文本文件  |  184行  |  7.35 KB

# Copyright 2017 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

include <ros/syscall.h>
include <ros/mman.h>
include <ros/fs.h>
include <ros/procinfo.h>
include <ros/resource.h>
include <ros/event.h>
include <ros/vmm.h>
include <ros/trapframe.h>
include <ros/fdtap.h>
include <ros/bits/posix_signum.h>
include <termios.h>

resource fd[int32]: 0xffffffffffffffff, AT_FDCWD
resource pid[int32]: 0, 0xffffffffffffffff

openat(fromfd fd[opt], path ptr[in, filename], path_l len[path], oflag flags[open_flags], mode flags[open_mode]) fd
read(fd fd, buf buffer[out], count len[buf])
write(fd fd, buf buffer[in], count len[buf])
close(fd fd)
abort_sysc_fd(fd fd)
stat(path ptr[in, filename], path_l len[path], statbuf ptr[out, array[int8, KSTAT_SIZE]])
fstat(fd fd, statbuf ptr[out, array[int8, KSTAT_SIZE]])
lstat(path ptr[in, filename], path_l len[path], statbuf ptr[out, array[int8, KSTAT_SIZE]])
llseek(fd fd, offset_hi intptr, offset_lo intptr, result ptr[out, int64], whence flags[seek_whence])
link(old ptr[in, filename], old_l len[old], new ptr[in, filename], new_l len[new])
unlink(path ptr[in, filename], path_l len[path])
symlink(old ptr[in, filename], old_l len[old], new ptr[in, filename], new_l len[new])
readlink(path ptr[in, filename], path_l len[path], buf buffer[out], siz len[buf])
chdir(pid pid[opt], path ptr[in, filename], path_l len[path])
fchdir(pid pid[opt], fd fd)
getcwd(buf buffer[out], size len[buf])
rename(old_path ptr[in, filename], old_path_l len[old_path], new_path ptr[in, filename], new_path_l len[new_path])
mkdir(path ptr[in, filename], path_l len[path], mode flags[open_mode])
rmdir(path ptr[in, filename], path_l len[path])

fcntl$F_DUPFD(fd fd, cmd const[F_DUPFD], arg fd, must_use_low boolptr) fd
fcntl$F_GETFD(fd fd, cmd const[F_GETFD])
fcntl$F_GETFL(fd fd, cmd const[F_GETFL])
fcntl$F_SETFD(fd fd, cmd const[F_SETFD], flags flags[fcntl_flags])
fcntl$F_SETFL(fd fd, cmd const[F_SETFL], flags flags[fcntl_status])
fcntl$F_SYNC(fd fd, cmd const[F_SYNC])

mmap(addr vma, len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd[opt], offset intptr)
munmap(addr vma, len len[addr])
mprotect(addr vma, len len[addr], prot flags[mmap_prot])

fork()
waitpid(pid pid, status ptr[out, int32], options flags[wait_options])
nanosleep(req ptr[in, timespec], rem ptr[out, timespec, opt])

open_flags = O_RDONLY, O_WRONLY, O_RDWR, O_APPEND, O_CLOEXEC, O_CREAT, O_DIRECTORY, O_EXCL, O_NOCTTY, O_NOFOLLOW, O_NONBLOCK, O_SYNC, O_TRUNC, O_REMCLO, O_PATH
open_mode = S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
mmap_prot = PROT_EXEC, PROT_READ, PROT_WRITE, PROT_GROWSDOWN, PROT_GROWSUP
mmap_flags = MAP_SHARED, MAP_PRIVATE, MAP_ANONYMOUS, MAP_DENYWRITE, MAP_EXECUTABLE, MAP_FIXED, MAP_GROWSDOWN, MAP_LOCKED, MAP_NONBLOCK, MAP_NORESERVE, MAP_POPULATE, MAP_STACK
wait_options = WNOHANG, WUNTRACED
fcntl_flags = FD_CLOEXEC
fcntl_status = O_APPEND, O_NONBLOCK, O_CLOEXEC, O_REMCLO, O_PATH
seek_whence = SEEK_SET, SEEK_CUR, SEEK_END

timespec {
	sec	intptr
	nsec	intptr
}

block(usec intptr)
cache_invalidate()
getpcoreid()
getvcoreid()
proc_create(path ptr[in, filename], path_l len[path], argenv ptr[in, string], argenv_l len[argenv], flags boolptr) pid
proc_run(pid pid[opt])
proc_destroy(pid pid[opt], exitcode int32)
proc_yield(being_nice bool32)
change_vcore(vcoreid int32, enable_my_notif bool32)
exec(path ptr[in, filename], path_l len[path], argenv ptr[in, string], argenv_l len[argenv])
provision(target_pid pid[opt], res_type const[RES_CORES], res_val intptr)
notify(target_pid pid[opt], ev_type flags[event_type], u_msg ptr[in, event_msg])
self_notify(vcoreid int32, ev_type flags[event_type], u_msg ptr[in, event_msg], priv bool32)
halt_core(usec intptr)
change_to_m()
poke_ksched(target_pid pid[opt], res_type const[0])
abort_sysc(syscall intptr)
populate_va(va vma, nr_pgs intptr)
vmm_add_gpcs(nr_more_gpcs intptr, gpcis ptr[in, vmm_gpcore_init])
vc_entry()
pop_ctx(ctx ptr[in, user_context])
vmm_poke_guest(guest_pcoreid int32)
send_event(ev_q ptr[in, event_queue], u_msg ptr[in, event_msg], vcoreid int32)
access(path ptr[in, filename], path_l len[path], mode flags[open_mode])
umask(mask int32)
wstat(path ptr[in, filename], path_l len[path], stat_m ptr[out, array[int8]], stat_sz bytesize[stat_m], flags const[0])
fwstat(fd fd, stat_m ptr[out, array[int8]], stat_sz bytesize[stat_m], flags const[0])
dup_fds_to(pid pid[opt], map ptr[in, array[childfdmap]], nentries len[map])
tap_fds(tap_reqs ptr[in, array[fd_tap_req]], nr_reqs len[tap_reqs])
tcgetattr(fd fd, termios_p ptr[out, array[int8, TERMIOS_SIZE]])
nbind(src_path ptr[in, filename], src_l len[src_path], onto_path ptr[in, filename], onto_l len[onto_path], flag flags[bind_flags])
nmount(fd fd, onto_path ptr[in, filename], onto_l len[onto_path], lag flags[bind_flags])
nunmount(src_path ptr[in, filename], src_l len[src_path], onto_path ptr[in, filename], onto_l len[onto_path])
fd2path(fd fd, u_buf ptr[out, array[int8]], len len[u_buf])

# Depends on deprecated CONFIG_ARSC_SERVER.
#init_arsc()

vmm_ctl$VMM_CTL_GET_EXITS(cmd const[VMM_CTL_GET_EXITS])
vmm_ctl$VMM_CTL_SET_EXITS(cmd const[VMM_CTL_SET_EXITS], arg flags[vmm_exits])
vmm_ctl$VMM_CTL_GET_FLAGS(cmd const[VMM_CTL_GET_FLAGS])
vmm_ctl$VMM_CTL_SET_FLAGS(cmd const[VMM_CTL_SET_FLAGS], arg flags[vmm_flags])

vmm_exits = VMM_CTL_FL_KERN_PRINTC
vmm_flags = VMM_CTL_EXIT_HALT, VMM_CTL_EXIT_PAUSE, VMM_CTL_EXIT_MWAIT

bind_flags = MREPL, MBEFORE, MAFTER, MCREATE, MCACHE

event_msg {
	ev_type	flags[event_type, int16]
	ev_arg1	int16
	ev_arg2	int32
	ev_arg3	ptr[in, array[int8]]
	ev_arg4	int64
}

event_queue {
	ev_mbox			ptr[in, event_mbox]
	ev_flags		int32
	ev_alert_pending	bool8
	ev_vcore		int32
# TODO: this is a function pointer, is it called by kernel?
	ev_handler		intptr
	ev_udata		intptr
}

# TODO: do we need more precise description?
type event_mbox array[int8, EVENT_MBOX_SIZE]

vmm_gpcore_init {
	posted_irq_desc	ptr[in, array[int8]]
	vapic_addr	ptr[in, array[int8]]
	apic_addr	ptr[in, array[int8]]
	fsbase		ptr[in, array[int8]]
	gsbase		ptr[in, array[int8]]
}

childfdmap {
	parentfd	fd
	childfd		const[0, int32]
	ok		const[0, int32]
}

fd_tap_req {
	fd	fd
	cmd	flags[fdtap_commands, int32]
	filter	flags[fdtap_filters, int32]
	ev_id	int32
	ev_q	ptr[in, event_queue]
	data	const[0, intptr]
}

fdtap_commands = FDTAP_CMD_ADD, FDTAP_CMD_REM, FDTAP_CMD_MOD
fdtap_filters = FDTAP_FILT_READABLE, FDTAP_FILT_WRITABLE, FDTAP_FILT_WRITTEN, FDTAP_FILT_DELETED, FDTAP_FILT_ERROR, FDTAP_FILT_RENAME, FDTAP_FILT_TRUNCATE, FDTAP_FILT_ATTRIB, FDTAP_FILT_PRIORITY, FDTAP_FILT_HANGUP, FDTAP_FILT_RDHUP

# TODO: do we need more precise description?
type user_context array[int8, USER_CONTEXT_SIZE]

define USER_CONTEXT_SIZE	sizeof(struct user_context)
define TERMIOS_SIZE	sizeof(struct termios)
define EVENT_MBOX_SIZE	sizeof(struct event_mbox)
define KSTAT_SIZE	sizeof(struct kstat)

event_type = EV_NONE, EV_PREEMPT_PENDING, EV_GANG_PREMPT_PENDING, EV_VCORE_PREEMPT, EV_GANG_RETURN, EV_USER_IPI, EV_PAGE_FAULT, EV_ALARM, EV_EVENT, EV_FREE_APPLE_PIE, EV_SYSCALL, EV_CHECK_MSGS, EV_POSIX_SIGNAL, NR_EVENT_TYPES, MAX_NR_EVENT

# Akaros does not bother to define these in headers.
define SEEK_SET	0
define SEEK_CUR	1
define SEEK_END	2

# Can't include <ns.h> because it conflicts with other header files (how it is supposed to be used?).
define MREPL	0x0000
define MBEFORE	0x0001
define MAFTER	0x0002
define MCREATE	0x0004
define MCACHE	0x0010