github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/socket_qipcrtr.txt (about) 1 # Copyright 2020 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 5 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 6 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 7 8 # Findings on qrtr rpmsg and mhi interface (with drivers implemented in 'smd.c' and 'mhi.c' under '$KERNEL_SRC/net/qrtr/') 9 # The investigation is done using Linux 5.8-rc1 with following configs set: 10 # - CONFIG_QRTR, CONFIG_QRTR_SMD, CONFIG_QRTR_TUN, CONFIG_QRTR_MHI, CONFIG_RPMSG, 11 # CONFIG_RPMSG_CHAR, CONFIG_RPMSG_QCOM_GLINK_NATIVE, CONFIG_RPMSG_QCOM_GLINK_RPM, 12 # CONFIG_RPMSG_VIRTIO 13 # No additional device file was found in running kernel under '/dev/', and no device 14 # was found under '/sys/bus/rpmsg/devices/'. 15 # All examples found involve additional hardware assumptions. 16 # The conclusion is that the testing of those subsystems relies on some hardware, 17 # hence, not tested at this time. 18 19 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 20 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 21 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 22 23 include <linux/socket.h> 24 include <linux/net.h> 25 include <linux/termios.h> 26 include <linux/qrtr.h> 27 28 # QIPCRTR sockets 29 30 resource sock_qrtr[sock] 31 32 # 1 stands for qrtr_local_nid, -1 stands for QRTR_EP_NID_AUTO 33 qrtr_nodes = QRTR_NODE_BCAST, -1, 0, 1, 2, 3, 4 34 35 # 0x4000 and 0x7fff stands for QRTR_MIN_EPH_SOCKET and QRTR_MAX_EPH_SOCKET, respectively 36 qrtr_ports = QRTR_PORT_CTRL, 0x3fff, 0x4000, 0x4001, 0x7ffe, 0x7fff, 0x8000, 0, 1, 2 37 38 sockaddr_qrtr { 39 sq_family const[AF_QIPCRTR, int16] 40 sq_node flags[qrtr_nodes, int32] 41 sq_port flags[qrtr_ports, int32] 42 } 43 44 socket$qrtr(domain const[AF_QIPCRTR], type const[SOCK_DGRAM], proto const[0]) sock_qrtr 45 46 bind$qrtr(fd sock_qrtr, addr ptr[in, sockaddr_qrtr], addrlen len[addr]) 47 connect$qrtr(fd sock_qrtr, addr ptr[in, sockaddr_qrtr], addrlen len[addr]) 48 49 getsockname$qrtr(fd sock_qrtr, addr ptr[out, sockaddr_qrtr], addrlen ptr[inout, len[addr, int32]]) 50 getpeername$qrtr(fd sock_qrtr, peer ptr[out, sockaddr_qrtr], peerlen ptr[inout, len[peer, int32]]) 51 52 # ioctls 53 ioctl$sock_qrtr_TIOCOUTQ(fd sock_qrtr, cmd const[TIOCOUTQ], arg ptr[out, int64]) 54 ioctl$sock_qrtr_TIOCINQ(fd sock_qrtr, cmd const[TIOCINQ], arg ptr[out, int64]) 55 ioctl$sock_qrtr_SIOCGIFADDR(fd sock_qrtr, cmd const[SIOCGIFADDR], arg ptr[out, ifreq_t[sockaddr_qrtr]]) 56 57 # sendmsg, recvmsg, [send|recv]_msghdr 58 sendmsg$qrtr(fd sock_qrtr, msg ptr[in, send_msghdr_qrtr], msglen len[msg]) 59 recvmsg$qrtr(fd sock_qrtr, msg ptr[inout, recv_msghdr_qrtr], msglen len[msg], f flags[recv_flags]) 60 61 send_msghdr_qrtr { 62 addr ptr[in, sockaddr_qrtr, opt] 63 addrlen len[addr, int32] 64 vec ptr[in, array[iovec_in]] 65 vlen len[vec, intptr] 66 ctrl ptr[in, array[cmsghdr], opt] 67 ctrllen bytesize[ctrl, intptr] 68 f flags[send_flags, int32] 69 } 70 71 recv_msghdr_qrtr { 72 addr ptr[out, sockaddr_qrtr, opt] 73 addrlen len[addr, int32] 74 vec ptr[in, array[iovec_out]] 75 vlen len[vec, intptr] 76 ctrl ptr[out, array[cmsghdr], opt] 77 ctrllen bytesize[ctrl, intptr] 78 f flags[recv_flags, int32] 79 }