1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
# Copyright 2020 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
include <uapi/linux/fcntl.h>
include <linux/ioctl.h>
include <linux/vmw_vmci_defs.h>
include <drivers/misc/vmw_vmci/vmci_context.h>
resource fd_vmci[fd]
openat$vmci(fd const[AT_FDCWD], file ptr[in, string["/dev/vmci"]], flags const[O_RDWR], mode const[0]) fd_vmci
ioctl$IOCTL_VMCI_INIT_CONTEXT(fd fd_vmci, cmd const[IOCTL_VMCI_INIT_CONTEXT], arg ptr[in, vmci_init_blk])
ioctl$IOCTL_VMCI_DATAGRAM_SEND(fd fd_vmci, cmd const[IOCTL_VMCI_DATAGRAM_SEND], arg ptr[in, vmci_datagram_snd_rcv_info])
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(fd fd_vmci, cmd const[IOCTL_VMCI_DATAGRAM_RECEIVE], arg ptr[in, vmci_datagram_snd_rcv_info])
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(fd fd_vmci, cmd const[IOCTL_VMCI_QUEUEPAIR_ALLOC], arg ptr[in, vmci_qp_alloc_info])
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(fd fd_vmci, cmd const[IOCTL_VMCI_QUEUEPAIR_SETVA], arg ptr[in, vmci_qp_set_va_info])
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(fd fd_vmci, cmd const[IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE], arg ptr[in, vmci_qp_page_file_info])
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(fd fd_vmci, cmd const[IOCTL_VMCI_QUEUEPAIR_DETACH], arg ptr[in, vmci_qp_dtch_info])
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(fd fd_vmci, cmd const[IOCTL_VMCI_CTX_ADD_NOTIFICATION], arg ptr[in, vmci_ctx_info])
ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(fd fd_vmci, cmd const[IOCTL_VMCI_CTX_REMOVE_NOTIFICATION], arg ptr[in, vmci_ctx_info])
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(fd fd_vmci, cmd const[IOCTL_VMCI_CTX_GET_CPT_STATE], arg ptr[in, vmci_ctx_chkpt_buf_info])
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(fd fd_vmci, cmd const[IOCTL_VMCI_CTX_SET_CPT_STATE], arg ptr[in, vmci_ctx_chkpt_buf_info])
ioctl$IOCTL_VMCI_GET_CONTEXT_ID(fd fd_vmci, cmd const[IOCTL_VMCI_GET_CONTEXT_ID], arg ptr[out, int32])
ioctl$IOCTL_VMCI_SET_NOTIFY(fd fd_vmci, cmd const[IOCTL_VMCI_SET_NOTIFY], arg ptr[in, vmci_set_notify_info])
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(fd fd_vmci, cmd const[IOCTL_VMCI_NOTIFY_RESOURCE], arg ptr[in, vmci_dbell_notify_resource_info])
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(fd fd_vmci, cmd const[IOCTL_VMCI_NOTIFICATIONS_RECEIVE], arg ptr[in, vmci_ctx_notify_recv_info])
ioctl$IOCTL_VMCI_VERSION(fd fd_vmci, cmd const[IOCTL_VMCI_VERSION], arg ptr[in, flags[vmci_version, int32]])
ioctl$IOCTL_VMCI_VERSION2(fd fd_vmci, cmd const[IOCTL_VMCI_VERSION2], arg ptr[in, flags[vmci_version, int32]])
vmci_init_blk {
cid vmaddr_cid
flags flags[vmci_privilege, int32]
}
vmci_handle {
context vmaddr_cid
rsc int32
}
vmci_datagram {
dst vmci_handle
src vmci_handle
payload_size len[payload, int64]
payload array[int8, 1024]
}
vmci_datagram_snd_rcv_info {
addr ptr64[in, vmci_datagram]
len len[addr, int32]
result int32
}
vmci_qp_alloc_info {
handle vmci_handle
peer vmaddr_cid
flags flags[vmci_qp, int32]
produce_size int64
consume_size int64
ppn_va int64
num_ppns int64
result int32
version int32
}
vmci_qp_set_va_info {
handle vmci_handle
va int64
num_ppns int64
version int32
result int32
}
vmci_qp_page_file_info {
handle vmci_handle
produce_page_file int64
consume_page_file int64
produce_page_file_size int64
consume_page_file_size int64
result int32
version int32
produce_va int64
consume_va int64
}
vmci_qp_dtch_info {
handle vmci_handle
result int32
_pad int32
}
vmci_ctx_info {
remote_cid vmaddr_cid
result int32
}
vmci_ctx_chkpt_buf_info {
cpt_buf ptr64[in, array[int32, 1024]]
cpt_type flags[vmci_cpt_state, int32]
buf_size len[cpt_buf, int32]
result int32
_pad const[0, int32]
}
vmci_set_notify_info {
notify_uva int64
result int32
_pad int32
}
vmci_dbell_notify_resource_info {
handle vmci_handle
rsc flags[vmci_notify_resource, int16]
action flags[vmci_notify_action, int16]
result int32
}
vmci_ctx_notify_recv_info {
db_handle_buf_uva int64
db_handle_buf_size int64
qp_handle_buf_uva int64
qp_handle_buf_size int64
result int32
_pad int32
}
vmci_privilege = VMCI_NO_PRIVILEGE_FLAGS, VMCI_PRIVILEGE_FLAG_RESTRICTED, VMCI_PRIVILEGE_FLAG_TRUSTED
vmci_qp = VMCI_QPFLAG_ATTACH_ONLY, VMCI_QPFLAG_LOCAL, VMCI_QPFLAG_NONBLOCK, VMCI_QPFLAG_PINNED
vmci_version = VMCI_VERSION_NOVMVM, VMCI_VERSION_NOTIFY, VMCI_VERSION_HOSTQP, VMCI_VERSION_PREHOSTQP, VMCI_VERSION_PREVERS2
vmci_cpt_state = VMCI_NOTIFICATION_CPT_STATE, VMCI_WELLKNOWN_CPT_STATE, VMCI_DG_OUT_STATE, VMCI_DG_IN_STATE, VMCI_DG_IN_SIZE_STATE, VMCI_DOORBELL_CPT_STATE
vmci_notify_resource = VMCI_NOTIFY_RESOURCE_QUEUE_PAIR, VMCI_NOTIFY_RESOURCE_DOOR_BELL
vmci_notify_action = VMCI_NOTIFY_RESOURCE_ACTION_NOTIFY, VMCI_NOTIFY_RESOURCE_ACTION_CREATE, VMCI_NOTIFY_RESOURCE_ACTION_DESTROY
# These are defined in kernel source files.
define VMCI_NOTIFICATION_CPT_STATE 1
define VMCI_WELLKNOWN_CPT_STATE 2
define VMCI_DG_OUT_STATE 3
define VMCI_DG_IN_STATE 4
define VMCI_DG_IN_SIZE_STATE 5
define VMCI_DOORBELL_CPT_STATE 6
define VMCI_NOTIFY_RESOURCE_ACTION_NOTIFY 0
define VMCI_NOTIFY_RESOURCE_ACTION_CREATE 1
define VMCI_NOTIFY_RESOURCE_ACTION_DESTROY 2
define VMCI_NOTIFY_RESOURCE_QUEUE_PAIR 0
define VMCI_NOTIFY_RESOURCE_DOOR_BELL 1
|
