github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/sys/linux/binfmt.txt (about) 1 # Copyright 2018 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 include <uapi/linux/a.out.h> 5 include <uapi/linux/elf.h> 6 include <linux/fcntl.h> 7 8 resource fd_binfmt[fd] 9 resource fd_binfmt_register[fd] 10 resource fd_binfmt_format[fd] 11 resource ptr_binfmt_file[intptr] 12 13 syz_create_resource$binfmt(file ptr[in, filename]) ptr_binfmt_file 14 15 execve(file ptr[in, filename], argv ptr[in, argv_array], envp ptr[in, argv_array]) 16 execveat(dirfd fd_dir, file ptr[in, filename], argv ptr[in, argv_array], envp ptr[in, argv_array], flags flags[at_flags]) 17 execveat$binfmt(dirfd fd_dir, file ptr_binfmt_file, argv ptr[in, argv_array], envp ptr[in, argv_array], flags flags[at_flags]) 18 19 openat$binfmt(fd const[AT_FDCWD], file ptr_binfmt_file, flags const[BINFMT_OPEN_FLAGS], mode const[0x1ff]) fd_binfmt 20 21 write$binfmt_script(fd fd_binfmt, data ptr[in, binfmt_script], len bytesize[data]) 22 write$binfmt_misc(fd fd_binfmt, data ptr[in, array[int8]], len bytesize[data]) 23 write$binfmt_aout(fd fd_binfmt, data ptr[in, binfmt_aout], len bytesize[data]) 24 write$binfmt_elf32(fd fd_binfmt, data ptr[in, binfmt_elf32], len bytesize[data]) 25 write$binfmt_elf64(fd fd_binfmt, data ptr[in, binfmt_elf64], len bytesize[data]) 26 27 close$binfmt(fd fd_binfmt) 28 29 openat$binfmt_register(fd const[AT_FDCWD], file ptr[in, string["/proc/sys/fs/binfmt_misc/register"]], flags const[O_WRONLY], mode const[0]) fd_binfmt_register 30 write$binfmt_register(fd fd_binfmt_register, data ptr[in, binfmt_register], len bytesize[data]) 31 32 openat$binfmt_format(fd const[AT_FDCWD], file ptr[in, string[binfmt_format_files]], flags const[O_RDWR], mode const[0]) fd_binfmt_format 33 write$binfmt_format(fd fd_binfmt_format, data ptr[in, string[binfmt_format_cmd]], len bytesize[data]) 34 35 define BINFMT_OPEN_FLAGS O_WRONLY | O_CREAT 36 37 argv_array { 38 args array[ptr[in, string]] 39 z const[0, intptr] 40 } [packed] 41 42 # For details of the format see: 43 # Documentation/admin-guide/binfmt-misc.rst 44 binfmt_register { 45 colon0 const[':', int8] 46 name stringnoz[binfmt_names] 47 colon1 const[':', int8] 48 type stringnoz[binfmt_types] 49 colon2 const[':', int8] 50 offset fmt[dec, int64] 51 colon3 const[':', int8] 52 magic stringnoz 53 colon4 const[':', int8] 54 mask stringnoz 55 colon5 const[':', int8] 56 interpreter stringnoz[filename] 57 colon6 const[':', int8] 58 flags array[flags[binfmt_flags, int8]] 59 } [packed] 60 61 # syz0/1 are pre-registered by executor, but we can delete them and them re-create. 62 binfmt_names = "syz0", "syz1", "syz2", "syz3" 63 binfmt_types = "M", "E" 64 binfmt_flags = 'P', 'O', 'C', 'F' 65 binfmt_format_cmd = "0", "1", "-1" 66 binfmt_format_files = "/proc/sys/fs/binfmt_misc/syz0", "/proc/sys/fs/binfmt_misc/syz1", "/proc/sys/fs/binfmt_misc/syz2", "/proc/sys/fs/binfmt_misc/syz3" 67 68 binfmt_script { 69 hdr stringnoz["#! "] 70 bin stringnoz[filename] 71 args array[binfmt_script_arg] 72 nl const[0xa, int8] 73 data array[int8] 74 } [packed] 75 76 binfmt_script_arg { 77 sp const[0x20, int8] 78 arg stringnoz 79 } 80 81 binfmt_aout { 82 exec exec 83 data array[int8] 84 # Just to make the file of a non-trivial size. 85 pad array[array[const[0, int64], 32], 0:10] 86 } [packed] 87 88 exec { 89 magic flags[aouthdr_magics, int16] 90 machtype int8 91 flags int8 92 a_text int32[0:1000] 93 a_data int32[0:1000] 94 a_bss int32 95 a_syms int32[0:1000] 96 a_entry int32 97 a_trsize const[0, int32] 98 a_drsize const[0, int32] 99 } 100 101 aouthdr_magics = OMAGIC, NMAGIC, ZMAGIC, QMAGIC 102 103 type binfmt_elf32 binfmt_elf[int32, elf32_phdr, ELF32_PHDR_SIZE] 104 type binfmt_elf64 binfmt_elf[int64, elf64_phdr, ELF64_PHDR_SIZE] 105 106 type binfmt_elf[ADDR, PHDR, PHENTSIZE] { 107 hdr elf_hdr[ADDR, PHENTSIZE] 108 phdr array[PHDR, 1:4] 109 data array[int8] 110 # Just to make the file of a non-trivial size. 111 pad array[array[const[0, int64], 32], 0:10] 112 } [packed] 113 114 type elf_hdr[ADDR, PHENTSIZE] { 115 e_ident0 const[0x7f, int8] 116 e_ident1 const[0x45, int8] 117 e_ident2 const[0x4c, int8] 118 e_ident3 const[0x46, int8] 119 e_ident_class int8 120 e_ident_data int8 121 e_ident_ver int8 122 e_ident_osabi int8 123 e_ident_pad int64 124 e_type flags[elf_types, int16] 125 e_machine flags[elf_machines, int16] 126 e_version int32 127 e_entry ADDR[0:1000] 128 e_phoff bytesize[parent, ADDR] 129 e_shoff ADDR[0:1000] 130 e_flags int32 131 e_ehsize int16 132 e_phentsize const[PHENTSIZE, int16] 133 e_phnum len[binfmt_elf:phdr, int16] 134 e_shentsize int16 135 e_shnum int16 136 e_shstrndx int16 137 } 138 139 elf32_phdr { 140 p_type flags[elf_ptypes, int32] 141 p_offset int32 142 p_vaddr int32 143 p_paddr int32 144 p_filesz int32 145 p_memsz int32 146 p_flags int32 147 p_align int32 148 } [size[ELF32_PHDR_SIZE]] 149 150 elf64_phdr { 151 p_type flags[elf_ptypes, int32] 152 p_flags int32 153 p_offset int64 154 p_vaddr int64 155 p_paddr int64 156 p_filesz int64 157 p_memsz int64 158 p_align int64 159 } [size[ELF64_PHDR_SIZE]] 160 161 elf_types = ET_EXEC, ET_DYN 162 elf_machines = EM_386, EM_486, EM_X86_64 163 elf_ptypes = PT_LOAD, PT_DYNAMIC, PT_INTERP, PT_NOTE, PT_SHLIB, PT_PHDR, PT_TLS, PT_LOOS, PT_LOPROC, PT_GNU_STACK 164 165 define ELF32_PHDR_SIZE sizeof(struct elf32_phdr) 166 define ELF64_PHDR_SIZE sizeof(struct elf64_phdr)