From: Jann Horn <jann@thejh.net>
To: trinity@vger.kernel.org
Subject: trinity and ioctls
Date: Sun, 19 May 2013 14:47:25 +0200 [thread overview]
Message-ID: <20130519124725.GL592@debjann.fritz.box> (raw)
[-- Attachment #1: Type: text/plain, Size: 2348 bytes --]
Hello,
I had a relatively quick look at trinity. It seems to me that it currently
only has support for a few ioctls, right?
I am thinking about how hard it would be to automatically determine ioctls
for arbitrary devices. I coded a little PoC:
http://git.thejh.net/?p=moctel.git;a=summary
Run "make", load the kernel module. Then determine the ioctl handler's name
for a given device or so like this:
$ sudo ./show_ioctl /dev/xconsole
pipe_ioctl
$ sudo ./show_ioctl /dev/kvm
kvm_dev_ioctl
$ sudo ./show_ioctl /dev/fuse
$ sudo ./show_ioctl /dev/btrfs-control
btrfs_control_ioctl
$ sudo ./show_ioctl /root
ext4_ioctl
So far, it is fairly straightforward. Knowing the handler method's name, you
could then try to find the valid ioctls under the assumption that some generic
patterns are followed:
$ grep -R -n '^[^ ].*btrfs_control_ioctl' fs | grep '\.c:[0-9]*:\S'
fs/btrfs/super.c:1477:static long btrfs_control_ioctl(struct file *file, unsigned int cmd,
$ tail -n +1477 fs/btrfs/super.c | grep -n '^}' | head -n 1
31:}
$ tail -n +1477 fs/btrfs/super.c | head -n 31 | grep 'case .*:' | sed 's|^.*case \(.*\):$|\1|g'
BTRFS_IOC_SCAN_DEV
BTRFS_IOC_DEVICES_READY
$ cat fs/btrfs/super.c > /tmp/a.c
$ echo 'int main(void){printf("%x %x\n", (unsigned)BTRFS_IOC_SCAN_DEV, (unsigned)BTRFS_IOC_DEVICES_READY);}' >> /tmp/a.c
$ gcc -nostdinc -I arch/x86/include -I arch/x86/include/asm -I arch/x86/include/generated -I include -D __KERNEL__ -D CONFIG_X86_X32_ABI -D CONFIG_AS_CFI=1 -D CONFIG_AS_CFI_SIGNAL_FRAME=1 -D CONFIG_AS_CFI_SECTIONS=1 -D CONFIG_AS_FXSAVEQ=1 -D CONFIG_AS_AVX=1 -D CC_HAVE_ASM_GOTO -D 'KBUILD_STR(s)=#s' -D KBUILD_BASENAME='KBUILD_STR(calibrate)' -D KBUILD_MODNAME='KBUILD_STR(calibrate)' -isystem /usr/lib/gcc/x86_64-linux-gnu/4.7/include -include include/linux/kconfig.h -I fs/btrfs/ /tmp/a.c -o /tmp/a -Wl,--unresolved-symbols=ignore-all
/tmp/a.c: In function ‘main’:
/tmp/a.c:1673:16: warning: incompatible implicit declaration of built-in function ‘printf’ [enabled by default]
$ /tmp/a
50009404 90009427
Obviously, this won't always work because it heavily relies on assumptions and
conventions, but maybe it would be possible to automatically extract valid
ioctls from the kernel source this way at least in some cases?
What do you think, is this a good idea?
Jann
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next reply other threads:[~2013-05-19 12:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-19 12:47 Jann Horn [this message]
2013-05-19 18:36 ` trinity and ioctls Jann Horn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130519124725.GL592@debjann.fritz.box \
--to=jann@thejh.net \
--cc=trinity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).