github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/dev_ptmx.txt (about) 1 # Copyright 2015 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 include <asm/ioctls.h> 5 include <uapi/linux/kd.h> 6 include <uapi/linux/vt.h> 7 include <uapi/linux/fcntl.h> 8 include <uapi/linux/tty.h> 9 include <uapi/linux/serial.h> 10 include <uapi/linux/termios.h> 11 include <uapi/linux/tiocl.h> 12 13 resource fd_tty[fd] 14 15 # UNIX 98 pseudoterminal pairs (see man pts and man pty): 16 openat$ptmx(fd const[AT_FDCWD], file ptr[in, string["/dev/ptmx"]], flags flags[open_flags], mode const[0]) fd_tty 17 syz_open_pts(fd fd_tty, flags flags[open_flags]) fd_tty 18 19 # BSD pseudoterminal pair (see man pty): 20 syz_open_dev$ttys(dev const[0xc], major const[2], minor proc[20, 2]) fd_tty 21 syz_open_dev$ptys(dev const[0xc], major const[3], minor proc[20, 2]) fd_tty 22 23 # Some special tty devices. 24 # Note /dev/{tty,tty1,tty2,tty7} seem to be of different types. 25 openat$tty(fd const[AT_FDCWD], file ptr[in, string["/dev/tty"]], flags flags[open_flags], mode const[0]) fd_tty 26 syz_open_dev$tty1(dev const[0xc], major const[4], minor intptr[1:4]) fd_tty 27 syz_open_dev$tty20(dev const[0xc], major const[4], minor proc[20, 2]) fd_tty 28 openat$ttyS3(fd const[AT_FDCWD], file ptr[in, string["/dev/ttyS3"]], flags flags[open_flags], mode const[0]) fd_tty 29 openat$ttynull(fd const[AT_FDCWD], file ptr[in, string["/dev/ttynull"]], flags flags[open_flags], mode const[0]) fd_tty 30 openat$ttyprintk(fd const[AT_FDCWD], file ptr[in, string["/dev/ttyprintk"]], flags flags[open_flags], mode const[0]) fd_tty 31 32 ioctl$TCGETS(fd fd_tty, cmd const[TCGETS], arg ptr[out, termios]) 33 ioctl$TCSETS(fd fd_tty, cmd const[TCSETS], arg ptr[in, termios]) 34 ioctl$TCSETSW(fd fd_tty, cmd const[TCSETSW], arg ptr[in, termios]) 35 ioctl$TCSETSF(fd fd_tty, cmd const[TCSETSF], arg ptr[in, termios]) 36 ioctl$TCGETA(fd fd_tty, cmd const[TCGETA], arg ptr[out, termio]) 37 ioctl$TCSETA(fd fd_tty, cmd const[TCSETA], arg ptr[in, termio]) 38 ioctl$TCSETAW(fd fd_tty, cmd const[TCSETAW], arg ptr[in, termio]) 39 ioctl$TCSETAF(fd fd_tty, cmd const[TCSETAF], arg ptr[in, termio]) 40 ioctl$TIOCGLCKTRMIOS(fd fd_tty, cmd const[TIOCGLCKTRMIOS], arg ptr[in, termios]) 41 ioctl$TIOCSLCKTRMIOS(fd fd_tty, cmd const[TIOCSLCKTRMIOS], arg ptr[out, termios]) 42 ioctl$TIOCGWINSZ(fd fd_tty, cmd const[TIOCGWINSZ], arg ptr[out, winsize]) 43 ioctl$TIOCSWINSZ(fd fd_tty, cmd const[TIOCSWINSZ], arg ptr[in, winsize]) 44 ioctl$TCSBRK(fd fd_tty, cmd const[TCSBRK], arg intptr) 45 ioctl$TCSBRKP(fd fd_tty, cmd const[TCSBRKP], arg intptr) 46 ioctl$TIOCSBRK(fd fd_tty, cmd const[TIOCSBRK]) 47 ioctl$TIOCCBRK(fd fd_tty, cmd const[TIOCCBRK]) 48 ioctl$TCXONC(fd fd_tty, cmd const[TCXONC], arg flags[tcxonc_arg]) 49 ioctl$FIONREAD(fd fd_tty, cmd const[FIONREAD], arg ptr[out, int32]) 50 ioctl$TIOCOUTQ(fd fd_tty, cmd const[TIOCOUTQ], arg ptr[out, int32]) 51 ioctl$TCFLSH(fd fd_tty, cmd const[TCFLSH], arg intptr[TCIFLUSH:TCIOFLUSH]) 52 ioctl$TIOCGPTPEER(fd fd_tty, cmd const[TIOCGPTPEER], arg intptr) fd_tty 53 ioctl$TIOCSTI(fd fd_tty, cmd const[TIOCSTI], arg ptr[in, int8]) 54 ioctl$TIOCCONS(fd fd_tty, cmd const[TIOCCONS]) 55 ioctl$TIOCSCTTY(fd fd_tty, cmd const[TIOCSCTTY], arg intptr) 56 ioctl$TIOCNOTTY(fd fd_tty, cmd const[TIOCNOTTY]) 57 ioctl$TIOCGPGRP(fd fd_tty, cmd const[TIOCGPGRP], arg ptr[out, pid]) 58 ioctl$TIOCSPGRP(fd fd_tty, cmd const[TIOCSPGRP], arg ptr[in, pid]) 59 ioctl$TIOCGSID(fd fd_tty, cmd const[TIOCGSID], arg ptr[out, pid]) 60 ioctl$TIOCEXCL(fd fd_tty, cmd const[TIOCEXCL]) 61 ioctl$TIOCNXCL(fd fd_tty, cmd const[TIOCNXCL]) 62 ioctl$TIOCGETD(fd fd_tty, cmd const[TIOCGETD], arg ptr[out, int32]) 63 ioctl$TIOCSETD(fd fd_tty, cmd const[TIOCSETD], arg ptr[in, int32[N_TTY:N_NULL]]) 64 ioctl$TIOCPKT(fd fd_tty, cmd const[TIOCPKT], arg ptr[in, int32]) 65 ioctl$TIOCMGET(fd fd_tty, cmd const[TIOCMGET], arg ptr[out, int32]) 66 ioctl$TIOCMSET(fd fd_tty, cmd const[TIOCMSET], arg ptr[in, int32]) 67 ioctl$TIOCMBIC(fd fd_tty, cmd const[TIOCMBIC], arg ptr[in, int32]) 68 ioctl$TIOCMBIS(fd fd_tty, cmd const[TIOCMBIS], arg ptr[in, int32]) 69 ioctl$TIOCGSOFTCAR(fd fd_tty, cmd const[TIOCGSOFTCAR], arg ptr[out, int32]) 70 ioctl$TIOCSSOFTCAR(fd fd_tty, cmd const[TIOCSSOFTCAR], arg ptr[in, int32]) 71 72 ioctl$KDGETLED(fd fd_tty, cmd const[KDGETLED], arg ptr[out, int8]) 73 ioctl$KDSETLED(fd fd_tty, cmd const[KDSETLED], arg intptr) 74 ioctl$KDGKBLED(fd fd_tty, cmd const[KDGKBLED], arg ptr[out, int8]) 75 ioctl$KDSKBLED(fd fd_tty, cmd const[KDSKBLED], arg intptr) 76 ioctl$KDGKBTYPE(fd fd_tty, cmd const[KDGKBTYPE], arg ptr[out, int8]) 77 ioctl$KDADDIO(fd fd_tty, cmd const[KDADDIO], arg intptr) 78 ioctl$KDDELIO(fd fd_tty, cmd const[KDDELIO], arg intptr) 79 ioctl$KDENABIO(fd fd_tty, cmd const[KDENABIO]) 80 ioctl$KDDISABIO(fd fd_tty, cmd const[KDDISABIO]) 81 ioctl$KDSETMODE(fd fd_tty, cmd const[KDSETMODE], arg intptr[KD_TEXT:KD_GRAPHICS]) 82 ioctl$KDGETMODE(fd fd_tty, cmd const[KDGETMODE], arg ptr[out, intptr]) 83 ioctl$KDMKTONE(fd fd_tty, cmd const[KDMKTONE], arg intptr) 84 ioctl$KIOCSOUND(fd fd_tty, cmd const[KIOCSOUND], arg intptr) 85 ioctl$GIO_CMAP(fd fd_tty, cmd const[GIO_CMAP], arg ptr[out, io_cmap]) 86 ioctl$PIO_CMAP(fd fd_tty, cmd const[PIO_CMAP], arg ptr[in, io_cmap]) 87 ioctl$GIO_FONT(fd fd_tty, cmd const[GIO_FONT], arg buffer[out]) 88 ioctl$GIO_FONTX(fd fd_tty, cmd const[GIO_FONTX], arg ptr[in, consolefontdesc[out]]) 89 ioctl$PIO_FONT(fd fd_tty, cmd const[PIO_FONT], arg buffer[in]) 90 ioctl$PIO_FONTX(fd fd_tty, cmd const[PIO_FONTX], arg ptr[in, consolefontdesc[in]]) 91 ioctl$PIO_FONTRESET(fd fd_tty, cmd const[PIO_FONTRESET], arg const[0]) 92 ioctl$KDFONTOP_SET(fd fd_tty, cmd const[KDFONTOP], arg ptr[in, console_font_op[KD_FONT_OP_SET, in]]) 93 ioctl$KDFONTOP_GET(fd fd_tty, cmd const[KDFONTOP], arg ptr[in, console_font_op[KD_FONT_OP_GET, out]]) 94 ioctl$KDFONTOP_SET_DEF(fd fd_tty, cmd const[KDFONTOP], arg ptr[in, console_font_op[KD_FONT_OP_SET_DEFAULT, in]]) 95 ioctl$KDFONTOP_COPY(fd fd_tty, cmd const[KDFONTOP], arg ptr[in, console_font_op[KD_FONT_OP_COPY, out]]) 96 ioctl$GIO_SCRNMAP(fd fd_tty, cmd const[GIO_SCRNMAP], arg buffer[out]) 97 ioctl$GIO_UNISCRNMAP(fd fd_tty, cmd const[GIO_UNISCRNMAP], arg buffer[out]) 98 ioctl$PIO_SCRNMAP(fd fd_tty, cmd const[PIO_SCRNMAP], arg buffer[in]) 99 ioctl$PIO_UNISCRNMAP(fd fd_tty, cmd const[PIO_UNISCRNMAP], arg buffer[in]) 100 ioctl$GIO_UNIMAP(fd fd_tty, cmd const[GIO_UNIMAP], arg ptr[in, unimapdesc_out]) 101 ioctl$PIO_UNIMAP(fd fd_tty, cmd const[PIO_UNIMAP], arg ptr[in, unimapdesc_in]) 102 ioctl$PIO_UNIMAPCLR(fd fd_tty, cmd const[PIO_UNIMAPCLR], arg ptr[in, unimapinit]) 103 ioctl$KDGKBMODE(fd fd_tty, cmd const[KDGKBMODE], arg ptr[out, intptr]) 104 ioctl$KDSKBMODE(fd fd_tty, cmd const[KDSKBMODE], arg ptr[in, intptr[K_RAW:K_OFF]]) 105 ioctl$KDGKBMETA(fd fd_tty, cmd const[KDGKBMETA], arg ptr[out, intptr]) 106 ioctl$KDSKBMETA(fd fd_tty, cmd const[KDSKBMETA], arg ptr[in, intptr[K_METABIT:K_ESCPREFIX]]) 107 ioctl$KDGKBENT(fd fd_tty, cmd const[KDGKBENT], arg ptr[in, kbentry]) 108 ioctl$KDSKBENT(fd fd_tty, cmd const[KDSKBENT], arg ptr[in, kbentry]) 109 ioctl$KDGKBSENT(fd fd_tty, cmd const[KDGKBSENT], arg ptr[in, kbsentry]) 110 ioctl$KDSKBSENT(fd fd_tty, cmd const[KDSKBSENT], arg ptr[in, kbsentry]) 111 ioctl$KDGKBDIACR(fd fd_tty, cmd const[KDGKBDIACR], arg buffer[out]) 112 ioctl$KDGETKEYCODE(fd fd_tty, cmd const[KDGETKEYCODE], arg ptr[in, kbkeycode]) 113 ioctl$KDSETKEYCODE(fd fd_tty, cmd const[KDSETKEYCODE], arg ptr[in, kbkeycode]) 114 ioctl$KDSIGACCEPT(fd fd_tty, cmd const[KDSIGACCEPT], arg signalnoptr) 115 ioctl$VT_OPENQRY(fd fd_tty, cmd const[VT_OPENQRY], arg ptr[out, int32]) 116 ioctl$VT_GETMODE(fd fd_tty, cmd const[VT_GETMODE], arg ptr[out, vt_mode]) 117 ioctl$VT_SETMODE(fd fd_tty, cmd const[VT_SETMODE], arg ptr[in, vt_mode]) 118 ioctl$VT_GETSTATE(fd fd_tty, cmd const[VT_GETSTATE], arg ptr[in, vt_stat]) 119 ioctl$VT_RELDISP(fd fd_tty, cmd const[VT_RELDISP]) 120 ioctl$VT_ACTIVATE(fd fd_tty, cmd const[VT_ACTIVATE], arg intptr) 121 ioctl$VT_WAITACTIVE(fd fd_tty, cmd const[VT_WAITACTIVE]) 122 ioctl$VT_DISALLOCATE(fd fd_tty, cmd const[VT_DISALLOCATE]) 123 ioctl$VT_RESIZE(fd fd_tty, cmd const[VT_RESIZE], arg ptr[in, vt_sizes]) 124 ioctl$VT_RESIZEX(fd fd_tty, cmd const[VT_RESIZEX], arg ptr[in, vt_consize]) 125 126 # For the TIOCLINUX ioctl, see console_ioctl(4). 127 ioctl$TIOCL_SETSEL(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, tiocl_selection_arg]) 128 ioctl$TIOCL_PASTESEL(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, const[TIOCL_PASTESEL, int8]]) 129 ioctl$TIOCL_UNBLANKSCREEN(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, const[TIOCL_UNBLANKSCREEN, int8]]) 130 ioctl$TIOCL_SELLOADLUT(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, loadlut]) 131 ioctl$TIOCL_GETSHIFTSTATE(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, tiocl_shift_state]) 132 ioctl$TIOCL_GETMOUSEREPORTING(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, const[TIOCL_GETMOUSEREPORTING, int8]]) 133 ioctl$TIOCL_SETVESABLANK(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, const[TIOCL_SETVESABLANK, int8]]) 134 135 ioctl$TIOCL_GETKMSGREDIRECT(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, const[TIOCL_GETKMSGREDIRECT, int8]]) 136 ioctl$TIOCL_SCROLLCONSOLE(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, tioctl_scroll_console]) 137 ioctl$TIOCL_BLANKSCREEN(fd fd_tty, cmd const[TIOCLINUX], arg ptr[in, const[TIOCL_BLANKSCREEN, int8]]) 138 139 # TIOCSSERIAL can do nasty things under root, like causing writes to random memory 140 # pretty much like /dev/mem, but this is also working as intended. 141 # For details see: 142 # https://groups.google.com/g/syzkaller-bugs/c/1rVENJf9P4U/m/QtGpapRxAgAJ 143 # https://syzkaller.appspot.com/bug?extid=f4f1e871965064ae689e 144 # TODO: TIOCSSERIAL does some other things that are not dangerous 145 # and would be nice to test, if/when we can neutralize based on sandbox value 146 # we could prohibit it only under sandbox=none. 147 ioctl$TIOCSSERIAL(fd fd, cmd const[TIOCSSERIAL], arg ptr[in, serial_struct]) (disabled) 148 149 ioctl$TIOCGSERIAL(fd fd_tty, cmd const[TIOCGSERIAL], arg ptr[out, serial_struct]) 150 ioctl$TCGETS2(fd fd_tty, cmd const[TCGETS2], arg ptr[out, termios2]) 151 ioctl$TCSETS2(fd fd_tty, cmd const[TCSETS2], arg ptr[in, termios2]) 152 ioctl$TCSETSF2(fd fd_tty, cmd const[TCSETSF2], arg ptr[in, termios2]) 153 ioctl$TCSETSW2(fd fd_tty, cmd const[TCSETSW2], arg ptr[in, termios2]) 154 ioctl$TIOCSERGETLSR(fd fd_tty, cmd const[TIOCSERGETLSR], arg ptr[out, int32]) 155 ioctl$TIOCGRS485(fd fd_tty, cmd const[TIOCGRS485], arg ptr[out, serial_rs485]) 156 ioctl$TIOCSRS485(fd fd_tty, cmd const[TIOCSRS485], arg ptr[in, serial_rs485]) 157 ioctl$TIOCGISO7816(fd fd_tty, cmd const[TIOCGISO7816], arg ptr[out, serial_iso7816]) 158 ioctl$TIOCSISO7816(fd fd_tty, cmd const[TIOCSISO7816], arg ptr[in, serial_iso7816]) 159 ioctl$TIOCSPTLCK(fd fd_tty, cmd const[TIOCSPTLCK], arg ptr[in, bool32]) 160 ioctl$TIOCGPTLCK(fd fd_tty, cmd const[TIOCGPTLCK], arg ptr[out, int32]) 161 ioctl$TIOCGPKT(fd fd_tty, cmd const[TIOCGPKT], arg ptr[out, int32]) 162 ioctl$TIOCSIG(fd fd_tty, cmd const[TIOCSIG], arg signalnoptr) 163 ioctl$TIOCVHANGUP(fd fd_tty, cmd const[TIOCVHANGUP], arg const[0]) 164 ioctl$TIOCGDEV(fd fd_tty, cmd const[TIOCGDEV], arg ptr[out, int32]) 165 ioctl$TIOCMIWAIT(fd fd_tty, cmd const[TIOCMIWAIT], arg const[0]) 166 ioctl$TIOCGICOUNT(fd fd_tty, cmd const[TIOCGICOUNT], arg const[0]) 167 168 # See tty_mode_ioctl. 169 ioctl$TIOCGETP(fd fd_tty, cmd const[TIOCGETP], arg ptr[out, sgttyb]) 170 ioctl$TIOCSETP(fd fd_tty, cmd const[TIOCSETP], arg ptr[in, sgttyb]) 171 ioctl$TIOCGETC(fd fd_tty, cmd const[TIOCGETC], arg ptr[out, array[int8]]) 172 ioctl$TIOCSETC(fd fd_tty, cmd const[TIOCSETC], arg ptr[in, array[int8]]) 173 ioctl$TIOCGLTC(fd fd_tty, cmd const[TIOCGLTC], arg ptr[out, array[int8]]) 174 ioctl$TIOCSLTC(fd fd_tty, cmd const[TIOCSLTC], arg ptr[in, array[int8]]) 175 176 sgttyb { 177 sg_ispeed int8 178 sg_ospeed int8 179 sg_erase int8 180 sg_kill int8 181 sg_flags int16 182 } 183 184 tcxonc_arg = TCOOFF, TCOON, TCIOFF, TCION 185 186 termios { 187 c_iflag int32 188 c_oflag int32 189 c_cflag int32 190 c_lflag int32 191 c_line int8[N_TTY:N_NULL] 192 c_cc array[int8, NCCS] 193 } 194 195 termios2 { 196 c_iflag int32 197 c_oflag int32 198 c_cflag int32 199 c_lflag int32 200 c_line int8 201 c_cc array[int8, NCCS] 202 c_ispeed int32 203 c_ospeed int32 204 } 205 206 termio { 207 c_iflag int16 208 c_oflag int16 209 c_cflag int16 210 c_lflag int16 211 c_line int8[N_TTY:N_NULL] 212 c_cc array[int8, NCC] 213 } 214 215 winsize { 216 row int16 217 col int16 218 xpix int16 219 upix int16 220 } 221 222 io_cmap { 223 map0 int64 224 map1 int64 225 map2 int64 226 map3 int64 227 map4 int64 228 map5 int64 229 } 230 231 unimapdesc_in { 232 cnt len[entries, int16] 233 entries ptr[in, array[unipair]] 234 } 235 236 unimapdesc_out { 237 cnt len[entries, int16] 238 entries ptr[out, array[unipair]] 239 } 240 241 unipair { 242 unicode int16 243 fontpos int16 244 } 245 246 unimapinit { 247 size int16 248 step int16 249 level int16 250 } 251 252 kbentry { 253 table int8 254 index int8 255 value int16 256 } 257 258 kbsentry { 259 kb_func int8 260 kb_string array[int8, 512] 261 } 262 263 kbkeycode { 264 scan int32 265 key int32 266 } 267 268 vt_mode { 269 mode int8 270 waitv int8 271 relsig int16 272 acqsig int16 273 frsig int16 274 } 275 276 vt_stat { 277 active int16 278 signal int16 279 state int16 280 } 281 282 vt_sizes { 283 rows int16 284 cols int16 285 scroll int16 286 } 287 288 vt_consize { 289 rows int16 290 cols int16 291 vlin int16 292 clin int16 293 vcol int16 294 ccol int16 295 } 296 297 tiocl_selection_arg { 298 subcode const[TIOCL_SETSEL, int8] 299 data tiocl_selection 300 } [packed] 301 302 tiocl_selection { 303 subcode const[TIOCL_SETSEL, int8] 304 xs int16 305 ys int16 306 xe int16 307 ye int16 308 mode flags[tiocl_selection_mode, int16] 309 } [packed] 310 311 tiocl_selection_mode = TIOCL_SELCHAR, TIOCL_SELWORD, TIOCL_SELLINE, TIOCL_SELPOINTER, TIOCL_SELCLEAR, TIOCL_SELMOUSEREPORT, TIOCL_SELBUTTONMASK 312 313 loadlut { 314 submode const[TIOCL_SELLOADLUT, int8] 315 tab0 int64 316 tab1 int64 317 tab2 int64 318 tab3 int64 319 } [packed] 320 321 tiocl_shift_state { 322 subcode const[TIOCL_GETSHIFTSTATE, int8] 323 shift int8 324 } [packed] 325 326 tioctl_scroll_console { 327 subcode const[TIOCL_SCROLLCONSOLE, int8] 328 lines int32 329 } 330 331 serial_struct { 332 type int32 333 line int32 334 port int32 335 irq int32 336 flags int32 337 xmit_fifo_size int32 338 custom_divisor int32 339 baud_base int32 340 close_delay int16 341 io_type int8 342 reserved_char int8 343 hub6 int32 344 closing_wait int16 345 closing_wait2 int16 346 iomem_base ptr[out, array[int8]] 347 iomem_reg_shift int16 348 port_high int32 349 iomap_base intptr 350 } 351 352 serial_rs485 { 353 flags int32 354 delay_rts_before_send int32 355 delay_rts_after_send int32 356 padding array[const[0, int32], 5] 357 } 358 359 serial_iso7816 { 360 flags int32 361 tg int32 362 sc_fi int32 363 sc_di int32 364 clk int32 365 reserved array[const[0, int32], 5] 366 } 367 368 type consolefontdesc[DIR] { 369 charcount int16[0:512] 370 charheight int16[0:32] 371 chardata ptr[DIR, array[int8, 1024]] 372 } 373 374 type console_font_op[OP, DIR] { 375 op const[OP, int32] 376 flags bool32 377 width int32[0:32] 378 height int32[0:32] 379 charcount int32[0:512] 380 data ptr[DIR, array[int8, 1024]] 381 }