1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
# Copyright 2020 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Findings on qrtr rpmsg and mhi interface (with drivers implemented in 'smd.c' and 'mhi.c' under '$KERNEL_SRC/net/qrtr/')
# The investigation is done using Linux 5.8-rc1 with following configs set:
# - CONFIG_QRTR, CONFIG_QRTR_SMD, CONFIG_QRTR_TUN, CONFIG_QRTR_MHI, CONFIG_RPMSG,
# CONFIG_RPMSG_CHAR, CONFIG_RPMSG_QCOM_GLINK_NATIVE, CONFIG_RPMSG_QCOM_GLINK_RPM,
# CONFIG_RPMSG_VIRTIO
# No additional device file was found in running kernel under '/dev/', and no device
# was found under '/sys/bus/rpmsg/devices/'.
# All examples found involve additional hardware assumptions.
# The conclusion is that the testing of those subsystems relies on some hardware,
# hence, not tested at this time.
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
include <linux/socket.h>
include <linux/net.h>
include <linux/termios.h>
include <linux/qrtr.h>
# QIPCRTR sockets
resource sock_qrtr[sock]
# 1 stands for qrtr_local_nid, -1 stands for QRTR_EP_NID_AUTO
qrtr_nodes = QRTR_NODE_BCAST, -1, 0, 1, 2, 3, 4
# 0x4000 and 0x7fff stands for QRTR_MIN_EPH_SOCKET and QRTR_MAX_EPH_SOCKET, respectively
qrtr_ports = QRTR_PORT_CTRL, 0x3fff, 0x4000, 0x4001, 0x7ffe, 0x7fff, 0x8000, 0, 1, 2
sockaddr_qrtr {
sq_family const[AF_QIPCRTR, int16]
sq_node flags[qrtr_nodes, int32]
sq_port flags[qrtr_ports, int32]
}
socket$qrtr(domain const[AF_QIPCRTR], type const[SOCK_DGRAM], proto const[0]) sock_qrtr
bind$qrtr(fd sock_qrtr, addr ptr[in, sockaddr_qrtr], addrlen len[addr])
connect$qrtr(fd sock_qrtr, addr ptr[in, sockaddr_qrtr], addrlen len[addr])
getsockname$qrtr(fd sock_qrtr, addr ptr[out, sockaddr_qrtr], addrlen ptr[inout, len[addr, int32]])
getpeername$qrtr(fd sock_qrtr, peer ptr[out, sockaddr_qrtr], peerlen ptr[inout, len[peer, int32]])
# ioctls
ioctl$sock_qrtr_TIOCOUTQ(fd sock_qrtr, cmd const[TIOCOUTQ], arg ptr[out, int64])
ioctl$sock_qrtr_TIOCINQ(fd sock_qrtr, cmd const[TIOCINQ], arg ptr[out, int64])
ioctl$sock_qrtr_SIOCGIFADDR(fd sock_qrtr, cmd const[SIOCGIFADDR], arg ptr[out, ifreq_t[sockaddr_qrtr]])
# sendmsg, recvmsg, [send|recv]_msghdr
sendmsg$qrtr(fd sock_qrtr, msg ptr[in, send_msghdr_qrtr], msglen len[msg])
recvmsg$qrtr(fd sock_qrtr, msg ptr[inout, recv_msghdr_qrtr], msglen len[msg], f flags[recv_flags])
send_msghdr_qrtr {
addr ptr[in, sockaddr_qrtr, opt]
addrlen len[addr, int32]
vec ptr[in, array[iovec_in]]
vlen len[vec, intptr]
ctrl ptr[in, array[cmsghdr], opt]
ctrllen bytesize[ctrl, intptr]
f flags[send_flags, int32]
}
recv_msghdr_qrtr {
addr ptr[out, sockaddr_qrtr, opt]
addrlen len[addr, int32]
vec ptr[in, array[iovec_out]]
vlen len[vec, intptr]
ctrl ptr[out, array[cmsghdr], opt]
ctrllen bytesize[ctrl, intptr]
f flags[recv_flags, int32]
}
|
