On Sun, May 19, 2013 at 02:47:25PM +0200, Jann Horn wrote: > I am thinking about how hard it would be to automatically determine ioctls > for arbitrary devices. I coded a little PoC: > > http://git.thejh.net/?p=moctel.git;a=summary > > Run "make", load the kernel module. Then determine the ioctl handler's name > for a given device or so like this: > > $ sudo ./show_ioctl /dev/xconsole > pipe_ioctl > $ sudo ./show_ioctl /dev/kvm > kvm_dev_ioctl > $ sudo ./show_ioctl /dev/fuse > > $ sudo ./show_ioctl /dev/btrfs-control > btrfs_control_ioctl > $ sudo ./show_ioctl /root > ext4_ioctl > > So far, it is fairly straightforward. Knowing the handler method's name, you > could then try to find the valid ioctls under the assumption that some generic > patterns are followed: I added some code. Listing the ioctl names for a given device: $ ./get_ioctl_names.sh /home/jann/software/linux-3.6.7 method_list "$(sudo ./show_ioctl /dev/vhost-net)" [...] ioctls found: VHOST_NET_SET_BACKEND VHOST_GET_FEATURES VHOST_SET_FEATURES VHOST_RESET_OWNER This requires you to have a file method_list containing all the methods in your kernel source ordered by file. You can generate it like this: $ ./gen_method_list /home/jann/software/linux-3.6.7 method_list
Attachment:
signature.asc
Description: Digital signature
