From 9f528bbcc8a3d94c9be27a0eecc12022d4b3bfaa Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Fri, 1 Feb 2019 01:08:17 +0100 Subject: sys/linux: rename dev descriptions files Prefix file names of descriptions of /dev/* files with dev_. And give some of them more appropriate names. --- sys/linux/dev_floppy.txt | 175 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 sys/linux/dev_floppy.txt (limited to 'sys/linux/dev_floppy.txt') diff --git a/sys/linux/dev_floppy.txt b/sys/linux/dev_floppy.txt new file mode 100644 index 000000000..2af0fb386 --- /dev/null +++ b/sys/linux/dev_floppy.txt @@ -0,0 +1,175 @@ +# Copyright 2018 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +# Proper fuzzing of floppy device requires: +# 1) CONFIG_BLK_DEV_FD in your kernel configuration +# 2) "cmdline": " -fda FLOPPY.img " in syzkaller configuration + +include + +resource fd_floppy[fd] + +syz_open_dev$floppy(dev ptr[in, string["/dev/fd#"]], id intptr, flags flags[open_flags]) fd_floppy + +ioctl$FLOPPY_FDEJECT(fd fd_floppy, cmd const[FDEJECT]) +ioctl$FLOPPY_FDCLRPRM(fd fd_floppy, cmd const[FDCLRPRM]) +ioctl$FLOPPY_FDSETPRM(fd fd_floppy, cmd const[FDSETPRM], arg ptr[in, floppy_struct]) +ioctl$FLOPPY_FDDEFPRM(fd fd_floppy, cmd const[FDDEFPRM], arg ptr[in, floppy_struct]) +ioctl$FLOPPY_FDGETPRM(fd fd_floppy, cmd const[FDDEFPRM], arg ptr[out, floppy_struct]) +ioctl$FLOPPY_FDMSGON(fd fd_floppy, cmd const[FDMSGON]) +ioctl$FLOPPY_FDMSGOFF(fd fd_floppy, cmd const[FDMSGOFF]) +ioctl$FLOPPY_FDFMTBEG(fd fd_floppy, cmd const[FDFMTBEG]) +ioctl$FLOPPY_FDFMTTRK(fd fd_floppy, cmd const[FDFMTTRK], arg ptr[in, format_descr]) +ioctl$FLOPPY_FDFMTEND(fd fd_floppy, cmd const[FDFMTEND]) +ioctl$FLOPPY_FDFLUSH(fd fd_floppy, cmd const[FDFLUSH]) +ioctl$FLOPPY_FDSETEMSGTRESH(fd fd_floppy, cmd const[FDSETEMSGTRESH], arg intptr[0:0xf]) +ioctl$FLOPPY_FDGETMAXERRS(fd fd_floppy, cmd const[FDGETMAXERRS], arg ptr[out, floppy_max_errors]) +ioctl$FLOPPY_FDSETMAXERRS(fd fd_floppy, cmd const[FDSETMAXERRS], arg ptr[in, floppy_max_errors]) +ioctl$FLOPPY_FDGETDRVTYP(fd fd_floppy, cmd const[FDGETDRVTYP], arg ptr[out, floppy_drive_name]) +ioctl$FLOPPY_FDSETDRVPRM(fd fd_floppy, cmd const[FDSETDRVPRM], arg ptr[in, floppy_drive_params]) +ioctl$FLOPPY_FDGETDRVPRM(fd fd_floppy, cmd const[FDGETDRVPRM], arg ptr[out, floppy_drive_params]) +ioctl$FLOPPY_FDPOLLDRVSTAT(fd fd_floppy, cmd const[FDPOLLDRVSTAT], arg ptr[out, floppy_drive_struct]) +ioctl$FLOPPY_FDGETDRVSTAT(fd fd_floppy, cmd const[FDGETDRVSTAT], arg ptr[out, floppy_drive_struct]) +ioctl$FLOPPY_FDRESET(fd fd_floppy, cmd const[FDRESET], arg flags[floppy_reset_mode]) +ioctl$FLOPPY_FDGETFDCSTAT(fd fd_floppy, cmd const[FDGETFDCSTAT], arg ptr[out, floppy_fdc_state]) +ioctl$FLOPPY_FDWERRORCLR(fd fd_floppy, cmd const[FDWERRORCLR]) +ioctl$FLOPPY_FDWERRORGET(fd fd_floppy, cmd const[FDWERRORGET], arg ptr[out, floppy_write_errors]) +ioctl$FLOPPY_FDRAWCMD(fd fd_floppy, cmd const[FDRAWCMD], arg ptr[inout, floppy_raw_cmd]) +ioctl$FLOPPY_FDTWADDLE(fd fd_floppy, cmd const[FDTWADDLE]) + +floppy_struct { + size int32 + sect int32 + head int32 + track int32 + stretch int32 + + gap int8 + rate int8 + spec1 int8 + fmt_gap int8 + + name ptr[inout, string] +} + +format_descr { + device int32 + head int32 + track int32 +} + +floppy_max_errors { + abort int32 + read_track int32 + reset int32 + recal int32 + reporting int32 +} + +type floppy_drive_name array[int8, 16] + +floppy_drive_params { + cmos int8 + max_dtr intptr + hlt intptr + hut intptr + srt intptr + spinup intptr + spindown intptr + spindown_offset int8 + select_delay int8 + rps int8 + tracks int8 + timeout intptr + intreleave_sect int8 + max_errors floppy_max_errors + flags flags[floppy_drive_params_flags, int8] + read_track int8 + autodetect array[int16, 8] + checkfreq int32 + native_format int32 +} + +floppy_drive_struct { + flags flags[floppy_drive_struct_flags, intptr] + spinup_date intptr + select_date intptr + first_read_date intptr + + probed_format int16 + track int16 + maxblock int16 + maxtrack int16 + + generation int32 + keep_data int32 + fd_ref int32 + fd_device int32 + + last_checked intptr + + dmabuf ptr[out, int8] + bufblocks len[dmabuf, int32] +} + +floppy_fdc_state { + spec1 int32 + spec2 int32 + dtr int32 + + version int8 + dor int8 + address intptr + rawcmd int32:2 + reset int32:1 + need_configure int32:1 + perp_mode int32:2 + has_fifo int32:1 + driver_version int32 + + track array[int8, 4] +} + +floppy_write_errors { + write_errors int32 + + first_error_sector intptr + first_error_generation int32 + last_error_sector intptr + lsat_error_generation int32 + + badness int32 +} + +floppy_raw_cmd { + flags flags[floppy_raw_cmd_flags, int32] + + data buffer[inout] +# kernel only. zerroed after copy_from_user. Maybe need to use const[0, intptr] + kernel_data ptr[in, int8] + next const[0, intptr] + + length len[data, intptr] +# output value + phys_length const[0, intptr] +# output value. kernel only + buffer_length const[0, int32] + + rate int8 + cmd_count int8 + cmd array[int8, 16] +# output + reply_count const[0, int8] + reply array[const[0, int8], 16] + track int32 +# output + resultcode const[0, int32] + + reserved1 const[0, int32] + reserved2 const[0, int32] +} + +floppy_reset_mode = FD_RESET_IF_NEEDED, FD_RESET_IF_RAWCMD, FD_RESET_ALWAYS +floppy_drive_struct_flags = FD_NEED_TWADDLE_BIT, FD_VERIFY_BIT, FD_DISK_NEWCHANGE_BIT, FD_UNUSED_BIT, FD_DISK_CHANGED_BIT, FD_DISK_WRITABLE_BIT, FD_OPEN_SHOULD_FAIL_BIT +floppy_drive_params_flags = FTD_MSG, FD_BROKEN_DCL, FD_DEBUG, FD_SILENT_DCL_CLEAR, FD_INVERTED_DCL +floppy_raw_cmd_flags = FD_RAW_READ, FD_RAW_WRITE, FD_RAW_NO_MOTOR, FD_RAW_DISK_CHANGE, FD_RAW_INTR, FD_RAW_SPIN, FD_RAW_NO_MOTOR_AFTER, FD_RAW_NEED_DISK, FD_RAW_NEED_SEEK, FD_RAW_MORE, FD_RAW_STOP_IF_FAILURE, FD_RAW_STOP_IF_SUCCESS, FD_RAW_SOFTFAILURE, FD_RAW_FAILURE, FD_RAW_HARDFAILURE -- cgit mrf-deployment