# Copyright 2017 syzkaller project authors. All rights reserved. # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. include include include include include include include resource ipc[int32]: 0, -1 type ipc_key_t proc[2039359027, 4, int32] # TODO: describe ipc syscall resource ipc_msq[ipc] msgget(key ipc_key_t, flags flags[msgget_flags]) ipc_msq msgget$private(key const[IPC_PRIVATE], flags flags[msgget_flags]) ipc_msq msgsnd(msqid ipc_msq, msgp ptr[in, msgbuf], sz len[msgp], flags flags[msgsnd_flags]) msgrcv(msqid ipc_msq, msgp ptr[out, msgbuf], sz len[msgp], typ flags[msgbuf_type], flags flags[msgrcv_flags]) msgctl$IPC_STAT(msqid ipc_msq, cmd const[IPC_STAT], buf buffer[out]) msgctl$IPC_SET(msqid ipc_msq, cmd const[IPC_SET], buf ptr[in, msqid_ds]) msgctl$IPC_RMID(msqid ipc_msq, cmd const[IPC_RMID]) msgctl$IPC_INFO(msqid ipc_msq, cmd const[IPC_INFO], buf buffer[out]) msgctl$MSG_INFO(msqid ipc_msq, cmd const[MSG_INFO], buf buffer[out]) msgctl$MSG_STAT(msqid ipc_msq, cmd const[MSG_STAT], buf buffer[out]) msgctl$MSG_STAT_ANY(msqid ipc_msq, cmd const[MSG_STAT_ANY], buf buffer[out]) resource ipc_sem[ipc] semget(key ipc_key_t, nsems flags[sem_sem_id], flags flags[semget_flags]) ipc_sem semget$private(key const[IPC_PRIVATE], nsems flags[sem_sem_id], flags flags[semget_flags]) ipc_sem semop(semid ipc_sem, ops ptr[in, array[sembuf]], nops len[ops]) semtimedop(semid ipc_sem, ops ptr[in, array[sembuf]], nops len[ops], timeout ptr[in, timespec]) # semctl$GETVAL produces random errno values, so we use ignore_return attribute. # Since we don't have strict const enforcement, we need to apply it to all variants. # When/if we have stricter enforcement of arguments for syscall variants, we may remove some of the attributes. semctl$IPC_STAT(semid ipc_sem, semnum const[0], cmd const[IPC_STAT], arg buffer[out]) (ignore_return) semctl$IPC_SET(semid ipc_sem, semnum const[0], cmd const[IPC_SET], arg ptr[in, semid_ds]) (ignore_return) semctl$IPC_RMID(semid ipc_sem, semnum const[0], cmd const[IPC_RMID]) (ignore_return) semctl$IPC_INFO(semid ipc_sem, semnum flags[sem_sem_id], cmd const[IPC_INFO], buf buffer[out]) (ignore_return) semctl$SEM_INFO(semid ipc_sem, semnum flags[sem_sem_id], cmd const[SEM_INFO], arg buffer[out]) (ignore_return) semctl$SEM_STAT(semid ipc_sem, semnum flags[sem_sem_id], cmd const[SEM_STAT], arg buffer[out]) (ignore_return) semctl$SEM_STAT_ANY(semid ipc_sem, semnum flags[sem_sem_id], cmd const[SEM_STAT_ANY], arg buffer[out]) (ignore_return) semctl$GETALL(semid ipc_sem, semnum const[0], cmd const[GETALL], arg buffer[out]) (ignore_return) semctl$GETNCNT(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETNCNT], arg buffer[out]) (ignore_return) semctl$GETPID(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETPID], arg buffer[out]) (ignore_return) semctl$GETVAL(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETVAL], arg buffer[out]) (ignore_return) semctl$GETZCNT(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETZCNT], arg buffer[out]) (ignore_return) semctl$SETALL(semid ipc_sem, semnum const[0], cmd const[SETALL], arg ptr[in, array[int16]]) (ignore_return) semctl$SETVAL(semid ipc_sem, semnum flags[sem_sem_id], cmd const[SETVAL], arg ptr[in, int32]) (ignore_return) resource ipc_shm[ipc] resource shmaddr[intptr]: 0 # The unused arg is unused by syscall (does not exist at all), # but it helps to generate sane size values. shmget(key proc[2039339027, 4], size len[unused], flags flags[shmget_flags], unused vma) ipc_shm shmget$private(key const[IPC_PRIVATE], size len[unused], flags flags[shmget_flags], unused vma) ipc_shm shmat(shmid ipc_shm, addr vma, flags flags[shmat_flags]) shmaddr shmctl$IPC_STAT(shmid ipc_shm, cmd const[IPC_STAT], buf buffer[out]) shmctl$IPC_SET(shmid ipc_shm, cmd const[IPC_SET], buf ptr[in, shmid_ds]) shmctl$IPC_RMID(shmid ipc_shm, cmd const[IPC_RMID]) shmctl$IPC_INFO(shmid ipc_shm, cmd const[IPC_INFO], buf buffer[out]) shmctl$SHM_INFO(shmid ipc_shm, cmd const[SHM_INFO], buf buffer[out]) shmctl$SHM_STAT(shmid ipc_shm, cmd const[SHM_STAT], buf buffer[out]) shmctl$SHM_STAT_ANY(shmid ipc_shm, cmd const[SHM_STAT_ANY], buf buffer[out]) shmctl$SHM_LOCK(shmid ipc_shm, cmd const[SHM_LOCK]) shmctl$SHM_UNLOCK(shmid ipc_shm, cmd const[SHM_UNLOCK]) shmdt(addr shmaddr) msgget_flags = IPC_CREAT, IPC_EXCL, open_mode msgbuf_type = 0, 1, 2, 3 msgsnd_flags = IPC_NOWAIT msgrcv_flags = IPC_NOWAIT, MSG_EXCEPT, MSG_NOERROR semget_flags = IPC_CREAT, IPC_EXCL, open_mode semop_flags = IPC_NOWAIT, SEM_UNDO sem_sem_id = 0, 1, 2, 3, 4 shmget_flags = IPC_CREAT, IPC_EXCL, SHM_HUGETLB, SHM_HUGE_2MB, SHM_HUGE_1GB, SHM_NORESERVE, open_mode shmat_flags = SHM_RND, SHM_RDONLY, SHM_REMAP ipc_perm { # NEED: all these uid, gid, pid, mode seem to be 2 bytes on 386 (what about arm?) key ipc_key_t uid uid gid gid cuid uid cgid gid mode flags[open_mode, int32] seq int16 } msqid_ds { msg_perm ipc_perm msg_first const[0, intptr] msg_last const[0, intptr] msg_stime intptr msg_rtime intptr msg_ctime intptr msg_lcbytes intptr msg_lqbytes intptr msg_cbytes int16 msg_qnum int16 msg_qbytes int16 msg_lspid pid msg_lrpid pid } shmid_ds { shm_perm ipc_perm shm_segsz int32 shm_atime intptr shm_dtime intptr shm_ctime intptr shm_cpid pid shm_lpid pid shm_nattch int16 shm_unused const[0, int16] shm_unused2 const[0, intptr] shm_unused3 const[0, intptr] } semid_ds { sem_perm ipc_perm sem_otime intptr sem_ctime intptr sem_base const[0, intptr] sem_pending const[0, intptr] sem_pending_last const[0, intptr] undo const[0, intptr] sem_nsems int16 } sembuf { num flags[sem_sem_id, int16] op int16 flg flags[semop_flags, int16] } msgbuf { typ flags[msgbuf_type, intptr] data array[int8] } [packed]