1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
# Copyright 2019 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
include <sys/param.h>
include <sys/ioctl.h>
include <sys/fcntl.h>
include <machine/param.h>
include <machine/vmmvar.h>
include <dev/vmm/vmm.h>
resource fd_vmm[fd]
openat$vmm(fd const[AT_FDCWD], file ptr[in, string["/dev/vmm"]], flags flags[open_flags], mode const[0]) fd_vmm
ioctl$VMM_IOC_CREATE(fd fd_vmm, cmd const[VMM_IOC_CREATE], arg ptr[in, vm_create_params])
ioctl$VMM_IOC_INFO(fd fd_vmm, cmd const[VMM_IOC_INFO], arg ptr[out, vm_info_params])
ioctl$VMM_IOC_INTR(fd fd_vmm, cmd const[VMM_IOC_INTR], arg ptr[in, vm_intr_params])
ioctl$VMM_IOC_READREGS(fd fd_vmm, cmd const[VMM_IOC_READREGS], arg ptr[out, vm_rwregs_params])
ioctl$VMM_IOC_RESETCPU(fd fd_vmm, cmd const[VMM_IOC_RESETCPU], arg ptr[in, vm_resetcpu_params])
ioctl$VMM_IOC_RUN(fd fd_vmm, cmd const[VMM_IOC_RUN], arg ptr[in, vm_run_params])
ioctl$VMM_IOC_TERM(fd fd_vmm, cmd const[VMM_IOC_TERM], arg ptr[in, vm_terminate_params])
ioctl$VMM_IOC_WRITEREGS(fd fd_vmm, cmd const[VMM_IOC_WRITEREGS], arg ptr[in, vm_rwregs_params])
vcpu_reg_state {
vrs_gprs array[int64, VCPU_REGS_NGPRS]
vrs_crs array[int64, VCPU_REGS_NCRS]
vrs_msrs array[int64, VCPU_REGS_NMSRS]
vrs_drs array[int64, VCPU_REGS_NDRS]
vrs_sregs array[vcpu_segment_info, VCPU_REGS_NSREGS]
vrs_gdtr vcpu_segment_info
vrs_idtr vcpu_segment_info
}
vcpu_segment_info {
vsi_sel int16
vsi_limit int32
vsi_ar int32
vsi_base int64
}
vm_create_params {
vcp_nmemranges len[vcp_memranges, int64]
vcp_ncpus int64
vcp_memranges array[vm_mem_range, VMM_MAX_MEM_RANGES]
vcp_name string[filename, VMM_MAX_NAME_LEN]
# NEED: actual out parameter, syz_vmm_create(arg ptr[in, vm_create_params]) vmid
vcp_id int32
}
vm_exit {
vei vm_exit_inout
vrs vcpu_reg_state
}
vm_exit_inout {
vei_size int8
vei_dir int8
vei_rep int8
vei_string int8
vei_encoding int8
vei_port int16
vei_data int32
}
vm_info_params {
vip_size len[vip_info, int64]
vip_info_ct int64
vip_info buffer[out]
}
vm_intr_params {
# NEED: vmid
vip_vm_id int32
vip_vcpu_id int32
vip_intr int16
}
vm_mem_range {
vmr_gpa vma64
vmr_va vma64
vmr_size int64
}
vm_resetcpu_params {
# NEED: vmid
vrp_vm_id int32
vrp_vcpu_id int32
vrp_init_state vcpu_reg_state
}
vm_run_params {
# NEED: vmid
vrp_vm_id int32
vrp_vcpu_id int32
vrp_continue int8
vrp_irq int16
vrp_exit ptr[inout, vm_exit]
vrp_exit_reason int16
vrp_irqready int8
}
vm_rwregs_params {
# NEED: vmid
vrwp_vm_id int32
vrwp_vcpu_id int32
vrwp_mask int64
vrwp_regs vcpu_reg_state
}
vm_terminate_params {
# NEED: vmid
vtp_vm_id int32
}
|
