aboutsummaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorDmitry Vyukov <dvyukov@google.com>2016-11-11 14:44:01 -0800
committerGitHub <noreply@github.com>2016-11-11 14:44:01 -0800
commit89abacc228e60afe1df0b01d36dc7fe886ca7bcc (patch)
treef0ca6508ab6f3b6ea78e6260c28dd09f37c9d48c /sys
parent85f78e771dced807e5e09b8012ec38333e442bb7 (diff)
parent3a65453870b12f5c42739c27d99df8fc58358f88 (diff)
Merge pull request #86 from google/sys_ptrs
A bunch of changes to sys/prog package
Diffstat (limited to 'sys')
-rw-r--r--sys/README.md16
-rw-r--r--sys/align.go10
-rw-r--r--sys/bpf.txt2
-rw-r--r--sys/decl.go331
-rw-r--r--sys/dri.txt6
-rw-r--r--sys/input.txt6
-rw-r--r--sys/kdbus.txt2
-rw-r--r--sys/key.txt8
-rw-r--r--sys/kvm.txt4
-rw-r--r--sys/perf.txt2
-rwxr-xr-xsys/random.txt4
-rw-r--r--sys/sndcontrol.txt4
-rw-r--r--sys/sndseq.txt2
-rw-r--r--sys/sndtimer.txt2
-rw-r--r--sys/socket.txt9
-rw-r--r--sys/sys.txt163
-rw-r--r--sys/tlk_device.txt2
-rw-r--r--sys/tty.txt2
-rwxr-xr-xsys/tun.txt2
19 files changed, 238 insertions, 339 deletions
diff --git a/sys/README.md b/sys/README.md
index 18b3c76ab..8125a7b7c 100644
--- a/sys/README.md
+++ b/sys/README.md
@@ -23,7 +23,7 @@ Pseudo-formal grammar of syscall description:
type = typename [ "[" type-options "]" ]
typename = "const" | "intN" | "intptr" | "flags" | "array" | "ptr" |
"buffer" | "string" | "strconst" | "filename" |
- "fileoff" | "len" | "bytesize" | "vma"
+ "len" | "bytesize" | "vma"
type-options = [type-opt ["," type-opt]]
```
common type-options include:
@@ -44,12 +44,12 @@ rest of the type-options are type-specific:
type of the object; direction (in/out/inout)
"buffer": a pointer to a memory buffer (like read/write buffer argument), type-options:
direction (in/out/inout)
- "string": a pointer to a memory buffer, similar to buffer[in]
- "strconst": a pointer to a constant string, type-options:
- the underlying string (for example "/dev/dsp")
+ "string": a zero-terminated memory buffer (no pointer indirection implied), type-options:
+ either a string value in quotes for constant strings (e.g. "foo"),
+ or a reference to string flags,
+ optionally followed by a buffer size (string values will be padded with \x00 to that size)
"filename": a file/link/dir name
- "fileoff": offset within a file, type-options:
- argname of the file
+ "fileoff": offset within a file
"len": length of another field (for array it is number of elements), type-options:
argname of the object
"bytesize": similar to "len", but always denotes the size in bytes, type-options:
@@ -62,6 +62,10 @@ Flags are described as:
```
flagname = const ["," const]*
```
+or for string flags as:
+```
+ flagname = "\"" literal "\"" ["," "\"" literal "\""]*
+```
### Structs
diff --git a/sys/align.go b/sys/align.go
index 055a433f8..1b1ea66ac 100644
--- a/sys/align.go
+++ b/sys/align.go
@@ -7,9 +7,9 @@ func initAlign() {
var rec func(t Type)
rec = func(t Type) {
switch t1 := t.(type) {
- case PtrType:
+ case *PtrType:
rec(t1.Type)
- case ArrayType:
+ case *ArrayType:
rec(t1.Type)
case *StructType:
if !t1.padded {
@@ -49,10 +49,10 @@ func addAlignment(t *StructType) {
fields = append(fields, makePad(pad))
}
fields = append(fields, f)
- if at, ok := f.(ArrayType); ok && (at.Kind == ArrayRandLen || (at.Kind == ArrayRangeLen && at.RangeBegin != at.RangeEnd)) {
+ if at, ok := f.(*ArrayType); ok && (at.Kind == ArrayRandLen || (at.Kind == ArrayRangeLen && at.RangeBegin != at.RangeEnd)) {
varLen = true
}
- if at, ok := f.(BufferType); ok && (at.Kind == BufferBlobRand || (at.Kind == BufferBlobRange && at.RangeBegin != at.RangeEnd)) {
+ if at, ok := f.(*BufferType); ok && (at.Kind == BufferBlobRand || (at.Kind == BufferBlobRange && at.RangeBegin != at.RangeEnd)) {
varLen = true
}
if varLen && i != len(t.Fields)-1 {
@@ -71,7 +71,7 @@ func addAlignment(t *StructType) {
}
func makePad(sz uintptr) Type {
- return ConstType{
+ return &ConstType{
TypeCommon: TypeCommon{TypeName: "pad", IsOptional: false},
TypeSize: sz,
Val: 0,
diff --git a/sys/bpf.txt b/sys/bpf.txt
index 68b4c0ab9..e7338cc53 100644
--- a/sys/bpf.txt
+++ b/sys/bpf.txt
@@ -52,7 +52,7 @@ bpf_prog {
type flags[bpf_prog_type, int32]
ninsn len[insns, int32]
insns ptr[in, array[bpf_insn]]
- license string
+ license ptr[in, string]
loglev int32
logsize len[log, int32]
log buffer[out]
diff --git a/sys/decl.go b/sys/decl.go
index 89773b0dd..84c2f8c08 100644
--- a/sys/decl.go
+++ b/sys/decl.go
@@ -19,17 +19,25 @@ type Call struct {
Ret Type
}
+type Dir int
+
+const (
+ DirIn Dir = iota
+ DirOut
+ DirInOut
+)
+
type Type interface {
Name() string
+ Dir() Dir
Optional() bool
Default() uintptr
Size() uintptr
Align() uintptr
- InnerType() Type // returns inner type for PtrType
}
func IsPad(t Type) bool {
- if ct, ok := t.(ConstType); ok && ct.IsPad {
+ if ct, ok := t.(*ConstType); ok && ct.IsPad {
return true
}
return false
@@ -37,21 +45,26 @@ func IsPad(t Type) bool {
type TypeCommon struct {
TypeName string
+ ArgDir Dir
IsOptional bool
}
-func (t TypeCommon) Name() string {
+func (t *TypeCommon) Name() string {
return t.TypeName
}
-func (t TypeCommon) Optional() bool {
+func (t *TypeCommon) Optional() bool {
return t.IsOptional
}
-func (t TypeCommon) Default() uintptr {
+func (t *TypeCommon) Default() uintptr {
return 0
}
+func (t TypeCommon) Dir() Dir {
+ return t.ArgDir
+}
+
const (
InvalidFD = ^uintptr(0)
)
@@ -68,55 +81,30 @@ type ResourceType struct {
Desc *ResourceDesc
}
-func (t ResourceType) Default() uintptr {
+func (t *ResourceType) Default() uintptr {
return t.Desc.Values[0]
}
-func (t ResourceType) SpecialValues() []uintptr {
+func (t *ResourceType) SpecialValues() []uintptr {
return t.Desc.Values
}
-func (t ResourceType) Size() uintptr {
+func (t *ResourceType) Size() uintptr {
return t.Desc.Type.Size()
}
-func (t ResourceType) Align() uintptr {
+func (t *ResourceType) Align() uintptr {
return t.Desc.Type.Align()
}
-func (t ResourceType) InnerType() Type {
- return t
-}
-
-type FileoffType struct {
- TypeCommon
- TypeSize uintptr
- BigEndian bool
- File string
-}
-
-func (t FileoffType) Size() uintptr {
- return t.TypeSize
-}
-
-func (t FileoffType) Align() uintptr {
- return t.Size()
-}
-
-func (t FileoffType) InnerType() Type {
- return t
-}
-
type BufferKind int
const (
BufferBlobRand BufferKind = iota
BufferBlobRange
BufferString
+ BufferFilename
BufferSockaddr
- BufferFilesystem
- BufferAlgType
- BufferAlgName
)
type BufferType struct {
@@ -124,48 +112,48 @@ type BufferType struct {
Kind BufferKind
RangeBegin uintptr // for BufferBlobRange kind
RangeEnd uintptr // for BufferBlobRange kind
+ SubKind string
+ Values []string // possible values for BufferString kind
}
-func (t BufferType) Size() uintptr {
+func (t *BufferType) Size() uintptr {
switch t.Kind {
- case BufferAlgType:
- return 14
- case BufferAlgName:
- return 64
+ case BufferString:
+ size := 0
+ for _, s := range t.Values {
+ if size != 0 && size != len(s) {
+ size = 0
+ break
+ }
+ size = len(s)
+ }
+ if size != 0 {
+ return uintptr(size)
+ }
case BufferBlobRange:
if t.RangeBegin == t.RangeEnd {
return t.RangeBegin
}
- fallthrough
- default:
- panic(fmt.Sprintf("buffer size is not statically known: %v", t.Name()))
}
+ panic(fmt.Sprintf("buffer size is not statically known: %v", t.Name()))
}
-func (t BufferType) Align() uintptr {
+func (t *BufferType) Align() uintptr {
return 1
}
-func (t BufferType) InnerType() Type {
- return t
-}
-
type VmaType struct {
TypeCommon
}
-func (t VmaType) Size() uintptr {
+func (t *VmaType) Size() uintptr {
return ptrSize
}
-func (t VmaType) Align() uintptr {
+func (t *VmaType) Align() uintptr {
return t.Size()
}
-func (t VmaType) InnerType() Type {
- return t
-}
-
type LenType struct {
TypeCommon
TypeSize uintptr
@@ -174,18 +162,14 @@ type LenType struct {
Buf string
}
-func (t LenType) Size() uintptr {
+func (t *LenType) Size() uintptr {
return t.TypeSize
}
-func (t LenType) Align() uintptr {
+func (t *LenType) Align() uintptr {
return t.Size()
}
-func (t LenType) InnerType() Type {
- return t
-}
-
type FlagsType struct {
TypeCommon
TypeSize uintptr
@@ -193,18 +177,14 @@ type FlagsType struct {
Vals []uintptr
}
-func (t FlagsType) Size() uintptr {
+func (t *FlagsType) Size() uintptr {
return t.TypeSize
}
-func (t FlagsType) Align() uintptr {
+func (t *FlagsType) Align() uintptr {
return t.Size()
}
-func (t FlagsType) InnerType() Type {
- return t
-}
-
type ConstType struct {
TypeCommon
TypeSize uintptr
@@ -213,36 +193,14 @@ type ConstType struct {
IsPad bool
}
-func (t ConstType) Size() uintptr {
+func (t *ConstType) Size() uintptr {
return t.TypeSize
}
-func (t ConstType) Align() uintptr {
+func (t *ConstType) Align() uintptr {
return t.Size()
}
-func (t ConstType) InnerType() Type {
- return t
-}
-
-type StrConstType struct {
- TypeCommon
- TypeSize uintptr
- Val string
-}
-
-func (t StrConstType) Size() uintptr {
- return uintptr(len(t.Val))
-}
-
-func (t StrConstType) Align() uintptr {
- return 1
-}
-
-func (t StrConstType) InnerType() Type {
- return t
-}
-
type IntKind int
const (
@@ -250,6 +208,7 @@ const (
IntSignalno
IntInaddr
IntInport
+ IntFileoff // offset within a file
IntRange
)
@@ -262,34 +221,14 @@ type IntType struct {
RangeEnd int64
}
-func (t IntType) Size() uintptr {
+func (t *IntType) Size() uintptr {
return t.TypeSize
}
-func (t IntType) Align() uintptr {
+func (t *IntType) Align() uintptr {
return t.Size()
}
-func (t IntType) InnerType() Type {
- return t
-}
-
-type FilenameType struct {
- TypeCommon
-}
-
-func (t FilenameType) Size() uintptr {
- panic("filename size is not statically known")
-}
-
-func (t FilenameType) Align() uintptr {
- return 1
-}
-
-func (t FilenameType) InnerType() Type {
- return t
-}
-
type ArrayKind int
const (
@@ -305,39 +244,30 @@ type ArrayType struct {
RangeEnd uintptr
}
-func (t ArrayType) Size() uintptr {
+func (t *ArrayType) Size() uintptr {
if t.RangeBegin == t.RangeEnd {
return t.RangeBegin * t.Type.Size()
}
return 0 // for trailing embed arrays
}
-func (t ArrayType) Align() uintptr {
+func (t *ArrayType) Align() uintptr {
return t.Type.Align()
}
-func (t ArrayType) InnerType() Type {
- return t
-}
-
type PtrType struct {
TypeCommon
Type Type
- Dir Dir
}
-func (t PtrType) Size() uintptr {
+func (t *PtrType) Size() uintptr {
return ptrSize
}
-func (t PtrType) Align() uintptr {
+func (t *PtrType) Align() uintptr {
return t.Size()
}
-func (t PtrType) InnerType() Type {
- return t.Type.InnerType()
-}
-
type StructType struct {
TypeCommon
Fields []Type
@@ -370,10 +300,6 @@ func (t *StructType) Align() uintptr {
return align
}
-func (t *StructType) InnerType() Type {
- return t
-}
-
type UnionType struct {
TypeCommon
Options []Type
@@ -403,18 +329,6 @@ func (t *UnionType) Align() uintptr {
return align
}
-func (t *UnionType) InnerType() Type {
- return t
-}
-
-type Dir int
-
-const (
- DirIn Dir = iota
- DirOut
- DirInOut
-)
-
var ctors = make(map[string][]*Call)
// ResourceConstructors returns a list of calls that can create a resource of the given kind.
@@ -431,56 +345,20 @@ func initResources() {
func resourceCtors(kind []string, precise bool) []*Call {
// Find calls that produce the necessary resources.
var metas []*Call
- // Recurse into arguments to see if there is an out/inout arg of necessary type.
- seen := make(map[Type]bool)
- var checkArg func(typ Type, dir Dir) bool
- checkArg = func(typ Type, dir Dir) bool {
- if resarg, ok := typ.(ResourceType); ok && dir != DirIn && isCompatibleResource(kind, resarg.Desc.Kind, precise) {
- return true
- }
- switch typ1 := typ.(type) {
- case ArrayType:
- if checkArg(typ1.Type, dir) {
- return true
- }
- case *StructType:
- if seen[typ1] {
- return false // prune recursion via pointers to structs/unions
- }
- seen[typ1] = true
- for _, fld := range typ1.Fields {
- if checkArg(fld, dir) {
- return true
- }
- }
- case *UnionType:
- if seen[typ1] {
- return false // prune recursion via pointers to structs/unions
- }
- seen[typ1] = true
- for _, opt := range typ1.Options {
- if checkArg(opt, dir) {
- return true
- }
- }
- case PtrType:
- if checkArg(typ1.Type, typ1.Dir) {
- return true
- }
- }
- return false
- }
for _, meta := range Calls {
+ // Recurse into arguments to see if there is an out/inout arg of necessary type.
ok := false
- for _, arg := range meta.Args {
- if checkArg(arg, DirIn) {
- ok = true
- break
+ ForeachType(meta, func(typ Type) {
+ if ok {
+ return
}
- }
- if !ok && meta.Ret != nil && checkArg(meta.Ret, DirOut) {
- ok = true
- }
+ switch typ1 := typ.(type) {
+ case *ResourceType:
+ if typ1.Dir() != DirIn && isCompatibleResource(kind, typ1.Desc.Kind, precise) {
+ ok = true
+ }
+ }
+ })
if ok {
metas = append(metas, meta)
}
@@ -524,41 +402,16 @@ func isCompatibleResource(dst, src []string, precise bool) bool {
return true
}
-func (c *Call) InputResources() []ResourceType {
- var resources []ResourceType
- seen := make(map[Type]bool)
- var checkArg func(typ Type, dir Dir)
- checkArg = func(typ Type, dir Dir) {
+func (c *Call) InputResources() []*ResourceType {
+ var resources []*ResourceType
+ ForeachType(c, func(typ Type) {
switch typ1 := typ.(type) {
- case ResourceType:
- if dir != DirOut && !typ1.IsOptional {
+ case *ResourceType:
+ if typ1.Dir() != DirOut && !typ1.IsOptional {
resources = append(resources, typ1)
}
- case ArrayType:
- checkArg(typ1.Type, dir)
- case PtrType:
- checkArg(typ1.Type, typ1.Dir)
- case *StructType:
- if seen[typ1] {
- return // prune recursion via pointers to structs/unions
- }
- seen[typ1] = true
- for _, fld := range typ1.Fields {
- checkArg(fld, dir)
- }
- case *UnionType:
- if seen[typ1] {
- return // prune recursion via pointers to structs/unions
- }
- seen[typ1] = true
- for _, opt := range typ1.Options {
- checkArg(opt, dir)
- }
}
- }
- for _, arg := range c.Args {
- checkArg(arg, DirIn)
- }
+ })
return resources
}
@@ -598,6 +451,46 @@ func TransitivelyEnabledCalls(enabled map[*Call]bool) map[*Call]bool {
return supported
}
+func ForeachType(meta *Call, f func(Type)) {
+ seen := make(map[Type]bool)
+ var rec func(t Type)
+ rec = func(t Type) {
+ f(t)
+ switch a := t.(type) {
+ case *PtrType:
+ rec(a.Type)
+ case *ArrayType:
+ rec(a.Type)
+ case *StructType:
+ if seen[a] {
+ return // prune recursion via pointers to structs/unions
+ }
+ seen[a] = true
+ for _, f := range a.Fields {
+ rec(f)
+ }
+ case *UnionType:
+ if seen[a] {
+ return // prune recursion via pointers to structs/unions
+ }
+ seen[a] = true
+ for _, opt := range a.Options {
+ rec(opt)
+ }
+ case *ResourceType, *BufferType, *VmaType, *LenType,
+ *FlagsType, *ConstType, *IntType:
+ default:
+ panic("unknown type")
+ }
+ }
+ for _, t := range meta.Args {
+ rec(t)
+ }
+ if meta.Ret != nil {
+ rec(meta.Ret)
+ }
+}
+
var (
Calls []*Call
CallCount int
diff --git a/sys/dri.txt b/sys/dri.txt
index 3c5753f23..bc35016e4 100644
--- a/sys/dri.txt
+++ b/sys/dri.txt
@@ -10,9 +10,9 @@ resource drm_agp_handle[intptr]
resource drm_gem_handle[int32]
resource drm_gem_name[int32]
-syz_open_dev$dri(dev strconst["/dev/dri/card#"], id intptr, flags flags[open_flags]) fd_dri
-syz_open_dev$dricontrol(dev strconst["/dev/dri/controlD#"], id intptr, flags flags[open_flags]) fd_dri
-syz_open_dev$drirender(dev strconst["/dev/dri/renderD#"], id intptr, flags flags[open_flags]) fd_dri
+syz_open_dev$dri(dev ptr[in, string["/dev/dri/card#"]], id intptr, flags flags[open_flags]) fd_dri
+syz_open_dev$dricontrol(dev ptr[in, string["/dev/dri/controlD#"]], id intptr, flags flags[open_flags]) fd_dri
+syz_open_dev$drirender(dev ptr[in, string["/dev/dri/renderD#"]], id intptr, flags flags[open_flags]) fd_dri
ioctl$DRM_IOCTL_VERSION(fd fd_dri, cmd const[DRM_IOCTL_VERSION], arg ptr[in, drm_version])
ioctl$DRM_IOCTL_GET_UNIQUE(fd fd_dri, cmd const[DRM_IOCTL_GET_UNIQUE], arg ptr[in, drm_unique_out])
diff --git a/sys/input.txt b/sys/input.txt
index 236d6c89c..4266c2b2b 100644
--- a/sys/input.txt
+++ b/sys/input.txt
@@ -6,10 +6,10 @@ include <linux/input.h>
resource fd_evdev[fd]
# There seems to be nothing special we can do with this fd.
-syz_open_dev$mouse(dev strconst["/dev/input/mouse#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$mice(dev strconst["/dev/input/mice"], id const[0], flags flags[open_flags]) fd
+syz_open_dev$mouse(dev ptr[in, string["/dev/input/mouse#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$mice(dev ptr[in, string["/dev/input/mice"]], id const[0], flags flags[open_flags]) fd
-syz_open_dev$evdev(dev strconst["/dev/input/event#"], id intptr, flags flags[open_flags]) fd_evdev
+syz_open_dev$evdev(dev ptr[in, string["/dev/input/event#"]], id intptr, flags flags[open_flags]) fd_evdev
write$evdev(fd fd_evdev, data ptr[in, array[input_event]], len bytesize[data])
diff --git a/sys/kdbus.txt b/sys/kdbus.txt
index 5d40b8625..97bd49e70 100644
--- a/sys/kdbus.txt
+++ b/sys/kdbus.txt
@@ -6,7 +6,7 @@ include <uapi/linux/fcntl.h>
resource fd_kdbus[fd]
-openat$kdbus(fd const[AT_FDCWD], file strconst["/dev/kdbus"], flags flags[open_flags], mode const[0]) fd_kdbus
+openat$kdbus(fd const[AT_FDCWD], file ptr[in, string["/dev/kdbus"]], flags flags[open_flags], mode const[0]) fd_kdbus
ioctl$kdbus_bus_make(fd fd_kdbus, cmd const[KDBUS_CMD_BUS_MAKE], arg ptr[in, kdbus_cmd_bus_make])
ioctl$kdbus_ep_make(fd fd_kdbus, cmd const[KDBUS_CMD_ENDPOINT_MAKE], arg ptr[in, kdbus_cmd_ep_make])
ioctl$kdbus_ep_update(fd fd_kdbus, cmd const[KDBUS_CMD_ENDPOINT_UPDATE], arg ptr[in, kdbus_cmd_ep_update])
diff --git a/sys/key.txt b/sys/key.txt
index 6c431682c..c0b18f5e8 100644
--- a/sys/key.txt
+++ b/sys/key.txt
@@ -6,17 +6,17 @@ include <uapi/linux/keyctl.h>
resource key[int32]: KEY_SPEC_THREAD_KEYRING, KEY_SPEC_PROCESS_KEYRING, KEY_SPEC_SESSION_KEYRING, KEY_SPEC_USER_KEYRING, KEY_SPEC_USER_SESSION_KEYRING, KEY_SPEC_GROUP_KEYRING, KEY_SPEC_REQKEY_AUTH_KEY, KEY_SPEC_REQUESTOR_KEYRING
-add_key(type string, desc string, payload buffer[in, opt], paylen len[payload], keyring flags[keyring_type]) key
-request_key(type string, desc string, callout string, keyring flags[keyring_type]) key
+add_key(type ptr[in, string], desc ptr[in, string], payload buffer[in, opt], paylen len[payload], keyring flags[keyring_type]) key
+request_key(type ptr[in, string], desc ptr[in, string], callout ptr[in, string], keyring flags[keyring_type]) key
keyctl$get_keyring_id(code const[KEYCTL_GET_KEYRING_ID], key key, create intptr)
-keyctl$join(code const[KEYCTL_JOIN_SESSION_KEYRING], session string)
+keyctl$join(code const[KEYCTL_JOIN_SESSION_KEYRING], session ptr[in, string])
keyctl$update(code const[KEYCTL_UPDATE], key key, payload buffer[in, opt], paylen len[payload])
keyctl$revoke(code const[KEYCTL_REVOKE], key key)
keyctl$describe(code const[KEYCTL_DESCRIBE], key key, desc buffer[out], len len[desc])
keyctl$clear(code const[KEYCTL_CLEAR], key key)
keyctl$link(code const[KEYCTL_LINK], key1 key, key2 key)
keyctl$unlink(code const[KEYCTL_UNLINK], key1 key, key2 key)
-keyctl$search(code const[KEYCTL_SEARCH], key key, type string, desc string, ring key)
+keyctl$search(code const[KEYCTL_SEARCH], key key, type ptr[in, string], desc ptr[in, string], ring key)
keyctl$read(code const[KEYCTL_READ], key key, payload buffer[out], len len[payload])
keyctl$chown(code const[KEYCTL_CHOWN], key key, uid uid, gid gid)
# perm is a mask of KEY_POS_VIEW, etc consants, but they cover almost whole int32.
diff --git a/sys/kvm.txt b/sys/kvm.txt
index b80f4ce72..96e73d74e 100644
--- a/sys/kvm.txt
+++ b/sys/kvm.txt
@@ -9,7 +9,7 @@ resource fd_kvm[fd]
resource fd_kvmvm[fd]
resource fd_kvmcpu[fd]
-syz_open_dev$kvm(dev strconst["/dev/kvm"], id const[0], flags flags[open_flags]) fd_kvm
+syz_open_dev$kvm(dev ptr[in, string["/dev/kvm"]], id const[0], flags flags[open_flags]) fd_kvm
ioctl$KVM_CREATE_VM(fd fd_kvm, cmd const[KVM_CREATE_VM], type const[0]) fd_kvmvm
ioctl$KVM_GET_MSR_INDEX_LIST(fd fd_kvm, cmd const[KVM_GET_MSR_INDEX_LIST], arg ptr[in, kvm_msr_list])
@@ -99,7 +99,7 @@ ioctl$KVM_SET_GUEST_DEBUG(fd fd_kvmcpu, cmd const[KVM_SET_GUEST_DEBUG], arg ptr[
ioctl$KVM_SMI(fd fd_kvmcpu, cmd const[KVM_SMI])
# TODO: extend support (there are some ioctls)
-openat$xenevtchn(fd const[AT_FDCWD], file strconst["/dev/xen/evtchn"], flags flags[open_flags], mode const[0]) fd
+openat$xenevtchn(fd const[AT_FDCWD], file ptr[in, string["/dev/xen/evtchn"]], flags flags[open_flags], mode const[0]) fd
kvm_mem_region_flags = KVM_MEM_LOG_DIRTY_PAGES, KVM_MEM_READONLY, KVM_MEMSLOT_INVALID, KVM_MEMSLOT_INCOHERENT
kvm_mp_state = KVM_MP_STATE_RUNNABLE, KVM_MP_STATE_UNINITIALIZED, KVM_MP_STATE_INIT_RECEIVED, KVM_MP_STATE_HALTED, KVM_MP_STATE_SIPI_RECEIVED, KVM_MP_STATE_STOPPED, KVM_MP_STATE_CHECK_STOP, KVM_MP_STATE_OPERATING, KVM_MP_STATE_LOAD
diff --git a/sys/perf.txt b/sys/perf.txt
index a860d75c8..e35ad22b9 100644
--- a/sys/perf.txt
+++ b/sys/perf.txt
@@ -15,7 +15,7 @@ ioctl$PERF_EVENT_IOC_REFRESH(fd fd_perf, cmd const[PERF_EVENT_IOC_REFRESH], refr
ioctl$PERF_EVENT_IOC_PERIOD(fd fd_perf, cmd const[PERF_EVENT_IOC_PERIOD], period ptr[in, int64])
ioctl$PERF_EVENT_IOC_ID(fd fd_perf, cmd const[PERF_EVENT_IOC_ID], id ptr[out, int64])
ioctl$PERF_EVENT_IOC_SET_OUTPUT(fd fd_perf, cmd const[PERF_EVENT_IOC_SET_OUTPUT], other fd_perf)
-ioctl$PERF_EVENT_IOC_SET_FILTER(fd fd_perf, cmd const[PERF_EVENT_IOC_SET_FILTER], filter string)
+ioctl$PERF_EVENT_IOC_SET_FILTER(fd fd_perf, cmd const[PERF_EVENT_IOC_SET_FILTER], filter ptr[in, string])
ioctl$PERF_EVENT_IOC_SET_BPF(fd fd_perf, cmd const[PERF_EVENT_IOC_SET_BPF], prog fd_bpf_prog)
perf_flags = PERF_FLAG_FD_NO_GROUP, PERF_FLAG_FD_OUTPUT, PERF_FLAG_PID_CGROUP, PERF_FLAG_FD_CLOEXEC
diff --git a/sys/random.txt b/sys/random.txt
index 7c8fd11c0..234d1be40 100755
--- a/sys/random.txt
+++ b/sys/random.txt
@@ -5,8 +5,8 @@ include <linux/random.h>
resource fd_random[fd]
-syz_open_dev$random(dev strconst["/dev/random"], id const[0], flags flags[open_flags]) fd_random
-syz_open_dev$urandom(dev strconst["/dev/urandom"], id const[0], flags flags[open_flags]) fd_random
+syz_open_dev$random(dev ptr[in, string["/dev/random"]], id const[0], flags flags[open_flags]) fd_random
+syz_open_dev$urandom(dev ptr[in, string["/dev/urandom"]], id const[0], flags flags[open_flags]) fd_random
ioctl$RNDGETENTCNT(fd fd_random, cmd const[RNDGETENTCNT], arg ptr[out, int32])
ioctl$RNDADDTOENTCNT(fd fd_random, cmd const[RNDADDTOENTCNT], arg ptr[in, int32])
diff --git a/sys/sndcontrol.txt b/sys/sndcontrol.txt
index 20d5cc320..1ec602f03 100644
--- a/sys/sndcontrol.txt
+++ b/sys/sndcontrol.txt
@@ -5,7 +5,7 @@ include <sound/asound.h>
resource fd_sndctrl[fd]
-syz_open_dev$sndctrl(dev strconst["/dev/snd/controlC#"], id intptr, flags flags[open_flags]) fd_sndctrl
+syz_open_dev$sndctrl(dev ptr[in, string["/dev/snd/controlC#"]], id intptr, flags flags[open_flags]) fd_sndctrl
ioctl$SNDRV_CTL_IOCTL_PVERSION(fd fd_sndctrl, cmd const[SNDRV_CTL_IOCTL_PVERSION], arg buffer[out])
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(fd fd_sndctrl, cmd const[SNDRV_CTL_IOCTL_CARD_INFO], arg buffer[out])
@@ -61,7 +61,7 @@ snd_ctl_elem_info {
items int32
item int32
name array[int8, 64]
- nameptr string
+ nameptr ptr[in, string]
namelen len[nameptr, int32]
pad1 array[const[0, int8], 44]
d array[int16, 4]
diff --git a/sys/sndseq.txt b/sys/sndseq.txt
index 62a844ed7..40ad7118d 100644
--- a/sys/sndseq.txt
+++ b/sys/sndseq.txt
@@ -6,7 +6,7 @@ include <sound/asequencer.h>
resource fd_sndseq[fd]
-syz_open_dev$sndseq(dev strconst["/dev/snd/seq"], id const[0], flags flags[open_flags]) fd_sndseq
+syz_open_dev$sndseq(dev ptr[in, string["/dev/snd/seq"]], id const[0], flags flags[open_flags]) fd_sndseq
write$sndseq(fd fd_sndseq, data ptr[in, array[snd_seq_event]], len bytesize[data])
ioctl$SNDRV_SEQ_IOCTL_PVERSION(fd fd_sndseq, cmd const[SNDRV_SEQ_IOCTL_PVERSION], arg ptr[out, int32])
diff --git a/sys/sndtimer.txt b/sys/sndtimer.txt
index 67e0a13a8..f7eebc2af 100644
--- a/sys/sndtimer.txt
+++ b/sys/sndtimer.txt
@@ -5,7 +5,7 @@ include <sound/asound.h>
resource fd_sndtimer[fd]
-syz_open_dev$sndtimer(dev strconst["/dev/snd/timer"], id const[0], flags flags[open_flags]) fd_sndtimer
+syz_open_dev$sndtimer(dev ptr[in, string["/dev/snd/timer"]], id const[0], flags flags[open_flags]) fd_sndtimer
ioctl$SNDRV_TIMER_IOCTL_PVERSION(fd fd_sndtimer, cmd const[SNDRV_TIMER_IOCTL_PVERSION], arg ptr[out, int32])
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(fd fd_sndtimer, cmd const[SNDRV_TIMER_IOCTL_NEXT_DEVICE], arg ptr[in, snd_timer_id])
diff --git a/sys/socket.txt b/sys/socket.txt
index b2db95849..74728194f 100644
--- a/sys/socket.txt
+++ b/sys/socket.txt
@@ -46,7 +46,7 @@ ioctl$SIOCINQ(fd sock, cmd const[SIOCINQ], arg ptr[out, int32])
setsockopt$sock_void(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_void], optval const[0], optlen const[0])
getsockopt$sock_int(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_int], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
setsockopt$sock_int(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_int], optval ptr[in, int32], optlen len[optval])
-setsockopt$sock_str(fd sock, level const[SOL_SOCKET], optname const[SO_BINDTODEVICE], optval string, optlen len[optval])
+setsockopt$sock_str(fd sock, level const[SOL_SOCKET], optname const[SO_BINDTODEVICE], optval ptr[in, string], optlen len[optval])
getsockopt$sock_linger(fd sock, level const[SOL_SOCKET], optname const[SO_LINGER], optval ptr[out, linger], optlen ptr[inout, len[optval, int32]])
setsockopt$sock_linger(fd sock, level const[SOL_SOCKET], optname const[SO_LINGER], optval ptr[in, linger], optlen len[optval])
getsockopt$sock_cred(fd sock, level const[SOL_SOCKET], optname const[SO_PEERCRED], optval ptr[out, ucred], optlen ptr[inout, len[optval, int32]])
@@ -273,10 +273,10 @@ sendmmsg$alg(fd sock_algconn, mmsg ptr[in, array[msghdr_alg]], vlen len[mmsg], f
sockaddr_alg {
family const[AF_ALG, int16]
- type salg_type
+ type string[salg_type, 14]
feat flags[af_alg_type, int32]
mask flags[af_alg_type, int32]
- name salg_name
+ name string[salg_name, 64]
}
msghdr_alg {
@@ -320,6 +320,9 @@ cmsghdr_alg_assoc {
af_alg_type = CRYPTO_ALG_TYPE_MASK, CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_COMPRESS, CRYPTO_ALG_TYPE_AEAD, CRYPTO_ALG_TYPE_BLKCIPHER, CRYPTO_ALG_TYPE_ABLKCIPHER, CRYPTO_ALG_TYPE_GIVCIPHER, CRYPTO_ALG_TYPE_DIGEST, CRYPTO_ALG_TYPE_HASH, CRYPTO_ALG_TYPE_SHASH, CRYPTO_ALG_TYPE_AHASH, CRYPTO_ALG_TYPE_RNG, CRYPTO_ALG_TYPE_AKCIPHER, CRYPTO_ALG_TYPE_PCOMPRESS, CRYPTO_ALG_LARVAL, CRYPTO_ALG_DEAD, CRYPTO_ALG_DYING, CRYPTO_ALG_ASYNC, CRYPTO_ALG_NEED_FALLBACK, CRYPTO_ALG_GENIV, CRYPTO_ALG_TESTED, CRYPTO_ALG_INSTANCE, CRYPTO_ALG_KERN_DRIVER_ONLY, CRYPTO_ALG_INTERNAL
+salg_type = "aead", "hash", "rng", "skcipher"
+salg_name = "cmac(aes)", "ecb(aes)", "cbc(aes)", "hmac(sha1)", "pcbc(fcrypt)", "ghash", "jitterentropy_rng", "stdrng", "stdrng", "stdrng", "stdrng", "hmac(sha256)", "stdrng", "stdrng", "stdrng", "stdrng", "stdrng", "842", "lz4hc", "lz4", "lzo", "crct10dif", "crc32", "crc32c", "michael_mic", "zlib", "deflate", "poly1305", "chacha20", "salsa20", "seed", "anubis", "khazad", "xeta", "xtea", "tea", "ecb(arc4)", "arc4", "cast6", "cast5", "camellia", "aes", "tnepres", "serpent", "twofish", "blowfish", "fcrypt", "des3_ede", "des", "tgr128", "tgr160", "tgr192", "wp256", "wp384", "wp512", "sha384", "sha512", "sha224", "sha256", "sha1", "rmd320", "rmd256", "rmd160", "rmd128", "md5", "md4", "digest_null", "compress_null", "ecb(cipher_null)", "cipher_null", "rsa", "poly1305", "xts(serpent)", "lrw(serpent)", "ctr(serpent)", "cbc(serpent)", "__ecb-serpent-sse2", "ecb(serpent)", "__xts-serpent-sse2", "__lrw-serpent-sse2", "__ctr-serpent-sse2", "__cbc-serpent-sse2", "__ecb-serpent-sse2", "salsa20", "xts(twofish)", "lrw(twofish)", "ctr(twofish)", "cbc(twofish)", "ecb(twofish)", "twofish", "ctr(blowfish)", "cbc(blowfish)", "ecb(blowfish)", "blowfish", "xts(camellia)", "lrw(camellia)", "ctr(camellia)", "cbc(camellia)", "ecb(camellia)", "camellia", "ctr(des3_ede)", "cbc(des3_ede)", "ecb(des3_ede)", "des3_ede", "aes"
+
diff --git a/sys/sys.txt b/sys/sys.txt
index be0d10860..c6da9a800 100644
--- a/sys/sys.txt
+++ b/sys/sys.txt
@@ -79,14 +79,14 @@ openat(fd fd_dir, file filename, flags flags[open_flags], mode flags[open_mode])
creat(file filename, mode flags[open_mode]) fd
close(fd fd)
read(fd fd, buf buffer[out], count len[buf]) len[buf]
-pread64(fd fd, buf buffer[out], count len[buf], pos fileoff[fd])
+pread64(fd fd, buf buffer[out], count len[buf], pos fileoff)
readv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec])
-preadv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec], off fileoff[fd])
+preadv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec], off fileoff)
write(fd fd, buf buffer[in], count len[buf]) len[buf]
-pwrite64(fd fd, buf buffer[in], count len[buf], pos fileoff[fd])
+pwrite64(fd fd, buf buffer[in], count len[buf], pos fileoff)
writev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec])
-pwritev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], off fileoff[fd])
-lseek(fd fd, offset fileoff[fd], whence flags[seek_whence])
+pwritev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], off fileoff)
+lseek(fd fd, offset fileoff, whence flags[seek_whence])
dup(oldfd fd) fd
dup2(oldfd fd, newfd fd) fd
@@ -96,9 +96,9 @@ pipe(pipefd ptr[out, pipefd])
pipe2(pipefd ptr[out, pipefd], flags flags[pipe_flags])
tee(fdin fd, fdout fd, len int64, f flags[splice_flags])
-splice(fdin fd, offin fileoff[fdin], fdout fd, offout fileoff[fdout], len int64, f flags[splice_flags])
+splice(fdin fd, offin fileoff, fdout fd, offout fileoff, len int64, f flags[splice_flags])
vmsplice(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], f flags[splice_flags])
-sendfile(fdout fd, fdin fd, off ptr[inout, fileoff[fdin, int64], opt], count int64)
+sendfile(fdout fd, fdin fd, off ptr[inout, fileoff[int64], opt], count int64)
stat(file filename, statbuf ptr[out, stat])
lstat(file filename, statbuf ptr[out, stat])
@@ -136,14 +136,14 @@ ioctl$UFFDIO_WAKE(fd fd_uffd, cmd const[UFFDIO_WAKE], arg ptr[in, uffdio_range])
ioctl$UFFDIO_COPY(fd fd_uffd, cmd const[UFFDIO_WAKE], arg ptr[in, uffdio_range])
ioctl$UFFDIO_ZEROPAGE(fd fd_uffd, cmd const[UFFDIO_WAKE], arg ptr[in, uffdio_range])
-mmap(addr vma, len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd, offset fileoff[fd]) vma
+mmap(addr vma, len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd, offset fileoff) vma
munmap(addr vma, len len[addr])
mremap(addr vma, len len[addr], newlen len[newaddr], flags flags[mremap_flags], newaddr vma) vma
remap_file_pages(addr vma, size len[addr], prot flags[mmap_prot], pgoff intptr, flags flags[mmap_flags])
mprotect(addr vma, len len[addr], prot flags[mmap_prot])
msync(addr vma, len len[addr], f flags[msync_flags])
madvise(addr vma, len len[addr], advice flags[madvise_flags])
-fadvise64(fd fd, offset fileoff[fd], len intptr, advice flags[fadvise_flags])
+fadvise64(fd fd, offset fileoff, len intptr, advice flags[fadvise_flags])
readahead(fd fd, off intptr, count intptr)
mbind(addr vma, len len[addr], mode flags[mbind_mode], nodemask ptr[in, int64], maxnode intptr, flags flags[mbind_flags])
move_pages(pid pid, nr len[pages], pages ptr[in, array[vma]], nodes ptr[in, array[int32], opt], status ptr[out, array[int32]], flags flags[move_pages_flags])
@@ -156,7 +156,7 @@ mlock2(addr vma, size len[addr], flags flags[mlock_flags])
munlock(addr vma, size len[addr])
mlockall(flags flags[mlockall_flags])
munlockall()
-memfd_create(name string, flags flags[memfd_flags]) fd
+memfd_create(name ptr[in, string], flags flags[memfd_flags]) fd
unshare(flags flags[clone_flags])
kcmp(pid1 pid, pid2 pid, type flags[kcmp_flags], fd1 fd, fd2 fd)
@@ -220,7 +220,7 @@ prctl$intptr(option flags[prctl_code_intptr], arg intptr)
prctl$getreaper(option flags[prctl_code_getreaper], arg ptr[out, intptr])
prctl$setendian(option const[PR_SET_ENDIAN], arg flags[prctl_endian])
prctl$setfpexc(option const[PR_SET_FPEXC], arg flags[prctl_fpexc])
-prctl$setname(option const[PR_SET_NAME], name string)
+prctl$setname(option const[PR_SET_NAME], name ptr[in, string])
prctl$getname(option const[PR_GET_NAME], name buffer[out])
prctl$setptracer(option const[PR_SET_PTRACER], pid pid)
prctl$seccomp(option const[PR_SET_SECCOMP], mode flags[prctl_seccomp_mode], prog ptr[in, sock_fprog])
@@ -230,12 +230,12 @@ arch_prctl(code flags[arch_prctl_code], addr buffer[in])
seccomp(op flags[seccomp_op], flags flags[seccomp_flags], prog ptr[in, sock_fprog])
resource fd_mq[fd]
-mq_open(name string, flags flags[mq_open_flags], mode flags[open_mode], attr ptr[in, mq_attr]) fd_mq
+mq_open(name ptr[in, string], flags flags[mq_open_flags], mode flags[open_mode], attr ptr[in, mq_attr]) fd_mq
mq_timedsend(mqd fd_mq, msg buffer[in], msglen len[msg], prio intptr, timeout ptr[in, timespec, opt])
mq_timedreceive(mqd fd_mq, msg buffer[out], msglen len[msg], prio intptr, timeout ptr[in, timespec, opt])
mq_notify(mqd fd_mq, notif ptr[in, sigevent])
mq_getsetattr(mqd fd_mq, attr ptr[in, mq_attr], oldattr ptr[out, mq_attr, opt])
-mq_unlink(name string)
+mq_unlink(name ptr[in, string])
resource ipc[int32]: 0, 0xffffffffffffffff
resource ipc_msq[ipc]
@@ -345,21 +345,23 @@ getdents64(fd fd_dir, ent buffer[out], count len[ent])
name_to_handle_at(fd fd_dir, file filename, handle ptr[in, file_handle], mnt ptr[out, int32], flags flags[name_to_handle_at_flags])
open_by_handle_at(mountdirfd fd, handle ptr[in, file_handle], flags flags[open_flags])
-mount(src filename, dst filename, type filesystem, flags flags[mount_flags], data buffer[in])
-mount$fs(src filesystem, dst filename, type filesystem, flags flags[mount_flags], data buffer[in])
+mount(src filename, dst filename, type ptr[in, string[filesystem]], flags flags[mount_flags], data buffer[in])
+mount$fs(src ptr[in, string[filesystem]], dst filename, type ptr[in, string[filesystem]], flags flags[mount_flags], data buffer[in])
umount2(path filename, flags flags[umount_flags])
pivot_root(new_root filename, put_old filename)
-sysfs$1(option flags[sysfs_opt1], fsname string)
-sysfs$2(option flags[sysfs_opt2], fsindex intptr, fsname buffer[out])
-sysfs$3(option flags[sysfs_opt3])
+filesystem = "sysfs", "rootfs", "ramfs", "tmpfs", "devtmpfs", "debugfs", "securityfs", "sockfs", "pipefs", "anon_inodefs", "devpts", "ext3", "ext2", "ext4", "hugetlbfs", "vfat", "ecryptfs", "kdbusfs", "fuseblk", "fuse", "rpc_pipefs", "nfs", "nfs4", "nfsd", "binfmt_misc", "autofs", "xfs", "jfs", "msdos", "ntfs", "minix", "hfs", "hfsplus", "qnx4", "ufs", "btrfs", "configfs", "ncpfs", "qnx6", "exofs", "befs", "vxfs", "gfs2", "gfs2meta", "fusectl", "bfs", "nsfs", "efs", "cifs", "efivarfs", "affs", "tracefs", "bdev", "ocfs2", "ocfs2_dlmfs", "hpfs", "proc", "afs", "reiserfs", "jffs2", "romfs", "aio", "sysv", "v7", "udf", "ceph", "pstore", "adfs", "9p", "hostfs", "squashfs", "cramfs", "iso9660", "coda", "nilfs2", "logfs", "overlay", "f2fs", "omfs", "ubifs", "openpromfs"
+
+sysfs$1(option const[1], fsname ptr[in, string])
+sysfs$2(option const[2], fsindex intptr, fsname buffer[out])
+sysfs$3(option const[3])
statfs(path filename, buf buffer[out])
fstatfs(fd fd, buf buffer[out])
uselib(lib filename)
-init_module(mod string, len len[mod], args string)
-finit_module(fd fd, args string, flags flags[finit_module_flags])
-delete_module(name string, flags flags[delete_module_flags])
+init_module(mod ptr[in, string], len len[mod], args ptr[in, string])
+finit_module(fd fd, args ptr[in, string], flags flags[finit_module_flags])
+delete_module(name ptr[in, string], flags flags[delete_module_flags])
kexec_load(entry intptr, nr_segments len[segments], segments ptr[in, array[kexec_segment]], flags flags[kexec_load_flags])
get_kernel_syms(table buffer[out])
syslog(cmd flags[syslog_cmd], buf buffer[out, opt], len len[buf])
@@ -381,18 +383,18 @@ ioprio_set$pid(which flags[ioprio_which_pid], who pid, prio intptr)
ioprio_set$uid(which flags[ioprio_which_uid], who uid, prio intptr)
setns(fd fd, type flags[ns_type])
-setxattr(path filename, name string, val string, size len[val], flags flags[setxattr_flags])
-lsetxattr(path filename, name string, val string, size len[val], flags flags[setxattr_flags])
-fsetxattr(fd fd, name string, val string, size len[val], flags flags[setxattr_flags])
-getxattr(path filename, name string, val buffer[out], size len[val])
-lgetxattr(path filename, name string, val buffer[out], size len[val])
-fgetxattr(fd fd, name string, val buffer[out], size len[val])
+setxattr(path filename, name ptr[in, string], val ptr[in, string], size len[val], flags flags[setxattr_flags])
+lsetxattr(path filename, name ptr[in, string], val ptr[in, string], size len[val], flags flags[setxattr_flags])
+fsetxattr(fd fd, name ptr[in, string], val ptr[in, string], size len[val], flags flags[setxattr_flags])
+getxattr(path filename, name ptr[in, string], val buffer[out], size len[val])
+lgetxattr(path filename, name ptr[in, string], val buffer[out], size len[val])
+fgetxattr(fd fd, name ptr[in, string], val buffer[out], size len[val])
listxattr(path filename, list buffer[out], size len[list])
llistxattr(path filename, list buffer[out], size len[list])
flistxattr(fd fd, list buffer[out], size len[list])
-removexattr(path filename, name string)
-lremovexattr(path filename, name string)
-fremovexattr(fd fd, name string)
+removexattr(path filename, name ptr[in, string])
+lremovexattr(path filename, name ptr[in, string])
+fremovexattr(fd fd, name ptr[in, string])
resource timerid[int32]
timer_create(id flags[clock_id], ev ptr[in, sigevent], timerid ptr[out, timerid])
@@ -463,55 +465,55 @@ membarrier(cmd const[1], flags const[0])
# These devices are relatively safe (don't reboot and don't corrupt kernel memory).
# They need a more comprehensive support. But let at least open them for now,
# maybe fuzzer will be able to skrew them in a useful way.
-syz_open_dev$floppy(dev strconst["/dev/fd#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$pktcdvd(dev strconst["/dev/pktcdvd/control"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$lightnvm(dev strconst["/dev/lightnvm/control"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$vcs(dev strconst["/dev/vcs"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$vcsn(dev strconst["/dev/vcs#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$vcsa(dev strconst["/dev/vcsa#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$vga_arbiter(dev strconst["/dev/vga_arbiter"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$vhci(dev strconst["/dev/vhci"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$userio(dev strconst["/dev/userio"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$rtc(dev strconst["/dev/rtc"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$rfkill(dev strconst["/dev/rfkill"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$qat_adf_ctl(dev strconst["/dev/qat_adf_ctl"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$ppp(dev strconst["/dev/ppp"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$mixer(dev strconst["/dev/mixer"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$irnet(dev strconst["/dev/irnet"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$hwrng(dev strconst["/dev/hwrng"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$hpet(dev strconst["/dev/hpet"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$hidraw0(dev strconst["/dev/hidraw0"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$fb0(dev strconst["/dev/fb0"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$cuse(dev strconst["/dev/cuse"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$console(dev strconst["/dev/console"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$capi20(dev strconst["/dev/capi20"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$autofs(dev strconst["/dev/autofs"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$binder(dev strconst["/dev/binder"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$ion(dev strconst["/dev/ion"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$keychord(dev strconst["/dev/keychord"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$zygote(dev strconst["/dev/socket/zygote"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$sw_sync(dev strconst["/dev/sw_sync"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$sr(dev strconst["/dev/sr0"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$sequencer(dev strconst["/dev/sequencer"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$sequencer2(dev strconst["/dev/sequencer2"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$dsp(dev strconst["/dev/dsp"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$audio(dev strconst["/dev/audio"], id const[0], flags flags[open_flags]) fd
-syz_open_dev$usbmon(dev strconst["/dev/usbmon#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$sg(dev strconst["/dev/sg#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$midi(dev strconst["/dev/midi#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$loop(dev strconst["/dev/loop#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$ircomm(dev strconst["/dev/ircomm#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$dspn(dev strconst["/dev/dsp#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$dmmidi(dev strconst["/dev/dmmidi#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$admmidi(dev strconst["/dev/admmidi#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$adsp(dev strconst["/dev/adsp#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$amidi(dev strconst["/dev/amidi#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$audion(dev strconst["/dev/audio#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$usb(dev strconst["/dev/bus/usb/00#/00#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$sndhw(dev strconst["/dev/snd/hwC#D#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$sndmidi(dev strconst["/dev/snd/midiC#D#"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$sndpcmc(dev strconst["/dev/snd/pcmC#D#c"], id intptr, flags flags[open_flags]) fd
-syz_open_dev$sndpcmp(dev strconst["/dev/snd/pcmC#D#p"], id intptr, flags flags[open_flags]) fd
+syz_open_dev$floppy(dev ptr[in, string["/dev/fd#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$pktcdvd(dev ptr[in, string["/dev/pktcdvd/control"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$lightnvm(dev ptr[in, string["/dev/lightnvm/control"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$vcs(dev ptr[in, string["/dev/vcs"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$vcsn(dev ptr[in, string["/dev/vcs#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$vcsa(dev ptr[in, string["/dev/vcsa#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$vga_arbiter(dev ptr[in, string["/dev/vga_arbiter"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$vhci(dev ptr[in, string["/dev/vhci"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$userio(dev ptr[in, string["/dev/userio"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$rtc(dev ptr[in, string["/dev/rtc"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$rfkill(dev ptr[in, string["/dev/rfkill"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$qat_adf_ctl(dev ptr[in, string["/dev/qat_adf_ctl"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$ppp(dev ptr[in, string["/dev/ppp"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$mixer(dev ptr[in, string["/dev/mixer"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$irnet(dev ptr[in, string["/dev/irnet"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$hwrng(dev ptr[in, string["/dev/hwrng"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$hpet(dev ptr[in, string["/dev/hpet"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$hidraw0(dev ptr[in, string["/dev/hidraw0"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$fb0(dev ptr[in, string["/dev/fb0"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$cuse(dev ptr[in, string["/dev/cuse"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$console(dev ptr[in, string["/dev/console"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$capi20(dev ptr[in, string["/dev/capi20"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$autofs(dev ptr[in, string["/dev/autofs"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$binder(dev ptr[in, string["/dev/binder"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$ion(dev ptr[in, string["/dev/ion"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$keychord(dev ptr[in, string["/dev/keychord"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$zygote(dev ptr[in, string["/dev/socket/zygote"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$sw_sync(dev ptr[in, string["/dev/sw_sync"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$sr(dev ptr[in, string["/dev/sr0"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$sequencer(dev ptr[in, string["/dev/sequencer"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$sequencer2(dev ptr[in, string["/dev/sequencer2"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$dsp(dev ptr[in, string["/dev/dsp"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$audio(dev ptr[in, string["/dev/audio"]], id const[0], flags flags[open_flags]) fd
+syz_open_dev$usbmon(dev ptr[in, string["/dev/usbmon#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$sg(dev ptr[in, string["/dev/sg#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$midi(dev ptr[in, string["/dev/midi#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$loop(dev ptr[in, string["/dev/loop#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$ircomm(dev ptr[in, string["/dev/ircomm#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$dspn(dev ptr[in, string["/dev/dsp#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$dmmidi(dev ptr[in, string["/dev/dmmidi#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$admmidi(dev ptr[in, string["/dev/admmidi#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$adsp(dev ptr[in, string["/dev/adsp#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$amidi(dev ptr[in, string["/dev/amidi#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$audion(dev ptr[in, string["/dev/audio#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$usb(dev ptr[in, string["/dev/bus/usb/00#/00#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$sndhw(dev ptr[in, string["/dev/snd/hwC#D#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$sndmidi(dev ptr[in, string["/dev/snd/midiC#D#"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$sndpcmc(dev ptr[in, string["/dev/snd/pcmC#D#c"]], id intptr, flags flags[open_flags]) fd
+syz_open_dev$sndpcmp(dev ptr[in, string["/dev/snd/pcmC#D#p"]], id intptr, flags flags[open_flags]) fd
@@ -1167,9 +1169,6 @@ ioprio_which_uid = IOPRIO_WHO_USER
setxattr_flags = XATTR_CREATE, XATTR_REPLACE
ns_type = 0, CLONE_NEWIPC, CLONE_NEWNET, CLONE_NEWUTS
personality_flags = PER_LINUX, PER_SVR4, PER_SVR3, PER_OSR5, PER_WYSEV386, PER_ISCR4, PER_BSD, PER_XENIX, PER_LINUX32, PER_IRIX32, PER_IRIXN32, PER_IRIX64, PER_RISCOS, PER_SOLARIS, PER_UW7, PER_OSF4, PER_HPUX, ADDR_NO_RANDOMIZE, MMAP_PAGE_ZERO, ADDR_COMPAT_LAYOUT, READ_IMPLIES_EXEC, ADDR_LIMIT_32BIT, SHORT_INODE, WHOLE_SECONDS, STICKY_TIMEOUTS, ADDR_LIMIT_3GB
-sysfs_opt1 = 1
-sysfs_opt2 = 2
-sysfs_opt3 = 3
clock_id = CLOCK_REALTIME, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC, CLOCK_MONOTONIC_COARSE, CLOCK_MONOTONIC_RAW, CLOCK_BOOTTIME, CLOCK_PROCESS_CPUTIME_ID, CLOCK_THREAD_CPUTIME_ID
sigprocmask_how = SIG_BLOCK, SIG_UNBLOCK, SIG_SETMASK
getitimer_which = ITIMER_REAL, ITIMER_VIRTUAL, ITIMER_PROF
diff --git a/sys/tlk_device.txt b/sys/tlk_device.txt
index 7535d16f7..1d5bd8229 100644
--- a/sys/tlk_device.txt
+++ b/sys/tlk_device.txt
@@ -12,7 +12,7 @@ include <security/tlk_driver/ote_protocol.h>
resource fd_tlk[fd]
resource te_session_id[int32]
-syz_open_dev$tlk_device(dev strconst["/dev/tlk_device"], id const[0], flags flags[open_flags]) fd_tlk
+syz_open_dev$tlk_device(dev ptr[in, string["/dev/tlk_device"]], id const[0], flags flags[open_flags]) fd_tlk
ioctl$TE_IOCTL_OPEN_CLIENT_SESSION(fd fd_tlk, cmd const[TE_IOCTL_OPEN_CLIENT_SESSION], arg ptr[inout, te_opensession])
ioctl$TE_IOCTL_CLOSE_CLIENT_SESSION(fd fd_tlk, cmd const[TE_IOCTL_CLOSE_CLIENT_SESSION], arg ptr[inout, te_closesession])
diff --git a/sys/tty.txt b/sys/tty.txt
index 67b11b754..e9717806c 100644
--- a/sys/tty.txt
+++ b/sys/tty.txt
@@ -8,7 +8,7 @@ include <uapi/linux/fcntl.h>
resource fd_tty[fd]
-openat$ptmx(fd const[AT_FDCWD], file strconst["/dev/ptmx"], flags flags[open_flags], mode const[0]) fd_tty
+openat$ptmx(fd const[AT_FDCWD], file ptr[in, string["/dev/ptmx"]], flags flags[open_flags], mode const[0]) fd_tty
syz_open_pts(fd fd_tty, flags flags[open_flags]) fd_tty
ioctl$TCGETS(fd fd_tty, cmd const[TCGETS], arg ptr[out, termios])
ioctl$TCSETS(fd fd_tty, cmd const[TCSETS], arg ptr[in, termios])
diff --git a/sys/tun.txt b/sys/tun.txt
index 04e640786..a730ed86a 100755
--- a/sys/tun.txt
+++ b/sys/tun.txt
@@ -6,7 +6,7 @@ include <linux/virtio_net.h>
resource fd_tun[fd]
-syz_open_dev$tun(dev strconst["/dev/net/tun"], id const[0], flags flags[open_flags]) fd_tun
+syz_open_dev$tun(dev ptr[in, string["/dev/net/tun"]], id const[0], flags flags[open_flags]) fd_tun
write$tun(fd fd_tun, buf ptr[in, tun_buffer], count len[buf])
ioctl$TUNGETFEATURES(fd fd_tun, cmd const[TUNGETFEATURES], arg ptr[out, int32])
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 00:16:48 +0000