sys/linux: update userfaultfd descriptions

Add 2 regular missing ioctl syscalls:
- UFFDIO_MOVE
- UFFDIO_POISON

Add USERFAULTFD_IOC_NEW ioctl that allows to procure userfaultfds
by way of accessing /dev/userfaultfd.

No other descriptions are touched, neither are any config options.

Tested on local x86_64 syzkaller instance with enabled_syscalls[]
option turned on.

2 files changed, 32 insertions, 0 deletions

diff --git a/sys/linux/uffd.txt b/sys/linux/uffd.txt
index 811cf2e78..4bed72512 100644
--- a/sys/linux/uffd.txt
+++ b/sys/linux/uffd.txt
@@ -6,8 +6,10 @@ include <uapi/linux/fcntl.h>
 include <uapi/linux/userfaultfd.h>
 
 resource fd_uffd[fd]
+resource fd_uffd_dev[fd]
 
 userfaultfd(flags flags[userfaultfd_flags]) fd_uffd
+openat$userfaultfd(fd const[AT_FDCWD], file ptr[in, string["/dev/userfaultfd"]], flags flags[userfaultfd_flags], mode const[0]) fd_uffd_dev
 
 ioctl$UFFDIO_API(fd fd_uffd, cmd const[UFFDIO_API], arg ptr[in, uffdio_api])
 ioctl$UFFDIO_REGISTER(fd fd_uffd, cmd const[UFFDIO_REGISTER], arg ptr[in, uffdio_register])
@@ -15,8 +17,12 @@ ioctl$UFFDIO_UNREGISTER(fd fd_uffd, cmd const[UFFDIO_UNREGISTER], arg ptr[in, uf
 ioctl$UFFDIO_WAKE(fd fd_uffd, cmd const[UFFDIO_WAKE], arg ptr[in, uffdio_range])
 ioctl$UFFDIO_COPY(fd fd_uffd, cmd const[UFFDIO_COPY], arg ptr[in, uffdio_copy])
 ioctl$UFFDIO_ZEROPAGE(fd fd_uffd, cmd const[UFFDIO_ZEROPAGE], arg ptr[in, uffdio_zeropage])
+ioctl$UFFDIO_MOVE(fd fd_uffd, cmd const[UFFDIO_MOVE], arg ptr[in, uffdio_move])
 ioctl$UFFDIO_WRITEPROTECT(fd fd_uffd, cmd const[UFFDIO_WRITEPROTECT], arg ptr[in, uffdio_writeprotect])
 ioctl$UFFDIO_CONTINUE(fd fd_uffd, cmd const[UFFDIO_CONTINUE], arg ptr[in, uffdio_continue])
+ioctl$UFFDIO_POISON(fd fd_uffd, cmd const[UFFDIO_POISON], arg ptr[in, uffdio_poison])
+
+ioctl$USERFAULTFD_IOC_NEW(fd fd_uffd_dev, cmd const[USERFAULTFD_IOC_NEW]) fd_uffd
 
 userfaultfd_flags = O_NONBLOCK, O_CLOEXEC, UFFD_USER_MODE_ONLY
 uffdio_register_mode = UFFDIO_REGISTER_MODE_MISSING, UFFDIO_REGISTER_MODE_WP, UFFDIO_REGISTER_MODE_MINOR
@@ -55,6 +61,16 @@ uffdio_zeropage {
 	zeropg	const[0, int64]
 }
 
+uffdio_move {
+	dst	vma64
+	src	vma64
+	len	len[dst, int64]
+	mode	flags[uffdio_move_mode, int64]
+	move	int64	(out)
+}
+
+uffdio_move_mode = UFFDIO_MOVE_MODE_DONTWAKE, UFFDIO_MOVE_MODE_ALLOW_SRC_HOLES
+
 uffdio_writeprotect {
 	range	uffdio_range
 	mode	flags[uffdio_writeprotect_mode, int64]
@@ -69,3 +85,11 @@ uffdio_continue {
 }
 
 uffdio_continue_mode = UFFDIO_CONTINUE_MODE_DONTWAKE
+
+uffdio_poison {
+	range	uffdio_range
+	mode	flags[uffdio_poison_mode, int64]
+	updated	int64	(out)
+}
+
+uffdio_poison_mode = UFFDIO_POISON_MODE_DONTWAKE
diff --git a/sys/linux/uffd.txt.const b/sys/linux/uffd.txt.const
index bcab8f462..0e2c3dc34 100644
--- a/sys/linux/uffd.txt.const
+++ b/sys/linux/uffd.txt.const
@@ -1,5 +1,6 @@
 # Code generated by syz-sysgen. DO NOT EDIT.
 arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x
+AT_FDCWD = 18446744073709551516
 O_CLOEXEC = 524288
 O_NONBLOCK = 2048, mips64le:128
 UFFDIO_API = 3222841919
@@ -8,6 +9,11 @@ UFFDIO_CONTINUE_MODE_DONTWAKE = 1
 UFFDIO_COPY = 3223890435
 UFFDIO_COPY_MODE_DONTWAKE = 1
 UFFDIO_COPY_MODE_WP = 2
+UFFDIO_MOVE = 3223890437
+UFFDIO_MOVE_MODE_ALLOW_SRC_HOLES = 2
+UFFDIO_MOVE_MODE_DONTWAKE = 1
+UFFDIO_POISON = 3223366152
+UFFDIO_POISON_MODE_DONTWAKE = 1
 UFFDIO_REGISTER = 3223366144
 UFFDIO_REGISTER_MODE_MINOR = 4
 UFFDIO_REGISTER_MODE_MISSING = 1
@@ -32,5 +38,7 @@ UFFD_FEATURE_PAGEFAULT_FLAG_WP = 1
 UFFD_FEATURE_SIGBUS = 128
 UFFD_FEATURE_THREAD_ID = 256
 UFFD_USER_MODE_ONLY = 1
+USERFAULTFD_IOC_NEW = 43520, mips64le:ppc64le:536914432
 __NR_ioctl = 54, amd64:16, arm64:riscv64:29, mips64le:5015
+__NR_openat = 56, 386:295, amd64:257, arm:322, mips64le:5247, ppc64le:286, s390x:288
 __NR_userfaultfd = 282, 386:374, amd64:323, arm:388, mips64le:5317, ppc64le:364, s390x:355