1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
# Copyright 2017 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
include <sys/types.h>
include <sys/fcntl.h>
include <sys/filio.h>
include <sys/ipc.h>
include <sys/mman.h>
include <sys/msg.h>
include <sys/sem.h>
include <sys/shm.h>
include <sys/stat.h>
resource ipc[int32]: 0, 0xffffffffffffffff
# TODO: describe ipc syscall
define SYS___semctl 510
resource ipc_msq[ipc]
msgget(key proc[2039379027, 4], flags flags[msgget_flags]) ipc_msq
msgget$private(key const[IPC_PRIVATE], flags flags[msgget_flags]) ipc_msq
msgsnd(msqid ipc_msq, msgp ptr[in, msgbuf], sz len[msgp], flags flags[msgsnd_flags])
msgrcv(msqid ipc_msq, msgp ptr[out, msgbuf], sz len[msgp], typ flags[msgbuf_type], flags flags[msgrcv_flags])
msgctl$IPC_STAT(msqid ipc_msq, cmd const[IPC_STAT], buf buffer[out])
msgctl$IPC_SET(msqid ipc_msq, cmd const[IPC_SET], buf ptr[in, msqid_ds])
msgctl$IPC_RMID(msqid ipc_msq, cmd const[IPC_RMID])
msgctl$IPC_INFO(msqid ipc_msq, cmd const[IPC_INFO], buf buffer[out])
resource ipc_sem[ipc]
semget(key proc[2039359027, 4], nsems flags[sem_sem_id], flags flags[semget_flags]) ipc_sem
semget$private(key const[IPC_PRIVATE], nsems flags[sem_sem_id], flags flags[semget_flags]) ipc_sem
semop(semid ipc_sem, ops ptr[in, array[sembuf]], nops len[ops])
# __semctl$GETVAL produces random errno values, so we use ignore_return attribute.
# Since we don't have strict const enforcement, we need to apply it to all variants.
# When/if we have stricter enforcement of arguments for syscall variants, we may remove some of the attributes.
__semctl$IPC_STAT(semid ipc_sem, semnum const[0], cmd const[IPC_STAT], arg ptr[in, ptr[out, semid_ds]]) (ignore_return)
__semctl$IPC_SET(semid ipc_sem, semnum const[0], cmd const[IPC_SET], arg ptr[in, ptr[in, semid_ds]]) (ignore_return)
__semctl$IPC_RMID(semid ipc_sem, semnum const[0], cmd const[IPC_RMID]) (ignore_return)
__semctl$SEM_STAT(semid ipc_sem, semnum flags[sem_sem_id], cmd const[SEM_STAT], arg ptr[in, ptr[out, semid_ds]]) (ignore_return)
__semctl$GETALL(semid ipc_sem, semnum const[0], cmd const[GETALL], arg ptr[in, array[int16]]) (ignore_return)
__semctl$GETNCNT(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETNCNT]) (ignore_return)
__semctl$GETZCNT(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETZCNT]) (ignore_return)
__semctl$GETPID(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETPID]) (ignore_return)
__semctl$GETVAL(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETVAL]) (ignore_return)
__semctl$SETALL(semid ipc_sem, semnum const[0], cmd const[SETALL], arg ptr[in, array[int16]]) (ignore_return)
__semctl$SETVAL(semid ipc_sem, semnum flags[sem_sem_id], cmd const[SETVAL], arg ptr[in, ptr[in, int32]]) (ignore_return)
resource ipc_shm[ipc]
resource shmaddr[intptr]: 0
# The unused arg is unused by syscall (does not exist at all),
# but it helps to generate sane size values.
shmget(key proc[2039339027, 4], size len[unused], flags flags[shmget_flags], unused vma) ipc_shm
shmget$private(key const[IPC_PRIVATE], size len[unused], flags flags[shmget_flags], unused vma) ipc_shm
shmat(shmid ipc_shm, addr vma, flags flags[shmat_flags]) shmaddr
shmctl$IPC_STAT(shmid ipc_shm, cmd const[IPC_STAT], buf buffer[out])
shmctl$IPC_SET(shmid ipc_shm, cmd const[IPC_SET], buf ptr[in, shmid_ds])
shmctl$IPC_RMID(shmid ipc_shm, cmd const[IPC_RMID])
shmctl$IPC_INFO(shmid ipc_shm, cmd const[IPC_INFO], buf buffer[out])
shmctl$SHM_INFO(shmid ipc_shm, cmd const[SHM_INFO], buf buffer[out])
shmctl$SHM_STAT(shmid ipc_shm, cmd const[SHM_STAT], buf buffer[out])
shmctl$SHM_LOCK(shmid ipc_shm, cmd const[SHM_LOCK])
shmctl$SHM_UNLOCK(shmid ipc_shm, cmd const[SHM_UNLOCK])
shmdt(addr shmaddr)
resource shmfd[fd]
freebsd12_shm_open(path ptr[in, filename], flags flags[shm_open_flags], mode flags[open_mode]) shmfd
shm_open2(path ptr[in, filename], flags flags[shm_open_flags], mode flags[open_mode], shmflags flags[shm_open2_flags], name ptr[in, string]) shmfd
shm_rename(from ptr[in, filename], to ptr[in, filename], flags flags[shm_rename_flags])
shm_unlink(path ptr[in, filename])
ioctl$FIOSSHMLPGCNF(fd shmfd, cmd const[FIOSSHMLPGCNF], arg ptr[in, shmlgpgconf])
ioctl$FIOGSHMLPGCNF(fd shmfd, cmd const[FIOGSHMLPGCNF], arg ptr[out, shmlgpgconf])
shmlgpgconf {
psind int32
alloc int32
pad array[const[0, int32], 10]
}
msgget_flags = IPC_CREAT, IPC_EXCL, open_mode
msgbuf_type = 0, 1, 2, 3
msgsnd_flags = IPC_NOWAIT
msgrcv_flags = IPC_NOWAIT, MSG_NOERROR
semget_flags = IPC_CREAT, IPC_EXCL, open_mode
semop_flags = IPC_NOWAIT, SEM_UNDO
sem_sem_id = 0, 1, 2, 3, 4
shmget_flags = IPC_CREAT, IPC_EXCL, open_mode
shmat_flags = SHM_RND, SHM_RDONLY
shm_open_flags = O_RDONLY, O_RDWR, O_CREAT, O_EXCL, O_TRUNC
shm_open2_flags = SHM_ALLOW_SEALING, SHM_GROW_ON_WRITE, SHM_LARGEPAGE
shm_rename_flags = SHM_RENAME_EXCHANGE, SHM_RENAME_NOREPLACE
ipc_perm {
cuid uid
cgid gid
uid uid
gid gid
mode flags[open_mode, int16]
seq int16
pad0 const[0, int32]
key intptr
}
msqid_ds {
perm ipc_perm
stime intptr
rtime intptr
ctime intptr
cbytes intptr
qnum intptr
qbytes intptr
lspid pid
lrpid pid
pad0 const[0, intptr]
pad1 const[0, intptr]
}
shmid_ds {
perm ipc_perm
segsz int32
atime intptr
dtime intptr
ctime intptr
cpid pid
lpid pid
nattch int16
unused0 const[0, int16]
unused1 const[0, intptr]
unused2 const[0, intptr]
}
semid_ds {
perm ipc_perm
base intptr
nsems int16
pad0 const[0, int16]
pad1 const[0, int32]
otime int64
ctime int64
}
sembuf {
num flags[sem_sem_id, int16]
op int16
flg flags[semop_flags, int16]
}
msgbuf {
typ flags[msgbuf_type, intptr]
data array[int8]
} [packed]
|
