github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/sys/linux/sys.txt (about) 1 # Copyright 2015 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 # Description of syscall arguments. See README.md for details. 5 6 include <linux/socket.h> 7 include <linux/ptrace.h> 8 include <linux/resource.h> 9 include <linux/stat.h> 10 include <linux/mman.h> 11 include <linux/time.h> 12 include <linux/mount.h> 13 include <linux/fs.h> 14 include <linux/eventpoll.h> 15 include <linux/signalfd.h> 16 include <linux/eventfd.h> 17 include <linux/timerfd.h> 18 include <linux/personality.h> 19 include <linux/wait.h> 20 include <linux/user.h> 21 include <linux/un.h> 22 include <linux/ioctl.h> 23 include <linux/fadvise.h> 24 include <linux/falloc.h> 25 include <linux/kexec.h> 26 include <linux/elf.h> 27 include <linux/fiemap.h> 28 include <linux/kd.h> 29 include <linux/vt.h> 30 include <linux/if_alg.h> 31 include <linux/nfc.h> 32 include <linux/sockios.h> 33 include <linux/net_tstamp.h> 34 include <linux/termios.h> 35 include <linux/fcntl.h> 36 include <linux/sched.h> 37 include <linux/mqueue.h> 38 include <linux/mempolicy.h> 39 include <linux/in.h> 40 include <linux/ip.h> 41 include <linux/tcp.h> 42 include <linux/udp.h> 43 include <linux/kcmp.h> 44 include <linux/nfs.h> 45 include <linux/syslog.h> 46 include <linux/exportfs.h> 47 include <linux/splice.h> 48 include <linux/filelock.h> 49 include <fs/overlayfs/overlayfs.h> 50 include <uapi/linux/memfd.h> 51 include <uapi/linux/module.h> 52 include <linux/ioprio.h> 53 include <linux/membarrier.h> 54 include <uapi/linux/kcov.h> 55 include <uapi/linux/membarrier.h> 56 include <uapi/linux/capability.h> 57 include <uapi/linux/seccomp.h> 58 include <uapi/linux/wait.h> 59 include <uapi/linux/watch_queue.h> 60 include <kernel/sched/sched.h> 61 include <uapi/linux/close_range.h> 62 include <uapi/linux/netfilter/xt_cgroup.h> 63 include <fs/smb/client/cifsglob.h> 64 include <xen/interface/io/xs_wire.h> 65 include <uapi/linux/prctl.h> 66 include <asm/prctl.h> 67 68 resource fd[int32]: -1 69 resource fd_dir[fd]: AT_FDCWD 70 71 # alignptr/align32/align64/padto64 can be used when ABI uses int64/intptr to hold a smaller type. 72 # E.g. pid/uid stored as intptr/int64. 73 type alignptr[T] { 74 v T 75 } [align[PTR_SIZE]] 76 77 type align32[T] { 78 v T 79 } [align[4]] 80 81 type align64[T] { 82 v T 83 } [align[8]] 84 85 type padto32[T] { 86 v T 87 } [size[4]] 88 89 type padto64[T] { 90 v T 91 } [size[8]] 92 93 type signalno int32[0:65] 94 type signalnoptr intptr[0:65] 95 96 # syz_execute_func caused multiple problems: 97 # 1. First it lead to corpus explosion. The program used existing values in registers 98 # to pollute output area. We tried to zero registers (though, not reliably). 99 # 2. It lead to explosion again. The exact mechanics are unknown, here is one sample: 100 # syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4 101 # 430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f44 102 # 9f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464 103 # 660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 104 # 3. The code can also execute syscalls (and it is know to), but it's not subject to 105 # target.SanitizeCall. As the result it can do things that programs are not supposed to do. 106 # 4. Besides linux, corpus explosion also happens on freebsd and is clearly attributable 107 # to syz_execute_func based on corpus contents. Mechanics are also not known. 108 # It also did not cause finding of any new bugs (at least not that I know of). 109 # So it's disabled on all OSes until we figure out how to resolve all these problems. 110 syz_execute_func(text ptr[in, text[target]]) (disabled) 111 112 # Exclude /sys/power/state as reported in https://lkml.org/lkml/2021/5/27/653 113 openat$sysfs(fd const[AT_FDCWD], dir ptr[in, glob["/sys/**/*:-/sys/power/state"]], flags flags[open_flags], mode flags[open_mode]) fd 114 115 open(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd (automatic_helper) 116 # Just so that we have something that creates fd_dir resources. 117 open$dir(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd_dir (automatic_helper) 118 openat$dir(fd const[AT_FDCWD], file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd_dir (automatic_helper) 119 openat(fd fd_dir[opt], file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd 120 openat2$dir(fd const[AT_FDCWD], file ptr[in, filename], how ptr[in, open_how], size bytesize[how]) fd_dir (automatic_helper) 121 openat2(fd fd_dir[opt], file ptr[in, filename], how ptr[in, open_how], size bytesize[how]) fd 122 creat(file ptr[in, filename], mode flags[open_mode]) fd 123 close(fd fd) 124 read(fd fd, buf buffer[out], count len[buf]) 125 pread64(fd fd, buf buffer[out], count len[buf], pos fileoff) 126 readv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec]) 127 preadv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec], off_low int32, off_high int32) 128 preadv2(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec], off_low int32, off_high int32, flags flags[rwf_flags]) 129 write(fd fd, buf buffer[in], count len[buf]) 130 pwrite64(fd fd, buf buffer[in], count len[buf], pos fileoff) 131 writev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec]) 132 pwritev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], off_low int32, off_high int32) 133 pwritev2(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], off_low int32, off_high int32, flags flags[rwf_flags]) 134 # lseek can return negative offsets when the file has FMODE_UNSIGNED_OFFSET flag: 135 # https://elixir.bootlin.com/linux/v6.11-rc7/source/fs/read_write.c#L56 136 # It's unclear how it's then even possible to distinguish error from valid offset, but it's not our problem. 137 # We just have to ignore return values of lseek. 138 lseek(fd fd, offset fileoff, whence flags[seek_whence]) (ignore_return) 139 copy_file_range(fd_in fd, off_in ptr[inout, fileoff[int64], opt], fd_out fd, off_out ptr[inout, fileoff[int64], opt], len intptr, flags flags[copy_file_range_flags]) 140 141 rwf_flags = RWF_DSYNC, RWF_HIPRI, RWF_SYNC, RWF_NOWAIT, RWF_APPEND 142 copy_file_range_flags = 0 143 144 dup(oldfd fd) fd 145 dup2(oldfd fd, newfd fd) fd 146 dup3(oldfd fd, newfd fd, flags flags[dup_flags]) fd 147 148 pipe(pipefd ptr[out, pipefd]) 149 pipe2(pipefd ptr[out, pipefd], flags flags[pipe_flags]) 150 151 tee(fdin fd, fdout fd, len intptr, f flags[splice_flags]) 152 splice(fdin fd, offin ptr[in, fileoff[int64]], fdout fd, offout ptr[in, fileoff[int64]], len intptr, f flags[splice_flags]) 153 vmsplice(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], f flags[splice_flags]) 154 sendfile(fdout fd, fdin fd, off ptr[inout, fileoff[intptr], opt], count intptr) 155 sendfile64(fdout fd, fdin fd, off ptr[inout, fileoff[int64], opt], count intptr) 156 157 cachestat_range { 158 off fileoff[int64] 159 len int64 160 } 161 162 cachestat { 163 nr_cache int64 164 nr_dirty int64 165 nr_writeback int64 166 nr_evicted int64 167 nr_recently_evicted int64 168 } 169 170 stat(file ptr[in, filename], statbuf ptr[out, stat]) 171 lstat(file ptr[in, filename], statbuf ptr[out, stat]) 172 fstat(fd fd, statbuf ptr[out, stat]) 173 newfstatat(dfd const[AT_FDCWD], file ptr[in, filename], statbuf ptr[out, stat], flag flags[statx_flags]) 174 stat64(file ptr[in, filename], statbuf ptr[out, stat64]) 175 lstat64(file ptr[in, filename], statbuf ptr[out, stat64]) 176 fstat64(fd fd, statbuf ptr[out, stat64]) 177 fstatat64(dfd const[AT_FDCWD], file ptr[in, filename], statbuf ptr[out, stat64], flag flags[statx_flags]) 178 statx(fd fd_dir, file ptr[in, filename], flags flags[statx_flags], mask flags[statx_mask], statxbuf ptr[out, statx]) 179 cachestat(fd fd, cstat_range ptr[in, cachestat_range], cstat ptr[out, cachestat], flags const[0]) 180 181 poll(fds ptr[in, array[pollfd]], nfds len[fds], timeout int32) 182 ppoll(fds ptr[in, array[pollfd]], nfds len[fds], tsp ptr[in, timespec], sigmask ptr[in, sigset_t], size len[sigmask]) 183 select(n len[inp], inp ptr[inout, fd_set], outp ptr[inout, fd_set], exp ptr[inout, fd_set], tvp ptr[inout, timeval]) 184 pselect6(n len[inp], inp ptr[inout, fd_set], outp ptr[inout, fd_set], exp ptr[inout, fd_set], tvp ptr[inout, timespec], sig ptr[in, sigset_size]) 185 186 resource fd_epoll[fd] 187 epoll_create(size int32) fd_epoll 188 epoll_create1(flags flags[epoll_flags]) fd_epoll 189 epoll_ctl$EPOLL_CTL_ADD(epfd fd_epoll, op const[EPOLL_CTL_ADD], fd fd, ev ptr[in, epoll_event]) 190 epoll_ctl$EPOLL_CTL_MOD(epfd fd_epoll, op const[EPOLL_CTL_MOD], fd fd, ev ptr[in, epoll_event]) 191 epoll_ctl$EPOLL_CTL_DEL(epfd fd_epoll, op const[EPOLL_CTL_DEL], fd fd) 192 epoll_wait(epfd fd_epoll, events ptr[out, array[epoll_event]], maxevents len[events], timeout int32) 193 epoll_pwait(epfd fd_epoll, events ptr[out, array[epoll_event]], maxevents len[events], timeout int32, sigmask ptr[in, sigset_t], size bytesize[sigmask]) 194 epoll_pwait2(epfd fd_epoll, events ptr[out, array[epoll_event]], maxevents len[events], timeout ptr[in, timespec], sigmask ptr[in, sigset_t], size bytesize[sigmask]) 195 196 resource fd_timer[fd] 197 signalfd(fd fd, mask ptr[in, sigset_t], size len[mask]) fd 198 signalfd4(fd fd, mask ptr[in, sigset_t], size len[mask], flags flags[signalfd_flags]) fd 199 timerfd_create(clockid flags[clock_type], flags flags[timerfd_create_flags]) fd_timer 200 timerfd_settime(fd fd_timer, flags flags[timerfd_settime_flags], new ptr[in, itimerspec], old ptr[out, itimerspec]) 201 timerfd_gettime(fd fd_timer, cur ptr[out, itimerspec]) 202 ioctl$TFD_IOC_SET_TICKS(fd fd_timer, cmd const[TFD_IOC_SET_TICKS], arg ptr[in, int64]) 203 204 resource fd_event[fd] 205 eventfd(initval int32) fd_event 206 eventfd2(initval int32, flags flags[eventfd_flags]) fd_event 207 read$eventfd(fd fd_event, val ptr[out, int64], len len[val]) 208 write$eventfd(fd fd_event, val ptr[in, int64], len len[val]) 209 210 brk(brk intptr) 211 mmap(addr vma, len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd, offset intptr[0:0xffffffff, 0x1000]) 212 munmap(addr vma, len len[addr]) 213 mremap(addr vma, len len[addr], newlen len[newaddr], flags flags[mremap_flags], newaddr vma) 214 remap_file_pages(addr vma, size len[addr], prot flags[mmap_prot], pgoff intptr, flags flags[mmap_flags]) 215 mprotect(addr vma, len len[addr], prot flags[mmap_prot]) 216 msync(addr vma, len len[addr], f flags[msync_flags]) 217 madvise(addr vma, len len[addr], advice flags[madvise_flags]) 218 process_madvise(pidfd fd_pidfd, vec ptr[in, array[iovec_in]], vlen len[vec], advice flags[madvise_flags], flags const[0]) 219 process_mrelease(pidfd fd_pidfd, flags const[0]) 220 fadvise64(fd fd, offset fileoff, len intptr, advice flags[fadvise_flags]) 221 readahead(fd fd, off intptr, count intptr) 222 mbind(addr vma, len len[addr], mode flags[mbind_mode], nodemask ptr[in, int64], maxnode intptr, flags flags[mbind_flags]) 223 move_pages(pid pid, nr len[pages], pages ptr[in, array[vma]], nodes ptr[in, array[int32], opt], status ptr[out, array[int32]], flags flags[move_pages_flags]) 224 migrate_pages(pid pid, maxnode intptr, old ptr[in, int64], new ptr[in, int64]) 225 set_mempolicy(mode flags[mbind_mode], nodemask ptr[in, int64], maxnode intptr) 226 get_mempolicy(mode ptr[out, int32], nodemask ptr[out, int64], maxnode intptr, addr vma, flags flags[mempolicy_flags]) 227 set_mempolicy_home_node(addr vma, len len[addr], home_node intptr[0:3], flags const[0]) 228 mincore(addr vma, size len[addr], vec buffer[out]) 229 mlock(addr vma, size len[addr]) 230 mlock2(addr vma, size len[addr], flags flags[mlock_flags]) 231 munlock(addr vma, size len[addr]) 232 mlockall(flags flags[mlockall_flags]) 233 munlockall() 234 kcmp(pid1 pid, pid2 pid, type flags[kcmp_flags], fd1 fd, fd2 fd) 235 kcmp$KCMP_EPOLL_TFD(pid1 pid, pid2 pid, type const[KCMP_EPOLL_TFD], fd1 fd, idx2 ptr[in, kcmp_epoll_slot]) 236 237 resource fd_memfd[fd] 238 memfd_create(name ptr[in, string], flags flags[memfd_flags]) fd_memfd 239 memfd_flags = MFD_CLOEXEC, MFD_ALLOW_SEALING, MFD_HUGETLB 240 _ = MFD_HUGE_SHIFT, MFD_HUGE_MASK, MFD_HUGE_64KB, MFD_HUGE_512KB, MFD_HUGE_1MB, MFD_HUGE_2MB, MFD_HUGE_8MB, MFD_HUGE_16MB 241 242 memfd_secret(flags flags[memfd_secret_flags]) fd 243 memfd_secret_flags = O_CLOEXEC 244 245 resource pkey[int32]: -1 246 pkey_alloc(flags const[0], val flags[pkey_flags]) pkey 247 pkey_free(key pkey) 248 pkey_mprotect(addr vma, len len[addr], prot flags[mmap_prot], key pkey) 249 syz_pkey_set(key pkey, val flags[pkey_flags]) 250 251 pkey_flags = PKEY_DISABLE_ACCESS, PKEY_DISABLE_WRITE 252 253 restart_syscall() 254 255 # Almighty! 256 ioctl(fd fd, cmd int32, arg buffer[in]) 257 258 ioctl$int_in(fd fd, cmd flags[ioctl_int_in], v ptr[in, int64]) 259 ioctl$int_out(fd fd, cmd flags[ioctl_int_out], v ptr[out, intptr]) 260 261 ioctl$FIOCLEX(fd fd, cmd const[FIOCLEX]) 262 ioctl$FIONCLEX(fd fd, cmd const[FIONCLEX]) 263 ioctl$FITHAW(fd fd, cmd const[FITHAW]) 264 265 # FIFREEZE is disabled because it can easily kill the machine. 266 ioctl$FIFREEZE(fd fd, cmd const[FIFREEZE]) (disabled) 267 268 fcntl$dupfd(fd fd, cmd flags[fcntl_dupfd], arg fd) fd 269 fcntl$getflags(fd fd, cmd flags[fcntl_getflags]) 270 fcntl$setflags(fd fd, cmd const[F_SETFD], flags flags[fcntl_flags]) 271 fcntl$setstatus(fd fd, cmd const[F_SETFL], flags flags[fcntl_status]) 272 fcntl$lock(fd fd, cmd flags[fcntl_lock], lock ptr[in, flock]) 273 fcntl$getown(fd fd, cmd const[F_GETOWN]) pid (automatic_helper) 274 fcntl$setown(fd fd, cmd const[F_SETOWN], pid pid) 275 fcntl$getownex(fd fd, cmd const[F_GETOWN_EX], arg ptr[out, f_owner_ex]) 276 fcntl$setownex(fd fd, cmd const[F_SETOWN_EX], arg ptr[in, f_owner_ex]) 277 fcntl$setsig(fd fd, cmd const[F_SETSIG], sig signalnoptr) 278 fcntl$setlease(fd fd, cmd const[F_SETLEASE], typ flags[flock_type]) 279 fcntl$notify(fd fd, cmd const[F_NOTIFY], typ flags[fcntl_notify]) 280 fcntl$setpipe(fd fd, cmd const[F_SETPIPE_SZ], sz intptr) 281 fcntl$addseals(fd fd, cmd const[F_ADD_SEALS], seals flags[seal_types]) 282 fcntl$F_GET_RW_HINT(fd fd, cmd const[F_GET_RW_HINT], hint ptr[out, int64]) 283 fcntl$F_GET_FILE_RW_HINT(fd fd, cmd const[F_GET_FILE_RW_HINT], hint ptr[out, int64]) 284 fcntl$F_SET_RW_HINT(fd fd, cmd const[F_SET_RW_HINT], hint ptr[in, flags[fcntl_rw_hint, int64]]) 285 fcntl$F_SET_FILE_RW_HINT(fd fd, cmd const[F_SET_FILE_RW_HINT], hint ptr[in, flags[fcntl_rw_hint, int64]]) 286 287 # Only some commands break return values. 288 # When/if we have stricter enforcement of arguments, we may remove some of breaks_returns attributes. 289 ptrace(req flags[ptrace_req], pid pid) (breaks_returns) 290 ptrace$peek(req flags[ptrace_req_peek], pid pid, addr ptr[out, intptr]) (breaks_returns) 291 ptrace$poke(req flags[ptrace_req_poke], pid pid, addr ptr[out, intptr], data intptr) (breaks_returns) 292 ptrace$peekuser(req const[PTRACE_PEEKUSR], pid pid, addr intptr) (breaks_returns) 293 ptrace$pokeuser(req const[PTRACE_POKEUSR], pid pid, addr intptr, data intptr) (breaks_returns) 294 ptrace$getregs(req flags[ptrace_req_getregs], pid pid, ignored intptr, data buffer[out]) (breaks_returns) 295 ptrace$getregset(req const[PTRACE_GETREGSET], pid pid, what flags[pthread_regset], data ptr[in, iovec_out]) (breaks_returns) 296 ptrace$setregs(req flags[ptrace_req_setregs], pid pid, ignored intptr, data buffer[in]) (breaks_returns) 297 ptrace$setregset(req const[PTRACE_SETREGSET], pid pid, what flags[pthread_regset], data ptr[in, iovec_in]) (breaks_returns) 298 ptrace$getsig(req const[PTRACE_GETSIGINFO], pid pid, ignored intptr, data ptr[out, siginfo]) (breaks_returns) 299 ptrace$setsig(req const[PTRACE_SETSIGINFO], pid pid, ignored intptr, data ptr[in, siginfo]) (breaks_returns) 300 ptrace$setopts(req flags[ptrace_req_setopts], pid pid, ignored intptr, flags flags[ptrace_options]) (breaks_returns) 301 ptrace$getenv(req const[PTRACE_GETEVENTMSG], pid pid, ignored intptr, data ptr[out, intptr]) (breaks_returns) 302 ptrace$cont(req flags[ptrace_req_cont], pid pid, ignored intptr, data intptr) (breaks_returns) 303 ptrace$PTRACE_SECCOMP_GET_FILTER(req const[PTRACE_SECCOMP_GET_FILTER], pid pid, addr intptr, data ptr[out, array[int8]]) (breaks_returns) 304 ptrace$PTRACE_SECCOMP_GET_METADATA(req const[PTRACE_SECCOMP_GET_METADATA], pid pid, addr len[data], data ptr[in, seccomp_metadata]) (breaks_returns) 305 ptrace$PTRACE_SETSIGMASK(req const[PTRACE_SETSIGMASK], pid pid, size bytesize[data], data ptr[in, sigset_t]) (breaks_returns) 306 ptrace$PTRACE_GETSIGMASK(req const[PTRACE_GETSIGMASK], pid pid, size bytesize[data], data ptr[out, sigset_t]) (breaks_returns) 307 ptrace$ARCH_GET_FS(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], code const[ARCH_GET_FS]) (breaks_returns) 308 ptrace$ARCH_GET_GS(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], code const[ARCH_GET_GS]) (breaks_returns) 309 ptrace$ARCH_SET_GS(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], code const[ARCH_SET_GS]) (breaks_returns) 310 ptrace$ARCH_GET_CPUID(req const[PTRACE_ARCH_PRCTL], pid pid, arg const[0], code const[ARCH_GET_CPUID]) (breaks_returns) 311 ptrace$ARCH_SET_CPUID(req const[PTRACE_ARCH_PRCTL], pid pid, arg boolptr, code const[ARCH_SET_CPUID]) (breaks_returns) 312 ptrace$ARCH_MAP_VDSO_X32(req const[PTRACE_ARCH_PRCTL], pid pid, arg intptr, code const[ARCH_MAP_VDSO_X32]) (breaks_returns) 313 ptrace$ARCH_MAP_VDSO_32(req const[PTRACE_ARCH_PRCTL], pid pid, arg intptr, code const[ARCH_MAP_VDSO_32]) (breaks_returns) 314 ptrace$ARCH_MAP_VDSO_64(req const[PTRACE_ARCH_PRCTL], pid pid, arg intptr, code const[ARCH_MAP_VDSO_64]) (breaks_returns) 315 ptrace$ARCH_SHSTK_STATUS(req const[PTRACE_ARCH_PRCTL], pid pid, res ptr[out, intptr], cmd const[ARCH_SHSTK_STATUS]) (breaks_returns) 316 ptrace$ARCH_SHSTK_LOCK(req const[PTRACE_ARCH_PRCTL], pid pid, features flags[shadow_stack_features], cmd const[ARCH_SHSTK_LOCK]) (breaks_returns) 317 ptrace$ARCH_SHSTK_UNLOCK(req const[PTRACE_ARCH_PRCTL], pid pid, features flags[shadow_stack_features], cmd const[ARCH_SHSTK_UNLOCK]) (breaks_returns) 318 ptrace$ARCH_SHSTK_ENABLE(req const[PTRACE_ARCH_PRCTL], pid pid, features flags[shadow_stack_features], cmd const[ARCH_SHSTK_ENABLE]) (breaks_returns) 319 ptrace$ARCH_SHSTK_DISABLE(req const[PTRACE_ARCH_PRCTL], pid pid, features flags[shadow_stack_features], cmd const[ARCH_SHSTK_DISABLE]) (breaks_returns) 320 ptrace$ARCH_GET_UNTAG_MASK(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], cmd const[ARCH_GET_UNTAG_MASK]) (breaks_returns) 321 ptrace$ARCH_GET_MAX_TAG_BITS(req const[PTRACE_ARCH_PRCTL], pid pid, arg ptr[out, intptr], cmd const[ARCH_GET_MAX_TAG_BITS]) (breaks_returns) 322 ptrace$ARCH_ENABLE_TAGGED_ADDR(req const[PTRACE_ARCH_PRCTL], pid pid, arg intptr[1:6], cmd const[ARCH_ENABLE_TAGGED_ADDR]) (breaks_returns) 323 ptrace$ARCH_FORCE_TAGGED_SVA(req const[PTRACE_ARCH_PRCTL], pid pid, arg const[0], cmd const[ARCH_FORCE_TAGGED_SVA]) (breaks_returns) 324 325 map_shadow_stack(addr vma, size bytesize[addr], flags boolptr) 326 327 seccomp_metadata { 328 filter_off int64 329 flags const[0, int64] 330 } 331 332 ptrace_peeksiginfo_args { 333 off int64 334 flags flags[ptrace_peeksiginfo_flags, int32] 335 nr len[syscall:data, int32] 336 } 337 338 ptrace$peeksig(req const[PTRACE_PEEKSIGINFO], pid pid, args ptr[in, ptrace_peeksiginfo_args], data ptr[out, array[siginfo]]) 339 340 capget(hdr ptr[in, cap_header], data ptr[in, cap_data]) 341 capset(hdr ptr[in, cap_header], data ptr[in, cap_data]) 342 343 resource fd_mq[fd] 344 mq_open(name ptr[in, string], flags flags[mq_open_flags], mode flags[open_mode], attr ptr[in, mq_attr]) fd_mq 345 mq_timedsend(mqd fd_mq, msg buffer[in], msglen len[msg], prio intptr, timeout ptr[in, timespec, opt]) 346 mq_timedreceive(mqd fd_mq, msg buffer[out], msglen len[msg], prio intptr, timeout ptr[in, timespec, opt]) 347 mq_notify(mqd fd_mq, notif ptr[in, sigevent]) 348 mq_getsetattr(mqd fd_mq, attr ptr[in, mq_attr], oldattr ptr[out, mq_attr, opt]) 349 mq_unlink(name ptr[in, string]) 350 351 mknod(file ptr[in, filename], mode flags[mknod_mode], dev int32) 352 mknod$loop(file ptr[in, filename], mode flags[mknod_mode], dev proc[1792, 2]) 353 mknodat$loop(dirfd fd_dir, file ptr[in, filename], mode flags[mknod_mode], dev proc[1792, 2]) 354 mknodat$null(dirfd fd_dir, file ptr[in, filename], mode flags[mknod_mode], dev const[0x103]) 355 mknodat(dirfd fd_dir, file ptr[in, filename], mode flags[mknod_mode], dev int32) 356 chmod(file ptr[in, filename], mode flags[open_mode]) 357 fchmod(fd fd, mode flags[open_mode]) 358 fchmodat(dirfd fd_dir, file ptr[in, filename], mode flags[open_mode]) 359 chown(file ptr[in, filename], uid uid, gid gid) 360 lchown(file ptr[in, filename], uid uid, gid gid) 361 fchown(fd fd, uid uid, gid gid) 362 fchownat(dirfd fd_dir, file ptr[in, filename], uid uid, gid gid, flags flags[at_flags]) 363 fallocate(fd fd, mode flags[fallocate_mode], off intptr, len intptr) 364 faccessat(dirfd fd_dir, pathname ptr[in, filename], mode flags[open_mode]) 365 faccessat2(dirfd fd_dir, pathname ptr[in, filename], mode flags[open_mode], flags flags[faccessat_flags]) 366 utime(filename ptr[in, filename], times ptr[in, utimbuf]) 367 utimes(filename ptr[in, filename], times ptr[in, itimerval]) 368 futimesat(dir fd_dir, pathname ptr[in, filename], times ptr[in, itimerval]) 369 utimensat(dir fd_dir, pathname ptr[in, filename], times ptr[in, itimerval], flags flags[utimensat_flags]) 370 371 # Small trick - syzkaller cannot give the proper stack pointer to clone(), but we can do it with the aid of pseudo syscalls. 372 syz_clone(flags flags[clone_flags], stack buffer[in], stack_len bytesize[stack], parentid ptr[out, int32], childtid ptr[out, int32], tls buffer[in]) pid (automatic_helper) 373 374 syz_clone3(args ptr[in, clone_args], size bytesize[args]) pid (automatic_helper) 375 376 # We need these disabled definitions to simplify the presence and the NR checking. 377 clone(flags flags[clone_flags], sp buffer[in], parentid ptr[out, int32], childtid ptr[out, int32], tls buffer[in]) (breaks_returns, disabled) 378 clone3(args ptr[in, clone_args], size bytesize[args]) pid (breaks_returns, disabled) 379 380 clone_args { 381 flags flags[clone3_flags, int64] 382 pidfd ptr64[out, fd_pidfd] 383 child_tid ptr64[out, pid] 384 parent_tid ptr64[out, pid] 385 exit_signal align64[signalno] 386 stack ptr64[out, array[int8]] 387 stack_size bytesize[stack, int64] 388 tls ptr64[out, array[int8]] 389 set_tid ptr64[in, array[pid]] 390 set_tid_size len[set_tid, int64] 391 cgroup align64[fd_cgroup] 392 } 393 394 resource pid[int32]: 0, -1 395 resource uid[int32]: 0, -1, 0xee00, 0xee01 396 resource gid[int32]: 0, -1, 0xee00, 0xee01 397 398 getgid() gid (automatic_helper) 399 getegid() gid (automatic_helper) 400 setuid(uid uid) 401 setgid(gid gid) 402 getuid() uid (automatic_helper) 403 geteuid() uid (automatic_helper) 404 setpgid(pid pid, pgid pid) 405 getpgid(pid pid) pid (automatic_helper) 406 getpgrp(pid pid) pid (automatic_helper) 407 getpid() pid (automatic_helper) 408 gettid() pid (automatic_helper) 409 setreuid(ruid uid, euid uid) 410 setregid(rgid gid, egid gid) 411 setresuid(ruid uid, euid uid, suid uid) 412 setresgid(rgid gid, egid gid, sgid gid) 413 getresuid(ruid ptr[out, uid], euid ptr[out, uid], suid ptr[out, uid]) 414 getresgid(rgid ptr[out, gid], egid ptr[out, gid], sgid ptr[out, gid]) 415 setfsuid(fsuid uid) 416 setfsgid(fsgid gid) 417 getgroups(size len[list], list ptr[inout, array[gid]]) 418 setgroups(size len[list], list ptr[in, array[gid]]) 419 personality(persona flags[personality_flags]) 420 # Don't mess with parent (fuzzer). If we ptrace attach to it, it will hang. 421 # If we setrlimit for parent, it will misbehave. Killing - the same. Nothing good. 422 #getppid() pid 423 #getsid(pid pid) pid 424 #setsid() pid 425 426 link(old ptr[in, filename], new ptr[in, filename]) 427 linkat(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename], flags flags[linkat_flags]) 428 symlinkat(old ptr[in, filename], newfd fd_dir, new ptr[in, filename]) 429 symlink(old ptr[in, filename], new ptr[in, filename]) 430 unlink(path ptr[in, filename]) 431 unlinkat(fd fd_dir, path ptr[in, filename], flags flags[unlinkat_flags]) 432 readlink(path ptr[in, filename], buf buffer[out], siz len[buf]) 433 readlinkat(fd fd_dir, path ptr[in, filename], buf buffer[out], siz len[buf]) 434 rename(old ptr[in, filename], new ptr[in, filename]) 435 renameat(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename]) 436 renameat2(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename], flags flags[renameat2_flags]) 437 mkdir(path ptr[in, filename], mode flags[open_mode]) 438 mkdirat(fd fd_dir[opt], path ptr[in, filename], mode flags[open_mode]) 439 rmdir(path ptr[in, filename]) 440 truncate(file ptr[in, filename], len intptr) 441 ftruncate(fd fd, len intptr) 442 flock(fd fd, op flags[flock_op]) 443 fsync(fd fd) 444 fdatasync(fd fd) 445 sync() 446 syncfs(fd fd) 447 sync_file_range(fd fd, off intptr, nbytes intptr, flags flags[sync_file_flags]) 448 lookup_dcookie(cookie intptr, buf buffer[out], len len[buf]) 449 getdents(fd fd_dir, ent buffer[out], count len[ent]) 450 getdents64(fd fd_dir, ent buffer[out], count len[ent]) 451 name_to_handle_at(fd fd_dir, file ptr[in, filename], handle ptr[in, file_handle], mnt ptr[out, int32], flags flags[name_to_handle_at_flags]) 452 open_by_handle_at(mountdirfd fd, handle ptr[in, file_handle], flags flags[open_flags]) 453 chroot(dir ptr[in, filename]) 454 getcwd(buf buffer[out], size len[buf]) 455 chdir(dir ptr[in, filename]) 456 fchdir(fd fd) 457 pivot_root(new_root ptr[in, filename], put_old ptr[in, filename]) 458 459 sysfs$1(option const[1], fsname ptr[in, string]) 460 sysfs$2(option const[2], fsindex intptr, fsname buffer[out]) 461 sysfs$3(option const[3]) 462 statfs(path ptr[in, filename], buf buffer[out]) 463 fstatfs(fd fd, buf buffer[out]) 464 465 uselib(lib ptr_binfmt_file) 466 init_module(mod ptr[in, binfmt_elf64], len len[mod], args ptr[in, string]) 467 finit_module(fd fd_binfmt, args ptr[in, string], flags flags[finit_module_flags]) 468 delete_module(name ptr[in, string], flags flags[delete_module_flags]) 469 kexec_load(entry intptr, nr_segments len[segments], segments ptr[in, array[kexec_segment]], flags flags[kexec_load_flags]) 470 syslog(cmd flags[syslog_cmd], buf ptr[out, array[int8], opt], len len[buf]) 471 uname(buf buffer[out]) 472 sysinfo(info buffer[out]) 473 ustat(dev intptr, buf ptr[out, ustat]) 474 acct(filename ptr[in, filename, opt]) 475 476 getrusage(who flags[rusage_who], usage ptr[out, rusage]) 477 getrlimit(res flags[rlimit_type], rlim ptr[out, rlimit]) 478 setrlimit(res flags[rlimit_type], rlim ptr[in, rlimit]) 479 prlimit64(pid pid, res flags[rlimit_type], new ptr[in, rlimit, opt], old ptr[out, rlimit, opt]) 480 481 iopl(level int8) 482 ioperm(from intptr, num intptr, on intptr) 483 ioprio_get$pid(which flags[ioprio_which_pid], who pid) 484 ioprio_get$uid(which flags[ioprio_which_uid], who uid) 485 ioprio_set$pid(which flags[ioprio_which_pid], who pid, ioprio flags[ioprio_priorities]) 486 ioprio_set$uid(which flags[ioprio_which_uid], who uid, ioprio flags[ioprio_priorities]) 487 488 # NEED: we can express the construction of integers using structs with flags 489 # and bitfields, which are normally obtained using a combination of bitwise 490 # operations with the help of macros. However, structs can't be directly passed 491 # as a syscall argument; therefore, such constructions can't be directly passed either. 492 # One example is ioprio argument for ioprio_set, where we could have expressed the 493 # construction less messy. For now, some subset of valid values are enumerated as 494 # in ioprio_priorities. 495 496 # ioprio priority values are obtained using IOPRIO_PRIO_VALUE(class, data) macro. 497 # the behaviour of the macro is mimicked below and some priority values are enumerated. 498 ioprio_priorities = IOPRIO_CLASS_NONE_PRIO, IOPRIO_CLASS_IDLE_PRIO, IOPRIO_CLASS_RT_HIGH_PRIO, IOPRIO_CLASS_BE_HIGH_PRIO, IOPRIO_CLASS_RT_MID_PRIO, IOPRIO_CLASS_BE_MID_PRIO, IOPRIO_CLASS_RT_LOW_PRIO, IOPRIO_CLASS_BE_LOW_PRIO 499 500 # The classes RT and BE take data values from the range [0:7]. Use a subset of the available 501 # values (0, 4, 7) to ease collisions, and to avoid redundancy. The classes NONE and IDLE 502 # have only one valid priority value each with data set to 0. 503 define IOPRIO_CLASS_NONE_PRIO (IOPRIO_CLASS_NONE << IOPRIO_CLASS_SHIFT) 504 define IOPRIO_CLASS_IDLE_PRIO (IOPRIO_CLASS_IDLE << IOPRIO_CLASS_SHIFT) 505 define IOPRIO_CLASS_RT_HIGH_PRIO (IOPRIO_CLASS_RT << IOPRIO_CLASS_SHIFT) 506 define IOPRIO_CLASS_BE_HIGH_PRIO (IOPRIO_CLASS_BE << IOPRIO_CLASS_SHIFT) 507 define IOPRIO_CLASS_RT_MID_PRIO ((IOPRIO_CLASS_RT << IOPRIO_CLASS_SHIFT) + 4) 508 define IOPRIO_CLASS_BE_MID_PRIO ((IOPRIO_CLASS_BE << IOPRIO_CLASS_SHIFT) + 4) 509 define IOPRIO_CLASS_RT_LOW_PRIO ((IOPRIO_CLASS_RT << IOPRIO_CLASS_SHIFT) + 7) 510 define IOPRIO_CLASS_BE_LOW_PRIO ((IOPRIO_CLASS_BE << IOPRIO_CLASS_SHIFT) + 7) 511 512 resource timerid[int32] 513 timer_create(id flags[clock_id], ev ptr[in, sigevent], timerid ptr[out, timerid]) 514 timer_gettime(timerid timerid, setting ptr[out, itimerspec]) 515 timer_getoverrun(timerid timerid) 516 timer_settime(timerid timerid, flags flags[timer_flags], new ptr[in, itimerspec], old ptr[out, itimerspec, opt]) 517 timer_delete(timerid timerid) 518 519 time(t ptr[out, intptr]) 520 clock_gettime(id flags[clock_id], tp ptr[out, timespec]) 521 clock_settime(id flags[clock_id], tp ptr[in, timespec]) 522 clock_adjtime(id flags[clock_id], tx ptr[in, timex]) 523 clock_getres(id flags[clock_id], tp ptr[out, timespec]) 524 clock_nanosleep(id flags[clock_id], flags flags[timer_flags], rqtp ptr[in, timespec], rmtp ptr[out, timespec, opt]) 525 rt_sigaction(sig signalno, act ptr[in, sigaction], oact ptr[out, sigaction, opt], sigsetsize len[fake], fake ptr[out, sigset_t]) 526 rt_sigprocmask(how flags[sigprocmask_how], nset ptr[in, sigset_t], oset ptr[out, sigset_t, opt], sigsetsize len[nset]) 527 rt_sigreturn() 528 rt_sigpending(set ptr[out, sigset_t], sigsetsize len[set]) 529 rt_sigtimedwait(these ptr[in, sigset_t], info ptr[out, siginfo, opt], ts ptr[in, timespec], sigsetsize len[these]) 530 rt_sigsuspend(new ptr[in, sigset_t], sigsetsize len[new]) 531 rt_sigqueueinfo(pid pid, sig signalno, info ptr[in, siginfo]) 532 rt_tgsigqueueinfo(gid pid, tid pid, sig signalno, info ptr[in, siginfo]) 533 sigaltstack(ss ptr[in, sigaltstack], oss ptr[out, sigaltstack, opt]) 534 tgkill(gid pid, tid pid, sig signalno) 535 tkill(tid pid, sig signalno) 536 pause() 537 alarm(seconds intptr) 538 nanosleep(req ptr[in, timespec], rem ptr[out, timespec, opt]) 539 getitimer(which flags[getitimer_which], cur ptr[out, itimerval]) 540 setitimer(which flags[getitimer_which], new ptr[in, itimerval], old ptr[out, itimerval, opt]) 541 exit(code intptr) 542 exit_group(code intptr) 543 waitid(which flags[waitid_which], pid pid, infop ptr[out, siginfo, opt], options flags[wait_options], ru ptr[out, rusage, opt]) 544 waitid$P_PIDFD(which const[P_PIDFD], pidfd fd_pidfd, infop ptr[out, siginfo, opt], options flags[wait_options], ru ptr[out, rusage, opt]) 545 wait4(pid pid, status ptr[out, int32, opt], options flags[wait_options], ru ptr[out, rusage, opt]) 546 times(buf ptr[out, tms]) 547 # Can send signals to all processes (pid=-1). 548 #kill(pid pid, sig signalno) 549 550 set_thread_area(info ptr[in, user_desc]) 551 get_thread_area(info ptr[in, user_desc]) 552 modify_ldt$read(func const[0], buf buffer[out], len len[buf]) 553 modify_ldt$write(func const[1], buf ptr[in, user_desc], len len[buf]) 554 modify_ldt$read_default(func const[2], buf buffer[out], len len[buf]) 555 modify_ldt$write2(func const[17], buf ptr[in, user_desc], len len[buf]) 556 process_vm_readv(pid pid, loc_vec ptr[in, array[iovec_out]], loc_vlen len[loc_vec], rem_vec ptr[in, array[iovec_out]], rem_vlen len[rem_vec], flags const[0]) 557 process_vm_writev(pid pid, loc_vec ptr[in, array[iovec_out]], loc_vlen len[loc_vec], rem_vec ptr[in, array[iovec_out]], rem_vlen len[rem_vec], flags const[0]) 558 set_tid_address(tidptr ptr[out, int32]) 559 getpriority(which flags[priority_which], who pid) 560 setpriority(which flags[priority_which], who pid, prio intptr) 561 sched_getscheduler(pid pid) 562 sched_setscheduler(pid pid, policy flags[sched_policy], prio ptr[in, int32]) 563 sched_rr_get_interval(pid pid, tp ptr[out, timespec]) 564 sched_getparam(pid pid, prio ptr[out, int32]) 565 sched_setparam(pid pid, prio ptr[in, int32]) 566 sched_getaffinity(pid pid, cpusetsize len[mask], mask ptr[out, int64]) 567 sched_setaffinity(pid pid, cpusetsize len[mask], mask ptr[in, int64]) 568 sched_getattr(pid pid, attr ptr[out, sched_attr], size len[attr], flags const[0]) 569 sched_setattr(pid pid, attr ptr[in, sched_attr], flags const[0]) 570 sched_yield() 571 getrandom(buf buffer[out], len len[buf], flags flags[getrandom_flags]) 572 573 membarrier(cmd flags[membarrier_cmd], flags const[0]) 574 575 membarrier_cmd = MEMBARRIER_CMD_GLOBAL, MEMBARRIER_CMD_GLOBAL_EXPEDITED, MEMBARRIER_CMD_PRIVATE_EXPEDITED, MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE, MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_SYNC_CORE, MEMBARRIER_CMD_QUERY, MEMBARRIER_CMD_REGISTER_GLOBAL_EXPEDITED, MEMBARRIER_CMD_SHARED 576 577 rseq(rseq ptr[in, rseq], rseq_len bytesize[rseq], flags boolptr, sig const[0]) 578 579 rseq { 580 cpu_id_start const[0, int32] 581 cpu_id const[0, int32] 582 rseq_cs ptr64[in, rseq_cs, opt] 583 flags flags[rseq_cs_flags, int32] 584 } [align[32]] 585 586 rseq_cs { 587 version const[0, int32] 588 flags flags[rseq_cs_flags, int32] 589 start_ip int64 590 post_commit_offset int64 591 abort_ip int64 592 } [align[32]] 593 594 rseq_cs_flags = RSEQ_CS_FLAG_NO_RESTART_ON_PREEMPT, RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL, RSEQ_CS_FLAG_NO_RESTART_ON_MIGRATE 595 596 # start/end are unused for now, no definition of SYS_RISCV_FLUSH_ICACHE_LOCAL in uapi headers. 597 riscv_flush_icache(start const[0], end const[0], flags bool32) 598 599 syz_open_procfs(pid pid, file ptr[in, string[procfs_proc_file]]) fd 600 601 # TODO: some of net files are only available in the init namespace (e.g. bluetooth bnep and hci). 602 # We could find some way to open these files in the init namespace 603 # esp. taking into account that we create bluetooth sockets in init namespace. 604 procfs_proc_file = "auxv", "cmdline", "environ", "autogroup", "cgroup", "clear_refs", "comm", "coredump_filter", "cpuset", "gid_map", "io", "limits", "loginuid", "maps", "mountinfo", "mounts", "mountstats", "numa_maps", "oom_adj", "oom_score", "oom_score_adj", "pagemap", "personality", "projid_map", "sched", "schedstat", "sessionid", "setgroups", "smaps", "smaps_rollup", "totmaps", "stack", "stat", "statm", "status", "syscall", "timers", "uid_map", "wchan", "map_files", "attr", "attr/current", "attr/exec", "attr/fscreate", "attr/keycreate", "attr/prev", "attr/sockcreate", "ns", "children", "task", "fd", "fd/3", "fd/4", "fdinfo", "fdinfo/3", "fdinfo/4", "net", "net/anycast6", "net/arp", "net/bnep", "net/connector", "net/dev", "net/dev_mcast", "net/dev_snmp6", "net/fib_trie", "net/fib_triestat", "net/hci", "net/icmp", "net/icmp6", "net/if_inet6", "net/igmp", "net/igmp6", "net/ip6_flowlabel", "net/ip6_mr_cache", "net/ip6_mr_vif", "net/ip6_tables_matches", "net/ip6_tables_names", "net/ip6_tables_targets", "net/ip_mr_cache", "net/ip_mr_vif", "net/ip_tables_matches", "net/ip_tables_names", "net/ip_tables_targets", "net/ipv6_route", "net/l2cap", "net/llc/core", "net/llc/socket", "net/mcfilter", "net/mcfilter6", "net/netfilter", "net/netlink", "net/netstat", "net/nfsfs", "net/packet", "net/protocols", "net/psched", "net/ptype", "net/raw", "net/raw6", "net/rfcomm", "net/route", "net/rpc", "net/rt6_stats", "net/rt_acct", "net/rt_cache", "net/sco", "net/sctp", "net/snmp", "net/snmp6", "net/sockstat", "net/sockstat6", "net/softnet_stat", "net/stat", "net/tcp", "net/tcp6", "net/udp", "net/udp6", "net/udplite", "net/udplite6", "net/unix", "net/wireless", "net/xfrm_stat", "net/ip_vs", "net/ip_vs_stats", "net/ip_vs_stats_percpu", "net/nf_conntrack", "net/nf_conntrack_expect", "net/vlan/config", "net/vlan/vlan0", "net/vlan/vlan1", "net/kcm", "net/psched", "timerslack_ns" 605 606 openat$procfs(fd const[AT_FDCWD], file ptr[in, string[procfs_file]], flags const[O_RDONLY], mode const[0]) fd 607 608 procfs_file = "/proc/keys", "/proc/key-users", "/proc/crypto", "/proc/consoles", "/proc/cgroups", "/proc/zoneinfo", "/proc/vmstat", "/proc/vmallocinfo", "/proc/tty/drivers", "/proc/tty/ldiscs", "/proc/timer_list", "/proc/sysvipc/sem", "/proc/sysvipc/msg", "/proc/sysvipc/shm", "/proc/stat", "/proc/slabinfo", "/proc/schedstat", "/proc/partitions", "/proc/meminfo", "/proc/mdstat", "/proc/locks", "/proc/diskstats", "/proc/cpuinfo", "/proc/consoles", "/proc/bus/input/devices", "/proc/bus/input/handlers", "/proc/asound/seq/clients", "/proc/asound/seq/clients", "/proc/asound/seq/timer", "/proc/asound/timers" 609 610 resource fd_yama_ptrace_scope[fd] 611 612 # 0 - YAMA_SCOPE_DISABLED 613 # 1 - YAMA_SCOPE_RELATIONAL 614 # 2 - YAMA_SCOPE_CAPABILITY 615 # 3 - YAMA_SCOPE_NO_ATTACH 616 yama_modes = "0", "1", "2", "3" 617 618 openat$yama_ptrace_scope(fd const[AT_FDCWD], file ptr[in, string["/proc/sys/kernel/yama/ptrace_scope"]], flags const[O_RDWR], mode const[0]) fd_yama_ptrace_scope 619 write$yama_ptrace_scope(fd fd_yama_ptrace_scope, data ptr[in, string[yama_modes]], count len[data]) 620 621 # Write into some interesting sysct's and sysfs/procfs files. 622 resource fd_sysctl[fd] 623 624 openat$sysctl(fd const[AT_FDCWD], file ptr[in, string[sysctl_file]], flags const[O_WRONLY], mode const[0]) fd_sysctl 625 write$sysctl(fd fd_sysctl, val ptr[in, string[sysctl_value]], len len[val]) 626 627 sysctl_file = "/sys/kernel/mm/ksm/run", "/proc/sys/vm/compact_memory", "/proc/sys/vm/drop_caches", "/proc/sys/net/ipv4/tcp_timestamps", "/proc/sys/net/ipv4/tcp_sack", "/proc/sys/net/ipv4/tcp_dsack", "/proc/sys/net/ipv4/tcp_window_scaling", "/proc/sys/net/ipv4/tcp_syncookies", "/proc/sys/net/ipv4/tcp_recovery", "/proc/sys/net/ipv4/tcp_mtu_probing", "/proc/sys/net/ipv4/tcp_rfc1337", "/proc/self/clear_refs" 628 # Most of these values are suitable for all sysctl_file files. 629 sysctl_value = "0", "1", "2", "3", "4", "5", "6", "7" 630 631 # Write to this file triggers khugepaged scan. 632 # We don't want to write small values as we only want the explicitly triggered scan. 633 resource fd_khugepaged_scan[fd] 634 635 openat$khugepaged_scan(fd const[AT_FDCWD], file ptr[in, string["/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs"]], flags const[O_WRONLY], mode const[0]) fd_khugepaged_scan 636 write$khugepaged_scan(fd fd_khugepaged_scan, val ptr[in, string["1000000"]], len len[val]) 637 638 resource fd_tcp_congestion[fd] 639 640 openat$tcp_congestion(fd const[AT_FDCWD], file ptr[in, string["/proc/sys/net/ipv4/tcp_congestion_control"]], flags const[O_WRONLY], mode const[0]) fd_tcp_congestion 641 write$tcp_congestion(fd fd_tcp_congestion, val ptr[in, string[tcp_congestion]], len len[val]) 642 643 tcp_congestion = "reno", "bbr", "bic", "cdg", "cubic", "dctcp", "westwood", "highspeed", "hybla", "htcp", "vegas", "nv", "veno", "scalable", "lp", "yeah", "illinois" 644 645 resource fd_tcp_mem[fd] 646 647 openat$tcp_mem(fd const[AT_FDCWD], file ptr[in, string[tcp_mem_files]], flags const[O_WRONLY], mode const[0]) fd_tcp_mem 648 write$tcp_mem(fd fd_tcp_mem, val ptr[in, tcp_mem_values], len len[val]) 649 650 tcp_mem_files = "/proc/sys/net/ipv4/tcp_rmem", "/proc/sys/net/ipv4/tcp_wmem" 651 652 tcp_mem_values { 653 v0 fmt[oct, int64] 654 sp0 const[' ', int8] 655 v1 fmt[oct, int64] 656 sp1 const[' ', int8] 657 v2 fmt[oct, int64] 658 z const[0, int8] 659 } [packed] 660 661 # /proc/self/reclaim is ChromeOS-specific: 662 # https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4c3ad28b9c913%5E%21/ 663 resource fd_proc_reclaim[fd] 664 665 openat$proc_reclaim(fd const[AT_FDCWD], file ptr[in, string["/proc/self/reclaim"]], flags const[O_WRONLY], mode const[0]) fd_proc_reclaim 666 write$proc_reclaim(fd fd_proc_reclaim, val ptr[in, string[proc_reclaim_vals]], len len[val]) 667 668 proc_reclaim_vals = "file", "anon", "all" 669 670 resource fd_pidfd[fd] 671 672 openat$pidfd(fd const[AT_FDCWD], file ptr[in, string["/proc/self"]], flags flags[open_flags], mode const[0]) fd_pidfd 673 openat$thread_pidfd(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self"]], flags flags[open_flags], mode const[0]) fd_pidfd 674 pidfd_send_signal(fd fd_pidfd, sig signalno, info ptr[in, siginfo], flags const[0]) 675 676 # pidfd_open is dangerous, so we use syz_pidfd_open instead. 677 pidfd_open(pid pid, flags const[0]) fd_pidfd (disabled) 678 syz_pidfd_open(pid pid, flags const[0]) fd_pidfd 679 pidfd_getfd(pidfd fd_pidfd, fd fd, flags const[0]) fd 680 681 close_range(fd fd, max_fd fd, flags flags[close_range_flags]) 682 683 # Uncomment on your own account. 684 #syz_open_dev$char(dev const[0xc], major intptr, minor intptr) fd 685 #syz_open_dev$block(dev const[0xb], major intptr, minor intptr) fd 686 687 # /dev/console known to cause problems on at least two different kernels. 688 # It can turn off all output or produce massive amounts of garbage on console. 689 # Disable it for now. 690 #syz_open_dev$console(dev ptr[in, string["/dev/console"]], id const[0], flags flags[open_flags]) fd 691 692 resource fd_autofs[fd] 693 694 # These devices are relatively safe (don't reboot and don't corrupt kernel memory). 695 # They need a more comprehensive support. But let at least open them for now, 696 # maybe fuzzer will be able to skrew them in a useful way. 697 # TODO: all these devices returning just fd need proper interface descriptions. 698 openat$vcs(fd const[AT_FDCWD], file ptr[in, string["/dev/vcs"]], flags flags[open_flags], mode const[0]) fd 699 syz_open_dev$vcsn(dev ptr[in, string["/dev/vcs#"]], id intptr, flags flags[open_flags]) fd 700 openat$vcsa(fd const[AT_FDCWD], file ptr[in, string["/dev/vcsa"]], flags flags[open_flags], mode const[0]) fd 701 syz_open_dev$vcsa(dev ptr[in, string["/dev/vcsa#"]], id intptr, flags flags[open_flags]) fd 702 openat$vcsu(fd const[AT_FDCWD], file ptr[in, string["/dev/vcsu"]], flags flags[open_flags], mode const[0]) fd 703 syz_open_dev$vcsu(dev ptr[in, string["/dev/vcsu#"]], id intptr, flags flags[open_flags]) fd 704 syz_open_dev$ircomm(dev ptr[in, string["/dev/ircomm#"]], id intptr, flags flags[open_flags]) fd 705 syz_open_dev$audion(dev ptr[in, string["/dev/audio#"]], id intptr, flags flags[open_flags]) fd 706 707 openat$null(fd const[AT_FDCWD], file ptr[in, string["/dev/null"]], flags flags[open_flags], mode const[0]) fd 708 openat$zero(fd const[AT_FDCWD], file ptr[in, string["/dev/zero"]], flags flags[open_flags], mode const[0]) fd 709 openat$full(fd const[AT_FDCWD], file ptr[in, string["/dev/full"]], flags flags[open_flags], mode const[0]) fd 710 openat$irnet(fd const[AT_FDCWD], file ptr[in, string["/dev/irnet"]], flags flags[open_flags], mode const[0]) fd 711 openat$hwrng(fd const[AT_FDCWD], file ptr[in, string["/dev/hwrng"]], flags flags[open_flags], mode const[0]) fd 712 openat$hpet(fd const[AT_FDCWD], file ptr[in, string["/dev/hpet"]], flags flags[open_flags], mode const[0]) fd 713 openat$autofs(fd const[AT_FDCWD], file ptr[in, string["/dev/autofs"]], flags flags[open_flags], mode const[0]) fd_autofs 714 openat$keychord(fd const[AT_FDCWD], file ptr[in, string["/dev/keychord"]], flags flags[open_flags], mode const[0]) fd 715 openat$zygote(fd const[AT_FDCWD], file ptr[in, string["/dev/socket/zygote"]], flags flags[open_flags], mode const[0]) fd 716 openat$pktcdvd(fd const[AT_FDCWD], file ptr[in, string["/dev/pktcdvd/control"]], flags flags[open_flags], mode const[0]) fd 717 openat$lightnvm(fd const[AT_FDCWD], file ptr[in, string["/dev/lightnvm/control"]], flags flags[open_flags], mode const[0]) fd 718 openat$xenevtchn(fd const[AT_FDCWD], file ptr[in, string["/dev/xen/evtchn"]], flags flags[open_flags], mode const[0]) fd 719 openat$dlm_control(fd const[AT_FDCWD], file ptr[in, string["/dev/dlm-control"]], flags flags[open_flags], mode const[0]) fd 720 openat$dlm_monitor(fd const[AT_FDCWD], file ptr[in, string["/dev/dlm-monitor"]], flags flags[open_flags], mode const[0]) fd 721 openat$dlm_plock(fd const[AT_FDCWD], file ptr[in, string["/dev/dlm_plock"]], flags flags[open_flags], mode const[0]) fd 722 openat$btrfs_control(fd const[AT_FDCWD], file ptr[in, string["/dev/btrfs-control"]], flags flags[open_flags], mode const[0]) fd 723 openat$ubi_ctrl(fd const[AT_FDCWD], file ptr[in, string["/dev/ubi_ctrl"]], flags flags[open_flags], mode const[0]) fd 724 openat$cachefiles(fd const[AT_FDCWD], file ptr[in, string["/dev/cachefiles"]], flags flags[open_flags], mode const[0]) fd 725 openat$ndctl0(fd const[AT_FDCWD], file ptr[in, string["/dev/ndctl0"]], flags flags[open_flags], mode const[0]) fd 726 openat$nmem0(fd const[AT_FDCWD], file ptr[in, string["/dev/nmem0"]], flags flags[open_flags], mode const[0]) fd 727 openat$nvram(fd const[AT_FDCWD], file ptr[in, string["/dev/nvram"]], flags flags[open_flags], mode const[0]) fd 728 openat$ocfs2_control(fd const[AT_FDCWD], file ptr[in, string["/dev/ocfs2_control"]], flags flags[open_flags], mode const[0]) fd 729 openat$nvme_fabrics(fd const[AT_FDCWD], file ptr[in, string["/dev/nvme-fabrics"]], flags flags[open_flags], mode const[0]) fd 730 731 pipefd { 732 rfd fd 733 wfd fd 734 } 735 736 type iovec[DIR, T] { 737 addr ptr[DIR, T] 738 len len[addr, intptr] 739 } 740 type iovec_in iovec[in, array[int8]] 741 type iovec_out iovec[out, array[int8]] 742 743 stat { 744 st_dev intptr 745 st_ino intptr 746 st_mode int32 747 st_nlink int32 748 st_uid uid 749 st_gid gid 750 st_rdev intptr 751 __pad1 const[0, intptr] 752 st_size intptr 753 st_blksize int32 754 __pad2 const[0, int32] 755 st_blocks intptr 756 st_atime intptr 757 st_atime_nsec intptr 758 st_mtime intptr 759 st_mtime_nsec intptr 760 st_ctime intptr 761 st_ctime_nsec intptr 762 __unused4 const[0, int32] 763 __unused5 const[0, int32] 764 } 765 766 statx { 767 mask int32 768 blksize int32 769 attributes int64 770 nlink int32 771 uid uid 772 gid gid 773 mode int16 774 __spare0 int16 775 ino int64 776 size int64 777 blocks int64 778 __spare1 int64 779 atime statx_timestamp 780 btime statx_timestamp 781 ctime statx_timestamp 782 mtime statx_timestamp 783 rdev_major int32 784 rdev_minor int32 785 dev_major int32 786 dev_minor int32 787 __spare2 array[int64, 14] 788 } 789 790 define STAT64_SIZE sizeof(struct stat64) 791 792 type stat64 array[int8, STAT64_SIZE] 793 794 pollfd { 795 fd fd 796 events flags[pollfd_events, int16] 797 revents const[0, int16] 798 } 799 800 sigset_t { 801 mask array[intptr, _NSIG_WORDS] 802 } 803 804 sigset_size { 805 ss ptr[inout, sigset_t] 806 len len[ss, intptr] 807 } 808 809 resource time_sec[intptr] 810 resource time_nsec[intptr] 811 resource time_usec[intptr] 812 813 # prog knowns about this struct type 814 timespec { 815 sec time_sec 816 nsec time_nsec 817 } 818 819 # prog knowns about this struct type 820 timeval { 821 sec time_sec 822 usec time_usec 823 } 824 825 statx_timestamp { 826 sec int64 827 nsec int32 828 __reserved int32 829 } 830 831 itimerspec { 832 interv timespec 833 value timespec 834 } 835 836 itimerval { 837 interv timeval 838 value timeval 839 } 840 841 utimbuf { 842 actime intptr 843 modtime intptr 844 } 845 846 sigevent { 847 val const[0, intptr] 848 signo signalno 849 notify flags[sigev_notify, int32] 850 u sigevent_u 851 } [size[SIGEVENT_SIZE]] 852 853 sigevent_u [ 854 tid pid 855 thr sigevent_thread 856 ] 857 858 define SIGEVENT_SIZE sizeof(struct sigevent) 859 860 sigevent_thread { 861 # NEED: this is function pointer and pthread_attr_t (?) 862 func buffer[in] 863 attr buffer[in] 864 } 865 866 cap_header { 867 var flags[cap_version, int32] 868 pid pid 869 } 870 871 cap_data { 872 eff0 int32 873 perm0 int32 874 inher0 int32 875 eff1 int32 876 perm1 int32 877 inher1 int32 878 } 879 880 epoll_event { 881 ev flags[epoll_ev, int32] 882 data const[0, int64] 883 # TODO: this packed only on amd64 884 } [packed] 885 886 # TODO: fd_set needs to be a separate type 887 fd_set { 888 mask0 int64 889 mask1 int64 890 mask2 int64 891 mask3 int64 892 mask4 int64 893 mask5 int64 894 mask6 int64 895 mask7 int64 896 } 897 898 sock_fprog { 899 len len[filter, int16] 900 filter ptr[in, array[sock_filter]] 901 } 902 903 sock_filter { 904 code int16 905 jt int8 906 jf int8 907 k int32 908 } 909 910 file_handle [ 911 raw file_handle_raw 912 shmem file_handle_t[1, fid_shmem] 913 fuse file_handle_t[0x81, fid_fuse] 914 fuse_with_parent file_handle_t[0x82, fid_fuse_with_parent] 915 nfs file_handle_t[36, fid_nfs] 916 FILEID_INO32_GEN file_handle_t[FILEID_INO32_GEN, fid_FILEID_INO32_GEN] 917 FILEID_INO32_GEN_PARENT file_handle_t[FILEID_INO32_GEN_PARENT, fid_FILEID_INO32_GEN_PARENT] 918 FILEID_UDF_WITHOUT_PARENT file_handle_t[FILEID_UDF_WITHOUT_PARENT, fid_FILEID_UDF_WITHOUT_PARENT] 919 FILEID_UDF_WITH_PARENT file_handle_t[FILEID_UDF_WITH_PARENT, fid_FILEID_UDF_WITH_PARENT] 920 FILEID_BTRFS_WITH_PARENT file_handle_t[FILEID_BTRFS_WITH_PARENT, btrfs_fid] 921 FILEID_BTRFS_WITH_PARENT_ROOT file_handle_t[FILEID_BTRFS_WITH_PARENT, btrfs_fid] 922 FILEID_BTRFS_WITHOUT_PARENT file_handle_t[FILEID_BTRFS_WITH_PARENT, btrfs_fid] 923 ceph_nfs_snapfh file_handle_t[FILEID_BTRFS_WITH_PARENT, ceph_nfs_snapfh] 924 ceph_nfs_fh file_handle_t[FILEID_INO32_GEN, ceph_nfs_fh] 925 ceph_nfs_confh file_handle_t[FILEID_INO32_GEN_PARENT, ceph_nfs_confh] 926 GFS2_SMALL_FH_SIZE file_handle_t[GFS2_SMALL_FH_SIZE, fid_GFS2_SMALL_FH_SIZE] 927 GFS2_LARGE_FH_SIZE file_handle_t[GFS2_LARGE_FH_SIZE, fid_GFS2_LARGE_FH_SIZE] 928 OVL_FILEID_V0 file_handle_t[OVL_FILEID_V0, ovl_fb] 929 OVL_FILEID_V1 file_handle_t[OVL_FILEID_V1, ovl_fh] 930 FILEID_NILFS_WITHOUT_PARENT file_handle_t[FILEID_NILFS_WITHOUT_PARENT, nilfs_fid] 931 FILEID_NILFS_WITH_PARENT file_handle_t[FILEID_NILFS_WITH_PARENT, nilfs_fid] 932 reiserfs_2 file_handle_t[2, fid_reiserfs_2] 933 reiserfs_3 file_handle_t[3, fid_reiserfs_3] 934 reiserfs_4 file_handle_t[4, fid_reiserfs_4] 935 reiserfs_5 file_handle_t[5, fid_reiserfs_5] 936 reiserfs_6 file_handle_t[6, fid_reiserfs_6] 937 xfs file_handle_t[0x81, xfs_fid64] 938 xfs_parent file_handle_t[0x82, xfs_fid64] 939 orangefs file_handle_t[1, fid_orangefs] 940 orangefs_parent file_handle_t[2, fid_orangefs_parent] 941 isofs file_handle_t[1, isofs_fid] 942 isofs_parent file_handle_t[2, isofs_fid] 943 ocfs2 file_handle_t[1, fid_ocfs2] 944 ocfs2_parent file_handle_t[2, fid_ocfs2_parent] 945 ] [varlen] 946 947 file_handle_raw { 948 handle_bytes bytesize[f_handle, int32] 949 handle_type flags[fid_type, int32] 950 f_handle align32[array[int8]] 951 } 952 953 type file_handle_t[TYPE, FID] { 954 handle_bytes bytesize[f_handle, int32] 955 handle_type const[TYPE, int32] 956 f_handle FID 957 } 958 959 fid_shmem { 960 gen int32 961 ino int64 962 } [packed] 963 964 fid_fuse { 965 nodeid_hi int32 966 nodeid_lo int32 967 generation int32 968 } 969 970 fid_fuse_with_parent { 971 base fid_fuse 972 parent_fid fid_fuse 973 } [packed] 974 975 fid_FILEID_INO32_GEN { 976 ino int32 977 gen int32 978 } 979 980 fid_FILEID_INO32_GEN_PARENT { 981 base fid_FILEID_INO32_GEN 982 parent_ino int32 983 parent_gen int32 984 } 985 986 fid_FILEID_UDF_WITHOUT_PARENT { 987 block int32 988 partref int16 989 parent_partref int16 990 generation int32 991 } 992 993 fid_FILEID_UDF_WITH_PARENT { 994 base fid_FILEID_UDF_WITHOUT_PARENT 995 parent_block int32 996 parent_generation int32 997 } 998 999 btrfs_fid { 1000 objectid int64 1001 root_objectid int64 1002 gen int32 1003 parent_objectid int64 1004 parent_gen int32 1005 parent_root_objectid int64 1006 } [packed] 1007 1008 ceph_nfs_snapfh { 1009 ino int64 1010 snapid int64 1011 parent_ino int64 1012 hash int32 1013 } [packed] 1014 1015 ceph_nfs_fh { 1016 ino int64 1017 } 1018 1019 ceph_nfs_confh { 1020 ino int64 1021 parent_ino int64 1022 } 1023 1024 fid_GFS2_SMALL_FH_SIZE { 1025 no_formal_ino_hi int32be 1026 no_formal_ino_lo int32be 1027 no_addr_hi int32be 1028 no_addr_lo int32be 1029 } 1030 1031 fid_GFS2_LARGE_FH_SIZE { 1032 base fid_GFS2_SMALL_FH_SIZE 1033 parent_fid fid_GFS2_SMALL_FH_SIZE 1034 } 1035 1036 define GFS2_SMALL_FH_SIZE 4 1037 define GFS2_LARGE_FH_SIZE 8 1038 1039 fid_nfs { 1040 fileid_hi int32 1041 fileid_lo int32 1042 type int32 1043 # The total size is encoded in file_handle.handle_type, so we make this const size. 1044 size const[NFS_MAXFHSIZE, int16] 1045 data array[int8, NFS_MAXFHSIZE] 1046 } [align[4]] 1047 1048 fid_reiserfs_2 { 1049 objectid int32 1050 dir_id int32 1051 } 1052 1053 fid_reiserfs_3 { 1054 objectid int32 1055 dir_id int32 1056 generation int32 1057 } 1058 1059 fid_reiserfs_4 { 1060 objectid int32 1061 dir_id int32 1062 parent_objectid int32 1063 parent_dir_id int32 1064 } 1065 1066 fid_reiserfs_5 { 1067 objectid int32 1068 dir_id int32 1069 generation int32 1070 parent_objectid int32 1071 parent_dir_id int32 1072 } 1073 1074 fid_reiserfs_6 { 1075 objectid int32 1076 dir_id int32 1077 generation int32 1078 parent_objectid int32 1079 parent_dir_id int32 1080 parent_generation int32 1081 } 1082 1083 xfs_fid64 { 1084 ino int64 1085 gen int32 1086 parent_ino int64 1087 parent_gen int32 1088 } [align[4]] 1089 1090 fid_orangefs { 1091 khandle array[int8, 16] 1092 fs_id int32 1093 } 1094 1095 fid_orangefs_parent { 1096 base fid_orangefs 1097 parent_fid fid_orangefs 1098 } 1099 1100 nilfs_fid { 1101 cno int64 1102 ino int64 1103 gen int32 1104 parent_gen int32 1105 parent_ino int64 1106 } [packed] 1107 1108 isofs_fid { 1109 block int32 1110 offset int16 1111 parent_offset int16 1112 generation int32 1113 parent_block int32 1114 parent_generation int32 1115 } 1116 1117 fid_ocfs2 { 1118 blkno_hi int32 1119 blkno_lo int32 1120 generation int32 1121 } 1122 1123 fid_ocfs2_parent { 1124 base fid_ocfs2 1125 parent_fid fid_ocfs2 1126 } 1127 1128 fid_type = FILEID_ROOT, FILEID_INO32_GEN, FILEID_INO32_GEN_PARENT, FILEID_BTRFS_WITHOUT_PARENT, FILEID_BTRFS_WITH_PARENT, FILEID_BTRFS_WITH_PARENT_ROOT, FILEID_UDF_WITHOUT_PARENT, FILEID_UDF_WITH_PARENT, FILEID_NILFS_WITHOUT_PARENT, FILEID_NILFS_WITH_PARENT, FILEID_FAT_WITHOUT_PARENT, FILEID_FAT_WITH_PARENT, FILEID_LUSTRE, FILEID_KERNFS 1129 1130 mq_attr { 1131 mq_flags intptr 1132 mq_maxmsg intptr 1133 mq_msgsize intptr 1134 mq_curmsgs intptr 1135 __reserved array[const[0, intptr], 4] 1136 } 1137 1138 kexec_segment { 1139 buf buffer[in] 1140 sz len[buf, intptr] 1141 # TODO: this is address in kernel 1142 mem intptr 1143 memsz intptr 1144 } 1145 1146 rusage { 1147 utime timeval 1148 stime timeval 1149 maxrss intptr 1150 ixrss intptr 1151 idrss intptr 1152 isrss intptr 1153 minflt intptr 1154 majflt intptr 1155 nswap intptr 1156 inblock intptr 1157 oublock intptr 1158 msgsnd intptr 1159 msgrcv intptr 1160 signals intptr 1161 nvcsw intptr 1162 nivcsw intptr 1163 } 1164 1165 rlimit { 1166 soft intptr 1167 hard intptr 1168 } 1169 1170 sigaction { 1171 sa_handler ptr[in, text[target]] 1172 sa_flags flags[sigaction_flags, intptr] 1173 sa_restorer ptr[in, text[target]] 1174 sa_mask sigset_t 1175 } 1176 1177 sigaltstack { 1178 ss_sp ptr[out, array[int8]] 1179 ss_flags flags[sigaltstack_flags, int32] 1180 ss_size bytesize[ss_sp, intptr] 1181 } 1182 1183 sigaltstack_flags = SS_ONSTACK, SS_DISABLE, SS_AUTODISARM 1184 1185 tms { 1186 utime intptr 1187 stime intptr 1188 cutime intptr 1189 cstime intptr 1190 } 1191 1192 siginfo { 1193 signo signalno 1194 errno int32 1195 code int32 1196 } [size[SIGINFO_SIZE]] 1197 1198 define SIGINFO_SIZE sizeof(struct siginfo) 1199 1200 timex { 1201 stuff0 intptr 1202 stuff1 intptr 1203 stuff2 intptr 1204 stuff3 intptr 1205 stuff4 intptr 1206 stuff5 intptr 1207 stuff6 intptr 1208 stuff7 intptr 1209 stuff8 intptr 1210 stuff9 intptr 1211 stuff10 intptr 1212 stuff11 intptr 1213 stuff12 intptr 1214 stuff13 intptr 1215 stuff14 intptr 1216 stuff15 intptr 1217 stuff16 intptr 1218 stuff17 intptr 1219 stuff18 intptr 1220 stuff19 intptr 1221 stuff20 intptr 1222 stuff21 intptr 1223 stuff22 intptr 1224 stuff23 intptr 1225 stuff24 intptr 1226 stuff25 intptr 1227 } 1228 1229 ustat { 1230 f_tfree int32 1231 f_tinode intptr 1232 f_fname array[int8, 6] 1233 f_fpack array[int8, 6] 1234 } 1235 1236 user_desc { 1237 entry_number int32 1238 # Base should be vma and limit should be len[base] 1239 # But these fields are int32, so we can't use vma. 1240 base_addr flags[user_desc_bases, int32] 1241 limit flags[user_desc_limits, int32] 1242 seg_32bit int32:1 1243 contents int32:2 1244 read_exec_only int32:1 1245 limit_in_pages int32:1 1246 seg_not_present int32:1 1247 useable int32:1 1248 lm int32:1 1249 } 1250 1251 user_desc_bases = 0, 4096, 1048576, 536870912, 536872960, 536875008, -1 1252 user_desc_limits = 0, 1024, 4096, 8192, 16384, -1 1253 1254 sched_attr { 1255 size bytesize[parent, int32] 1256 sched_policy flags[sched_policy, int32] 1257 sched_flags flags[sched_attr_flags, int64] 1258 sched_nice int32 1259 sched_priority int32 1260 sched_runtime int64 1261 sched_deadline int64 1262 sched_period int64 1263 sched_util_min int32 1264 sched_util_max int32 1265 } 1266 1267 sched_policy = SCHED_NORMAL, SCHED_FIFO, SCHED_RR, SCHED_BATCH, SCHED_IDLE, SCHED_DEADLINE 1268 sched_attr_flags = SCHED_FLAG_RESET_ON_FORK, SCHED_FLAG_RECLAIM, SCHED_FLAG_DL_OVERRUN, SCHED_FLAG_KEEP_POLICY, SCHED_FLAG_KEEP_PARAMS, SCHED_FLAG_UTIL_CLAMP_MIN, SCHED_FLAG_UTIL_CLAMP_MAX, SCHED_FLAG_SUGOV 1269 1270 flock { 1271 type flags[flock_type, int16] 1272 whence flags[seek_whence, int16] 1273 start intptr 1274 len intptr 1275 pid pid 1276 } 1277 1278 f_owner_ex { 1279 type flags[f_owner_type, int32] 1280 pid pid 1281 } 1282 1283 ucred { 1284 pid pid 1285 uid uid 1286 gid gid 1287 } 1288 1289 kcmp_epoll_slot { 1290 efd fd_epoll 1291 tfd fd 1292 toff int32 1293 } 1294 1295 open_how { 1296 flags flags[open_flags, int64] 1297 mode flags[open_mode, int64] 1298 resolve flags[resolve_flags, int64] 1299 } 1300 1301 # Not providing O_WRONLY means O_RDONLY. 1302 open_flags = O_WRONLY, O_RDWR, O_APPEND, FASYNC, O_CLOEXEC, O_CREAT, O_DIRECT, O_DIRECTORY, O_EXCL, O_LARGEFILE, O_NOATIME, O_NOCTTY, O_NOFOLLOW, O_NONBLOCK, O_PATH, O_SYNC, O_TRUNC, __O_TMPFILE 1303 open_mode = S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH 1304 resolve_flags = RESOLVE_CACHED, RESOLVE_BENEATH, RESOLVE_IN_ROOT, RESOLVE_NO_MAGICLINKS, RESOLVE_NO_SYMLINKS, RESOLVE_NO_XDEV 1305 madvise_flags = MADV_NORMAL, MADV_RANDOM, MADV_SEQUENTIAL, MADV_WILLNEED, MADV_DONTNEED, MADV_REMOVE, MADV_DONTFORK, MADV_DOFORK, MADV_HWPOISON, MADV_SOFT_OFFLINE, MADV_MERGEABLE, MADV_UNMERGEABLE, MADV_HUGEPAGE, MADV_NOHUGEPAGE, MADV_DONTDUMP, MADV_DODUMP, MADV_WIPEONFORK, MADV_KEEPONFORK, MADV_COLD, MADV_PAGEOUT, MADV_POPULATE_READ, MADV_POPULATE_WRITE, MADV_COLLAPSE 1306 fadvise_flags = POSIX_FADV_NORMAL, POSIX_FADV_SEQUENTIAL, POSIX_FADV_RANDOM, POSIX_FADV_NOREUSE, POSIX_FADV_WILLNEED, POSIX_FADV_DONTNEED 1307 move_pages_flags = MPOL_MF_MOVE, MPOL_MF_MOVE_ALL 1308 msync_flags = MS_ASYNC, MS_SYNC, MS_INVALIDATE 1309 mmap_prot = PROT_EXEC, PROT_READ, PROT_WRITE, PROT_SEM, PROT_GROWSDOWN, PROT_GROWSUP 1310 mmap_flags = MAP_SHARED, MAP_PRIVATE, MAP_32BIT, MAP_ANONYMOUS, MAP_DENYWRITE, MAP_EXECUTABLE, MAP_FILE, MAP_FIXED, MAP_GROWSDOWN, MAP_HUGETLB, MAP_LOCKED, MAP_NONBLOCK, MAP_NORESERVE, MAP_POPULATE, MAP_STACK, MAP_UNINITIALIZED, MAP_SHARED_VALIDATE, MAP_SYNC, MAP_FIXED_NOREPLACE 1311 mremap_flags = MREMAP_MAYMOVE, MREMAP_FIXED, MREMAP_DONTUNMAP 1312 mbind_mode = MPOL_DEFAULT, MPOL_BIND, MPOL_INTERLEAVE, MPOL_PREFERRED, MPOL_F_STATIC_NODES, MPOL_F_RELATIVE_NODES 1313 mbind_flags = MPOL_MF_STRICT, MPOL_MF_MOVE, MPOL_MF_MOVE_ALL 1314 pipe_flags = O_NONBLOCK, O_CLOEXEC, O_DIRECT, O_NOTIFICATION_PIPE 1315 mlock_flags = MLOCK_ONFAULT 1316 mlockall_flags = MCL_CURRENT, MCL_FUTURE, MCL_ONFAULT 1317 dup_flags = O_CLOEXEC 1318 splice_flags = SPLICE_F_MOVE, SPLICE_F_NONBLOCK, SPLICE_F_MORE, SPLICE_F_GIFT 1319 seek_whence = SEEK_SET, SEEK_CUR, SEEK_END, SEEK_DATA, SEEK_HOLE 1320 signalfd_flags = SFD_NONBLOCK, SFD_CLOEXEC 1321 eventfd_flags = EFD_CLOEXEC, EFD_NONBLOCK, EFD_SEMAPHORE 1322 timerfd_create_flags = TFD_NONBLOCK, TFD_CLOEXEC 1323 timerfd_settime_flags = TFD_TIMER_ABSTIME, TFD_TIMER_CANCEL_ON_SET 1324 clock_type = CLOCK_REALTIME, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC, CLOCK_MONOTONIC_COARSE, CLOCK_MONOTONIC_RAW, CLOCK_BOOTTIME, CLOCK_PROCESS_CPUTIME_ID, CLOCK_THREAD_CPUTIME_ID, CLOCK_REALTIME_ALARM, CLOCK_BOOTTIME_ALARM 1325 sigev_notify = SIGEV_NONE, SIGEV_SIGNAL, SIGEV_THREAD, SIGEV_THREAD_ID 1326 cap_version = _LINUX_CAPABILITY_VERSION_1, _LINUX_CAPABILITY_VERSION_2, _LINUX_CAPABILITY_VERSION_3 1327 epoll_flags = EPOLL_CLOEXEC 1328 epoll_ev = POLLIN, POLLOUT, POLLRDHUP, POLLPRI, POLLERR, POLLHUP, EPOLLET, EPOLLONESHOT, EPOLLEXCLUSIVE, EPOLLWAKEUP 1329 pollfd_events = POLLIN, POLLPRI, POLLOUT, POLLERR, POLLHUP, POLLNVAL, POLLRDNORM, POLLRDBAND, POLLWRNORM, POLLWRBAND, POLLMSG, POLLREMOVE, POLLRDHUP, POLLFREE, POLL_BUSY_LOOP 1330 mknod_mode = S_IFREG, S_IFCHR, S_IFBLK, S_IFIFO, S_IFSOCK, S_ISUID, S_ISGID, S_ISVTX, open_mode 1331 at_flags = AT_EMPTY_PATH, AT_SYMLINK_NOFOLLOW, AT_SYMLINK_FOLLOW, AT_NO_AUTOMOUNT, AT_EMPTY_PATH 1332 fallocate_mode = FALLOC_FL_KEEP_SIZE, FALLOC_FL_PUNCH_HOLE, FALLOC_FL_COLLAPSE_RANGE, FALLOC_FL_ZERO_RANGE, FALLOC_FL_INSERT_RANGE, FALLOC_FL_UNSHARE_RANGE, FALLOC_FL_NO_HIDE_STALE 1333 linkat_flags = AT_EMPTY_PATH, AT_SYMLINK_FOLLOW 1334 unlinkat_flags = AT_REMOVEDIR 1335 renameat2_flags = RENAME_EXCHANGE, RENAME_NOREPLACE, RENAME_WHITEOUT 1336 flock_op = LOCK_SH, LOCK_EX, LOCK_UN, LOCK_NB 1337 statx_flags = AT_SYMLINK_NOFOLLOW, AT_SYMLINK_FOLLOW, AT_NO_AUTOMOUNT, AT_EMPTY_PATH, AT_STATX_SYNC_TYPE, AT_STATX_SYNC_AS_STAT, AT_STATX_FORCE_SYNC, AT_STATX_DONT_SYNC 1338 statx_mask = STATX_TYPE, STATX_MODE, STATX_NLINK, STATX_UID, STATX_GID, STATX_ATIME, STATX_MTIME, STATX_CTIME, STATX_INO, STATX_SIZE, STATX_BLOCKS, STATX_BASIC_STATS, STATX_BTIME 1339 name_to_handle_at_flags = AT_EMPTY_PATH, AT_SYMLINK_FOLLOW, AT_HANDLE_FID 1340 mq_open_flags = O_WRONLY, O_RDWR, O_NONBLOCK, O_CREAT, O_EXCL, O_CREAT 1341 finit_module_flags = MODULE_INIT_IGNORE_MODVERSIONS, MODULE_INIT_IGNORE_VERMAGIC 1342 delete_module_flags = O_NONBLOCK, O_TRUNC 1343 kexec_load_flags = KEXEC_ON_CRASH, KEXEC_PRESERVE_CONTEXT, KEXEC_ARCH_386, KEXEC_ARCH_X86_64, KEXEC_ARCH_PPC, KEXEC_ARCH_PPC64, KEXEC_ARCH_IA_64, KEXEC_ARCH_ARM, KEXEC_ARCH_S390, KEXEC_ARCH_SH, KEXEC_ARCH_MIPS, KEXEC_ARCH_MIPS_LE, KEXEC_ARCH_DEFAULT 1344 faccessat_flags = AT_EACCESS, AT_SYMLINK_NOFOLLOW, AT_EMPTY_PATH 1345 sync_file_flags = SYNC_FILE_RANGE_WAIT_BEFORE, SYNC_FILE_RANGE_WRITE, SYNC_FILE_RANGE_WAIT_AFTER 1346 kcmp_flags = KCMP_FILE, KCMP_FILES, KCMP_FS, KCMP_IO, KCMP_SIGHAND, KCMP_SYSVSEM, KCMP_VM 1347 rusage_who = RUSAGE_SELF, RUSAGE_CHILDREN, RUSAGE_THREAD 1348 rlimit_type = RLIMIT_AS, RLIMIT_CORE, RLIMIT_CPU, RLIMIT_DATA, RLIMIT_FSIZE, RLIMIT_LOCKS, RLIMIT_MEMLOCK, RLIMIT_MSGQUEUE, RLIMIT_NICE, RLIMIT_NOFILE, RLIMIT_NPROC, RLIMIT_RSS, RLIMIT_RTPRIO, RLIMIT_RTTIME, RLIMIT_SIGPENDING, RLIMIT_STACK 1349 # The ones that disable console output are intentionally omitted. 1350 syslog_cmd = SYSLOG_ACTION_CLOSE, SYSLOG_ACTION_OPEN, SYSLOG_ACTION_READ, SYSLOG_ACTION_READ_ALL, SYSLOG_ACTION_READ_CLEAR, SYSLOG_ACTION_SIZE_UNREAD, SYSLOG_ACTION_SIZE_BUFFER 1351 ioprio_which_pid = IOPRIO_WHO_PROCESS, IOPRIO_WHO_PGRP 1352 ioprio_which_uid = IOPRIO_WHO_USER 1353 personality_flags = PER_LINUX, PER_SVR4, PER_SVR3, PER_OSR5, PER_WYSEV386, PER_ISCR4, PER_BSD, PER_XENIX, PER_LINUX32, PER_IRIX32, PER_IRIXN32, PER_IRIX64, PER_RISCOS, PER_SOLARIS, PER_UW7, PER_OSF4, PER_HPUX, ADDR_NO_RANDOMIZE, MMAP_PAGE_ZERO, ADDR_COMPAT_LAYOUT, READ_IMPLIES_EXEC, ADDR_LIMIT_32BIT, SHORT_INODE, WHOLE_SECONDS, STICKY_TIMEOUTS, ADDR_LIMIT_3GB 1354 clock_id = CLOCK_REALTIME, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC, CLOCK_MONOTONIC_COARSE, CLOCK_MONOTONIC_RAW, CLOCK_BOOTTIME, CLOCK_PROCESS_CPUTIME_ID, CLOCK_THREAD_CPUTIME_ID 1355 sigprocmask_how = SIG_BLOCK, SIG_UNBLOCK, SIG_SETMASK 1356 getitimer_which = ITIMER_REAL, ITIMER_VIRTUAL, ITIMER_PROF 1357 wait_options = WNOHANG, WUNTRACED, WCONTINUED, WEXITED, WSTOPPED, WCONTINUED, WNOHANG, WNOWAIT, __WCLONE, __WALL, __WNOTHREAD 1358 waitid_which = P_PID, P_PGID, P_ALL 1359 sigaction_flags = SA_NOCLDSTOP, SA_NOCLDWAIT, SA_NODEFER, SA_ONSTACK, SA_RESETHAND, SA_RESTART, SA_SIGINFO 1360 timer_flags = TIMER_ABSTIME 1361 utimensat_flags = AT_SYMLINK_NOFOLLOW 1362 priority_which = PRIO_PROCESS, PRIO_PGRP, PRIO_USER 1363 mempolicy_flags = MPOL_F_MEMS_ALLOWED, MPOL_F_ADDR, MPOL_F_NODE 1364 ptrace_req = PTRACE_LISTEN, PTRACE_KILL, PTRACE_INTERRUPT, PTRACE_ATTACH, PTRACE_DETACH 1365 ptrace_req_peek = PTRACE_PEEKTEXT, PTRACE_PEEKDATA 1366 ptrace_req_poke = PTRACE_POKETEXT, PTRACE_POKEDATA 1367 ptrace_req_getregs = PTRACE_GETREGS, PTRACE_GETFPREGS 1368 ptrace_req_setregs = PTRACE_SETREGS, PTRACE_SETFPREGS 1369 ptrace_req_setopts = PTRACE_SETOPTIONS, PTRACE_SEIZE 1370 ptrace_req_cont = PTRACE_CONT, PTRACE_SYSCALL, PTRACE_SINGLESTEP, PTRACE_SYSEMU, PTRACE_SYSEMU_SINGLESTEP 1371 pthread_regset = NT_PRSTATUS, NT_PRFPREG, NT_PRPSINFO, NT_TASKSTRUCT, NT_AUXV, NT_386_TLS, NT_386_IOPERM, NT_X86_XSTATE 1372 ptrace_options = PTRACE_O_EXITKILL, PTRACE_O_TRACECLONE, PTRACE_O_TRACEEXEC, PTRACE_O_TRACEEXIT, PTRACE_O_TRACEFORK, PTRACE_O_TRACESYSGOOD, PTRACE_O_TRACEVFORK, PTRACE_O_TRACEVFORKDONE 1373 fcntl_dupfd = F_DUPFD, F_DUPFD_CLOEXEC 1374 fcntl_getflags = F_GETFD, F_GETFL, F_GETSIG, F_GETLEASE, F_GETPIPE_SZ, F_GET_SEALS 1375 fcntl_lock = F_SETLK, F_SETLKW, F_GETLK, F_OFD_GETLK, F_OFD_SETLK, F_OFD_SETLKW 1376 fcntl_flags = FD_CLOEXEC 1377 fcntl_status = O_APPEND, FASYNC, O_DIRECT, O_NOATIME, O_NONBLOCK 1378 flock_type = F_RDLCK, F_WRLCK, F_UNLCK 1379 f_owner_type = F_OWNER_TID, F_OWNER_PID, F_OWNER_PGRP 1380 fcntl_notify = DN_MULTISHOT, DN_ACCESS, DN_MODIFY, DN_CREATE, DN_DELETE, DN_RENAME, DN_ATTRIB 1381 seal_types = F_SEAL_SEAL, F_SEAL_SHRINK, F_SEAL_GROW, F_SEAL_WRITE 1382 ioctl_int_in = FIONBIO, FIOASYNC 1383 ioctl_int_out = FIOQSIZE, FIGETBSZ 1384 fcntl_rw_hint = RWF_WRITE_LIFE_NOT_SET, RWH_WRITE_LIFE_NONE, RWH_WRITE_LIFE_SHORT, RWH_WRITE_LIFE_MEDIUM, RWH_WRITE_LIFE_LONG, RWH_WRITE_LIFE_EXTREME 1385 fiemap_flags = FIEMAP_FLAG_SYNC, FIEMAP_FLAG_XATTR, FIEMAP_FLAG_CACHE 1386 fiemap_extent_flags = FIEMAP_EXTENT_LAST, FIEMAP_EXTENT_UNKNOWN, FIEMAP_EXTENT_DELALLOC, FIEMAP_EXTENT_ENCODED, FIEMAP_EXTENT_DATA_ENCRYPTED, FIEMAP_EXTENT_NOT_ALIGNED, FIEMAP_EXTENT_DATA_INLINE, FIEMAP_EXTENT_DATA_TAIL, FIEMAP_EXTENT_UNWRITTEN, FIEMAP_EXTENT_MERGED, FIEMAP_EXTENT_SHARED 1387 getrandom_flags = GRND_NONBLOCK, GRND_RANDOM 1388 clone_flags = CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_PTRACE, CLONE_VFORK, CLONE_PARENT, CLONE_THREAD, CLONE_NEWNS, CLONE_SYSVSEM, CLONE_SETTLS, CLONE_PARENT_SETTID, CLONE_CHILD_CLEARTID, CLONE_UNTRACED, CLONE_CHILD_SETTID, CLONE_NEWCGROUP, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWUSER, CLONE_NEWPID, CLONE_NEWNET, CLONE_IO, CLONE_PIDFD, CLONE_NEWTIME 1389 clone3_flags = CLONE_CLEAR_SIGHAND, CLONE_INTO_CGROUP, clone_flags 1390 ptrace_peeksiginfo_flags = PTRACE_PEEKSIGINFO_SHARED 1391 close_range_flags = CLOSE_RANGE_UNSHARE 1392 1393 # adjtimex flags. 1394 _ = STA_PLL, STA_PPSFREQ, STA_PPSTIME, STA_FLL, STA_INS, STA_DEL, STA_UNSYNC, STA_FREQHOLD, STA_PPSSIGNAL, STA_PPSJITTER, STA_PPSWANDER, STA_PPSERROR, STA_CLOCKERR, STA_NANO, STA_MODE, STA_CLK, STA_RONLY 1395 # clock_adjtime modes 1396 _ = ADJ_OFFSET, ADJ_FREQUENCY, ADJ_MAXERROR, ADJ_ESTERROR, ADJ_STATUS, ADJ_TIMECONST, ADJ_TAI, ADJ_SETOFFSET, ADJ_MICRO, ADJ_NANO, ADJ_TICK, ADJ_OFFSET_SINGLESHOT 1397 1398 # Consts for target.SpecialFileLenghts. 1399 _ = SMB_PATH_MAX, XT_CGROUP_PATH_MAX, XENSTORE_REL_PATH_MAX 1400 1401 # misc 1402 _ = KCOV_INIT_TRACE, KCOV_ENABLE, KCOV_DISABLE, KCOV_TRACE_PC, KCOV_TRACE_CMP, PTRACE_TRACEME, SYSLOG_ACTION_CONSOLE_ON, SYSLOG_ACTION_CONSOLE_OFF, SYSLOG_ACTION_CONSOLE_LEVEL, SYSLOG_ACTION_CLEAR, __NR_mmap2 1403 1404 # Hardcode KCOV_REMOTE_ENABLE value for amd64 until new kcov patches reach mainline. 1405 define KCOV_REMOTE_ENABLE 1075340134 1406 1407 # Not yet implemented syscalls: 1408 # umask 1409 # vhangup 1410 # _sysctl 1411 # adjtimex 1412 # swapon 1413 # swapoff 1414 # nfsservctl 1415 # getcpu 1416 1417 # Probably no sense in calling these. 1418 # Also affect system-wide state, so not reproducible anyway. 1419 # gettimeofday 1420 # settimeofday 1421 # reboot 1422 # sethostname 1423 # setdomainname 1424 # sched_get_priority_max 1425 # sched_get_priority_min