github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/socket_isdn.txt (about)

     1  # Copyright 2018 syzkaller project authors. All rights reserved.
     2  # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     3  
     4  # AF_ISDN support.
     5  
     6  include <linux/socket.h>
     7  include <linux/mISDNif.h>
     8  include <linux/isdn/capiutil.h>
     9  include <uapi/linux/capi.h>
    10  include <uapi/linux/isdn/capicmd.h>
    11  
    12  resource sock_isdn_base[sock]
    13  
    14  socket$isdn_base(domain const[AF_ISDN], type const[SOCK_RAW], proto const[ISDN_P_BASE]) sock_isdn_base
    15  bind$isdn_base(fd sock_isdn_base, addr ptr[in, sockaddr_mISDN], len bytesize[addr])
    16  ioctl$IMGETVERSION(fd sock_isdn_base, cmd const[IMGETVERSION], arg ptr[out, int32])
    17  ioctl$IMGETCOUNT(fd sock_isdn_base, cmd const[IMGETCOUNT], arg ptr[out, int32])
    18  ioctl$IMGETDEVINFO(fd sock_isdn_base, cmd const[IMGETDEVINFO], arg ptr[in, mISDN_devinfo])
    19  ioctl$IMSETDEVNAME(fd sock_isdn_base, cmd const[IMSETDEVNAME], arg ptr[in, mISDN_devrename])
    20  
    21  sockaddr_mISDN {
    22  	family	const[AF_ISDN, int16]
    23  # TODO: this is some ISDN dev id. What are these values?
    24  	dev	int8
    25  	channel	int8
    26  	sapi	int8
    27  	tei	int8
    28  }
    29  
    30  mISDN_devinfo {
    31  # TODO: this is some ISDN dev id. What are these values? Is it the same thing as in sockaddr? Why are they differnet sizes?
    32  	id		int32
    33  	Dprotocols	const[0, int32]
    34  	Bprotocols	const[0, int32]
    35  	protocol	const[0, int32]
    36  	channelmap	array[const[0, int8], MISDN_CHMAP_SIZE]
    37  	nrbchan		const[0, int32]
    38  	name		array[const[0, int8], MISDN_MAX_IDLEN]
    39  }
    40  
    41  mISDN_devrename {
    42  # TODO: this is some ISDN dev id. What are these values? Is it the same thing as in sockaddr? Why are they differnet sizes?
    43  	id	int32
    44  	name	string[mISDN_dev_names, MISDN_MAX_IDLEN]
    45  }
    46  
    47  mISDN_dev_names = "syz0", "syz1"
    48  
    49  resource sock_isdn[sock]
    50  
    51  socket$isdn(domain const[AF_ISDN], type const[SOCK_RAW], proto flags[isdn_sock_protos]) sock_isdn
    52  bind$isdn(fd sock_isdn, addr ptr[in, sockaddr_mISDN], len bytesize[addr])
    53  ioctl$IMCTRLREQ(fd sock_isdn, cmd const[IMCTRLREQ], arg ptr[in, mISDN_ctrl_req])
    54  ioctl$IMCLEAR_L2(fd sock_isdn, cmd const[IMCLEAR_L2], arg ptr[in, int32])
    55  ioctl$IMHOLD_L1(fd sock_isdn, cmd const[IMHOLD_L1], arg ptr[in, int32])
    56  sendto$isdn(fd sock_isdn, buf ptr[in, mISDNhead], len len[buf], f flags[send_flags], addr ptr[in, sockaddr_mISDN, opt], addrlen len[addr])
    57  setsockopt$MISDN_TIME_STAMP(fd sock_isdn, level const[0], opt const[MISDN_TIME_STAMP], arg ptr[in, bool32], arglen len[arg])
    58  getsockopt$MISDN_TIME_STAMP(fd sock_isdn, level const[0], opt const[MISDN_TIME_STAMP], arg ptr[out, bool32], arglen ptr[inout, len[arg, int32]])
    59  
    60  isdn_sock_protos = ISDN_P_TE_S0, ISDN_P_NT_S0, ISDN_P_TE_E1, ISDN_P_NT_E1, ISDN_P_LAPD_TE, ISDN_P_LAPD_NT, ISDN_P_B_RAW, ISDN_P_B_HDLC, ISDN_P_B_X75SLP, ISDN_P_B_L2DTMF, ISDN_P_B_L2DSP, ISDN_P_B_L2DSPHDLC
    61  
    62  mISDN_ctrl_req {
    63  	op	flags[mISDN_ctrl_ops, int32]
    64  	channel	int32
    65  	p1	int32
    66  	p2	int32
    67  }
    68  
    69  mISDNhead {
    70  	prim	int32
    71  	id	int32
    72  	data	array[int8]
    73  } [packed]
    74  
    75  mISDN_ctrl_ops = MISDN_CTRL_GETOP, MISDN_CTRL_LOOP, MISDN_CTRL_CONNECT, MISDN_CTRL_DISCONNECT, MISDN_CTRL_RX_BUFFER, MISDN_CTRL_PCMCONNECT, MISDN_CTRL_PCMDISCONNECT, MISDN_CTRL_SETPEER, MISDN_CTRL_UNSETPEER, MISDN_CTRL_RX_OFF, MISDN_CTRL_FILL_EMPTY, MISDN_CTRL_GETPEER, MISDN_CTRL_L1_TIMER3, MISDN_CTRL_HW_FEATURES_OP, MISDN_CTRL_HW_FEATURES, MISDN_CTRL_HFC_OP, MISDN_CTRL_HFC_PCM_CONN, MISDN_CTRL_HFC_PCM_DISC, MISDN_CTRL_HFC_CONF_JOIN, MISDN_CTRL_HFC_CONF_SPLIT, MISDN_CTRL_HFC_RECEIVE_OFF, MISDN_CTRL_HFC_RECEIVE_ON, MISDN_CTRL_HFC_ECHOCAN_ON, MISDN_CTRL_HFC_ECHOCAN_OFF, MISDN_CTRL_HFC_WD_INIT, MISDN_CTRL_HFC_WD_RESET
    76  
    77  resource fd_capi20[fd]
    78  # TODO: what is this contr?
    79  type capi20_contr int32
    80  
    81  openat$capi20(fd const[AT_FDCWD], file ptr[in, string["/dev/capi20"]], flags flags[open_flags], mode const[0]) fd_capi20
    82  write$capi20(fd fd_capi20, data ptr[in, capi20_command], size bytesize[data])
    83  write$capi20_data(fd fd_capi20, data ptr[in, capi20_command_data], size bytesize[data])
    84  ioctl$CAPI_REGISTER(fd fd_capi20, cmd const[CAPI_REGISTER], arg ptr[in, capi_register_params])
    85  ioctl$CAPI_GET_SERIAL(fd fd_capi20, cmd const[CAPI_GET_SERIAL], arg ptr[in, capi20_contr])
    86  ioctl$CAPI_GET_PROFILE(fd fd_capi20, cmd const[CAPI_GET_PROFILE], arg ptr[in, capi20_contr])
    87  ioctl$CAPI_GET_MANUFACTURER(fd fd_capi20, cmd const[CAPI_GET_MANUFACTURER], arg ptr[in, capi20_contr])
    88  ioctl$CAPI_GET_ERRCODE(fd fd_capi20, cmd const[CAPI_GET_ERRCODE], arg ptr[out, int32])
    89  ioctl$CAPI_INSTALLED(fd fd_capi20, cmd const[CAPI_INSTALLED])
    90  ioctl$CAPI_MANUFACTURER_CMD(fd fd_capi20, cmd const[CAPI_MANUFACTURER_CMD], arg ptr[in, capi_manufacturer_cmd])
    91  ioctl$CAPI_SET_FLAGS(fd fd_capi20, cmd const[CAPI_SET_FLAGS], arg ptr[in, bool32])
    92  ioctl$CAPI_CLR_FLAGS(fd fd_capi20, cmd const[CAPI_CLR_FLAGS], arg ptr[in, bool32])
    93  ioctl$CAPI_GET_FLAGS(fd fd_capi20, cmd const[CAPI_GET_FLAGS], arg ptr[out, bool32])
    94  ioctl$CAPI_NCCI_OPENCOUNT(fd fd_capi20, cmd const[CAPI_NCCI_OPENCOUNT], arg ptr[in, int32])
    95  ioctl$CAPI_NCCI_GETUNIT(fd fd_capi20, cmd const[CAPI_NCCI_GETUNIT], arg ptr[in, int32])
    96  
    97  capi20_command {
    98  	len		bytesize[parent, int16]
    99  	appid		int16
   100  	command		flags[capi20_commands, int8]
   101  	subcommand	flags[capi20_subcommands, int8]
   102  	msgid		int16
   103  	control		int32
   104  	pad		const[0, int32]
   105  } [packed]
   106  
   107  capi20_command_data {
   108  	header		capi20_command
   109  	datasize	bytesize[data, int16]
   110  	data		array[int8]
   111  } [packed]
   112  
   113  capi20_commands = CAPI_ALERT, CAPI_CONNECT, CAPI_CONNECT_ACTIVE, CAPI_CONNECT_B3_ACTIVE, CAPI_CONNECT_B3, CAPI_CONNECT_B3_T90_ACTIVE, CAPI_DATA_B3, CAPI_DISCONNECT_B3, CAPI_DISCONNECT, CAPI_FACILITY, CAPI_INFO, CAPI_LISTEN, CAPI_MANUFACTURER, CAPI_RESET_B3, CAPI_SELECT_B_PROTOCOL
   114  capi20_subcommands = CAPI_REQ, CAPI_CONF, CAPI_IND, CAPI_RESP
   115  
   116  capi_register_params {
   117  	level3cnt	int32
   118  	datablkcnt	int32
   119  	datablklen	int32
   120  }
   121  
   122  capi_manufacturer_cmd {
   123  	cmd	intptr
   124  	data	ptr[in, array[int8]]
   125  }
   126  
   127  openat$proc_capi20(fd const[AT_FDCWD], file ptr[in, string["/proc/capi/capi20"]], flags flags[open_flags], mode const[0]) fd
   128  openat$proc_capi20ncci(fd const[AT_FDCWD], file ptr[in, string["/proc/capi/capi20ncci"]], flags flags[open_flags], mode const[0]) fd
   129  
   130  resource fd_misdntimer[fd]
   131  
   132  openat$misdntimer(fd const[AT_FDCWD], file ptr[in, string["/dev/mISDNtimer"]], flags flags[open_flags], mode const[0]) fd_misdntimer
   133  ioctl$IMADDTIMER(fd fd_misdntimer, cmd const[IMADDTIMER], arg ptr[in, flags[misdntimer_timeouts, int32]])
   134  ioctl$IMDELTIMER(fd fd_misdntimer, cmd const[IMDELTIMER], arg ptr[in, flags[misdntimer_id, int32]])
   135  
   136  # IMADDTIMER accepts timeout in arg and returns timer id in the same location,
   137  # we don't have a way to describe overlapping in/out args.
   138  # This is like the only known so far such case in kernel interfaces, yikes!
   139  # Timer id's seems to be allocated densely from 1 per opened device,
   140  # so we just use 0, 1, 2, 3 as id's.
   141  misdntimer_id = 0, 1, 2, 3
   142  misdntimer_timeouts = 0, 20, 50, 1000000, -1