search

ucsb-seclab / difuze

Fuzzer for Linux Kernel Drivers
BSD 2-Clause "Simplified" License
365 stars 83 forks source link

Pass::print not implemented for pass: #2

Closed billy-lau closed 5 years ago

billy-lau commented 6 years ago

Hello there,

I am trying to apply difuze's interface recovery for marlin (Pixel XL) kernel drivers, and I ran into the following issues:

After running the interface recovery's run_all.py, I found a number of Pass:: print not implemented for pass: * in the resulting .txt files. Not sure if I am missing some dependencies or this is intended.

Following that, when invoking run_all.py from post_processing, I keep getting 0 sized directories. For instance, when applying to ion_ioctl.txt, the output I get is as follows:

[+] About to run on 1 ioctl info file(s)
[+] Running on file [some_path]/ion_ioctl.txt
[+] ioctl name: ion_ioctl
Setting global type
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[*] Using global type! <__main__.Union object at 0x7feef49b3650>
[!] Skipping ion_ioctl. No struct or generic args.

And I get a common/ and an ion_ioctl/ directory in the specified output directory, but they are empty.

The content of my ion_ioctl.txt looks as below:

Args: $DIFUZE/deps/llvm/build/bin/opt -analyze -debug -load $DIFUZE/InterfaceHandlers/MainAnalysisPasses/build_dir/DeviceNameFinder/libDeviceNameFinderPass.so -dev-name-finder -ioctlFunction=ion_ioctl /tmp/tmpoajTyW 
[+] Provided Function Name: ion_ioctl
[+] Found Fops Structure: ion_fops
[+] Device Name: ion
[+] Device Type: misc
[+] Found using dynamic misc heuristic
Printing analysis 'Device name finder':
Pass::print not implemented for pass: 'Device name finder'!
Args: $DIFUZE/deps/llvm/build/bin/opt -analyze -debug -load $DIFUZE/InterfaceHandlers/MainAnalysisPasses/build_dir/IoctlCmdFinder/libIoctlCmdPass.so -new-ioctl-cmd-parser -ioctlFunction=ion_ioctl -bcOutDir=$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out -srcBaseDir=$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm /tmp/tmpEGRPlT 
Provided Function Name:ion_ioctl
Found Cmd:3221768455:START
Found Cmd:3221768455:END
Found Cmd:3221506305:START
Found Cmd:3221506305:END
Found Cmd:3222292742:START
Found Cmd:3222292742:END
STARTTYPE
union.anon.51:STARTELEMENTS:
  %struct.ion_allocation_data = type { i64, i64, i32, i32, i32 }
union.anon.51:ENDELEMENTS:
ENDTYPE
Found Cmd:3223341312:START
Found Cmd:3223341312:END
Found Cmd:3221506305:START
Found Cmd:3221506305:END
Found Cmd:3221768452:START
Found Cmd:3221768452:END
Found Cmd:3221768450:START
Found Cmd:3221768450:END
Found Cmd:3221768453:START
Found Cmd:3221768453:END
Found Cmd:3221768455:START
Found Cmd:3221768455:END
Found Cmd:3222292742:START
Found Cmd:3222292742:END
Found Cmd:3222818048:START
Found Cmd:3222818048:END
Found Cmd:3222818049:START
Found Cmd:3222818049:END
Found Cmd:3222818050:START
Found Cmd:3222818050:END
Includes file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/staging/android/ion/ion.includes
Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/staging/android/ion/ion.preprocessed
ALL PREPROCESSED FILES:
Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/gpio/gpiolib-legacy.preprocessed
Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/gpio/gpiolib-of.preprocessed
Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/gpio/gpiolib.preprocessed
Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/soc/qcom/event_timer.preprocessed
Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/staging/android/ion/ion.preprocessed
Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/video/fbdev/msm/../../msm/mdss/dsi_status_6g.preprocessed
Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_outdrivers/gpio/gpiolib.preprocessed
Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_outinclude/linux/printk.preprocessed
Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_outinclude/trace/events/gpio.preprocessed
Printing analysis 'IOCTL Command Parser':
Pass::print not implemented for pass: 'IOCTL Command Parser'!

Any help would be much appreciated.

Thanks!

wlya commented 6 years ago

Seem situation here, in difuze sample driver(mediatek kernel ).

root@localhost# cat ioctl_finder_out/mt6620_ampc_ioctl.txt
Args: ~/difuze/difuze/helper_scripts/difuze_deps/llvm/build//bin/opt -analyze -debug -load ~/difuze/difuze/InterfaceHandlers/MainAnalysisPasses/build_dir/DeviceNameFinder/libDeviceNameFinderPass.so -dev-name-finder -ioctlFunction=mt6620_ampc_ioctl /tmp/tmp988mmB
[+] Provided Function Name: mt6620_ampc_ioctl
[+] Found Fops Structure: mt6620_ampc_fops
Printing analysis 'Device name finder':
Pass::print not implemented for pass: 'Device name finder'!
Args: ~/difuze/difuze/helper_scripts/difuze_deps/llvm/build//bin/opt -analyze -debug -load ~/difuze/difuze/InterfaceHandlers/MainAnalysisPasses/build_dir/IoctlCmdFinder/libIoctlCmdPass.so -new-ioctl-cmd-parser -ioctlFunction=mt6620_ampc_ioctl -bcOutDir=~/difuze/llvm_bitcode_out -srcBaseDir=~/difuze/kernel-3.18 /tmp/tmpgw6bkp
Provided Function Name:mt6620_ampc_ioctl
Found Cmd(BR):0,0:START
Found Cmd(BR):0,0:START
Found Cmd(BR):0,0:END
Found Cmd(BR):0,0:END
Includes file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_bow.includes
Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_bow.preprocessed
ALL PREPROCESSED FILES:
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/aee/common/aee-common.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/common/debug.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/common/dump.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/aaa_fsm.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/ais_fsm.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/auth.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/bss.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/cnm.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/cnm_mem.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/cnm_timer.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/nic/cmd_buf.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_bow.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/hif/ahb/ahb.preprocessed
Printing analysis 'IOCTL Command Parser':
Pass::print not implemented for pass: 'IOCTL Command Parser'!
Args: ~/difuze/difuze/helper_scripts/difuze_deps/llvm/build//bin/opt -analyze -debug -load ~/difuze/difuze/InterfaceHandlers/MainAnalysisPasses/build_dir/DeviceNameFinder/libDeviceNameFinderPass.so -dev-name-finder -ioctlFunction=mt6620_ampc_ioctl /tmp/tmpyCBpUx
[+] Provided Function Name: mt6620_ampc_ioctl
[+] Found Fops Structure: mt6620_ampc_fops
Printing analysis 'Device name finder':
Pass::print not implemented for pass: 'Device name finder'!
Args: ~/difuze/difuze/helper_scripts/difuze_deps/llvm/build//bin/opt -analyze -debug -load ~/difuze/difuze/InterfaceHandlers/MainAnalysisPasses/build_dir/IoctlCmdFinder/libIoctlCmdPass.so -new-ioctl-cmd-parser -ioctlFunction=mt6620_ampc_ioctl -bcOutDir=~/difuze/llvm_bitcode_out -srcBaseDir=~/difuze/kernel-3.18 /tmp/tmpSqyhKf
Provided Function Name:mt6620_ampc_ioctl
Found Cmd(BR):0,0:START
Found Cmd(BR):0,0:START
Found Cmd(BR):0,0:END
Found Cmd(BR):0,0:END
Includes file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_bow.includes
Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_bow.preprocessed
ALL PREPROCESSED FILES:
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/aee/common/aee-common.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/common/debug.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/common/dump.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/aaa_fsm.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/ais_fsm.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/auth.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/bss.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/cnm.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/cnm_mem.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/cnm_timer.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/nic/cmd_buf.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_bow.preprocessed
Compl Preprocessed file:~/difuze/llvm_bitcode_out/out/../drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/hif/ahb/ahb.preprocessed
Printing analysis 'IOCTL Command Parser':
Pass::print not implemented for pass: 'IOCTL Command Parser'!
Machiry commented 5 years ago

You can ignore the "Pass::print not implemented for pass: 'IOCTL Command Parser'!" error.