From 76ad128ce0cb38f6fb253e8afcc22a3205a506ca Mon Sep 17 00:00:00 2001 From: fellair Date: Thu, 3 Jul 2025 18:53:40 +0300 Subject: sys/linux: update userfaultfd descriptions Add 2 regular missing ioctl syscalls: - UFFDIO_MOVE - UFFDIO_POISON Add USERFAULTFD_IOC_NEW ioctl that allows to procure userfaultfds by way of accessing /dev/userfaultfd. No other descriptions are touched, neither are any config options. Tested on local x86_64 syzkaller instance with enabled_syscalls[] option turned on. --- sys/linux/uffd.txt | 24 ++++++++++++++++++++++++ sys/linux/uffd.txt.const | 8 ++++++++ 2 files changed, 32 insertions(+) (limited to 'sys/linux') diff --git a/sys/linux/uffd.txt b/sys/linux/uffd.txt index 811cf2e78..4bed72512 100644 --- a/sys/linux/uffd.txt +++ b/sys/linux/uffd.txt @@ -6,8 +6,10 @@ include include resource fd_uffd[fd] +resource fd_uffd_dev[fd] userfaultfd(flags flags[userfaultfd_flags]) fd_uffd +openat$userfaultfd(fd const[AT_FDCWD], file ptr[in, string["/dev/userfaultfd"]], flags flags[userfaultfd_flags], mode const[0]) fd_uffd_dev ioctl$UFFDIO_API(fd fd_uffd, cmd const[UFFDIO_API], arg ptr[in, uffdio_api]) ioctl$UFFDIO_REGISTER(fd fd_uffd, cmd const[UFFDIO_REGISTER], arg ptr[in, uffdio_register]) @@ -15,8 +17,12 @@ ioctl$UFFDIO_UNREGISTER(fd fd_uffd, cmd const[UFFDIO_UNREGISTER], arg ptr[in, uf ioctl$UFFDIO_WAKE(fd fd_uffd, cmd const[UFFDIO_WAKE], arg ptr[in, uffdio_range]) ioctl$UFFDIO_COPY(fd fd_uffd, cmd const[UFFDIO_COPY], arg ptr[in, uffdio_copy]) ioctl$UFFDIO_ZEROPAGE(fd fd_uffd, cmd const[UFFDIO_ZEROPAGE], arg ptr[in, uffdio_zeropage]) +ioctl$UFFDIO_MOVE(fd fd_uffd, cmd const[UFFDIO_MOVE], arg ptr[in, uffdio_move]) ioctl$UFFDIO_WRITEPROTECT(fd fd_uffd, cmd const[UFFDIO_WRITEPROTECT], arg ptr[in, uffdio_writeprotect]) ioctl$UFFDIO_CONTINUE(fd fd_uffd, cmd const[UFFDIO_CONTINUE], arg ptr[in, uffdio_continue]) +ioctl$UFFDIO_POISON(fd fd_uffd, cmd const[UFFDIO_POISON], arg ptr[in, uffdio_poison]) + +ioctl$USERFAULTFD_IOC_NEW(fd fd_uffd_dev, cmd const[USERFAULTFD_IOC_NEW]) fd_uffd userfaultfd_flags = O_NONBLOCK, O_CLOEXEC, UFFD_USER_MODE_ONLY uffdio_register_mode = UFFDIO_REGISTER_MODE_MISSING, UFFDIO_REGISTER_MODE_WP, UFFDIO_REGISTER_MODE_MINOR @@ -55,6 +61,16 @@ uffdio_zeropage { zeropg const[0, int64] } +uffdio_move { + dst vma64 + src vma64 + len len[dst, int64] + mode flags[uffdio_move_mode, int64] + move int64 (out) +} + +uffdio_move_mode = UFFDIO_MOVE_MODE_DONTWAKE, UFFDIO_MOVE_MODE_ALLOW_SRC_HOLES + uffdio_writeprotect { range uffdio_range mode flags[uffdio_writeprotect_mode, int64] @@ -69,3 +85,11 @@ uffdio_continue { } uffdio_continue_mode = UFFDIO_CONTINUE_MODE_DONTWAKE + +uffdio_poison { + range uffdio_range + mode flags[uffdio_poison_mode, int64] + updated int64 (out) +} + +uffdio_poison_mode = UFFDIO_POISON_MODE_DONTWAKE diff --git a/sys/linux/uffd.txt.const b/sys/linux/uffd.txt.const index bcab8f462..0e2c3dc34 100644 --- a/sys/linux/uffd.txt.const +++ b/sys/linux/uffd.txt.const @@ -1,5 +1,6 @@ # Code generated by syz-sysgen. DO NOT EDIT. arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x +AT_FDCWD = 18446744073709551516 O_CLOEXEC = 524288 O_NONBLOCK = 2048, mips64le:128 UFFDIO_API = 3222841919 @@ -8,6 +9,11 @@ UFFDIO_CONTINUE_MODE_DONTWAKE = 1 UFFDIO_COPY = 3223890435 UFFDIO_COPY_MODE_DONTWAKE = 1 UFFDIO_COPY_MODE_WP = 2 +UFFDIO_MOVE = 3223890437 +UFFDIO_MOVE_MODE_ALLOW_SRC_HOLES = 2 +UFFDIO_MOVE_MODE_DONTWAKE = 1 +UFFDIO_POISON = 3223366152 +UFFDIO_POISON_MODE_DONTWAKE = 1 UFFDIO_REGISTER = 3223366144 UFFDIO_REGISTER_MODE_MINOR = 4 UFFDIO_REGISTER_MODE_MISSING = 1 @@ -32,5 +38,7 @@ UFFD_FEATURE_PAGEFAULT_FLAG_WP = 1 UFFD_FEATURE_SIGBUS = 128 UFFD_FEATURE_THREAD_ID = 256 UFFD_USER_MODE_ONLY = 1 +USERFAULTFD_IOC_NEW = 43520, mips64le:ppc64le:536914432 __NR_ioctl = 54, amd64:16, arm64:riscv64:29, mips64le:5015 +__NR_openat = 56, 386:295, amd64:257, arm:322, mips64le:5247, ppc64le:286, s390x:288 __NR_userfaultfd = 282, 386:374, amd64:323, arm:388, mips64le:5317, ppc64le:364, s390x:355 -- cgit mrf-deployment