From cf8b8b8b8e8f09b27400e9142344371d01f5e423 Mon Sep 17 00:00:00 2001 From: fellair Date: Wed, 2 Jul 2025 19:58:36 +0300 Subject: sys/linux: add descriptions for COMEDI devices Currently, only usb COMEDI drivers are covered thanks to external usb fuzzing approach. However, that still leaves /dev/comedi# devices untested, thus this change. There are 2 ways to make kernel spawn comedi devices. First, it seems that one is created once driver identifies available hardware. Second, provided a kernel paramater comedi.comedi_num_legacy_minors=N is set, the same number of manually configurable devices are created, allowing for configuration using one of the IOCTLs. Both scenarios do not allow for particularly deep fuzzing as lack of necessary hardware will inevitably stop any exploration short. Still, it is a start. What is added: - Descriptions for all COMEDI-related IOCTLs and structures. Some arbitrary limits were set on array and list sizes, otherwise numerous, overly greedy kmallocs slow down fuzzing with constant warnings. - List COMEDI devices to open. A hardcoded list of device names is the best we can do at this point. First few devs are for manual configuration (see comedi_num_legacy_minors=N), others - for dynamic ones (N+1, N+2 etc). - List manually configurable drivers. COMEDI_DEVCONFIG ioctl takes a driver name from a list of those that supposedly can be set up that way. No reason to try others. Tested on a local x86_64 syzkaller instance with enabled_syscalls[]. --- sys/linux/dev_comedi.txt.const | 103 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 sys/linux/dev_comedi.txt.const (limited to 'sys/linux/dev_comedi.txt.const') diff --git a/sys/linux/dev_comedi.txt.const b/sys/linux/dev_comedi.txt.const new file mode 100644 index 000000000..bf1047455 --- /dev/null +++ b/sys/linux/dev_comedi.txt.const @@ -0,0 +1,103 @@ +# Code generated by syz-sysgen. DO NOT EDIT. +arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x +AT_FDCWD = 18446744073709551516 +CMDF_BOGUS = 1 +CMDF_PRIORITY = 8 +CMDF_RAWDATA = 128 +CMDF_ROUND_DOWN = 65536 +CMDF_ROUND_MASK = 196608 +CMDF_ROUND_NEAREST = 0 +CMDF_ROUND_UP = 131072 +CMDF_ROUND_UP_NEXT = 196608 +CMDF_WAKE_EOS = 32 +CMDF_WRITE = 64 +COMEDI_BUFCONFIG = 2149606413, mips64le:ppc64le:1075864589 +COMEDI_BUFINFO = 3224134670 +COMEDI_CANCEL = 25607, mips64le:ppc64le:536896519 +COMEDI_CHANINFO = 2150654979, 386:arm:2149606403, mips64le:ppc64le:1076913155 +COMEDI_CHANINFO_MAX_LIST_SIZE = 65536 +COMEDI_CMD = 2152752137, 386:arm:2151703561, mips64le:ppc64le:1079010313 +COMEDI_CMDTEST = 2152752138, 386:arm:2151703562, mips64le:ppc64le:1079010314 +COMEDI_DEVCONFIG = 1083466752, mips64le:ppc64le:2157208576 +COMEDI_DEVINFO = 2159043585, mips64le:ppc64le:1085301761 +COMEDI_INSN = 2150130700, 386:arm:2149606412, mips64le:ppc64le:1076388876 +COMEDI_INSNLIST = 2148557835, 386:arm:2148033547, mips64le:ppc64le:1074816011 +COMEDI_INSNLIST_SIZE = 16 +COMEDI_INSN_MAX_DATA_SIZE = 65537 +COMEDI_INSN_MIN_DATA_SIZE = 15 +COMEDI_LOCK = 25605, mips64le:ppc64le:536896517 +COMEDI_NAMELEN = 20 +COMEDI_NDEVCONFOPTS = 32 +COMEDI_POLL = 25615, mips64le:ppc64le:536896527 +COMEDI_RANGEINFO = 2148557832, 386:arm:2148033544, mips64le:ppc64le:1074816008 +COMEDI_SETRSUBD = 25616, mips64le:ppc64le:536896528 +COMEDI_SETWSUBD = 25617, mips64le:ppc64le:536896529 +COMEDI_SUBDINFO = 2152227842, mips64le:ppc64le:1078486018 +COMEDI_SUBD_AI = 1 +COMEDI_SUBD_AO = 2 +COMEDI_SUBD_CALIB = 9 +COMEDI_SUBD_COUNTER = 6 +COMEDI_SUBD_DI = 3 +COMEDI_SUBD_DIO = 5 +COMEDI_SUBD_DO = 4 +COMEDI_SUBD_MEMORY = 8 +COMEDI_SUBD_PROC = 10 +COMEDI_SUBD_PWM = 12 +COMEDI_SUBD_SERIAL = 11 +COMEDI_SUBD_TIMER = 7 +COMEDI_SUBD_UNUSED = 0 +COMEDI_SUPPORTED = 1 +COMEDI_UNKNOWN_SUPPORT = 0 +COMEDI_UNLOCK = 25606, mips64le:ppc64le:536896518 +COMEDI_UNSUPPORTED = 2 +INSN_BITS = 201326594 +INSN_CONFIG = 201326595 +INSN_DEVICE_CONFIG = 234881027 +INSN_GTOD = 100663300 +INSN_INTTRIG = 167772166 +INSN_MASK_READ = 67108864 +INSN_MASK_SPECIAL = 33554432 +INSN_MASK_WRITE = 134217728 +INSN_READ = 67108864 +INSN_WAIT = 167772165 +INSN_WRITE = 134217729 +RF_EXTERNAL = 256 +SDF_BUSY = 1 +SDF_BUSY_OWNER = 2 +SDF_CMD = 4096 +SDF_CMD_READ = 32768 +SDF_CMD_WRITE = 16384 +SDF_COMMON = 2097152 +SDF_DEGLITCH = 33554432 +SDF_DIFF = 4194304 +SDF_DITHER = 16777216 +SDF_FLAGS = 32 +SDF_GROUND = 1048576 +SDF_INTERNAL = 262144 +SDF_LOCKED = 4 +SDF_LOCK_OWNER = 8 +SDF_LSAMPL = 268435456 +SDF_MAXDATA = 16 +SDF_MMAP = 67108864 +SDF_OTHER = 8388608 +SDF_PACKED = 536870912 +SDF_PWM_COUNTER = 128 +SDF_PWM_HBRIDGE = 256 +SDF_RANGETYPE = 64 +SDF_READABLE = 65536 +SDF_RUNNING = 134217728 +SDF_SOFT_CALIBRATED = 8192 +SDF_WRITABLE = 131072 +SDF_WRITEABLE = 131072 +TRIG_ANY = 4294967295 +TRIG_COUNT = 32 +TRIG_EXT = 64 +TRIG_FOLLOW = 4 +TRIG_INT = 128 +TRIG_INVALID = 0 +TRIG_NONE = 1 +TRIG_NOW = 2 +TRIG_OTHER = 256 +TRIG_TIMER = 16 +__NR_ioctl = 54, amd64:16, arm64:riscv64:29, mips64le:5015 +__NR_openat = 56, 386:295, amd64:257, arm:322, mips64le:5247, ppc64le:286, s390x:288 -- cgit mrf-deployment