On Mon, Apr 09, 2018 at 11:25:48AM -0500, Gustavo A. R. Silva wrote: > Hi all, > > I wonder if smatch can be used to trace back a particular variable in order > to determine if such variable is directly or indirectly controlled from any > syscall? > Of course, you *could* build something like that... There is the get_implied_rl() function. You give it a variable and it tells you if the variable can be controlled by the user. So it could be from a syscall, kstrtol() or from skb->data etc. So say you have something like: u8 foo = *(char *)skb->data; if (foo > 8) return; Then get_implied_rl() will say foo is 0-8 range. In theory there is enough information in the database so you could trace function parameters to find out where they come from, but no one has tested that so it probably doesn't work. What are you working on? Perhaps there is a different way to get the information you want. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe smatch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
