diff options
| author | Ricardo Cañuelo <ricardo.canuelo@collabora.com> | 2020-06-08 12:57:25 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-06-09 15:58:40 +0200 |
| commit | c5e085d96d1cdc855365b7fd9c1825b886f266f6 (patch) | |
| tree | 181b25942ec6919a7839a65b24b12f2711b277ab /sys/linux/dev_video4linux_vim2m.txt | |
| parent | 092934c131705d77c23b65df2a846fcd49d98469 (diff) | |
sys/linux: specific descriptions for vim2m (v4l2)
Add a set of descriptions to focus the fuzzing process on the V4L2 vim2m
test driver. This should be useful to test the M2M framework.
The syscalls are based on a specific file descriptor for the vim2m
device and a selection of v4l2 ioctls that operate on it. Some of the
existing v4l2 data structure definitions have been extended to allow
restricting and selecting some options in order to narrow down the
fuzzing process.
Initial support for Request API added.
Diffstat (limited to 'sys/linux/dev_video4linux_vim2m.txt')
| -rw-r--r-- | sys/linux/dev_video4linux_vim2m.txt | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/sys/linux/dev_video4linux_vim2m.txt b/sys/linux/dev_video4linux_vim2m.txt new file mode 100644 index 000000000..d0eb6fd43 --- /dev/null +++ b/sys/linux/dev_video4linux_vim2m.txt @@ -0,0 +1,58 @@ +# Copyright 2020 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +# V4L2 specific support for the vim2m driver. +# +# These descriptions narrow the search space to focus on the M2M +# framework code. The vim2m driver should be built into the kernel +# (CONFIG_VIDEO_VI2M2=y) + +include <linux/time.h> +include <linux/types.h> +include <uapi/asm/ioctl.h> +include <uapi/linux/fcntl.h> +include <uapi/linux/videodev2.h> +include <uapi/linux/v4l2-common.h> +include <uapi/linux/v4l2-subdev.h> +include <uapi/linux/v4l2-mediabus.h> +include <uapi/linux/media-bus-format.h> +include <uapi/linux/v4l2-controls.h> + +resource fd_vim2m[fd] + +# syz_open_dev will use devices from /dev/video0 to /dev/video10 +# openat$vim2m assumes a symlink (/dev/vim2m) to the appropriate vim2m device +# This can be set with a udev rule such as this: +# +# ATTR{name}=="vim2m", SYMLINK+="vim2m" + +syz_open_dev$vim2m(dev ptr[in, string["/dev/video#"]], id intptr, flags const[O_RDWR]) fd_vim2m +openat$vim2m(fd const[AT_FDCWD], file ptr[in, string["/dev/vim2m"]], flags const[O_RDWR], mode const[0]) fd_vim2m + +# Specialized ioctls for vim2m + +ioctl$vim2m_VIDIOC_QUERYCAP(fd fd_vim2m, cmd const[VIDIOC_QUERYCAP], arg ptr[out, v4l2_capability]) +ioctl$vim2m_VIDIOC_ENUM_FMT(fd fd_vim2m, cmd const[VIDIOC_ENUM_FMT], arg ptr[inout, v4l2_fmtdesc[v4l2_buf_type_vim2m]]) +ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(fd fd_vim2m, cmd const[VIDIOC_ENUM_FRAMESIZES], arg ptr[inout, v4l2_frmsizeenum]) +ioctl$vim2m_VIDIOC_G_FMT(fd fd_vim2m, cmd const[VIDIOC_G_FMT], arg ptr[inout, v4l2_format[v4l2_buf_type_vim2m]]) +ioctl$vim2m_VIDIOC_TRY_FMT(fd fd_vim2m, cmd const[VIDIOC_TRY_FMT], arg ptr[inout, v4l2_format[v4l2_buf_type_vim2m]]) +ioctl$vim2m_VIDIOC_S_FMT(fd fd_vim2m, cmd const[VIDIOC_S_FMT], arg ptr[inout, v4l2_format[v4l2_buf_type_vim2m]]) +ioctl$vim2m_VIDIOC_REQBUFS(fd fd_vim2m, cmd const[VIDIOC_REQBUFS], arg ptr[inout, v4l2_requestbuffers[v4l2_buf_type_vim2m]]) +ioctl$vim2m_VIDIOC_QUERYBUF(fd fd_vim2m, cmd const[VIDIOC_QUERYBUF], arg ptr[inout, v4l2_buffer[v4l2_buf_type_vim2m, fd_request]]) +ioctl$vim2m_VIDIOC_QBUF(fd fd_vim2m, cmd const[VIDIOC_QBUF], arg ptr[inout, v4l2_buffer[v4l2_buf_type_vim2m, fd_request]]) +ioctl$vim2m_VIDIOC_DQBUF(fd fd_vim2m, cmd const[VIDIOC_DQBUF], arg ptr[inout, v4l2_buffer[v4l2_buf_type_vim2m, fd_request]]) +ioctl$vim2m_VIDIOC_PREPARE_BUF(fd fd_vim2m, cmd const[VIDIOC_PREPARE_BUF], arg ptr[inout, v4l2_buffer[v4l2_buf_type_vim2m, fd_request]]) +ioctl$vim2m_VIDIOC_CREATE_BUFS(fd fd_vim2m, cmd const[VIDIOC_CREATE_BUFS], arg ptr[inout, v4l2_create_buffers[v4l2_buf_type_vim2m]]) +ioctl$vim2m_VIDIOC_EXPBUF(fd fd_vim2m, cmd const[VIDIOC_EXPBUF], arg ptr[inout, v4l2_exportbuffer[v4l2_buf_type_vim2m]]) +ioctl$vim2m_VIDIOC_S_CTRL(fd fd_vim2m, cmd const[VIDIOC_S_CTRL], arg ptr[inout, v4l2_control]) +ioctl$vim2m_VIDIOC_STREAMON(fd fd_vim2m, cmd const[VIDIOC_STREAMON], arg ptr[in, vim2m_qtype]) +ioctl$vim2m_VIDIOC_STREAMOFF(fd fd_vim2m, cmd const[VIDIOC_STREAMON], arg ptr[in, vim2m_qtype]) + +# Limit buffer types to OUTPUT and CAPTURE + +vim2m_qtype [ + output const[V4L2_BUF_TYPE_VIDEO_OUTPUT, int32] + capture const[V4L2_BUF_TYPE_VIDEO_CAPTURE, int32] +] + +v4l2_buf_type_vim2m = V4L2_BUF_TYPE_VIDEO_CAPTURE, V4L2_BUF_TYPE_VIDEO_OUTPUT |