1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
# Copyright 2017 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
include <zircon/syscalls.h>
include <zircon/syscalls/object.h>
include <zircon/syscalls/exception.h>
resource koid[int64]: 0
# TODO: temporary disabled as it crashes kernel left and right.
# zx_object_get_child(handle zx_handle, koid koid, rights flags[zx_rights], out ptr[out, zx_handle])
zx_object_get_cookie(handle zx_handle, scope zx_handle, cookie ptr[out, int64])
zx_object_set_cookie(handle zx_handle, scope zx_handle, cookie int64)
zx_object_get_info$ZX_INFO_HANDLE_VALID(handle zx_handle, topic const[ZX_INFO_HANDLE_VALID], buffer const[0], buffer_size const[0], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_HANDLE_BASIC(handle zx_handle, topic const[ZX_INFO_HANDLE_BASIC], buffer ptr[out, zx_info_handle_basic], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_PROCESS(handle zx_process, topic const[ZX_INFO_PROCESS], buffer ptr[out, zx_info_process], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_PROCESS_THREADS(handle zx_process, topic const[ZX_INFO_PROCESS_THREADS], buffer ptr[out, array[koid]], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_VMAR(handle zx_vmar, topic const[ZX_INFO_VMAR], buffer ptr[out, zx_info_vmar], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_JOB_CHILDREN(handle zx_job, topic const[ZX_INFO_JOB_CHILDREN], buffer ptr[out, array[koid]], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_JOB_PROCESSES(handle zx_job, topic const[ZX_INFO_JOB_PROCESSES], buffer ptr[out, zx_info_thread], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_THREAD_EXCEPTION_REPORT(handle zx_thread, topic const[ZX_INFO_THREAD_EXCEPTION_REPORT], buffer ptr[out, zx_exception_report], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_TASK_STATS(handle zx_process, topic const[ZX_INFO_TASK_STATS], buffer ptr[out, zx_info_task_stats], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_PROCESS_MAPS(handle zx_process, topic const[ZX_INFO_PROCESS_MAPS], buffer ptr[out, array[zx_info_maps]], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_PROCESS_VMOS(handle zx_process, topic const[ZX_INFO_PROCESS_VMOS], buffer ptr[out, array[zx_info_vmo]], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
zx_object_get_info$ZX_INFO_THREAD_STATS(handle zx_thread, topic const[ZX_INFO_THREAD_STATS], buffer ptr[out, zx_info_thread_stats], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
# TODO: what is handle type here?
zx_object_get_info$ZX_INFO_CPU_STATS(handle zx_handle, topic const[ZX_INFO_CPU_STATS], buffer ptr[out, array[zx_info_cpu_stats]], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
# TODO: handle is "root resource", where does one get one?
zx_object_get_info$ZX_INFO_KMEM_STATS(handle zx_handle, topic const[ZX_INFO_KMEM_STATS], buffer ptr[out, zx_info_kmem_stats], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
# TODO: what is handle type here?
zx_object_get_info$ZX_INFO_RESOURCE(handle zx_handle, topic const[ZX_INFO_RESOURCE], buffer ptr[out, zx_info_resource], buffer_size bytesize[buffer], actual ptr[out, intptr], avail ptr[out, intptr])
# TODO: detail properties
zx_object_get_property(handle zx_handle, property int32, value ptr[out, array[int8]], size len[value])
zx_object_set_property(handle zx_handle, property int32, value ptr[in, array[int8]], size len[value])
zx_object_signal(handle zx_handle, clear_mask int32, set_mask int32)
zx_object_signal_peer(handle zx_handle, clear_mask int32, set_mask int32)
zx_object_wait_one(handle zx_handle, signals int32, deadline zx_time, observed ptr[out, int32])
zx_object_wait_async(handle zx_handle, port zx_port, key proc[1000, 4], signals int32, options flags[wait_async_options])
zx_object_wait_many(items ptr[in, array[zx_wait_item]], count len[items], deadline zx_time)
wait_async_options = ZX_WAIT_ASYNC_ONCE, ZX_WAIT_ASYNC_REPEATING
zx_info_handle_basic {
koid koid
rights int32
type int32
related_koid koid
props int32
}
zx_info_process {
return_code int32
started int8
exited int8
debugger_attached int8
}
zx_info_vmar {
base intptr
len intptr
}
zx_info_thread {
state int32
wait_exception_port_type int32
}
zx_info_thread_stats {
total_runtime int64
}
zx_info_task_stats {
mem_mapped_bytes intptr
mem_private_bytes intptr
mem_shared_bytes intptr
mem_scaled_shared_bytes intptr
}
zx_info_maps {
name array[int8, ZX_MAX_NAME_LEN]
base intptr
size intptr
depth intptr
type int32
mapping zx_info_maps_mapping
}
zx_info_maps_mapping {
mmu_flags int32
vmo_koid koid
committed_pages intptr
}
zx_info_vmo {
koid koid
name array[int8, ZX_MAX_NAME_LEN]
size_bytes int64
parent_koid koid
num_children intptr
num_mappings intptr
share_count intptr
flags int32
committed_bytes int64
handle_rights int32
}
zx_info_cpu_stats {
cpu_number int32
flags int32
idle_time int64
reschedules int64
context_switches int64
irq_preempts int64
preempts int64
yields int64
ints int64
timer_ints int64
timers int64
page_faults int64
exceptions int64
syscalls int64
reschedule_ipis int64
generic_ipis int64
}
zx_info_kmem_stats {
total_bytes int64
free_bytes int64
wired_bytes int64
total_heap_bytes int64
free_heap_bytes int64
vmo_bytes int64
mmu_overhead_bytes int64
other_bytes int64
}
zx_info_resource {
kind int32
low int64
high int64
}
zx_exception_report {
header zx_exception_header
context zx_exception_context
}
zx_exception_header {
size int32
type int32
}
zx_exception_context [
x86_64 x86_64_exc_data
arm_64 arm64_exc_data
]
x86_64_exc_data {
vector int64
err_code int64
cr2 int64
}
arm64_exc_data {
esr int32
far int64
}
zx_wait_item {
handle zx_handle
waitfor int32
pending int32
}
|
