1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# Copyright 2019 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# NOTE: This is an incomplete description for the VFIO system calls because no groups were added in the container. The desired coverage was not reached.
# https://www.kernel.org/doc/Documentation/vfio.txt
# https://elixir.bootlin.com/linux/latest/source/drivers/vfio/vfio.c
# https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/vfio.h
# https://elixir.bootlin.com/linux/latest/source/drivers/vfio/vfio_iommu_type1.c
include <uapi/linux/fcntl.h>
include <uapi/linux/vfio.h>
resource fd_vfio[fd]
openat$vfio(fd const[AT_FDCWD], file ptr[in, string["/dev/vfio/vfio"]], flags flags[open_flags], mode const[0]) fd_vfio
ioctl$VFIO_GET_API_VERSION(fd fd_vfio, cmd const[VFIO_GET_API_VERSION])
ioctl$VFIO_CHECK_EXTENSION(fd fd_vfio, cmd const[VFIO_CHECK_EXTENSION], arg flags[iommu_flags])
ioctl$VFIO_SET_IOMMU(fd fd_vfio, cmd const[VFIO_SET_IOMMU], arg flags[iommu_flags])
ioctl$VFIO_IOMMU_GET_INFO(fd fd_vfio, cmd const[VFIO_IOMMU_GET_INFO], arg ptr[in, vfio_iommu_type1_info])
ioctl$VFIO_IOMMU_MAP_DMA(fd fd_vfio, cmd const[VFIO_IOMMU_MAP_DMA], arg ptr[in, vfio_iommu_type1_dma_map])
ioctl$VFIO_IOMMU_UNMAP_DMA(fd fd_vfio, cmd const[VFIO_IOMMU_UNMAP_DMA], arg ptr[in, vfio_iommu_type1_dma_unmap])
vfio_iommu_type1_info {
argsz len[parent, int32]
flags const[0, int32]
iova_pgsizes int64 (out)
cap_offset int32 (out)
# iommufd constructs the cap chain like this, vfio will work as well but the things will be jumbled a bit
cap1 vfio_iommu_type1_info_dma_avail (out)
cap2 vfio_iommu_type1_info_cap_iova_range (out)
}
vfio_iommu_type1_dma_map {
argsz len[parent, int32]
flags flags[vfio_map_flags, int32]
user_va ptr64[in, array[int8]]
iova int64
size int64
}
vfio_iommu_type1_dma_unmap {
argsz len[parent, int32]
flags flags[vfio_unmap_flags, int32]
iova int64
size int64
data array[int8]
}
vfio_info_cap_header {
id int16
version int16
next int16
}
vfio_iova_range {
start int64
end int64
}
vfio_iommu_type1_info_cap_iova_range {
header vfio_info_cap_header
nr_iovs int32
reserved int32
iova_ranges array[vfio_iova_range]
}
vfio_iommu_type1_info_dma_avail {
header vfio_info_cap_header
avail int32
}
iommu_flags = VFIO_TYPE1_IOMMU, VFIO_SPAPR_TCE_IOMMU, VFIO_TYPE1v2_IOMMU, VFIO_DMA_CC_IOMMU, VFIO_EEH, VFIO_SPAPR_TCE_v2_IOMMU, VFIO_NOIOMMU_IOMMU
vfio_map_flags = VFIO_DMA_MAP_FLAG_READ, VFIO_DMA_MAP_FLAG_WRITE
vfio_unmap_flags = VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP, VFIO_DMA_UNMAP_FLAG_ALL, VFIO_DMA_UNMAP_FLAG_VADDR
|
