github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/sys.txt (about) 1 # Copyright 2015 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 # Description of syscall arguments. See README.md for details. 5 6 include <linux/socket.h> 7 include <linux/ptrace.h> 8 include <linux/resource.h> 9 include <linux/stat.h> 10 include <linux/mman.h> 11 include <linux/time.h> 12 include <linux/mount.h> 13 include <linux/fs.h> 14 include <linux/eventpoll.h> 15 include <linux/signalfd.h> 16 include <linux/eventfd.h> 17 include <linux/timerfd.h> 18 include <linux/personality.h> 19 include <linux/wait.h> 20 include <linux/user.h> 21 include <linux/un.h> 22 include <linux/ioctl.h> 23 include <linux/fadvise.h> 24 include <linux/falloc.h> 25 include <linux/kexec.h> 26 include <linux/elf.h> 27 include <linux/fiemap.h> 28 include <linux/kd.h> 29 include <linux/vt.h> 30 include <linux/if_alg.h> 31 include <linux/nfc.h> 32 include <linux/sockios.h> 33 include <linux/net_tstamp.h> 34 include <linux/termios.h> 35 include <linux/fcntl.h> 36 include <linux/sched.h> 37 include <linux/mqueue.h> 38 include <linux/mempolicy.h> 39 include <linux/in.h> 40 include <linux/ip.h> 41 include <linux/tcp.h> 42 include <linux/udp.h> 43 include <linux/kcmp.h> 44 include <linux/nfs.h> 45 include <linux/syslog.h> 46 include <linux/exportfs.h> 47 include <linux/splice.h> 48 include <linux/filelock.h> 49 include <fs/overlayfs/overlayfs.h> 50 include <uapi/linux/memfd.h> 51 include <uapi/linux/module.h> 52 include <linux/ioprio.h> 53 include <linux/membarrier.h> 54 include <uapi/linux/kcov.h> 55 include <uapi/linux/membarrier.h> 56 include <uapi/linux/capability.h> 57 include <uapi/linux/seccomp.h> 58 include <uapi/linux/wait.h> 59 include <uapi/linux/watch_queue.h> 60 include <kernel/sched/sched.h> 61 include <uapi/linux/close_range.h> 62 include <uapi/linux/netfilter/xt_cgroup.h> 63 include <fs/smb/client/cifsglob.h> 64 include <xen/interface/io/xs_wire.h> 65 include <uapi/linux/prctl.h> 66 include <asm/prctl.h> 67 68 resource fd[int32]: -1 69 resource fd_dir[fd]: AT_FDCWD 70 71 # alignptr/align32/align64/padto64 can be used when ABI uses int64/intptr to hold a smaller type. 72 # E.g. pid/uid stored as intptr/int64. 73 type alignptr[T] { 74 v T 75 } [align[PTR_SIZE]] 76 77 type align32[T] { 78 v T 79 } [align[4]] 80 81 type align64[T] { 82 v T 83 } [align[8]] 84 85 type padto32[T] { 86 v T 87 } [size[4]] 88 89 type padto64[T] { 90 v T 91 } [size[8]] 92 93 type signalno int32[0:65] 94 type signalnoptr intptr[0:65] 95 96 # syz_execute_func caused multiple problems: 97 # 1. First it lead to corpus explosion. The program used existing values in registers 98 # to pollute output area. We tried to zero registers (though, not reliably). 99 # 2. It lead to explosion again. The exact mechanics are unknown, here is one sample: 100 # syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4 101 # 430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f44 102 # 9f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464 103 # 660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 104 # 3. The code can also execute syscalls (and it is know to), but it's not subject to 105 # target.SanitizeCall. As the result it can do things that programs are not supposed to do. 106 # 4. Besides linux, corpus explosion also happens on freebsd and is clearly attributable 107 # to syz_execute_func based on corpus contents. Mechanics are also not known. 108 # It also did not cause finding of any new bugs (at least not that I know of). 109 # So it's disabled on all OSes until we figure out how to resolve all these problems. 110 syz_execute_func(text ptr[in, text[target]]) (disabled) 111 112 # Exclude /sys/power/state as reported in https://lkml.org/lkml/2021/5/27/653 113 openat$sysfs(fd const[AT_FDCWD], dir ptr[in, glob["/sys/**/*:-/sys/power/state"]], flags flags[open_flags], mode flags[open_mode]) fd 114 115 open(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd 116 # Just so that we have something that creates fd_dir resources. 117 open$dir(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd_dir 118 openat$dir(fd const[AT_FDCWD], file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd_dir 119 openat(fd fd_dir[opt], file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd 120 openat2$dir(fd const[AT_FDCWD], file ptr[in, filename], how ptr[in, open_how], size bytesize[how]) fd_dir 121 openat2(fd fd_dir[opt], file ptr[in, filename], how ptr[in, open_how], size bytesize[how]) fd 122 creat(file ptr[in, filename], mode flags[open_mode]) fd 123 close(fd fd) 124 read(fd fd, buf buffer[out], count len[buf]) 125 pread64(fd fd, buf buffer[out], count len[buf], pos fileoff) 126 readv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec]) 127 preadv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec], off_low int32, off_high int32) 128 preadv2(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec], off_low int32, off_high int32, flags flags[rwf_flags]) 129 write(fd fd, buf buffer[in], count len[buf]) 130 pwrite64(fd fd, buf buffer[in], count len[buf], pos fileoff) 131 writev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec]) 132 pwritev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], off_low int32, off_high int32) 133 pwritev2(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], off_low int32, off_high int32, flags flags[rwf_flags]) 134 lseek(fd fd, offset fileoff, whence flags[seek_whence]) 135 copy_file_range(fd_in fd, off_in ptr[inout, fileoff[int64], opt], fd_out fd, off_out ptr[inout, fileoff[int64], opt], len intptr, flags flags[copy_file_range_flags]) 136 137 rwf_flags = RWF_DSYNC, RWF_HIPRI, RWF_SYNC, RWF_NOWAIT, RWF_APPEND 138 copy_file_range_flags = 0 139 140 dup(oldfd fd) fd 141 dup2(oldfd fd, newfd fd) fd 142 dup3(oldfd fd, newfd fd, flags flags[dup_flags]) fd 143 144 pipe(pipefd ptr[out, pipefd]) 145 pipe2(pipefd ptr[out, pipefd], flags flags[pipe_flags]) 146 147 tee(fdin fd, fdout fd, len intptr, f flags[splice_flags]) 148 splice(fdin fd, offin ptr[in, fileoff[int64]], fdout fd, offout ptr[in, fileoff[int64]], len intptr, f flags[splice_flags]) 149 vmsplice(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], f flags[splice_flags]) 150 sendfile(fdout fd, fdin fd, off ptr[inout, fileoff[intptr], opt], count intptr) 151 sendfile64(fdout fd, fdin fd, off ptr[inout, fileoff[int64], opt], count intptr) 152 153 cachestat_range { 154 off fileoff[int64] 155 len int64 156 } 157 158 cachestat { 159 nr_cache int64 160 nr_dirty int64 161 nr_writeback int64 162 nr_evicted int64 163 nr_recently_evicted int64 164 } 165 166 stat(file ptr[in, filename], statbuf ptr[out, stat]) 167 lstat(file ptr[in, filename], statbuf ptr[out, stat]) 168 fstat(fd fd, statbuf ptr[out, stat]) 169 newfstatat(dfd const[AT_FDCWD], file ptr[in, filename], statbuf ptr[out, stat], flag flags[statx_flags]) 170 stat64(file ptr[in, filename], statbuf ptr[out, stat64]) 171 lstat64(file ptr[in, filename], statbuf ptr[out, stat64]) 172 fstat64(fd fd, statbuf ptr[out, stat64]) 173 fstatat64(dfd const[AT_FDCWD], file ptr[in, filename], statbuf ptr[out, stat64], flag flags[statx_flags]) 174 statx(fd fd_dir, file ptr[in, filename], flags flags[statx_flags], mask flags[statx_mask], statxbuf ptr[out, statx]) 175 cachestat(fd fd, cstat_range ptr[in, cachestat_range], cstat ptr[out, cachestat], flags const[0]) 176 177 poll(fds ptr[in, array[pollfd]], nfds len[fds], timeout int32) 178 ppoll(fds ptr[in, array[pollfd]], nfds len[fds], tsp ptr[in, timespec], sigmask ptr[in, sigset_t], size len[sigmask]) 179 select(n len[inp], inp ptr[inout, fd_set], outp ptr[inout, fd_set], exp ptr[inout, fd_set], tvp ptr[inout, timeval]) 180 pselect6(n len[inp], inp ptr[inout, fd_set], outp ptr[inout, fd_set], exp ptr[inout, fd_set], tvp ptr[inout, timespec], sig ptr[in, sigset_size]) 181 182 resource fd_epoll[fd] 183 epoll_create(size int32) fd_epoll 184 epoll_create1(flags flags[epoll_flags]) fd_epoll 185 epoll_ctl$EPOLL_CTL_ADD(epfd fd_epoll, op const[EPOLL_CTL_ADD], fd fd, ev ptr[in, epoll_event]) 186 epoll_ctl$EPOLL_CTL_MOD(epfd fd_epoll, op const[EPOLL_CTL_MOD], fd fd, ev ptr[in, epoll_event]) 187 epoll_ctl$EPOLL_CTL_DEL(epfd fd_epoll, op const[EPOLL_CTL_DEL], fd fd) 188 epoll_wait(epfd fd_epoll, events ptr[out, array[epoll_event]], maxevents len[events], timeout int32) 189 epoll_pwait(epfd fd_epoll, events ptr[out, array[epoll_event]], maxevents len[events], timeout int32, sigmask ptr[in, sigset_t], size bytesize[sigmask]) 190 epoll_pwait2(epfd fd_epoll, events ptr[out, array[epoll_event]], maxevents len[events], timeout ptr[in, timespec], sigmask ptr[in, sigset_t], size bytesize[sigmask]) 191 192 resource fd_timer[fd] 193 signalfd(fd fd, mask ptr[in, sigset_t], size len[mask]) fd 194 signalfd4(fd fd, mask ptr[in, sigset_t], size len[mask], flags flags[signalfd_flags]) fd 195 timerfd_create(clockid flags[clock_type], flags flags[timerfd_create_flags]) fd_timer 196 timerfd_settime(fd fd_timer, flags flags[timerfd_settime_flags], new ptr[in, itimerspec], old ptr[out, itimerspec]) 197 timerfd_gettime(fd fd_timer, cur ptr[out, itimerspec]) 198 ioctl$TFD_IOC_SET_TICKS(fd fd_timer, cmd const[TFD_IOC_SET_TICKS], arg ptr[in, int64]) 199 200 resource fd_event[fd] 201 eventfd(initval int32) fd_event 202 eventfd2(initval int32, flags flags[eventfd_flags]) fd_event 203 read$eventfd(fd fd_event, val ptr[out, int64], len len[val]) 204 write$eventfd(fd fd_event, val ptr[in, int64], len len[val]) 205 206 brk(brk intptr) 207 mmap(addr vma, len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd, offset intptr[0:0xffffffff, 0x1000]) 208 munmap(addr vma, len len[addr]) 209 mremap(addr vma, len len[addr], newlen len[newaddr], flags flags[mremap_flags], newaddr vma) 210 remap_file_pages(addr vma, size len[addr], prot flags[mmap_prot], pgoff intptr, flags flags[mmap_flags]) 211 mprotect(addr vma, len len[addr], prot flags[mmap_prot]) 212 msync(addr vma, len len[addr], f flags[msync_flags]) 213 madvise(addr vma, len len[addr], advice flags[madvise_flags]) 214 process_madvise(pidfd fd_pidfd, vec ptr[in, array[iovec_in]], vlen len[vec], advice flags[madvise_flags], flags const[0]) 215 process_mrelease(pidfd fd_pidfd, flags const[0]) 216 fadvise64(fd fd, offset fileoff, len intptr, advice flags[fadvise_flags]) 217 readahead(fd fd, off intptr, count intptr) 218 mbind(addr vma, len len[addr], mode flags[mbind_mode], nodemask ptr[in, int64], maxnode intptr, flags flags[mbind_flags]) 219 move_pages(pid pid, nr len[pages], pages ptr[in, array[vma]], nodes ptr[in, array[int32], opt], status ptr[out, array[int32]], flags flags[move_pages_flags]) 220 migrate_pages(pid pid, maxnode intptr, old ptr[in, int64], new ptr[in, int64]) 221 set_mempolicy(mode flags[mbind_mode], nodemask ptr[in, int64], maxnode intptr) 222 get_mempolicy(mode ptr[out, int32], nodemask ptr[out, int64], maxnode intptr, addr vma, flags flags[mempolicy_flags]) 223 set_mempolicy_home_node(addr vma, len len[addr], home_node intptr[0:3], flags const[0]) 224 mincore(addr vma, size len[addr], vec buffer[out]) 225 mlock(addr vma, size len[addr]) 226 mlock2(addr vma, size len[addr], flags flags[mlock_flags]) 227 munlock(addr vma, size len[addr]) 228 mlockall(flags flags[mlockall_flags]) 229 munlockall() 230 kcmp(pid1 pid, pid2 pid, type flags[kcmp_flags], fd1 fd, fd2 fd) 231 kcmp$KCMP_EPOLL_TFD(pid1 pid, pid2 pid, type const[KCMP_EPOLL_TFD], fd1 fd, idx2 ptr[in, kcmp_epoll_slot]) 232 233 resource fd_memfd[fd] 234 memfd_create(name ptr[in, string], flags flags[memfd_flags]) fd_memfd 235 memfd_flags = MFD_CLOEXEC, MFD_ALLOW_SEALING, MFD_HUGETLB 236 _ = MFD_HUGE_SHIFT, MFD_HUGE_MASK, MFD_HUGE_64KB, MFD_HUGE_512KB, MFD_HUGE_1MB, MFD_HUGE_2MB, MFD_HUGE_8MB, MFD_HUGE_16MB 237 238 memfd_secret(flags flags[memfd_secret_flags]) fd 239 memfd_secret_flags = O_CLOEXEC 240 241 resource pkey[int32]: -1 242 pkey_alloc(flags const[0], val flags[pkey_flags]) pkey 243 pkey_free(key pkey) 244 pkey_mprotect(addr vma, len len[addr], prot flags[mmap_prot], key pkey) 245 syz_pkey_set(key pkey, val flags[pkey_flags]) 246 247 pkey_flags = PKEY_DISABLE_ACCESS, PKEY_DISABLE_WRITE 248 249 restart_syscall() 250 251 # Almighty! 252 ioctl(fd fd, cmd int32, arg buffer[in]) 253 254 ioctl$int_in(fd fd, cmd flags[ioctl_int_in], v ptr[in, int64]) 255 ioctl$int_out(fd fd, cmd flags[ioctl_int_out], v ptr[out, intptr]) 256 257 ioctl$FIOCLEX(fd fd, cmd const[FIOCLEX]) 258 ioctl$FIONCLEX(fd fd, cmd const[FIONCLEX]) 259 ioctl$FITHAW(fd fd, cmd const[FITHAW]) 260 261 # FIFREEZE is disabled because it can easily kill the machine. 262 ioctl$FIFREEZE(fd fd, cmd const[FIFREEZE]) (disabled) 263 264 fcntl$dupfd(fd fd, cmd flags[fcntl_dupfd], arg fd) fd 265 fcntl$getflags(fd fd, cmd flags[fcntl_getflags]) 266 fcntl$setflags(fd fd, cmd const[F_SETFD], flags flags[fcntl_flags]) 267 fcntl$setstatus(fd fd, cmd const[F_SETFL], flags flags[fcntl_status]) 268 fcntl$lock(fd fd, cmd flags[fcntl_lock], lock ptr[in, flock]) 269 fcntl$getown(fd fd, cmd const[F_GETOWN]) pid 270 fcntl$setown(fd fd, cmd const[F_SETOWN], pid pid) 271 fcntl$getownex(fd fd, cmd const[F_GETOWN_EX], arg ptr[out, f_owner_ex]) 272 fcntl$setownex(fd fd, cmd const[F_SETOWN_EX], arg ptr[in, f_owner_ex]) 273 fcntl$setsig(fd fd, cmd const[F_SETSIG], sig signalnoptr) 274 fcntl$setlease(fd fd, cmd const[F_SETLEASE], typ flags[flock_type]) 275 fcntl$notify(fd fd, cmd const[F_NOTIFY], typ flags[fcntl_notify]) 276 fcntl$setpipe(fd fd, cmd const[F_SETPIPE_SZ], sz intptr) 277 fcntl$addseals(fd fd, cmd const[F_ADD_SEALS], seals flags[seal_types]) 278 fcntl$F_GET_RW_HINT(fd fd, cmd const[F_GET_RW_HINT], hint ptr[out, int64]) 279 fcntl$F_GET_FILE_RW_HINT(fd fd, cmd const[F_GET_FILE_RW_HINT], hint ptr[out, int64]) 280 fcntl$F_SET_RW_HINT(fd fd, cmd const[F_SET_RW_HINT], hint ptr[in, flags[fcntl_rw_hint, int64]]) 281 fcntl$F_SET_FILE_RW_HINT(fd fd, cmd const[F_SET_FILE_RW_HINT], hint ptr[in, flags[fcntl_rw_hint, int64]]) 282 283 # Only some commands break return values. 284 # When/if we have stricter enforcement of arguments, we may remove some of breaks_returns attributes. 285 ptrace(req flags[ptrace_req], pid pid) (breaks_returns) 286 ptrace$peek(req flags[ptrace_req_peek], pid pid, addr ptr[out, intptr]) (breaks_returns) 287 ptrace$poke(req flags[ptrace_req_poke], pid pid, addr ptr[out, intptr], data intptr) (breaks_returns) 288 ptrace$peekuser(req const[PTRACE_PEEKUSR], pid pid, addr intptr) (breaks_returns) 289 ptrace$pokeuser(req const[PTRACE_POKEUSR], pid pid, addr intptr, data intptr) (breaks_returns) 290 ptrace$getregs(req flags[ptrace_req_getregs], pid pid, ignored intptr, data buffer[out]) (breaks_returns) 291 ptrace$getregset(req const[PTRACE_GETREGSET], pid pid, what flags[pthread_regset], data ptr[in, iovec_out]) (breaks_returns) 292 ptrace$setregs(req flags[ptrace_req_setregs], pid pid, ignored intptr, data buffer[in]) (breaks_returns) 293 ptrace$setregset(req const[PTRACE_SETREGSET], pid pid, what flags[pthread_regset], data ptr[in, iovec_in]) (breaks_returns) 294 ptrace$getsig(req const[PTRACE_GETSIGINFO], pid pid, ignored intptr, data ptr[out, siginfo]) (breaks_returns) 295 ptrace$setsig(req const[PTRACE_SETSIGINFO], pid pid, ignored intptr, data ptr[in, siginfo]) (breaks_returns) 296 ptrace$setopts(req flags[ptrace_req_setopts], pid pid, ignored intptr, flags flags[ptrace_options]) (breaks_returns) 297 ptrace$getenv(req const[PTRACE_GETEVENTMSG], pid pid, ignored intptr, data ptr[out, intptr]) (breaks_returns) 298 ptrace$cont(req flags[ptrace_req_cont], pid pid, ignored intptr, data intptr) (breaks_returns) 299 ptrace$PTRACE_SECCOMP_GET_FILTER(req const[PTRACE_SECCOMP_GET_FILTER], pid pid, addr intptr, data ptr[out, array[int8]]) (breaks_returns) 300 ptrace$PTRACE_SECCOMP_GET_METADATA(req const[PTRACE_SECCOMP_GET_METADATA], pid pid, addr len[data], data ptr[in, seccomp_metadata]) (breaks_returns) 301 ptrace$PTRACE_SETSIGMASK(req const[PTRACE_SETSIGMASK], pid pid, size bytesize[data], data ptr[in, sigset_t]) (breaks_returns) 302 ptrace$PTRACE_GETSIGMASK(req const[PTRACE_GETSIGMASK], pid pid, size bytesize[data], data ptr[out, sigset_t]) (breaks_returns) 303 ptrace$ARCH_GET_FS(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], code const[ARCH_GET_FS]) (breaks_returns) 304 ptrace$ARCH_GET_GS(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], code const[ARCH_GET_GS]) (breaks_returns) 305 ptrace$ARCH_SET_GS(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], code const[ARCH_SET_GS]) (breaks_returns) 306 ptrace$ARCH_GET_CPUID(req const[PTRACE_ARCH_PRCTL], pid pid, arg const[0], code const[ARCH_GET_CPUID]) (breaks_returns) 307 ptrace$ARCH_SET_CPUID(req const[PTRACE_ARCH_PRCTL], pid pid, arg boolptr, code const[ARCH_SET_CPUID]) (breaks_returns) 308 ptrace$ARCH_MAP_VDSO_X32(req const[PTRACE_ARCH_PRCTL], pid pid, arg intptr, code const[ARCH_MAP_VDSO_X32]) (breaks_returns) 309 ptrace$ARCH_MAP_VDSO_32(req const[PTRACE_ARCH_PRCTL], pid pid, arg intptr, code const[ARCH_MAP_VDSO_32]) (breaks_returns) 310 ptrace$ARCH_MAP_VDSO_64(req const[PTRACE_ARCH_PRCTL], pid pid, arg intptr, code const[ARCH_MAP_VDSO_64]) (breaks_returns) 311 ptrace$ARCH_SHSTK_STATUS(req const[PTRACE_ARCH_PRCTL], pid pid, res ptr[out, intptr], cmd const[ARCH_SHSTK_STATUS]) (breaks_returns) 312 ptrace$ARCH_SHSTK_LOCK(req const[PTRACE_ARCH_PRCTL], pid pid, features flags[shadow_stack_features], cmd const[ARCH_SHSTK_LOCK]) (breaks_returns) 313 ptrace$ARCH_SHSTK_UNLOCK(req const[PTRACE_ARCH_PRCTL], pid pid, features flags[shadow_stack_features], cmd const[ARCH_SHSTK_UNLOCK]) (breaks_returns) 314 ptrace$ARCH_SHSTK_ENABLE(req const[PTRACE_ARCH_PRCTL], pid pid, features flags[shadow_stack_features], cmd const[ARCH_SHSTK_ENABLE]) (breaks_returns) 315 ptrace$ARCH_SHSTK_DISABLE(req const[PTRACE_ARCH_PRCTL], pid pid, features flags[shadow_stack_features], cmd const[ARCH_SHSTK_DISABLE]) (breaks_returns) 316 ptrace$ARCH_GET_UNTAG_MASK(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], cmd const[ARCH_GET_UNTAG_MASK]) (breaks_returns) 317 ptrace$ARCH_GET_MAX_TAG_BITS(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], cmd const[ARCH_GET_MAX_TAG_BITS]) (breaks_returns) 318 ptrace$ARCH_ENABLE_TAGGED_ADDR(req const[PTRACE_ARCH_PRCTL], pid pid, arg intptr[1:6], cmd const[ARCH_ENABLE_TAGGED_ADDR]) (breaks_returns) 319 ptrace$ARCH_FORCE_TAGGED_SVA(req const[PTRACE_ARCH_PRCTL], pid pid, arg const[0], cmd const[ARCH_FORCE_TAGGED_SVA]) (breaks_returns) 320 321 map_shadow_stack(addr vma, size bytesize[addr], flags boolptr) 322 323 seccomp_metadata { 324 filter_off int64 325 flags const[0, int64] 326 } 327 328 ptrace_peeksiginfo_args { 329 off int64 330 flags flags[ptrace_peeksiginfo_flags, int32] 331 nr len[syscall:data, int32] 332 } 333 334 ptrace$peeksig(req const[PTRACE_PEEKSIGINFO], pid pid, args ptr[in, ptrace_peeksiginfo_args], data ptr[out, array[siginfo]]) 335 336 capget(hdr ptr[in, cap_header], data ptr[in, cap_data]) 337 capset(hdr ptr[in, cap_header], data ptr[in, cap_data]) 338 339 resource fd_mq[fd] 340 mq_open(name ptr[in, string], flags flags[mq_open_flags], mode flags[open_mode], attr ptr[in, mq_attr]) fd_mq 341 mq_timedsend(mqd fd_mq, msg buffer[in], msglen len[msg], prio intptr, timeout ptr[in, timespec, opt]) 342 mq_timedreceive(mqd fd_mq, msg buffer[out], msglen len[msg], prio intptr, timeout ptr[in, timespec, opt]) 343 mq_notify(mqd fd_mq, notif ptr[in, sigevent]) 344 mq_getsetattr(mqd fd_mq, attr ptr[in, mq_attr], oldattr ptr[out, mq_attr, opt]) 345 mq_unlink(name ptr[in, string]) 346 347 mknod(file ptr[in, filename], mode flags[mknod_mode], dev int32) 348 mknod$loop(file ptr[in, filename], mode flags[mknod_mode], dev proc[1792, 2]) 349 mknodat$loop(dirfd fd_dir, file ptr[in, filename], mode flags[mknod_mode], dev proc[1792, 2]) 350 mknodat$null(dirfd fd_dir, file ptr[in, filename], mode flags[mknod_mode], dev const[0x103]) 351 mknodat(dirfd fd_dir, file ptr[in, filename], mode flags[mknod_mode], dev int32) 352 chmod(file ptr[in, filename], mode flags[open_mode]) 353 fchmod(fd fd, mode flags[open_mode]) 354 fchmodat(dirfd fd_dir, file ptr[in, filename], mode flags[open_mode]) 355 chown(file ptr[in, filename], uid uid, gid gid) 356 lchown(file ptr[in, filename], uid uid, gid gid) 357 fchown(fd fd, uid uid, gid gid) 358 fchownat(dirfd fd_dir, file ptr[in, filename], uid uid, gid gid, flags flags[at_flags]) 359 fallocate(fd fd, mode flags[fallocate_mode], off intptr, len intptr) 360 faccessat(dirfd fd_dir, pathname ptr[in, filename], mode flags[open_mode]) 361 faccessat2(dirfd fd_dir, pathname ptr[in, filename], mode flags[open_mode], flags flags[faccessat_flags]) 362 utime(filename ptr[in, filename], times ptr[in, utimbuf]) 363 utimes(filename ptr[in, filename], times ptr[in, itimerval]) 364 futimesat(dir fd_dir, pathname ptr[in, filename], times ptr[in, itimerval]) 365 utimensat(dir fd_dir, pathname ptr[in, filename], times ptr[in, itimerval], flags flags[utimensat_flags]) 366 367 # Small trick - syzkaller cannot give the proper stack pointer to clone(), but we can do it with the aid of pseudo syscalls. 368 syz_clone(flags flags[clone_flags], stack buffer[in], stack_len bytesize[stack], parentid ptr[out, int32], childtid ptr[out, int32], tls buffer[in]) pid 369 370 syz_clone3(args ptr[in, clone_args], size bytesize[args]) pid 371 372 # We need these disabled definitions to simplify the presence and the NR checking. 373 clone(flags flags[clone_flags], sp buffer[in], parentid ptr[out, int32], childtid ptr[out, int32], tls buffer[in]) (breaks_returns, disabled) 374 clone3(args ptr[in, clone_args], size bytesize[args]) pid (breaks_returns, disabled) 375 376 clone_args { 377 flags flags[clone3_flags, int64] 378 pidfd ptr64[out, fd_pidfd] 379 child_tid ptr64[out, pid] 380 parent_tid ptr64[out, pid] 381 exit_signal align64[signalno] 382 stack ptr64[out, array[int8]] 383 stack_size bytesize[stack, int64] 384 tls ptr64[out, array[int8]] 385 set_tid ptr64[in, array[pid]] 386 set_tid_size len[set_tid, int64] 387 cgroup align64[fd_cgroup] 388 } 389 390 resource pid[int32]: 0, -1 391 resource uid[int32]: 0, -1, 0xee00, 0xee01 392 resource gid[int32]: 0, -1, 0xee00, 0xee01 393 394 getgid() gid 395 getegid() gid 396 setuid(uid uid) 397 setgid(gid gid) 398 getuid() uid 399 geteuid() uid 400 setpgid(pid pid, pgid pid) 401 getpgid(pid pid) pid 402 getpgrp(pid pid) pid 403 getpid() pid 404 gettid() pid 405 setreuid(ruid uid, euid uid) 406 setregid(rgid gid, egid gid) 407 setresuid(ruid uid, euid uid, suid uid) 408 setresgid(rgid gid, egid gid, sgid gid) 409 getresuid(ruid ptr[out, uid], euid ptr[out, uid], suid ptr[out, uid]) 410 getresgid(rgid ptr[out, gid], egid ptr[out, gid], sgid ptr[out, gid]) 411 setfsuid(fsuid uid) 412 setfsgid(fsgid gid) 413 getgroups(size len[list], list ptr[inout, array[gid]]) 414 setgroups(size len[list], list ptr[in, array[gid]]) 415 personality(persona flags[personality_flags]) 416 # Don't mess with parent (fuzzer). If we ptrace attach to it, it will hang. 417 # If we setrlimit for parent, it will misbehave. Killing - the same. Nothing good. 418 #getppid() pid 419 #getsid(pid pid) pid 420 #setsid() pid 421 422 link(old ptr[in, filename], new ptr[in, filename]) 423 linkat(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename], flags flags[linkat_flags]) 424 symlinkat(old ptr[in, filename], newfd fd_dir, new ptr[in, filename]) 425 symlink(old ptr[in, filename], new ptr[in, filename]) 426 unlink(path ptr[in, filename]) 427 unlinkat(fd fd_dir, path ptr[in, filename], flags flags[unlinkat_flags]) 428 readlink(path ptr[in, filename], buf buffer[out], siz len[buf]) 429 readlinkat(fd fd_dir, path ptr[in, filename], buf buffer[out], siz len[buf]) 430 rename(old ptr[in, filename], new ptr[in, filename]) 431 renameat(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename]) 432 renameat2(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename], flags flags[renameat2_flags]) 433 mkdir(path ptr[in, filename], mode flags[open_mode]) 434 mkdirat(fd fd_dir[opt], path ptr[in, filename], mode flags[open_mode]) 435 rmdir(path ptr[in, filename]) 436 truncate(file ptr[in, filename], len intptr) 437 ftruncate(fd fd, len intptr) 438 flock(fd fd, op flags[flock_op]) 439 fsync(fd fd) 440 fdatasync(fd fd) 441 sync() 442 syncfs(fd fd) 443 sync_file_range(fd fd, off intptr, nbytes intptr, flags flags[sync_file_flags]) 444 lookup_dcookie(cookie intptr, buf buffer[out], len len[buf]) 445 getdents(fd fd_dir, ent buffer[out], count len[ent]) 446 getdents64(fd fd_dir, ent buffer[out], count len[ent]) 447 name_to_handle_at(fd fd_dir, file ptr[in, filename], handle ptr[in, file_handle], mnt ptr[out, int32], flags flags[name_to_handle_at_flags]) 448 open_by_handle_at(mountdirfd fd, handle ptr[in, file_handle], flags flags[open_flags]) 449 chroot(dir ptr[in, filename]) 450 getcwd(buf buffer[out], size len[buf]) 451 chdir(dir ptr[in, filename]) 452 fchdir(fd fd) 453 pivot_root(new_root ptr[in, filename], put_old ptr[in, filename]) 454 455 sysfs$1(option const[1], fsname ptr[in, string]) 456 sysfs$2(option const[2], fsindex intptr, fsname buffer[out]) 457 sysfs$3(option const[3]) 458 statfs(path ptr[in, filename], buf buffer[out]) 459 fstatfs(fd fd, buf buffer[out]) 460 461 uselib(lib ptr[in, filename]) 462 init_module(mod ptr[in, string], len len[mod], args ptr[in, string]) 463 finit_module(fd fd, args ptr[in, string], flags flags[finit_module_flags]) 464 delete_module(name ptr[in, string], flags flags[delete_module_flags]) 465 kexec_load(entry intptr, nr_segments len[segments], segments ptr[in, array[kexec_segment]], flags flags[kexec_load_flags]) 466 syslog(cmd flags[syslog_cmd], buf ptr[out, array[int8], opt], len len[buf]) 467 uname(buf buffer[out]) 468 sysinfo(info buffer[out]) 469 ustat(dev intptr, buf ptr[out, ustat]) 470 acct(filename ptr[in, filename, opt]) 471 472 getrusage(who flags[rusage_who], usage ptr[out, rusage]) 473 getrlimit(res flags[rlimit_type], rlim ptr[out, rlimit]) 474 setrlimit(res flags[rlimit_type], rlim ptr[in, rlimit]) 475 prlimit64(pid pid, res flags[rlimit_type], new ptr[in, rlimit, opt], old ptr[out, rlimit, opt]) 476 477 iopl(level int8) 478 ioperm(from intptr, num intptr, on intptr) 479 ioprio_get$pid(which flags[ioprio_which_pid], who pid) 480 ioprio_get$uid(which flags[ioprio_which_uid], who uid) 481 ioprio_set$pid(which flags[ioprio_which_pid], who pid, ioprio flags[ioprio_priorities]) 482 ioprio_set$uid(which flags[ioprio_which_uid], who uid, ioprio flags[ioprio_priorities]) 483 484 # NEED: we can express the construction of integers using structs with flags 485 # and bitfields, which are normally obtained using a combination of bitwise 486 # operations with the help of macros. However, structs can't be directly passed 487 # as a syscall argument; therefore, such constructions can't be directly passed either. 488 # One example is ioprio argument for ioprio_set, where we could have expressed the 489 # construction less messy. For now, some subset of valid values are enumerated as 490 # in ioprio_priorities. 491 492 # ioprio priority values are obtained using IOPRIO_PRIO_VALUE(class, data) macro. 493 # the behaviour of the macro is mimicked below and some priority values are enumerated. 494 ioprio_priorities = IOPRIO_CLASS_NONE_PRIO, IOPRIO_CLASS_IDLE_PRIO, IOPRIO_CLASS_RT_HIGH_PRIO, IOPRIO_CLASS_BE_HIGH_PRIO, IOPRIO_CLASS_RT_MID_PRIO, IOPRIO_CLASS_BE_MID_PRIO, IOPRIO_CLASS_RT_LOW_PRIO, IOPRIO_CLASS_BE_LOW_PRIO 495 496 # The classes RT and BE take data values from the range [0:7]. Use a subset of the available 497 # values (0, 4, 7) to ease collisions, and to avoid redundancy. The classes NONE and IDLE 498 # have only one valid priority value each with data set to 0. 499 define IOPRIO_CLASS_NONE_PRIO (IOPRIO_CLASS_NONE << IOPRIO_CLASS_SHIFT) 500 define IOPRIO_CLASS_IDLE_PRIO (IOPRIO_CLASS_IDLE << IOPRIO_CLASS_SHIFT) 501 define IOPRIO_CLASS_RT_HIGH_PRIO (IOPRIO_CLASS_RT << IOPRIO_CLASS_SHIFT) 502 define IOPRIO_CLASS_BE_HIGH_PRIO (IOPRIO_CLASS_BE << IOPRIO_CLASS_SHIFT) 503 define IOPRIO_CLASS_RT_MID_PRIO ((IOPRIO_CLASS_RT << IOPRIO_CLASS_SHIFT) + 4) 504 define IOPRIO_CLASS_BE_MID_PRIO ((IOPRIO_CLASS_BE << IOPRIO_CLASS_SHIFT) + 4) 505 define IOPRIO_CLASS_RT_LOW_PRIO ((IOPRIO_CLASS_RT << IOPRIO_CLASS_SHIFT) + 7) 506 define IOPRIO_CLASS_BE_LOW_PRIO ((IOPRIO_CLASS_BE << IOPRIO_CLASS_SHIFT) + 7) 507 508 resource timerid[int32] 509 timer_create(id flags[clock_id], ev ptr[in, sigevent], timerid ptr[out, timerid]) 510 timer_gettime(timerid timerid, setting ptr[out, itimerspec]) 511 timer_getoverrun(timerid timerid) 512 timer_settime(timerid timerid, flags flags[timer_flags], new ptr[in, itimerspec], old ptr[out, itimerspec, opt]) 513 timer_delete(timerid timerid) 514 515 time(t ptr[out, intptr]) 516 clock_gettime(id flags[clock_id], tp ptr[out, timespec]) 517 clock_settime(id flags[clock_id], tp ptr[in, timespec]) 518 clock_adjtime(id flags[clock_id], tx ptr[in, timex]) 519 clock_getres(id flags[clock_id], tp ptr[out, timespec]) 520 clock_nanosleep(id flags[clock_id], flags flags[timer_flags], rqtp ptr[in, timespec], rmtp ptr[out, timespec, opt]) 521 rt_sigaction(sig signalno, act ptr[in, sigaction], oact ptr[out, sigaction, opt], sigsetsize len[fake], fake ptr[out, sigset_t]) 522 rt_sigprocmask(how flags[sigprocmask_how], nset ptr[in, sigset_t], oset ptr[out, sigset_t, opt], sigsetsize len[nset]) 523 rt_sigreturn() 524 rt_sigpending(set ptr[out, sigset_t], sigsetsize len[set]) 525 rt_sigtimedwait(these ptr[in, sigset_t], info ptr[out, siginfo, opt], ts ptr[in, timespec], sigsetsize len[these]) 526 rt_sigsuspend(new ptr[in, sigset_t], sigsetsize len[new]) 527 rt_sigqueueinfo(pid pid, sig signalno, info ptr[in, siginfo]) 528 rt_tgsigqueueinfo(gid pid, tid pid, sig signalno, info ptr[in, siginfo]) 529 sigaltstack(ss ptr[in, sigaltstack], oss ptr[out, sigaltstack, opt]) 530 tgkill(gid pid, tid pid, sig signalno) 531 tkill(tid pid, sig signalno) 532 pause() 533 alarm(seconds intptr) 534 nanosleep(req ptr[in, timespec], rem ptr[out, timespec, opt]) 535 getitimer(which flags[getitimer_which], cur ptr[out, itimerval]) 536 setitimer(which flags[getitimer_which], new ptr[in, itimerval], old ptr[out, itimerval, opt]) 537 exit(code intptr) 538 exit_group(code intptr) 539 waitid(which flags[waitid_which], pid pid, infop ptr[out, siginfo, opt], options flags[wait_options], ru ptr[out, rusage, opt]) 540 waitid$P_PIDFD(which const[P_PIDFD], pidfd fd_pidfd, infop ptr[out, siginfo, opt], options flags[wait_options], ru ptr[out, rusage, opt]) 541 wait4(pid pid, status ptr[out, int32, opt], options flags[wait_options], ru ptr[out, rusage, opt]) 542 times(buf ptr[out, tms]) 543 # Can send signals to all processes (pid=-1). 544 #kill(pid pid, sig signalno) 545 546 set_thread_area(info ptr[in, user_desc]) 547 get_thread_area(info ptr[in, user_desc]) 548 modify_ldt$read(func const[0], buf buffer[out], len len[buf]) 549 modify_ldt$write(func const[1], buf ptr[in, user_desc], len len[buf]) 550 modify_ldt$read_default(func const[2], buf buffer[out], len len[buf]) 551 modify_ldt$write2(func const[17], buf ptr[in, user_desc], len len[buf]) 552 process_vm_readv(pid pid, loc_vec ptr[in, array[iovec_out]], loc_vlen len[loc_vec], rem_vec ptr[in, array[iovec_out]], rem_vlen len[rem_vec], flags const[0]) 553 process_vm_writev(pid pid, loc_vec ptr[in, array[iovec_out]], loc_vlen len[loc_vec], rem_vec ptr[in, array[iovec_out]], rem_vlen len[rem_vec], flags const[0]) 554 set_tid_address(tidptr ptr[out, int32]) 555 getpriority(which flags[priority_which], who pid) 556 setpriority(which flags[priority_which], who pid, prio intptr) 557 sched_getscheduler(pid pid) 558 sched_setscheduler(pid pid, policy flags[sched_policy], prio ptr[in, int32]) 559 sched_rr_get_interval(pid pid, tp ptr[out, timespec]) 560 sched_getparam(pid pid, prio ptr[out, int32]) 561 sched_setparam(pid pid, prio ptr[in, int32]) 562 sched_getaffinity(pid pid, cpusetsize len[mask], mask ptr[out, int64]) 563 sched_setaffinity(pid pid, cpusetsize len[mask], mask ptr[in, int64]) 564 sched_getattr(pid pid, attr ptr[out, sched_attr], size len[attr], flags const[0]) 565 sched_setattr(pid pid, attr ptr[in, sched_attr], flags const[0]) 566 sched_yield() 567 getrandom(buf buffer[out], len len[buf], flags flags[getrandom_flags]) 568 569 membarrier(cmd flags[membarrier_cmd], flags const[0]) 570 571 membarrier_cmd = MEMBARRIER_CMD_GLOBAL, MEMBARRIER_CMD_GLOBAL_EXPEDITED, MEMBARRIER_CMD_PRIVATE_EXPEDITED, MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE, MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_SYNC_CORE, MEMBARRIER_CMD_QUERY, MEMBARRIER_CMD_REGISTER_GLOBAL_EXPEDITED, MEMBARRIER_CMD_SHARED 572 573 rseq(rseq ptr[in, rseq], rseq_len bytesize[rseq], flags boolptr, sig const[0]) 574 575 rseq { 576 cpu_id_start const[0, int32] 577 cpu_id const[0, int32] 578 rseq_cs ptr64[in, rseq_cs, opt] 579 flags flags[rseq_cs_flags, int32] 580 } [align[32]] 581 582 rseq_cs { 583 version const[0, int32] 584 flags flags[rseq_cs_flags, int32] 585 start_ip int64 586 post_commit_offset int64 587 abort_ip int64 588 } [align[32]] 589 590 rseq_cs_flags = RSEQ_CS_FLAG_NO_RESTART_ON_PREEMPT, RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL, RSEQ_CS_FLAG_NO_RESTART_ON_MIGRATE 591 592 # start/end are unused for now, no definition of SYS_RISCV_FLUSH_ICACHE_LOCAL in uapi headers. 593 riscv_flush_icache(start const[0], end const[0], flags bool32) 594 595 syz_open_procfs(pid pid, file ptr[in, string[procfs_proc_file]]) fd 596 597 # TODO: some of net files are only available in the init namespace (e.g. bluetooth bnep and hci). 598 # We could find some way to open these files in the init namespace 599 # esp. taking into account that we create bluetooth sockets in init namespace. 600 procfs_proc_file = "auxv", "cmdline", "environ", "autogroup", "cgroup", "clear_refs", "comm", "coredump_filter", "cpuset", "gid_map", "io", "limits", "loginuid", "maps", "mountinfo", "mounts", "mountstats", "numa_maps", "oom_adj", "oom_score", "oom_score_adj", "pagemap", "personality", "projid_map", "sched", "schedstat", "sessionid", "setgroups", "smaps", "smaps_rollup", "totmaps", "stack", "stat", "statm", "status", "syscall", "timers", "uid_map", "wchan", "map_files", "attr", "attr/current", "attr/exec", "attr/fscreate", "attr/keycreate", "attr/prev", "attr/sockcreate", "ns", "children", "task", "fd", "fd/3", "fd/4", "fdinfo", "fdinfo/3", "fdinfo/4", "net", "net/anycast6", "net/arp", "net/bnep", "net/connector", "net/dev", "net/dev_mcast", "net/dev_snmp6", "net/fib_trie", "net/fib_triestat", "net/hci", "net/icmp", "net/icmp6", "net/if_inet6", "net/igmp", "net/igmp6", "net/ip6_flowlabel", "net/ip6_mr_cache", "net/ip6_mr_vif", "net/ip6_tables_matches", "net/ip6_tables_names", "net/ip6_tables_targets", "net/ip_mr_cache", "net/ip_mr_vif", "net/ip_tables_matches", "net/ip_tables_names", "net/ip_tables_targets", "net/ipv6_route", "net/l2cap", "net/llc/core", "net/llc/socket", "net/mcfilter", "net/mcfilter6", "net/netfilter", "net/netlink", "net/netstat", "net/nfsfs", "net/packet", "net/protocols", "net/psched", "net/ptype", "net/raw", "net/raw6", "net/rfcomm", "net/route", "net/rpc", "net/rt6_stats", "net/rt_acct", "net/rt_cache", "net/sco", "net/sctp", "net/snmp", "net/snmp6", "net/sockstat", "net/sockstat6", "net/softnet_stat", "net/stat", "net/tcp", "net/tcp6", "net/udp", "net/udp6", "net/udplite", "net/udplite6", "net/unix", "net/wireless", "net/xfrm_stat", "net/ip_vs", "net/ip_vs_stats", "net/ip_vs_stats_percpu", "net/nf_conntrack", "net/nf_conntrack_expect", "net/vlan/config", "net/vlan/vlan0", "net/vlan/vlan1", "net/kcm", "net/psched", "timerslack_ns" 601 602 openat$procfs(fd const[AT_FDCWD], file ptr[in, string[procfs_file]], flags const[O_RDONLY], mode const[0]) fd 603 604 procfs_file = "/proc/keys", "/proc/key-users", "/proc/crypto", "/proc/consoles", "/proc/cgroups", "/proc/zoneinfo", "/proc/vmstat", "/proc/vmallocinfo", "/proc/tty/drivers", "/proc/tty/ldiscs", "/proc/timer_list", "/proc/sysvipc/sem", "/proc/sysvipc/msg", "/proc/sysvipc/shm", "/proc/stat", "/proc/slabinfo", "/proc/schedstat", "/proc/partitions", "/proc/meminfo", "/proc/mdstat", "/proc/locks", "/proc/diskstats", "/proc/cpuinfo", "/proc/consoles", "/proc/bus/input/devices", "/proc/bus/input/handlers", "/proc/asound/seq/clients", "/proc/asound/seq/clients", "/proc/asound/seq/timer", "/proc/asound/timers" 605 606 resource fd_yama_ptrace_scope[fd] 607 608 # 0 - YAMA_SCOPE_DISABLED 609 # 1 - YAMA_SCOPE_RELATIONAL 610 # 2 - YAMA_SCOPE_CAPABILITY 611 # 3 - YAMA_SCOPE_NO_ATTACH 612 yama_modes = "0", "1", "2", "3" 613 614 openat$yama_ptrace_scope(fd const[AT_FDCWD], file ptr[in, string["/proc/sys/kernel/yama/ptrace_scope"]], flags const[O_RDWR], mode const[0]) fd_yama_ptrace_scope 615 write$yama_ptrace_scope(fd fd_yama_ptrace_scope, data ptr[in, string[yama_modes]], count len[data]) 616 617 # Write into some interesting sysct's and sysfs/procfs files. 618 resource fd_sysctl[fd] 619 620 openat$sysctl(fd const[AT_FDCWD], file ptr[in, string[sysctl_file]], flags const[O_WRONLY], mode const[0]) fd_sysctl 621 write$sysctl(fd fd_sysctl, val ptr[in, string[sysctl_value]], len len[val]) 622 623 sysctl_file = "/sys/kernel/mm/ksm/run", "/proc/sys/vm/compact_memory", "/proc/sys/vm/drop_caches", "/proc/sys/net/ipv4/tcp_timestamps", "/proc/sys/net/ipv4/tcp_sack", "/proc/sys/net/ipv4/tcp_dsack", "/proc/sys/net/ipv4/tcp_window_scaling", "/proc/sys/net/ipv4/tcp_syncookies", "/proc/sys/net/ipv4/tcp_recovery", "/proc/sys/net/ipv4/tcp_mtu_probing", "/proc/sys/net/ipv4/tcp_rfc1337", "/proc/self/clear_refs" 624 # Most of these values are suitable for all sysctl_file files. 625 sysctl_value = "0", "1", "2", "3", "4", "5", "6", "7" 626 627 # Write to this file triggers khugepaged scan. 628 # We don't want to write small values as we only want the explicitly triggered scan. 629 resource fd_khugepaged_scan[fd] 630 631 openat$khugepaged_scan(fd const[AT_FDCWD], file ptr[in, string["/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs"]], flags const[O_WRONLY], mode const[0]) fd_khugepaged_scan 632 write$khugepaged_scan(fd fd_khugepaged_scan, val ptr[in, string["1000000"]], len len[val]) 633 634 resource fd_tcp_congestion[fd] 635 636 openat$tcp_congestion(fd const[AT_FDCWD], file ptr[in, string["/proc/sys/net/ipv4/tcp_congestion_control"]], flags const[O_WRONLY], mode const[0]) fd_tcp_congestion 637 write$tcp_congestion(fd fd_tcp_congestion, val ptr[in, string[tcp_congestion]], len len[val]) 638 639 tcp_congestion = "reno", "bbr", "bic", "cdg", "cubic", "dctcp", "westwood", "highspeed", "hybla", "htcp", "vegas", "nv", "veno", "scalable", "lp", "yeah", "illinois" 640 641 resource fd_tcp_mem[fd] 642 643 openat$tcp_mem(fd const[AT_FDCWD], file ptr[in, string[tcp_mem_files]], flags const[O_WRONLY], mode const[0]) fd_tcp_mem 644 write$tcp_mem(fd fd_tcp_mem, val ptr[in, tcp_mem_values], len len[val]) 645 646 tcp_mem_files = "/proc/sys/net/ipv4/tcp_rmem", "/proc/sys/net/ipv4/tcp_wmem" 647 648 tcp_mem_values { 649 v0 fmt[oct, int64] 650 sp0 const[' ', int8] 651 v1 fmt[oct, int64] 652 sp1 const[' ', int8] 653 v2 fmt[oct, int64] 654 z const[0, int8] 655 } [packed] 656 657 # /proc/self/reclaim is ChromeOS-specific: 658 # https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4c3ad28b9c913%5E%21/ 659 resource fd_proc_reclaim[fd] 660 661 openat$proc_reclaim(fd const[AT_FDCWD], file ptr[in, string["/proc/self/reclaim"]], flags const[O_WRONLY], mode const[0]) fd_proc_reclaim 662 write$proc_reclaim(fd fd_proc_reclaim, val ptr[in, string[proc_reclaim_vals]], len len[val]) 663 664 proc_reclaim_vals = "file", "anon", "all" 665 666 resource fd_pidfd[fd] 667 668 openat$pidfd(fd const[AT_FDCWD], file ptr[in, string["/proc/self"]], flags flags[open_flags], mode const[0]) fd_pidfd 669 openat$thread_pidfd(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self"]], flags flags[open_flags], mode const[0]) fd_pidfd 670 pidfd_send_signal(fd fd_pidfd, sig signalno, info ptr[in, siginfo], flags const[0]) 671 672 # pidfd_open is dangerous, so we use syz_pidfd_open instead. 673 pidfd_open(pid pid, flags const[0]) fd_pidfd (disabled) 674 syz_pidfd_open(pid pid, flags const[0]) fd_pidfd 675 pidfd_getfd(pidfd fd_pidfd, fd fd, flags const[0]) fd 676 677 close_range(fd fd, max_fd fd, flags flags[close_range_flags]) 678 679 # Uncomment on your own account. 680 #syz_open_dev$char(dev const[0xc], major intptr, minor intptr) fd 681 #syz_open_dev$block(dev const[0xb], major intptr, minor intptr) fd 682 683 # /dev/console known to cause problems on at least two different kernels. 684 # It can turn off all output or produce massive amounts of garbage on console. 685 # Disable it for now. 686 #syz_open_dev$console(dev ptr[in, string["/dev/console"]], id const[0], flags flags[open_flags]) fd 687 688 resource fd_autofs[fd] 689 690 # These devices are relatively safe (don't reboot and don't corrupt kernel memory). 691 # They need a more comprehensive support. But let at least open them for now, 692 # maybe fuzzer will be able to skrew them in a useful way. 693 # TODO: all these devices returning just fd need proper interface descriptions. 694 openat$vcs(fd const[AT_FDCWD], file ptr[in, string["/dev/vcs"]], flags flags[open_flags], mode const[0]) fd 695 syz_open_dev$vcsn(dev ptr[in, string["/dev/vcs#"]], id intptr, flags flags[open_flags]) fd 696 openat$vcsa(fd const[AT_FDCWD], file ptr[in, string["/dev/vcsa"]], flags flags[open_flags], mode const[0]) fd 697 syz_open_dev$vcsa(dev ptr[in, string["/dev/vcsa#"]], id intptr, flags flags[open_flags]) fd 698 openat$vcsu(fd const[AT_FDCWD], file ptr[in, string["/dev/vcsu"]], flags flags[open_flags], mode const[0]) fd 699 syz_open_dev$vcsu(dev ptr[in, string["/dev/vcsu#"]], id intptr, flags flags[open_flags]) fd 700 syz_open_dev$ircomm(dev ptr[in, string["/dev/ircomm#"]], id intptr, flags flags[open_flags]) fd 701 syz_open_dev$audion(dev ptr[in, string["/dev/audio#"]], id intptr, flags flags[open_flags]) fd 702 703 openat$null(fd const[AT_FDCWD], file ptr[in, string["/dev/null"]], flags flags[open_flags], mode const[0]) fd 704 openat$zero(fd const[AT_FDCWD], file ptr[in, string["/dev/zero"]], flags flags[open_flags], mode const[0]) fd 705 openat$full(fd const[AT_FDCWD], file ptr[in, string["/dev/full"]], flags flags[open_flags], mode const[0]) fd 706 openat$irnet(fd const[AT_FDCWD], file ptr[in, string["/dev/irnet"]], flags flags[open_flags], mode const[0]) fd 707 openat$hwrng(fd const[AT_FDCWD], file ptr[in, string["/dev/hwrng"]], flags flags[open_flags], mode const[0]) fd 708 openat$hpet(fd const[AT_FDCWD], file ptr[in, string["/dev/hpet"]], flags flags[open_flags], mode const[0]) fd 709 openat$autofs(fd const[AT_FDCWD], file ptr[in, string["/dev/autofs"]], flags flags[open_flags], mode const[0]) fd_autofs 710 openat$keychord(fd const[AT_FDCWD], file ptr[in, string["/dev/keychord"]], flags flags[open_flags], mode const[0]) fd 711 openat$zygote(fd const[AT_FDCWD], file ptr[in, string["/dev/socket/zygote"]], flags flags[open_flags], mode const[0]) fd 712 openat$pktcdvd(fd const[AT_FDCWD], file ptr[in, string["/dev/pktcdvd/control"]], flags flags[open_flags], mode const[0]) fd 713 openat$lightnvm(fd const[AT_FDCWD], file ptr[in, string["/dev/lightnvm/control"]], flags flags[open_flags], mode const[0]) fd 714 openat$xenevtchn(fd const[AT_FDCWD], file ptr[in, string["/dev/xen/evtchn"]], flags flags[open_flags], mode const[0]) fd 715 openat$dlm_control(fd const[AT_FDCWD], file ptr[in, string["/dev/dlm-control"]], flags flags[open_flags], mode const[0]) fd 716 openat$dlm_monitor(fd const[AT_FDCWD], file ptr[in, string["/dev/dlm-monitor"]], flags flags[open_flags], mode const[0]) fd 717 openat$dlm_plock(fd const[AT_FDCWD], file ptr[in, string["/dev/dlm_plock"]], flags flags[open_flags], mode const[0]) fd 718 openat$btrfs_control(fd const[AT_FDCWD], file ptr[in, string["/dev/btrfs-control"]], flags flags[open_flags], mode const[0]) fd 719 openat$ubi_ctrl(fd const[AT_FDCWD], file ptr[in, string["/dev/ubi_ctrl"]], flags flags[open_flags], mode const[0]) fd 720 openat$cachefiles(fd const[AT_FDCWD], file ptr[in, string["/dev/cachefiles"]], flags flags[open_flags], mode const[0]) fd 721 openat$ndctl0(fd const[AT_FDCWD], file ptr[in, string["/dev/ndctl0"]], flags flags[open_flags], mode const[0]) fd 722 openat$nmem0(fd const[AT_FDCWD], file ptr[in, string["/dev/nmem0"]], flags flags[open_flags], mode const[0]) fd 723 openat$nvram(fd const[AT_FDCWD], file ptr[in, string["/dev/nvram"]], flags flags[open_flags], mode const[0]) fd 724 openat$ocfs2_control(fd const[AT_FDCWD], file ptr[in, string["/dev/ocfs2_control"]], flags flags[open_flags], mode const[0]) fd 725 openat$nvme_fabrics(fd const[AT_FDCWD], file ptr[in, string["/dev/nvme-fabrics"]], flags flags[open_flags], mode const[0]) fd 726 openat$bsg(fd const[AT_FDCWD], file ptr[in, string["/dev/bsg"]], flags flags[open_flags], mode const[0]) fd 727 728 pipefd { 729 rfd fd 730 wfd fd 731 } 732 733 type iovec[DIR, T] { 734 addr ptr[DIR, T] 735 len len[addr, intptr] 736 } 737 type iovec_in iovec[in, array[int8]] 738 type iovec_out iovec[out, array[int8]] 739 740 stat { 741 st_dev intptr 742 st_ino intptr 743 st_mode int32 744 st_nlink int32 745 st_uid uid 746 st_gid gid 747 st_rdev intptr 748 __pad1 const[0, intptr] 749 st_size intptr 750 st_blksize int32 751 __pad2 const[0, int32] 752 st_blocks intptr 753 st_atime intptr 754 st_atime_nsec intptr 755 st_mtime intptr 756 st_mtime_nsec intptr 757 st_ctime intptr 758 st_ctime_nsec intptr 759 __unused4 const[0, int32] 760 __unused5 const[0, int32] 761 } 762 763 statx { 764 mask int32 765 blksize int32 766 attributes int64 767 nlink int32 768 uid uid 769 gid gid 770 mode int16 771 __spare0 int16 772 ino int64 773 size int64 774 blocks int64 775 __spare1 int64 776 atime statx_timestamp 777 btime statx_timestamp 778 ctime statx_timestamp 779 mtime statx_timestamp 780 rdev_major int32 781 rdev_minor int32 782 dev_major int32 783 dev_minor int32 784 __spare2 array[int64, 14] 785 } 786 787 define STAT64_SIZE sizeof(struct stat64) 788 789 type stat64 array[int8, STAT64_SIZE] 790 791 pollfd { 792 fd fd 793 events flags[pollfd_events, int16] 794 revents const[0, int16] 795 } 796 797 sigset_t { 798 mask array[intptr, _NSIG_WORDS] 799 } 800 801 sigset_size { 802 ss ptr[inout, sigset_t] 803 len len[ss, intptr] 804 } 805 806 resource time_sec[intptr] 807 resource time_nsec[intptr] 808 resource time_usec[intptr] 809 810 # prog knowns about this struct type 811 timespec { 812 sec time_sec 813 nsec time_nsec 814 } 815 816 # prog knowns about this struct type 817 timeval { 818 sec time_sec 819 usec time_usec 820 } 821 822 statx_timestamp { 823 sec int64 824 nsec int32 825 __reserved int32 826 } 827 828 itimerspec { 829 interv timespec 830 value timespec 831 } 832 833 itimerval { 834 interv timeval 835 value timeval 836 } 837 838 utimbuf { 839 actime intptr 840 modtime intptr 841 } 842 843 sigevent { 844 val const[0, intptr] 845 signo signalno 846 notify flags[sigev_notify, int32] 847 u sigevent_u 848 } [size[SIGEVENT_SIZE]] 849 850 sigevent_u [ 851 tid pid 852 thr sigevent_thread 853 ] 854 855 define SIGEVENT_SIZE sizeof(struct sigevent) 856 857 sigevent_thread { 858 # NEED: this is function pointer and pthread_attr_t (?) 859 func buffer[in] 860 attr buffer[in] 861 } 862 863 cap_header { 864 var flags[cap_version, int32] 865 pid pid 866 } 867 868 cap_data { 869 eff0 int32 870 perm0 int32 871 inher0 int32 872 eff1 int32 873 perm1 int32 874 inher1 int32 875 } 876 877 epoll_event { 878 ev flags[epoll_ev, int32] 879 data const[0, int64] 880 # TODO: this packed only on amd64 881 } [packed] 882 883 # TODO: fd_set needs to be a separate type 884 fd_set { 885 mask0 int64 886 mask1 int64 887 mask2 int64 888 mask3 int64 889 mask4 int64 890 mask5 int64 891 mask6 int64 892 mask7 int64 893 } 894 895 sock_fprog { 896 len len[filter, int16] 897 filter ptr[in, array[sock_filter]] 898 } 899 900 sock_filter { 901 code int16 902 jt int8 903 jf int8 904 k int32 905 } 906 907 file_handle [ 908 raw file_handle_raw 909 shmem file_handle_t[1, fid_shmem] 910 fuse file_handle_t[0x81, fid_fuse] 911 fuse_with_parent file_handle_t[0x82, fid_fuse_with_parent] 912 nfs file_handle_t[36, fid_nfs] 913 FILEID_INO32_GEN file_handle_t[FILEID_INO32_GEN, fid_FILEID_INO32_GEN] 914 FILEID_INO32_GEN_PARENT file_handle_t[FILEID_INO32_GEN_PARENT, fid_FILEID_INO32_GEN_PARENT] 915 FILEID_UDF_WITHOUT_PARENT file_handle_t[FILEID_UDF_WITHOUT_PARENT, fid_FILEID_UDF_WITHOUT_PARENT] 916 FILEID_UDF_WITH_PARENT file_handle_t[FILEID_UDF_WITH_PARENT, fid_FILEID_UDF_WITH_PARENT] 917 FILEID_BTRFS_WITH_PARENT file_handle_t[FILEID_BTRFS_WITH_PARENT, btrfs_fid] 918 FILEID_BTRFS_WITH_PARENT_ROOT file_handle_t[FILEID_BTRFS_WITH_PARENT, btrfs_fid] 919 FILEID_BTRFS_WITHOUT_PARENT file_handle_t[FILEID_BTRFS_WITH_PARENT, btrfs_fid] 920 ceph_nfs_snapfh file_handle_t[FILEID_BTRFS_WITH_PARENT, ceph_nfs_snapfh] 921 ceph_nfs_fh file_handle_t[FILEID_INO32_GEN, ceph_nfs_fh] 922 ceph_nfs_confh file_handle_t[FILEID_INO32_GEN_PARENT, ceph_nfs_confh] 923 GFS2_SMALL_FH_SIZE file_handle_t[GFS2_SMALL_FH_SIZE, fid_GFS2_SMALL_FH_SIZE] 924 GFS2_LARGE_FH_SIZE file_handle_t[GFS2_LARGE_FH_SIZE, fid_GFS2_LARGE_FH_SIZE] 925 OVL_FILEID_V0 file_handle_t[OVL_FILEID_V0, ovl_fb] 926 OVL_FILEID_V1 file_handle_t[OVL_FILEID_V1, ovl_fh] 927 FILEID_NILFS_WITHOUT_PARENT file_handle_t[FILEID_NILFS_WITHOUT_PARENT, nilfs_fid] 928 FILEID_NILFS_WITH_PARENT file_handle_t[FILEID_NILFS_WITH_PARENT, nilfs_fid] 929 reiserfs_2 file_handle_t[2, fid_reiserfs_2] 930 reiserfs_3 file_handle_t[3, fid_reiserfs_3] 931 reiserfs_4 file_handle_t[4, fid_reiserfs_4] 932 reiserfs_5 file_handle_t[5, fid_reiserfs_5] 933 reiserfs_6 file_handle_t[6, fid_reiserfs_6] 934 xfs file_handle_t[0x81, xfs_fid64] 935 xfs_parent file_handle_t[0x82, xfs_fid64] 936 orangefs file_handle_t[1, fid_orangefs] 937 orangefs_parent file_handle_t[2, fid_orangefs_parent] 938 isofs file_handle_t[1, isofs_fid] 939 isofs_parent file_handle_t[2, isofs_fid] 940 ocfs2 file_handle_t[1, fid_ocfs2] 941 ocfs2_parent file_handle_t[2, fid_ocfs2_parent] 942 ] [varlen] 943 944 file_handle_raw { 945 handle_bytes bytesize[f_handle, int32] 946 handle_type flags[fid_type, int32] 947 f_handle align32[array[int8]] 948 } 949 950 type file_handle_t[TYPE, FID] { 951 handle_bytes bytesize[f_handle, int32] 952 handle_type const[TYPE, int32] 953 f_handle FID 954 } 955 956 fid_shmem { 957 gen int32 958 ino int64 959 } [packed] 960 961 fid_fuse { 962 nodeid_hi int32 963 nodeid_lo int32 964 generation int32 965 } 966 967 fid_fuse_with_parent { 968 base fid_fuse 969 parent_fid fid_fuse 970 } [packed] 971 972 fid_FILEID_INO32_GEN { 973 ino int32 974 gen int32 975 } 976 977 fid_FILEID_INO32_GEN_PARENT { 978 base fid_FILEID_INO32_GEN 979 parent_ino int32 980 parent_gen int32 981 } 982 983 fid_FILEID_UDF_WITHOUT_PARENT { 984 block int32 985 partref int16 986 parent_partref int16 987 generation int32 988 } 989 990 fid_FILEID_UDF_WITH_PARENT { 991 base fid_FILEID_UDF_WITHOUT_PARENT 992 parent_block int32 993 parent_generation int32 994 } 995 996 btrfs_fid { 997 objectid int64 998 root_objectid int64 999 gen int32 1000 parent_objectid int64 1001 parent_gen int32 1002 parent_root_objectid int64 1003 } [packed] 1004 1005 ceph_nfs_snapfh { 1006 ino int64 1007 snapid int64 1008 parent_ino int64 1009 hash int32 1010 } [packed] 1011 1012 ceph_nfs_fh { 1013 ino int64 1014 } 1015 1016 ceph_nfs_confh { 1017 ino int64 1018 parent_ino int64 1019 } 1020 1021 fid_GFS2_SMALL_FH_SIZE { 1022 no_formal_ino_hi int32be 1023 no_formal_ino_lo int32be 1024 no_addr_hi int32be 1025 no_addr_lo int32be 1026 } 1027 1028 fid_GFS2_LARGE_FH_SIZE { 1029 base fid_GFS2_SMALL_FH_SIZE 1030 parent_fid fid_GFS2_SMALL_FH_SIZE 1031 } 1032 1033 define GFS2_SMALL_FH_SIZE 4 1034 define GFS2_LARGE_FH_SIZE 8 1035 1036 fid_nfs { 1037 fileid_hi int32 1038 fileid_lo int32 1039 type int32 1040 # The total size is encoded in file_handle.handle_type, so we make this const size. 1041 size const[NFS_MAXFHSIZE, int16] 1042 data array[int8, NFS_MAXFHSIZE] 1043 } [align[4]] 1044 1045 fid_reiserfs_2 { 1046 objectid int32 1047 dir_id int32 1048 } 1049 1050 fid_reiserfs_3 { 1051 objectid int32 1052 dir_id int32 1053 generation int32 1054 } 1055 1056 fid_reiserfs_4 { 1057 objectid int32 1058 dir_id int32 1059 parent_objectid int32 1060 parent_dir_id int32 1061 } 1062 1063 fid_reiserfs_5 { 1064 objectid int32 1065 dir_id int32 1066 generation int32 1067 parent_objectid int32 1068 parent_dir_id int32 1069 } 1070 1071 fid_reiserfs_6 { 1072 objectid int32 1073 dir_id int32 1074 generation int32 1075 parent_objectid int32 1076 parent_dir_id int32 1077 parent_generation int32 1078 } 1079 1080 xfs_fid64 { 1081 ino int64 1082 gen int32 1083 parent_ino int64 1084 parent_gen int32 1085 } [align[4]] 1086 1087 fid_orangefs { 1088 khandle array[int8, 16] 1089 fs_id int32 1090 } 1091 1092 fid_orangefs_parent { 1093 base fid_orangefs 1094 parent_fid fid_orangefs 1095 } 1096 1097 nilfs_fid { 1098 cno int64 1099 ino int64 1100 gen int32 1101 parent_gen int32 1102 parent_ino int64 1103 } [packed] 1104 1105 isofs_fid { 1106 block int32 1107 offset int16 1108 parent_offset int16 1109 generation int32 1110 parent_block int32 1111 parent_generation int32 1112 } 1113 1114 fid_ocfs2 { 1115 blkno_hi int32 1116 blkno_lo int32 1117 generation int32 1118 } 1119 1120 fid_ocfs2_parent { 1121 base fid_ocfs2 1122 parent_fid fid_ocfs2 1123 } 1124 1125 fid_type = FILEID_ROOT, FILEID_INO32_GEN, FILEID_INO32_GEN_PARENT, FILEID_BTRFS_WITHOUT_PARENT, FILEID_BTRFS_WITH_PARENT, FILEID_BTRFS_WITH_PARENT_ROOT, FILEID_UDF_WITHOUT_PARENT, FILEID_UDF_WITH_PARENT, FILEID_NILFS_WITHOUT_PARENT, FILEID_NILFS_WITH_PARENT, FILEID_FAT_WITHOUT_PARENT, FILEID_FAT_WITH_PARENT, FILEID_LUSTRE, FILEID_KERNFS 1126 1127 mq_attr { 1128 mq_flags intptr 1129 mq_maxmsg intptr 1130 mq_msgsize intptr 1131 mq_curmsgs intptr 1132 __reserved array[const[0, intptr], 4] 1133 } 1134 1135 kexec_segment { 1136 buf buffer[in] 1137 sz len[buf, intptr] 1138 # TODO: this is address in kernel 1139 mem intptr 1140 memsz intptr 1141 } 1142 1143 rusage { 1144 utime timeval 1145 stime timeval 1146 maxrss intptr 1147 ixrss intptr 1148 idrss intptr 1149 isrss intptr 1150 minflt intptr 1151 majflt intptr 1152 nswap intptr 1153 inblock intptr 1154 oublock intptr 1155 msgsnd intptr 1156 msgrcv intptr 1157 signals intptr 1158 nvcsw intptr 1159 nivcsw intptr 1160 } 1161 1162 rlimit { 1163 soft intptr 1164 hard intptr 1165 } 1166 1167 sigaction { 1168 sa_handler ptr[in, text[target]] 1169 sa_flags flags[sigaction_flags, intptr] 1170 sa_restorer ptr[in, text[target]] 1171 sa_mask sigset_t 1172 } 1173 1174 sigaltstack { 1175 ss_sp ptr[out, array[int8]] 1176 ss_flags flags[sigaltstack_flags, int32] 1177 ss_size bytesize[ss_sp, intptr] 1178 } 1179 1180 sigaltstack_flags = SS_ONSTACK, SS_DISABLE, SS_AUTODISARM 1181 1182 tms { 1183 utime intptr 1184 stime intptr 1185 cutime intptr 1186 cstime intptr 1187 } 1188 1189 siginfo { 1190 signo signalno 1191 errno int32 1192 code int32 1193 } [size[SIGINFO_SIZE]] 1194 1195 define SIGINFO_SIZE sizeof(struct siginfo) 1196 1197 timex { 1198 stuff0 intptr 1199 stuff1 intptr 1200 stuff2 intptr 1201 stuff3 intptr 1202 stuff4 intptr 1203 stuff5 intptr 1204 stuff6 intptr 1205 stuff7 intptr 1206 stuff8 intptr 1207 stuff9 intptr 1208 stuff10 intptr 1209 stuff11 intptr 1210 stuff12 intptr 1211 stuff13 intptr 1212 stuff14 intptr 1213 stuff15 intptr 1214 stuff16 intptr 1215 stuff17 intptr 1216 stuff18 intptr 1217 stuff19 intptr 1218 stuff20 intptr 1219 stuff21 intptr 1220 stuff22 intptr 1221 stuff23 intptr 1222 stuff24 intptr 1223 stuff25 intptr 1224 } 1225 1226 ustat { 1227 f_tfree int32 1228 f_tinode intptr 1229 f_fname array[int8, 6] 1230 f_fpack array[int8, 6] 1231 } 1232 1233 user_desc { 1234 entry_number int32 1235 # Base should be vma and limit should be len[base] 1236 # But these fields are int32, so we can't use vma. 1237 base_addr flags[user_desc_bases, int32] 1238 limit flags[user_desc_limits, int32] 1239 seg_32bit int32:1 1240 contents int32:2 1241 read_exec_only int32:1 1242 limit_in_pages int32:1 1243 seg_not_present int32:1 1244 useable int32:1 1245 lm int32:1 1246 } 1247 1248 user_desc_bases = 0, 4096, 1048576, 536870912, 536872960, 536875008, -1 1249 user_desc_limits = 0, 1024, 4096, 8192, 16384, -1 1250 1251 sched_attr { 1252 size bytesize[parent, int32] 1253 sched_policy flags[sched_policy, int32] 1254 sched_flags flags[sched_attr_flags, int64] 1255 sched_nice int32 1256 sched_priority int32 1257 sched_runtime int64 1258 sched_deadline int64 1259 sched_period int64 1260 sched_util_min int32 1261 sched_util_max int32 1262 } 1263 1264 sched_policy = SCHED_NORMAL, SCHED_FIFO, SCHED_RR, SCHED_BATCH, SCHED_IDLE, SCHED_DEADLINE 1265 sched_attr_flags = SCHED_FLAG_RESET_ON_FORK, SCHED_FLAG_RECLAIM, SCHED_FLAG_DL_OVERRUN, SCHED_FLAG_KEEP_POLICY, SCHED_FLAG_KEEP_PARAMS, SCHED_FLAG_UTIL_CLAMP_MIN, SCHED_FLAG_UTIL_CLAMP_MAX, SCHED_FLAG_SUGOV 1266 1267 flock { 1268 type flags[flock_type, int16] 1269 whence flags[seek_whence, int16] 1270 start intptr 1271 len intptr 1272 pid pid 1273 } 1274 1275 f_owner_ex { 1276 type flags[f_owner_type, int32] 1277 pid pid 1278 } 1279 1280 ucred { 1281 pid pid 1282 uid uid 1283 gid gid 1284 } 1285 1286 kcmp_epoll_slot { 1287 efd fd_epoll 1288 tfd fd 1289 toff int32 1290 } 1291 1292 open_how { 1293 flags flags[open_flags, int64] 1294 mode flags[open_mode, int64] 1295 resolve flags[resolve_flags, int64] 1296 } 1297 1298 # Not providing O_WRONLY means O_RDONLY. 1299 open_flags = O_WRONLY, O_RDWR, O_APPEND, FASYNC, O_CLOEXEC, O_CREAT, O_DIRECT, O_DIRECTORY, O_EXCL, O_LARGEFILE, O_NOATIME, O_NOCTTY, O_NOFOLLOW, O_NONBLOCK, O_PATH, O_SYNC, O_TRUNC, __O_TMPFILE 1300 open_mode = S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH 1301 resolve_flags = RESOLVE_CACHED, RESOLVE_BENEATH, RESOLVE_IN_ROOT, RESOLVE_NO_MAGICLINKS, RESOLVE_NO_SYMLINKS, RESOLVE_NO_XDEV 1302 madvise_flags = MADV_NORMAL, MADV_RANDOM, MADV_SEQUENTIAL, MADV_WILLNEED, MADV_DONTNEED, MADV_REMOVE, MADV_DONTFORK, MADV_DOFORK, MADV_HWPOISON, MADV_SOFT_OFFLINE, MADV_MERGEABLE, MADV_UNMERGEABLE, MADV_HUGEPAGE, MADV_NOHUGEPAGE, MADV_DONTDUMP, MADV_DODUMP, MADV_WIPEONFORK, MADV_KEEPONFORK, MADV_COLD, MADV_PAGEOUT, MADV_POPULATE_READ, MADV_POPULATE_WRITE, MADV_COLLAPSE 1303 fadvise_flags = POSIX_FADV_NORMAL, POSIX_FADV_SEQUENTIAL, POSIX_FADV_RANDOM, POSIX_FADV_NOREUSE, POSIX_FADV_WILLNEED, POSIX_FADV_DONTNEED 1304 move_pages_flags = MPOL_MF_MOVE, MPOL_MF_MOVE_ALL 1305 msync_flags = MS_ASYNC, MS_SYNC, MS_INVALIDATE 1306 mmap_prot = PROT_EXEC, PROT_READ, PROT_WRITE, PROT_SEM, PROT_GROWSDOWN, PROT_GROWSUP 1307 mmap_flags = MAP_SHARED, MAP_PRIVATE, MAP_32BIT, MAP_ANONYMOUS, MAP_DENYWRITE, MAP_EXECUTABLE, MAP_FILE, MAP_FIXED, MAP_GROWSDOWN, MAP_HUGETLB, MAP_LOCKED, MAP_NONBLOCK, MAP_NORESERVE, MAP_POPULATE, MAP_STACK, MAP_UNINITIALIZED, MAP_SHARED_VALIDATE, MAP_SYNC, MAP_FIXED_NOREPLACE 1308 mremap_flags = MREMAP_MAYMOVE, MREMAP_FIXED, MREMAP_DONTUNMAP 1309 mbind_mode = MPOL_DEFAULT, MPOL_BIND, MPOL_INTERLEAVE, MPOL_PREFERRED, MPOL_F_STATIC_NODES, MPOL_F_RELATIVE_NODES 1310 mbind_flags = MPOL_MF_STRICT, MPOL_MF_MOVE, MPOL_MF_MOVE_ALL 1311 pipe_flags = O_NONBLOCK, O_CLOEXEC, O_DIRECT, O_NOTIFICATION_PIPE 1312 mlock_flags = MLOCK_ONFAULT 1313 mlockall_flags = MCL_CURRENT, MCL_FUTURE, MCL_ONFAULT 1314 dup_flags = O_CLOEXEC 1315 splice_flags = SPLICE_F_MOVE, SPLICE_F_NONBLOCK, SPLICE_F_MORE, SPLICE_F_GIFT 1316 seek_whence = SEEK_SET, SEEK_CUR, SEEK_END, SEEK_DATA, SEEK_HOLE 1317 signalfd_flags = SFD_NONBLOCK, SFD_CLOEXEC 1318 eventfd_flags = EFD_CLOEXEC, EFD_NONBLOCK, EFD_SEMAPHORE 1319 timerfd_create_flags = TFD_NONBLOCK, TFD_CLOEXEC 1320 timerfd_settime_flags = TFD_TIMER_ABSTIME, TFD_TIMER_CANCEL_ON_SET 1321 clock_type = CLOCK_REALTIME, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC, CLOCK_MONOTONIC_COARSE, CLOCK_MONOTONIC_RAW, CLOCK_BOOTTIME, CLOCK_PROCESS_CPUTIME_ID, CLOCK_THREAD_CPUTIME_ID, CLOCK_REALTIME_ALARM, CLOCK_BOOTTIME_ALARM 1322 sigev_notify = SIGEV_NONE, SIGEV_SIGNAL, SIGEV_THREAD, SIGEV_THREAD_ID 1323 cap_version = _LINUX_CAPABILITY_VERSION_1, _LINUX_CAPABILITY_VERSION_2, _LINUX_CAPABILITY_VERSION_3 1324 epoll_flags = EPOLL_CLOEXEC 1325 epoll_ev = POLLIN, POLLOUT, POLLRDHUP, POLLPRI, POLLERR, POLLHUP, EPOLLET, EPOLLONESHOT, EPOLLEXCLUSIVE, EPOLLWAKEUP 1326 pollfd_events = POLLIN, POLLPRI, POLLOUT, POLLERR, POLLHUP, POLLNVAL, POLLRDNORM, POLLRDBAND, POLLWRNORM, POLLWRBAND, POLLMSG, POLLREMOVE, POLLRDHUP, POLLFREE, POLL_BUSY_LOOP 1327 mknod_mode = S_IFREG, S_IFCHR, S_IFBLK, S_IFIFO, S_IFSOCK, S_ISUID, S_ISGID, S_ISVTX, open_mode 1328 at_flags = AT_EMPTY_PATH, AT_SYMLINK_NOFOLLOW, AT_SYMLINK_FOLLOW, AT_NO_AUTOMOUNT, AT_EMPTY_PATH 1329 fallocate_mode = FALLOC_FL_KEEP_SIZE, FALLOC_FL_PUNCH_HOLE, FALLOC_FL_COLLAPSE_RANGE, FALLOC_FL_ZERO_RANGE, FALLOC_FL_INSERT_RANGE, FALLOC_FL_UNSHARE_RANGE, FALLOC_FL_NO_HIDE_STALE 1330 linkat_flags = AT_EMPTY_PATH, AT_SYMLINK_FOLLOW 1331 unlinkat_flags = AT_REMOVEDIR 1332 renameat2_flags = RENAME_EXCHANGE, RENAME_NOREPLACE, RENAME_WHITEOUT 1333 flock_op = LOCK_SH, LOCK_EX, LOCK_UN, LOCK_NB 1334 statx_flags = AT_SYMLINK_NOFOLLOW, AT_SYMLINK_FOLLOW, AT_NO_AUTOMOUNT, AT_EMPTY_PATH, AT_STATX_SYNC_TYPE, AT_STATX_SYNC_AS_STAT, AT_STATX_FORCE_SYNC, AT_STATX_DONT_SYNC 1335 statx_mask = STATX_TYPE, STATX_MODE, STATX_NLINK, STATX_UID, STATX_GID, STATX_ATIME, STATX_MTIME, STATX_CTIME, STATX_INO, STATX_SIZE, STATX_BLOCKS, STATX_BASIC_STATS, STATX_BTIME 1336 name_to_handle_at_flags = AT_EMPTY_PATH, AT_SYMLINK_FOLLOW, AT_HANDLE_FID 1337 mq_open_flags = O_WRONLY, O_RDWR, O_NONBLOCK, O_CREAT, O_EXCL, O_CREAT 1338 finit_module_flags = MODULE_INIT_IGNORE_MODVERSIONS, MODULE_INIT_IGNORE_VERMAGIC 1339 delete_module_flags = O_NONBLOCK, O_TRUNC 1340 kexec_load_flags = KEXEC_ON_CRASH, KEXEC_PRESERVE_CONTEXT, KEXEC_ARCH_386, KEXEC_ARCH_X86_64, KEXEC_ARCH_PPC, KEXEC_ARCH_PPC64, KEXEC_ARCH_IA_64, KEXEC_ARCH_ARM, KEXEC_ARCH_S390, KEXEC_ARCH_SH, KEXEC_ARCH_MIPS, KEXEC_ARCH_MIPS_LE, KEXEC_ARCH_DEFAULT 1341 faccessat_flags = AT_EACCESS, AT_SYMLINK_NOFOLLOW, AT_EMPTY_PATH 1342 sync_file_flags = SYNC_FILE_RANGE_WAIT_BEFORE, SYNC_FILE_RANGE_WRITE, SYNC_FILE_RANGE_WAIT_AFTER 1343 kcmp_flags = KCMP_FILE, KCMP_FILES, KCMP_FS, KCMP_IO, KCMP_SIGHAND, KCMP_SYSVSEM, KCMP_VM 1344 rusage_who = RUSAGE_SELF, RUSAGE_CHILDREN, RUSAGE_THREAD 1345 rlimit_type = RLIMIT_AS, RLIMIT_CORE, RLIMIT_CPU, RLIMIT_DATA, RLIMIT_FSIZE, RLIMIT_LOCKS, RLIMIT_MEMLOCK, RLIMIT_MSGQUEUE, RLIMIT_NICE, RLIMIT_NOFILE, RLIMIT_NPROC, RLIMIT_RSS, RLIMIT_RTPRIO, RLIMIT_RTTIME, RLIMIT_SIGPENDING, RLIMIT_STACK 1346 # The ones that disable console output are intentionally omitted. 1347 syslog_cmd = SYSLOG_ACTION_CLOSE, SYSLOG_ACTION_OPEN, SYSLOG_ACTION_READ, SYSLOG_ACTION_READ_ALL, SYSLOG_ACTION_READ_CLEAR, SYSLOG_ACTION_SIZE_UNREAD, SYSLOG_ACTION_SIZE_BUFFER 1348 ioprio_which_pid = IOPRIO_WHO_PROCESS, IOPRIO_WHO_PGRP 1349 ioprio_which_uid = IOPRIO_WHO_USER 1350 personality_flags = PER_LINUX, PER_SVR4, PER_SVR3, PER_OSR5, PER_WYSEV386, PER_ISCR4, PER_BSD, PER_XENIX, PER_LINUX32, PER_IRIX32, PER_IRIXN32, PER_IRIX64, PER_RISCOS, PER_SOLARIS, PER_UW7, PER_OSF4, PER_HPUX, ADDR_NO_RANDOMIZE, MMAP_PAGE_ZERO, ADDR_COMPAT_LAYOUT, READ_IMPLIES_EXEC, ADDR_LIMIT_32BIT, SHORT_INODE, WHOLE_SECONDS, STICKY_TIMEOUTS, ADDR_LIMIT_3GB 1351 clock_id = CLOCK_REALTIME, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC, CLOCK_MONOTONIC_COARSE, CLOCK_MONOTONIC_RAW, CLOCK_BOOTTIME, CLOCK_PROCESS_CPUTIME_ID, CLOCK_THREAD_CPUTIME_ID 1352 sigprocmask_how = SIG_BLOCK, SIG_UNBLOCK, SIG_SETMASK 1353 getitimer_which = ITIMER_REAL, ITIMER_VIRTUAL, ITIMER_PROF 1354 wait_options = WNOHANG, WUNTRACED, WCONTINUED, WEXITED, WSTOPPED, WCONTINUED, WNOHANG, WNOWAIT, __WCLONE, __WALL, __WNOTHREAD 1355 waitid_which = P_PID, P_PGID, P_ALL 1356 sigaction_flags = SA_NOCLDSTOP, SA_NOCLDWAIT, SA_NODEFER, SA_ONSTACK, SA_RESETHAND, SA_RESTART, SA_SIGINFO 1357 timer_flags = TIMER_ABSTIME 1358 utimensat_flags = AT_SYMLINK_NOFOLLOW 1359 priority_which = PRIO_PROCESS, PRIO_PGRP, PRIO_USER 1360 mempolicy_flags = MPOL_F_MEMS_ALLOWED, MPOL_F_ADDR, MPOL_F_NODE 1361 ptrace_req = PTRACE_LISTEN, PTRACE_KILL, PTRACE_INTERRUPT, PTRACE_ATTACH, PTRACE_DETACH 1362 ptrace_req_peek = PTRACE_PEEKTEXT, PTRACE_PEEKDATA 1363 ptrace_req_poke = PTRACE_POKETEXT, PTRACE_POKEDATA 1364 ptrace_req_getregs = PTRACE_GETREGS, PTRACE_GETFPREGS 1365 ptrace_req_setregs = PTRACE_SETREGS, PTRACE_SETFPREGS 1366 ptrace_req_setopts = PTRACE_SETOPTIONS, PTRACE_SEIZE 1367 ptrace_req_cont = PTRACE_CONT, PTRACE_SYSCALL, PTRACE_SINGLESTEP, PTRACE_SYSEMU, PTRACE_SYSEMU_SINGLESTEP 1368 pthread_regset = NT_PRSTATUS, NT_PRFPREG, NT_PRPSINFO, NT_TASKSTRUCT, NT_AUXV, NT_386_TLS, NT_386_IOPERM, NT_X86_XSTATE 1369 ptrace_options = PTRACE_O_EXITKILL, PTRACE_O_TRACECLONE, PTRACE_O_TRACEEXEC, PTRACE_O_TRACEEXIT, PTRACE_O_TRACEFORK, PTRACE_O_TRACESYSGOOD, PTRACE_O_TRACEVFORK, PTRACE_O_TRACEVFORKDONE 1370 fcntl_dupfd = F_DUPFD, F_DUPFD_CLOEXEC 1371 fcntl_getflags = F_GETFD, F_GETFL, F_GETSIG, F_GETLEASE, F_GETPIPE_SZ, F_GET_SEALS 1372 fcntl_lock = F_SETLK, F_SETLKW, F_GETLK, F_OFD_GETLK, F_OFD_SETLK, F_OFD_SETLKW 1373 fcntl_flags = FD_CLOEXEC 1374 fcntl_status = O_APPEND, FASYNC, O_DIRECT, O_NOATIME, O_NONBLOCK 1375 flock_type = F_RDLCK, F_WRLCK, F_UNLCK 1376 f_owner_type = F_OWNER_TID, F_OWNER_PID, F_OWNER_PGRP 1377 fcntl_notify = DN_MULTISHOT, DN_ACCESS, DN_MODIFY, DN_CREATE, DN_DELETE, DN_RENAME, DN_ATTRIB 1378 seal_types = F_SEAL_SEAL, F_SEAL_SHRINK, F_SEAL_GROW, F_SEAL_WRITE 1379 ioctl_int_in = FIONBIO, FIOASYNC 1380 ioctl_int_out = FIOQSIZE, FIGETBSZ 1381 fcntl_rw_hint = RWF_WRITE_LIFE_NOT_SET, RWH_WRITE_LIFE_NONE, RWH_WRITE_LIFE_SHORT, RWH_WRITE_LIFE_MEDIUM, RWH_WRITE_LIFE_LONG, RWH_WRITE_LIFE_EXTREME 1382 fiemap_flags = FIEMAP_FLAG_SYNC, FIEMAP_FLAG_XATTR, FIEMAP_FLAG_CACHE 1383 fiemap_extent_flags = FIEMAP_EXTENT_LAST, FIEMAP_EXTENT_UNKNOWN, FIEMAP_EXTENT_DELALLOC, FIEMAP_EXTENT_ENCODED, FIEMAP_EXTENT_DATA_ENCRYPTED, FIEMAP_EXTENT_NOT_ALIGNED, FIEMAP_EXTENT_DATA_INLINE, FIEMAP_EXTENT_DATA_TAIL, FIEMAP_EXTENT_UNWRITTEN, FIEMAP_EXTENT_MERGED, FIEMAP_EXTENT_SHARED 1384 getrandom_flags = GRND_NONBLOCK, GRND_RANDOM 1385 clone_flags = CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_PTRACE, CLONE_VFORK, CLONE_PARENT, CLONE_THREAD, CLONE_NEWNS, CLONE_SYSVSEM, CLONE_SETTLS, CLONE_PARENT_SETTID, CLONE_CHILD_CLEARTID, CLONE_UNTRACED, CLONE_CHILD_SETTID, CLONE_NEWCGROUP, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWUSER, CLONE_NEWPID, CLONE_NEWNET, CLONE_IO, CLONE_PIDFD, CLONE_NEWTIME 1386 clone3_flags = CLONE_CLEAR_SIGHAND, CLONE_INTO_CGROUP, clone_flags 1387 ptrace_peeksiginfo_flags = PTRACE_PEEKSIGINFO_SHARED 1388 close_range_flags = CLOSE_RANGE_UNSHARE 1389 1390 # adjtimex flags. 1391 _ = STA_PLL, STA_PPSFREQ, STA_PPSTIME, STA_FLL, STA_INS, STA_DEL, STA_UNSYNC, STA_FREQHOLD, STA_PPSSIGNAL, STA_PPSJITTER, STA_PPSWANDER, STA_PPSERROR, STA_CLOCKERR, STA_NANO, STA_MODE, STA_CLK, STA_RONLY 1392 # clock_adjtime modes 1393 _ = ADJ_OFFSET, ADJ_FREQUENCY, ADJ_MAXERROR, ADJ_ESTERROR, ADJ_STATUS, ADJ_TIMECONST, ADJ_TAI, ADJ_SETOFFSET, ADJ_MICRO, ADJ_NANO, ADJ_TICK, ADJ_OFFSET_SINGLESHOT 1394 1395 # Consts for target.SpecialFileLenghts. 1396 _ = SMB_PATH_MAX, XT_CGROUP_PATH_MAX, XENSTORE_REL_PATH_MAX 1397 1398 # misc 1399 _ = KCOV_INIT_TRACE, KCOV_ENABLE, KCOV_DISABLE, KCOV_TRACE_PC, KCOV_TRACE_CMP, PTRACE_TRACEME, SYSLOG_ACTION_CONSOLE_ON, SYSLOG_ACTION_CONSOLE_OFF, SYSLOG_ACTION_CONSOLE_LEVEL, SYSLOG_ACTION_CLEAR, __NR_mmap2 1400 1401 # Hardcode KCOV_REMOTE_ENABLE value for amd64 until new kcov patches reach mainline. 1402 define KCOV_REMOTE_ENABLE 1075340134 1403 1404 # Not yet implemented syscalls: 1405 # umask 1406 # vhangup 1407 # _sysctl 1408 # adjtimex 1409 # swapon 1410 # swapoff 1411 # nfsservctl 1412 # getcpu 1413 1414 # Probably no sense in calling these. 1415 # Also affect system-wide state, so not reproducible anyway. 1416 # gettimeofday 1417 # settimeofday 1418 # reboot 1419 # sethostname 1420 # setdomainname 1421 # sched_get_priority_max 1422 # sched_get_priority_min