github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/dev_floppy.txt

github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/dev_floppy.txt (about)

     1  # Copyright 2018 syzkaller project authors. All rights reserved.
     2  # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     3  
     4  # Proper fuzzing of floppy device requires:
     5  # 1) CONFIG_BLK_DEV_FD in your kernel configuration
     6  # 2) "cmdline": " -fda FLOPPY.img " in syzkaller configuration
     7  
     8  include <uapi/linux/fd.h>
     9  include <uapi/linux/fcntl.h>
    10  
    11  resource fd_floppy[fd]
    12  
    13  # O_ACCMODE is used for ioctl-only opens, see FMODE_WRITE_IOCTL
    14  # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/fs.h?h=v5.14#n129
    15  # Examples:
    16  # - https://sources.debian.org/src/fdutils/5.6-2/src/floppycontrol.c/?hl=289#L289
    17  # - https://sources.debian.org/src/fdutils/5.6-2/src/diskd.c/?hl=90#L90
    18  fd_open_flags = O_WRONLY, O_RDWR, O_ACCMODE, O_APPEND, FASYNC, O_CLOEXEC, O_DIRECT, O_NOATIME, O_NONBLOCK, O_SYNC, O_TRUNC
    19  
    20  syz_open_dev$floppy(dev ptr[in, string["/dev/fd#"]], id intptr, flags flags[fd_open_flags]) fd_floppy
    21  
    22  ioctl$FLOPPY_FDEJECT(fd fd_floppy, cmd const[FDEJECT])
    23  ioctl$FLOPPY_FDCLRPRM(fd fd_floppy, cmd const[FDCLRPRM])
    24  ioctl$FLOPPY_FDSETPRM(fd fd_floppy, cmd const[FDSETPRM], arg ptr[in, floppy_struct])
    25  ioctl$FLOPPY_FDDEFPRM(fd fd_floppy, cmd const[FDDEFPRM], arg ptr[in, floppy_struct])
    26  ioctl$FLOPPY_FDGETPRM(fd fd_floppy, cmd const[FDGETPRM], arg ptr[out, floppy_struct])
    27  ioctl$FLOPPY_FDMSGON(fd fd_floppy, cmd const[FDMSGON])
    28  ioctl$FLOPPY_FDMSGOFF(fd fd_floppy, cmd const[FDMSGOFF])
    29  ioctl$FLOPPY_FDFMTBEG(fd fd_floppy, cmd const[FDFMTBEG])
    30  ioctl$FLOPPY_FDFMTTRK(fd fd_floppy, cmd const[FDFMTTRK], arg ptr[in, format_descr])
    31  ioctl$FLOPPY_FDFMTEND(fd fd_floppy, cmd const[FDFMTEND])
    32  ioctl$FLOPPY_FDFLUSH(fd fd_floppy, cmd const[FDFLUSH])
    33  ioctl$FLOPPY_FDSETEMSGTRESH(fd fd_floppy, cmd const[FDSETEMSGTRESH], arg intptr[0:0xf])
    34  ioctl$FLOPPY_FDGETMAXERRS(fd fd_floppy, cmd const[FDGETMAXERRS], arg ptr[out, floppy_max_errors])
    35  ioctl$FLOPPY_FDSETMAXERRS(fd fd_floppy, cmd const[FDSETMAXERRS], arg ptr[in, floppy_max_errors])
    36  ioctl$FLOPPY_FDGETDRVTYP(fd fd_floppy, cmd const[FDGETDRVTYP], arg ptr[out, floppy_drive_name])
    37  ioctl$FLOPPY_FDSETDRVPRM(fd fd_floppy, cmd const[FDSETDRVPRM], arg ptr[in, floppy_drive_params])
    38  ioctl$FLOPPY_FDGETDRVPRM(fd fd_floppy, cmd const[FDGETDRVPRM], arg ptr[out, floppy_drive_params])
    39  ioctl$FLOPPY_FDPOLLDRVSTAT(fd fd_floppy, cmd const[FDPOLLDRVSTAT], arg ptr[out, floppy_drive_struct])
    40  ioctl$FLOPPY_FDGETDRVSTAT(fd fd_floppy, cmd const[FDGETDRVSTAT], arg ptr[out, floppy_drive_struct])
    41  ioctl$FLOPPY_FDRESET(fd fd_floppy, cmd const[FDRESET], arg flags[floppy_reset_mode])
    42  ioctl$FLOPPY_FDGETFDCSTAT(fd fd_floppy, cmd const[FDGETFDCSTAT], arg ptr[out, floppy_fdc_state])
    43  ioctl$FLOPPY_FDWERRORCLR(fd fd_floppy, cmd const[FDWERRORCLR])
    44  ioctl$FLOPPY_FDWERRORGET(fd fd_floppy, cmd const[FDWERRORGET], arg ptr[out, floppy_write_errors])
    45  ioctl$FLOPPY_FDRAWCMD(fd fd_floppy, cmd const[FDRAWCMD], arg ptr[inout, floppy_raw_cmd])
    46  ioctl$FLOPPY_FDTWADDLE(fd fd_floppy, cmd const[FDTWADDLE])
    47  
    48  floppy_struct {
    49  	size	int32
    50  	sect	int32
    51  	head	int32
    52  	track	int32
    53  	stretch	int32
    54  
    55  	gap	int8
    56  	rate	int8
    57  	spec1	int8
    58  	fmt_gap	int8
    59  
    60  	name	ptr[inout, string]
    61  }
    62  
    63  format_descr {
    64  	device	int32
    65  	head	int32
    66  	track	int32
    67  }
    68  
    69  floppy_max_errors {
    70  	abort		int32
    71  	read_track	int32
    72  	reset		int32
    73  	recal		int32
    74  	reporting	int32
    75  }
    76  
    77  type floppy_drive_name array[int8, 16]
    78  
    79  floppy_drive_params {
    80  	cmos		int8
    81  	max_dtr		intptr
    82  	hlt		intptr
    83  	hut		intptr
    84  	srt		intptr
    85  	spinup		intptr
    86  	spindown	intptr
    87  	spindown_offset	int8
    88  	select_delay	int8
    89  	rps		int8
    90  	tracks		int8
    91  	timeout		intptr
    92  	intreleave_sect	int8
    93  	max_errors	floppy_max_errors
    94  	flags		flags[floppy_drive_params_flags, int8]
    95  	read_track	int8
    96  	autodetect	array[int16, 8]
    97  	checkfreq	int32
    98  	native_format	int32
    99  }
   100  
   101  floppy_drive_struct {
   102  	flags		flags[floppy_drive_struct_flags, intptr]
   103  	spinup_date	intptr
   104  	select_date	intptr
   105  	first_read_date	intptr
   106  
   107  	probed_format	int16
   108  	track		int16
   109  	maxblock	int16
   110  	maxtrack	int16
   111  
   112  	generation	int32
   113  	keep_data	int32
   114  	fd_ref		int32
   115  	fd_device	int32
   116  
   117  	last_checked	intptr
   118  
   119  	dmabuf		ptr[out, int8]
   120  	bufblocks	len[dmabuf, int32]
   121  }
   122  
   123  floppy_fdc_state {
   124  	spec1		int32
   125  	spec2		int32
   126  	dtr		int32
   127  
   128  	version		int8
   129  	dor		int8
   130  	address		intptr
   131  	rawcmd		int32:2
   132  	reset		int32:1
   133  	need_configure	int32:1
   134  	perp_mode	int32:2
   135  	has_fifo	int32:1
   136  	driver_version	int32
   137  
   138  	track		array[int8, 4]
   139  }
   140  
   141  floppy_write_errors {
   142  	write_errors		int32
   143  
   144  	first_error_sector	intptr
   145  	first_error_generation	int32
   146  	last_error_sector	intptr
   147  	lsat_error_generation	int32
   148  
   149  	badness			int32
   150  }
   151  
   152  floppy_raw_cmd {
   153  	flags		flags[floppy_raw_cmd_flags, int32]
   154  
   155  	data		buffer[inout]
   156  # kernel only. zerroed after copy_from_user. Maybe need to use const[0, intptr]
   157  	kernel_data	ptr[in, int8]
   158  	next		const[0, intptr]
   159  
   160  	length		len[data, intptr]
   161  # output value
   162  	phys_length	const[0, intptr]
   163  # output value. kernel only
   164  	buffer_length	const[0, int32]
   165  
   166  	rate		int8
   167  	cmd_count	int8
   168  	cmd		array[int8, 16]
   169  # output
   170  	reply_count	const[0, int8]
   171  	reply		array[const[0, int8], 16]
   172  	track		int32
   173  # output
   174  	resultcode	const[0, int32]
   175  
   176  	reserved1	const[0, int32]
   177  	reserved2	const[0, int32]
   178  }
   179  
   180  floppy_reset_mode = FD_RESET_IF_NEEDED, FD_RESET_IF_RAWCMD, FD_RESET_ALWAYS
   181  floppy_drive_struct_flags = FD_NEED_TWADDLE_BIT, FD_VERIFY_BIT, FD_DISK_NEWCHANGE_BIT, FD_UNUSED_BIT, FD_DISK_CHANGED_BIT, FD_DISK_WRITABLE_BIT, FD_OPEN_SHOULD_FAIL_BIT
   182  floppy_drive_params_flags = FTD_MSG, FD_BROKEN_DCL, FD_DEBUG, FD_SILENT_DCL_CLEAR, FD_INVERTED_DCL
   183  floppy_raw_cmd_flags = FD_RAW_READ, FD_RAW_WRITE, FD_RAW_NO_MOTOR, FD_RAW_DISK_CHANGE, FD_RAW_INTR, FD_RAW_SPIN, FD_RAW_NO_MOTOR_AFTER, FD_RAW_NEED_DISK, FD_RAW_NEED_SEEK, FD_RAW_MORE, FD_RAW_STOP_IF_FAILURE, FD_RAW_STOP_IF_SUCCESS, FD_RAW_SOFTFAILURE, FD_RAW_FAILURE, FD_RAW_HARDFAILURE