aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CONTRIBUTORS1
-rw-r--r--sys/linux/dev_msm.txt159
-rw-r--r--sys/linux/dev_msm.txt.const62
3 files changed, 222 insertions, 0 deletions
diff --git a/CONTRIBUTORS b/CONTRIBUTORS
index f94409fb8..fba777139 100644
--- a/CONTRIBUTORS
+++ b/CONTRIBUTORS
@@ -31,6 +31,7 @@ Google Inc.
Aleksandr Nogikh
Dean Deng
Pi-Hsun Shih
+ Stephen Boyd
Baozeng Ding
Lorenzo Stoakes
Jeremy Huang
diff --git a/sys/linux/dev_msm.txt b/sys/linux/dev_msm.txt
new file mode 100644
index 000000000..7c94b95ff
--- /dev/null
+++ b/sys/linux/dev_msm.txt
@@ -0,0 +1,159 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/drm/msm_drm.h for upstream definitions
+
+include <drm/msm_drm.h>
+
+resource fd_msm[fd]
+
+# This either comes from a MSM_GEM_SUBMIT ioctl described below or from a kms
+# ioctl creating an OUT_FENCE_PTR (see drivers/gpu/drm/drm_atomic_uapi.c and
+# https://www.kernel.org/doc/html/latest/gpu/drm-kms.html for more details)
+# Once fences are described this should be updated to an fd_drm_fence.
+
+resource fd_msm_fence[fd]
+
+openat$msm(fd const[AT_FDCWD], file ptr[in, string["/dev/msm"]], flags flags[open_flags], mode const[0]) fd_msm
+
+ioctl$DRM_IOCTL_MSM_GET_PARAM(fd fd_msm, cmd const[DRM_IOCTL_MSM_GET_PARAM], arg ptr[inout, drm_msm_param])
+ioctl$DRM_IOCTL_MSM_GEM_NEW(fd fd_msm, cmd const[DRM_IOCTL_MSM_GEM_NEW], arg ptr[inout, drm_msm_gem_new])
+ioctl$DRM_IOCTL_MSM_GEM_INFO(fd fd_msm, cmd const[DRM_IOCTL_MSM_GEM_INFO], arg ptr[inout, drm_msm_gem_info])
+ioctl$DRM_IOCTL_MSM_GEM_CPU_PREP(fd fd_msm, cmd const[DRM_IOCTL_MSM_GEM_CPU_PREP], arg ptr[in, drm_msm_gem_cpu_prep])
+ioctl$DRM_IOCTL_MSM_GEM_CPU_FINI(fd fd_msm, cmd const[DRM_IOCTL_MSM_GEM_CPU_FINI], arg ptr[in, drm_msm_gem_cpu_fini])
+ioctl$DRM_IOCTL_MSM_GEM_SUBMIT(fd fd_msm, cmd const[DRM_IOCTL_MSM_GEM_SUBMIT], arg ptr[inout, drm_msm_gem_submit])
+ioctl$DRM_IOCTL_MSM_WAIT_FENCE(fd fd_msm, cmd const[DRM_IOCTL_MSM_WAIT_FENCE], arg ptr[in, drm_msm_wait_fence])
+ioctl$DRM_IOCTL_MSM_GEM_MADVISE(fd fd_msm, cmd const[DRM_IOCTL_MSM_GEM_MADVISE], arg ptr[inout, drm_msm_gem_madvise])
+ioctl$DRM_IOCTL_MSM_SUBMITQUEUE_NEW(fd fd_msm, cmd const[DRM_IOCTL_MSM_SUBMITQUEUE_NEW], arg ptr[inout, drm_msm_submitqueue])
+ioctl$DRM_IOCTL_MSM_SUBMITQUEUE_CLOSE(fd fd_msm, cmd const[DRM_IOCTL_MSM_SUBMITQUEUE_CLOSE], arg ptr[in, int32])
+ioctl$DRM_IOCTL_MSM_SUBMITQUEUE_QUERY(fd fd_msm, cmd const[DRM_IOCTL_MSM_SUBMITQUEUE_QUERY], arg ptr[inout, drm_msm_submitqueue_query])
+
+mmap$DRM_MSM(addr vma, len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd_msm, offset fileoff)
+_ = __NR_mmap2
+
+# This should be a resource for drm_syncobjs created by ioctls in
+# include/uapi/drm/drm.h, described in sys/linux/dev_dri.txt, but we need to
+# describe those ioctls first. Rename this to drm_syncobj then
+type drm_syncobj_handle int32
+
+drm_msm_gem_new {
+ size int64
+ flags flags[msm_gem_new_flags, int32]
+ handle drm_gem_handle
+}
+
+drm_msm_gem_info {
+ handle drm_gem_handle
+ info flags[msm_gem_info_flags, int32]
+ value int64
+ len len[value, int32]
+ pad const[0, int32]
+}
+
+drm_msm_param {
+ pipe flags[msm_pipe_flags, int32]
+ param flags[msm_param_flags, int32]
+ value int64
+}
+
+drm_msm_timespec {
+ tv_sec int64
+ tv_nsec int64
+}
+
+drm_msm_gem_cpu_prep {
+ handle drm_gem_handle
+ op flags[msm_gem_cpu_prep_flags, int32]
+ timeout drm_msm_timespec (in)
+}
+
+drm_msm_gem_cpu_fini {
+ handle drm_gem_handle
+}
+
+drm_msm_gem_submit_reloc {
+ submit_offset int32
+ or int32
+ shift int32
+ reloc_idx int32
+ reloc_offset int64
+}
+
+drm_msm_gem_submit_cmd {
+ type flags[msm_gem_submit_cmd_flags, int32]
+ submit_idx int32
+ submit_offset int32
+ size int32
+ pad const[0, int32]
+ nr_relocs len[relocs, int32]
+ relocs ptr64[in, array[drm_msm_gem_submit_reloc]]
+}
+
+drm_msm_gem_submit_bo {
+ flags flags[msm_gem_submit_bo_flags, int32]
+ handle drm_gem_handle
+ presumed int64
+}
+
+drm_msm_gem_submit_syncobj {
+ handle drm_syncobj_handle
+ flags flags[msm_gem_submit_syncobj_flags, int32]
+ point int64
+}
+
+drm_msm_gem_submit {
+ flags flags[msm_gem_submit_flags, int32]
+ fence int32
+ nr_bos len[bos, int32]
+ nr_cmds len[cmds, int32]
+ bos ptr64[in, array[drm_msm_gem_submit_bo]]
+ cmds ptr64[in, array[drm_msm_gem_submit_cmd]]
+ fence_fd fd_msm_fence[opt]
+ queueid int32
+ in_syncobjs ptr64[in, array[drm_msm_gem_submit_syncobj]]
+ out_syncobjs ptr64[in, array[drm_msm_gem_submit_syncobj]]
+ nr_in_syncobjs len[in_syncobjs, int32]
+ nr_out_syncobjs len[out_syncobjs, int32]
+ syncobj_stride int32
+ pad const[0, int32]
+}
+
+drm_msm_wait_fence {
+ fence int32
+ pad const[0, int32]
+ timeout drm_msm_timespec (in)
+ queueid int32
+}
+
+drm_msm_gem_madvise {
+ handle drm_gem_handle
+ madv flags[msm_gem_madvise_flags, int32]
+ retained int32
+}
+
+drm_msm_submitqueue {
+ flags flags[msm_submitqueue_flags, int32]
+ prio int32
+ id int32
+}
+
+drm_msm_submitqueue_query {
+ data int64
+ id int32
+ param flags[msm_submitqueue_query_flags, int32]
+ len int32
+ pad const[0, int32]
+}
+
+msm_gem_new_flags = MSM_BO_SCANOUT, MSM_BO_GPU_READONLY, MSM_BO_CACHE_MASK, MSM_BO_CACHED, MSM_BO_WC, MSM_BO_UNCACHED
+msm_gem_info_flags = MSM_INFO_GET_OFFSET, MSM_INFO_GET_IOVA, MSM_INFO_SET_NAME, MSM_INFO_GET_NAME
+msm_param_flags = MSM_PARAM_GPU_ID, MSM_PARAM_GMEM_SIZE, MSM_PARAM_CHIP_ID, MSM_PARAM_MAX_FREQ, MSM_PARAM_TIMESTAMP, MSM_PARAM_GMEM_BASE, MSM_PARAM_NR_RINGS, MSM_PARAM_PP_PGTABLE, MSM_PARAM_FAULTS
+msm_gem_cpu_prep_flags = MSM_PREP_READ, MSM_PREP_WRITE, MSM_PREP_NOSYNC
+msm_pipe_flags = MSM_PIPE_NONE, MSM_PIPE_2D0, MSM_PIPE_2D1, MSM_PIPE_3D0
+msm_gem_submit_flags = MSM_PIPE_NONE, MSM_PIPE_2D0, MSM_PIPE_2D1, MSM_PIPE_3D0, MSM_SUBMIT_NO_IMPLICIT, MSM_SUBMIT_FENCE_FD_IN, MSM_SUBMIT_FENCE_FD_OUT, MSM_SUBMIT_SUDO, MSM_SUBMIT_SYNCOBJ_IN, MSM_SUBMIT_SYNCOBJ_OUT
+msm_gem_submit_bo_flags = MSM_SUBMIT_BO_READ, MSM_SUBMIT_BO_WRITE, MSM_SUBMIT_BO_DUMP
+msm_gem_submit_syncobj_flags = MSM_SUBMIT_SYNCOBJ_RESET
+msm_gem_submit_cmd_flags = MSM_SUBMIT_CMD_BUF, MSM_SUBMIT_CMD_IB_TARGET_BUF, MSM_SUBMIT_CMD_CTX_RESTORE_BUF
+msm_gem_madvise_flags = MSM_MADV_WILLNEED, MSM_MADV_DONTNEED, __MSM_MADV_PURGED
+msm_submitqueue_flags = MSM_SUBMITQUEUE_FLAGS
+msm_submitqueue_query_flags = MSM_SUBMITQUEUE_PARAM_FAULTS
diff --git a/sys/linux/dev_msm.txt.const b/sys/linux/dev_msm.txt.const
new file mode 100644
index 000000000..bc9e4e3cc
--- /dev/null
+++ b/sys/linux/dev_msm.txt.const
@@ -0,0 +1,62 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x
+AT_FDCWD = ???
+DRM_IOCTL_MSM_GEM_CPU_FINI = 1074029637, mips64le:ppc64le:2147771461
+DRM_IOCTL_MSM_GEM_CPU_PREP = 1075340356, mips64le:ppc64le:2149082180
+DRM_IOCTL_MSM_GEM_INFO = 3222824003
+DRM_IOCTL_MSM_GEM_MADVISE = 3222037576
+DRM_IOCTL_MSM_GEM_NEW = 3222299714
+DRM_IOCTL_MSM_GEM_SUBMIT = 3225969734
+DRM_IOCTL_MSM_GET_PARAM = 3222299712
+DRM_IOCTL_MSM_SUBMITQUEUE_CLOSE = 1074029643, mips64le:ppc64le:2147771467
+DRM_IOCTL_MSM_SUBMITQUEUE_NEW = 3222037578
+DRM_IOCTL_MSM_SUBMITQUEUE_QUERY = 1075340364, mips64le:ppc64le:2149082188
+DRM_IOCTL_MSM_WAIT_FENCE = 1075864647, 386:1075602503, mips64le:ppc64le:2149606471
+MSM_BO_CACHED = 65536
+MSM_BO_CACHE_MASK = 983040
+MSM_BO_GPU_READONLY = 2
+MSM_BO_SCANOUT = 1
+MSM_BO_UNCACHED = 262144
+MSM_BO_WC = 131072
+MSM_INFO_GET_IOVA = 1
+MSM_INFO_GET_NAME = 3
+MSM_INFO_GET_OFFSET = 0
+MSM_INFO_SET_NAME = 2
+MSM_MADV_DONTNEED = 1
+MSM_MADV_WILLNEED = 0
+MSM_PARAM_CHIP_ID = 3
+MSM_PARAM_FAULTS = 9
+MSM_PARAM_GMEM_BASE = 6
+MSM_PARAM_GMEM_SIZE = 2
+MSM_PARAM_GPU_ID = 1
+MSM_PARAM_MAX_FREQ = 4
+MSM_PARAM_NR_RINGS = 7
+MSM_PARAM_PP_PGTABLE = 8
+MSM_PARAM_TIMESTAMP = 5
+MSM_PIPE_2D0 = 1
+MSM_PIPE_2D1 = 2
+MSM_PIPE_3D0 = 16
+MSM_PIPE_NONE = 0
+MSM_PREP_NOSYNC = 4
+MSM_PREP_READ = 1
+MSM_PREP_WRITE = 2
+MSM_SUBMITQUEUE_FLAGS = 0
+MSM_SUBMITQUEUE_PARAM_FAULTS = 0
+MSM_SUBMIT_BO_DUMP = 4
+MSM_SUBMIT_BO_READ = 1
+MSM_SUBMIT_BO_WRITE = 2
+MSM_SUBMIT_CMD_BUF = 1
+MSM_SUBMIT_CMD_CTX_RESTORE_BUF = 3
+MSM_SUBMIT_CMD_IB_TARGET_BUF = 2
+MSM_SUBMIT_FENCE_FD_IN = 1073741824
+MSM_SUBMIT_FENCE_FD_OUT = 536870912
+MSM_SUBMIT_NO_IMPLICIT = 2147483648
+MSM_SUBMIT_SUDO = 268435456
+MSM_SUBMIT_SYNCOBJ_IN = 134217728
+MSM_SUBMIT_SYNCOBJ_OUT = 67108864
+MSM_SUBMIT_SYNCOBJ_RESET = 1
+__MSM_MADV_PURGED = 2
+__NR_ioctl = 54, amd64:16, arm64:riscv64:29, mips64le:5015
+__NR_mmap = 90, 386:arm:192, amd64:9, arm64:riscv64:222, mips64le:5009
+__NR_mmap2 = 192, amd64:arm64:mips64le:ppc64le:riscv64:s390x:???
+__NR_openat = 56, 386:295, amd64:257, arm:322, mips64le:5247, ppc64le:286, s390x:288
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 17:55:45 +0000