feat(rules): add Dirty Frag class rules (kernel/dirty-frag/*) (#297)

Three Semgrep-YAML-bridge rules for the Dirty Frag bug class
(in-place skcipher/AEAD on skb without cow gate, plus the
scatterwalk_map_and_copy STORE primitive abused by Copy Fail and
Dirty Frag in crypto_authenc_esn_decrypt).

This is the foxguard half of the foxguard-first integration approach
proposed in pwnkit issue #263 — kernel/C scanning lives in foxguard,
the pwnkit CLI delegates kernel variant-hunt to foxguard rules.

Adds:
- C as a first-class Language (tree-sitter-c parser, .c/.h detection,
  // comment marker, semgrep-compat language map). No built-in C rules
  yet — only YAML loading via --rules.
- rules/kernel/dirty-frag-class/skb-inplace-skcipher-no-cow.yaml
- rules/kernel/dirty-frag-class/skb-inplace-aead-no-cow.yaml
- rules/kernel/dirty-frag-class/scatterwalk-store-on-shared-sgl.yaml
- 6 fixtures under tests/fixtures/kernel/dirty-frag/ (positive +
  negative for each rule), modeling esp_input, rxkad_verify_packet_1,
  and crypto_authenc_esn_decrypt pre/post the upstream patches
- tests/kernel_dirty_frag.rs (calibration test: each rule flags its
  positive fixture and ignores its negative fixture)

Calibration:
  foxguard --no-builtins --rules rules/kernel/dirty-frag-class \
           tests/fixtures/kernel/dirty-frag/
  → 3 critical findings (one per *_vulnerable.c). Safe fixtures clean.

Path-sensitivity caveat: Rust's regex crate has no backreferences, so
these rules cannot syntactically require src == dst on set_crypt's
SGL args. The cow-gate suppression is a coarse same-file regex
overlap, not a dominating-call analysis. Definitive Dirty Frag class
matching needs Coccinelle (path-sensitive) or CodeQL (taint from
MSG_SPLICE_PAGES to crypto_*_decrypt). That work is deferred to a
follow-up issue per the issue #263 plan.

Refs:
- oss-security advisory 2026-05-07 (Hyunwoo Kim @V4bel)
- upstream ESP patch f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4

Author: peaktwilight

Cargo.lock

@@ -19,6 +19,7 @@ tree-sitter-ruby = "0.23"
 tree-sitter-java = "0.23"
 tree-sitter-php = "0.24"
 tree-sitter-rust = "0.24"
+tree-sitter-c = "0.24"
 tree-sitter-c-sharp = "0.23"
 tree-sitter-swift = "0.7"
 tree-sitter-kotlin-sg = "0.4"

Cargo.toml

@@ -0,0 +1,29 @@
+# Dirty Frag class — scatterwalk_map_and_copy STORE on AEAD-shared SGL.
+#
+# Pattern: scatterwalk_map_and_copy(..., dst, off, len, /*out=*/1) where dst
+# is part of an in-place AEAD request set up earlier in the same function via
+# aead_request_set_crypt(req, sg, sg, ...). This is the secondary STORE
+# primitive that Copy Fail and Dirty Frag both abuse in
+# crypto_authenc_esn_decrypt (crypto/authencesn.c).
+#
+# This is a SYNTACTIC / structural rule — it does not prove dst aliases the
+# shared SGL via taint analysis. Path-sensitive analysis (CodeQL) is required
+# to confirm aliasing; see PR body for the deferred-work pointer.
+rules:
+  - id: kernel/dirty-frag/scatterwalk-store-on-shared-sgl
+    # Positive: aead_request_set_crypt(...) is followed (within the same
+    # function body) by scatterwalk_map_and_copy(..., out=1). Rust regex has
+    # no backreferences, so we cannot require arg2 == arg3 of set_crypt to
+    # confirm the SGL is shared; manual triage / CodeQL confirms aliasing.
+    pattern-regex: '(?ms)^\s*aead_request_set_crypt\s*\([^}]*?scatterwalk_map_and_copy\s*\([^,]+,[^,]+,[^,]+,[^,]+,\s*1\s*\)'
+    message: |
+      scatterwalk_map_and_copy STORE (out=1) on an in-place AEAD scatterlist
+      (Dirty Frag class). The destination scatterlist is shared with the
+      attacker-controllable source SGL via aead_request_set_crypt(req, sg, sg, ...);
+      a 4-byte STORE lands in caller-pinned memory regardless of AEAD auth
+      result. Calibration site: crypto/authencesn.c::crypto_authenc_esn_decrypt.
+      See oss-security 2026-05-07 advisory and pwnkit issue #263.
+    severity: ERROR
+    languages: [c]
+    metadata:
+      cwe: "CWE-787"

rules/kernel/dirty-frag-class/scatterwalk-store-on-shared-sgl.yaml

@@ -0,0 +1,34 @@
+# Dirty Frag class — in-place AEAD decrypt on skb without cow gate.
+#
+# Pattern: aead_request_set_crypt(req, sg, sg, ...) followed by
+# crypto_aead_decrypt(req) within the same function body, with no
+# dominating cow / unshare / make-writable / pskb_expand_head call.
+#
+# Calibration sites (pre-patch): net/ipv4/esp4.c::esp_input,
+# net/ipv6/esp6.c::esp6_input. Patched by upstream commit
+# f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4 (extends skip_cow gate with
+# !skb_has_shared_frag()).
+#
+# This is a SYNTACTIC / structural rule — it does not prove the cow gate is
+# unreachable. Path-sensitive analysis (Coccinelle / CodeQL) is required for
+# definitive flagging; see PR body for the deferred-work pointer.
+rules:
+  - id: kernel/dirty-frag/skb-inplace-aead-no-cow
+    # Positive: aead_request_set_crypt(req, ?, ?, ...) followed (within the
+    # same C function body) by crypto_aead_decrypt(req). Rust regex has no
+    # backreferences so we cannot require arg2 == arg3 syntactically; manual
+    # triage / Coccinelle confirms the in-place property.
+    pattern-regex: '(?ms)^\s*aead_request_set_crypt\s*\([^}]*?crypto_aead_decrypt\s*\('
+    # Negative: a cow / unshare / make-writable / expand-head call appears
+    # BEFORE the in-place idiom within the same function body — suppress.
+    pattern-not-regex: '(?s)\b(?:skb_cow_data|skb_copy|skb_unshare|skb_make_writable|pskb_expand_head)\s*\([^}]*?aead_request_set_crypt\s*\([^}]*?crypto_aead_decrypt\s*\('
+    message: |
+      In-place AEAD decrypt on skb without a dominating cow/unshare gate
+      (Dirty Frag class). Verify skb_cow_data / skb_unshare / skb_make_writable /
+      pskb_expand_head is reached on the unsafe path before
+      aead_request_set_crypt(req, sg, sg, ...) + crypto_aead_decrypt(req).
+      See oss-security 2026-05-07 advisory and pwnkit issue #263.
+    severity: ERROR
+    languages: [c]
+    metadata:
+      cwe: "CWE-787"

rules/kernel/dirty-frag-class/skb-inplace-aead-no-cow.yaml

@@ -0,0 +1,34 @@
+# Dirty Frag class — in-place skcipher decrypt on skb without cow gate.
+#
+# Pattern: skcipher_request_set_crypt(req, sg, sg, ...) followed by
+# crypto_skcipher_decrypt(req) within the same function body, with no
+# dominating cow / unshare / make-writable / pskb_expand_head call.
+#
+# Calibration sites (pre-patch): net/rxrpc/rxkad.c::rxkad_verify_packet_1.
+# Patched by upstream change to add data_len/nonlinear gate (see oss-security
+# advisory 2026-05-07).
+#
+# This is a SYNTACTIC / structural rule — it does not prove the cow gate is
+# unreachable. Path-sensitive analysis (Coccinelle / CodeQL) is required for
+# definitive flagging; see PR body for the deferred-work pointer.
+rules:
+  - id: kernel/dirty-frag/skb-inplace-skcipher-no-cow
+    # Positive: skcipher_request_set_crypt(req, ?, ?, ...) followed (within
+    # the same C function body, bounded by `}`) by crypto_skcipher_decrypt(req).
+    # Rust regex has no backreferences, so we cannot require arg2 == arg3
+    # syntactically. Manual triage / Coccinelle confirms the in-place property.
+    pattern-regex: '(?ms)^\s*skcipher_request_set_crypt\s*\([^}]*?crypto_skcipher_decrypt\s*\('
+    # Negative: same idiom, but a cow / unshare / make-writable / expand-head
+    # call appears BEFORE it within the same function body. Used to suppress
+    # the post-patch / safe-fixture variant.
+    pattern-not-regex: '(?s)\b(?:skb_cow_data|skb_copy|skb_unshare|skb_make_writable|pskb_expand_head)\s*\([^}]*?skcipher_request_set_crypt\s*\([^}]*?crypto_skcipher_decrypt\s*\('
+    message: |
+      In-place skcipher decrypt on skb without a dominating cow/unshare gate
+      (Dirty Frag class). Verify skb_cow_data / skb_unshare / skb_make_writable /
+      pskb_expand_head is reached on the unsafe path before
+      skcipher_request_set_crypt(req, sg, sg, ...) + crypto_skcipher_decrypt(req).
+      See oss-security 2026-05-07 advisory and pwnkit issue #263.
+    severity: ERROR
+    languages: [c]
+    metadata:
+      cwe: "CWE-787"

rules/kernel/dirty-frag-class/skb-inplace-skcipher-no-cow.yaml

@@ -44,6 +44,7 @@ fn language_slug(language: Language) -> &'static str {
         Language::CSharp => "cs",
         Language::Swift => "swift",
         Language::Kotlin => "kt",
+        Language::C => "c",
         Language::NginxConf => "nginxconf",
         Language::ApacheConf => "apacheconf",
         Language::HAProxyConf => "haproxyconf",
@@ -64,6 +65,7 @@ fn language_display_name(language: Language) -> &'static str {
         Language::CSharp => "C#",
         Language::Swift => "Swift",
         Language::Kotlin => "Kotlin",
+        Language::C => "C",
         Language::NginxConf => "Nginx",
         Language::ApacheConf => "Apache",
         Language::HAProxyConf => "HAProxy",
@@ -84,6 +86,7 @@ fn language_array_name(language: Language) -> &'static str {
         Language::CSharp => "csharpRules",
         Language::Swift => "swiftRules",
         Language::Kotlin => "kotlinRules",
+        Language::C => "cRules",
         Language::NginxConf => "nginxconfRules",
         Language::ApacheConf => "apacheconfRules",
         Language::HAProxyConf => "haproxyconfRules",

src/bin/gen_rules_ts.rs

@@ -15,6 +15,7 @@ pub fn parse_file(source: &str, language: Language) -> Option<tree_sitter::Tree>
         Language::CSharp => tree_sitter_c_sharp::LANGUAGE.into(),
         Language::Swift => tree_sitter_swift::LANGUAGE.into(),
         Language::Kotlin => tree_sitter_kotlin_sg::LANGUAGE.into(),
+        Language::C => tree_sitter_c::LANGUAGE.into(),
         Language::NginxConf
         | Language::ApacheConf
         | Language::HAProxyConf

src/engine/parser.rs

@@ -170,6 +170,7 @@ pub fn detect_language(path: &Path) -> Option<Language> {
         "cs" => Some(Language::CSharp),
         "swift" => Some(Language::Swift),
         "kt" | "kts" => Some(Language::Kotlin),
+        "c" | "h" => Some(Language::C),
         _ => None,
     }
 }
@@ -489,7 +490,8 @@ fn comment_markers(language: Language) -> &'static [&'static str] {
         | Language::Rust
         | Language::CSharp
         | Language::Swift
-        | Language::Kotlin => &["//"],
+        | Language::Kotlin
+        | Language::C => &["//"],
         Language::NginxConf
         | Language::ApacheConf
         | Language::HAProxyConf

src/engine/scanner.rs

@@ -47,6 +47,7 @@ pub enum Language {
     CSharp,
     Swift,
     Kotlin,
+    C,
     NginxConf,
     ApacheConf,
     HAProxyConf,
@@ -67,6 +68,7 @@ impl std::fmt::Display for Language {
             Language::CSharp => write!(f, "csharp"),
             Language::Swift => write!(f, "swift"),
             Language::Kotlin => write!(f, "kotlin"),
+            Language::C => write!(f, "c"),
             Language::NginxConf => write!(f, "nginxconf"),
             Language::ApacheConf => write!(f, "apacheconf"),
             Language::HAProxyConf => write!(f, "haproxyconf"),

src/lib.rs

@@ -815,6 +815,7 @@ fn map_language(lang_str: &str) -> Option<Language> {
         "csharp" | "c#" | "cs" => Some(Language::CSharp),
         "swift" => Some(Language::Swift),
         "kotlin" | "kt" => Some(Language::Kotlin),
+        "c" => Some(Language::C),
         _ => None,
     }
 }