report' and type = 1003;
22 delete from caller_info where caller = 'nes_process_iwarp_aeqe' and type = 1003;
23 delete from caller_info where caller = 'oz_process_ep0_urb' and type = 1003;
24 delete from caller_info where function = 'dev_hard_start_xmit' and key = '\$\$' and type = 1003;
25 delete from caller_info where function like '%->ndo_start_xmit' and key = '\$\$' and type = 1003;
26 delete from caller_info where caller = 'packet_rcv_fanout' and function = '(struct packet_type)->func' and parameter = 1 and type = 1003;
27 delete from caller_info where caller = 'hptiop_probe' and type = 1003;
28 delete from caller_info where caller = 'p9_fd_poll' and function = '(struct file_operations)->poll' and type = 1003;
29 delete from caller_info where caller = 'proc_reg_poll' and function = 'proc_reg_poll ptr poll' and type = 1003;
30 delete from caller_info where function = 'blkdev_ioctl' and type = 1003 and parameter = 0 and key = '\$\$';
32 insert into caller_info values ('userspace', '', 'compat_sys_ioctl', 0, 0, 1003, 0, '\$\$', '1');
33 insert into caller_info values ('userspace', '', 'compat_sys_ioctl', 0, 0, 1003, 1, '\$\$', '1');
34 insert into caller_info values ('userspace', '', 'compat_sys_ioctl', 0, 0, 1003, 2, '\$\$', '1');
36 delete from caller_info where function = '(struct timer_list)->function' and parameter = 0;
38 /*
39 * rw_verify_area is a very central function for the kernel. The 1000000 isn't
40 * accurate but I've picked it so that we can add "pos + count" without wrapping
41 * on 32 bits.
42 */
43 delete from return_states where function = 'rw_verify_area';
44 insert into return_states values ('faked', 'rw_verify_area', 0, 1, '0-1000000[<=\$3]', 0, 0, -1, '', '');
45 insert into return_states values ('faked', 'rw_verify_area', 0, 1, '0-1000000[<=\$3]', 0, 1011, 2, '*\$\$', '0-1000000');
46 insert into return_states values ('faked', 'rw_verify_area', 0, 1, '0-1000000[<=\$3]', 0, 1011, 3, '\$\$', '0-1000000');
47 insert into return_states values ('faked', 'rw_verify_area', 0, 2, '(-4095)-(-1)', 0, 0, -1, '', '');
49 /*
50 * I am a bad person for doing this to __kmalloc() which is a very deep function
51 * and can easily be removed instead of to kmalloc(). But kmalloc() is an
52 * inline function so it ends up being recorded thousands of times in the
53 * database. Doing this is easier.
54 *
55 */
56 delete from return_states where function = '__kmalloc';
57 insert into return_states values ('faked', '__kmalloc', 0, 1, '16', 0, 0, -1, '', '');
58 insert into return_states values ('faked', '__kmalloc', 0, 1, '16', 0, 1011, 0, '\$\$', '0');
59 insert into return_states values ('faked', '__kmalloc', 0, 2, '0,4096-s64max', 0, 0, -1, '', '');
60 insert into return_states values ('faked', '__kmalloc', 0, 2, '0,4096-s64max', 0, 1011, 0, '\$\$', '1-134217728');
61 insert into return_states values ('faked', '__kmalloc', 0, 3, '0', 0, 0, -1, '', '');
62 insert into return_states values ('faked', '__kmalloc', 0, 3, '0', 0, 1011, 0, '\$\$', '134217729-u64max');
65 /* store a bunch of capped functions */
73 /* 64 CPUs aught to be enough for anyone */
74 update return_states set return = '1-64' where function = 'cpumask_weight';
76 update return_states set return = '0-8' where function = '__arch_hweight8';
77 update return_states set return = '0-16' where function = '__arch_hweight16';
78 update return_states set return = '0-32' where function = '__arch_hweight32';
79 update return_states set return = '0-64' where function = '__arch_hweight64';
81 /*
82 * Preserve the value across byte swapping. By the time we use it for math it
83 * will be byte swapped back to CPU endian.
84 */
89 delete from return_states where function = 'bitmap_allocate_region' and return = '1';
91 EOF
93 call_id=$(echo "select distinct call_id from caller_info where function = '__kernel_write';" | sqlite3 smatch_db.sqlite)
95 echo "insert into caller_info values ('fake', '', '__kernel_write', $id, 0, 1, 1003, '*\$\$', '0-1000000');" | sqlite3 smatch_db.sqlite
96 done
98 for i in $(echo "select distinct return from return_states where function = 'clear_user';" | sqlite3 smatch_db.sqlite ) ; do
99 echo "update return_states set return = \"$i[<=\$1]\" where return = \"$i\" and function = 'clear_user';" | sqlite3 smatch_db.sqlite
100 done