• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2018 syzkaller project authors. All rights reserved.
2# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
3
4include <linux/types.h>
5include <uapi/linux/fs.h>
6include <scsi/sg.h>
7include <scsi/scsi.h>
8include <scsi/scsi_ioctl.h>
9include <uapi/linux/blktrace_api.h>
10
11resource fd_sg[fd_block_trace]
12
13syz_open_dev$sg(dev ptr[in, string["/dev/sg#"]], id intptr, flags flags[open_flags]) fd_sg
14
15ioctl$SG_IO(fd fd_sg, cmd const[SG_IO], arg ptr[in, sg_io_hdr])
16ioctl$SG_SET_TIMEOUT(fd fd_sg, cmd const[SG_SET_TIMEOUT], arg ptr[in, int32])
17ioctl$SG_GET_TIMEOUT(fd fd_sg, cmd const[SG_GET_TIMEOUT], arg const[0])
18ioctl$SG_GET_LOW_DMA(fd fd_sg, cmd const[SG_GET_LOW_DMA], arg ptr[out, int32])
19ioctl$SG_GET_SCSI_ID(fd fd_sg, cmd const[SG_GET_SCSI_ID], arg ptr[out, array[int8, SG_SCSI_ID_T_SIZE]])
20ioctl$SG_SET_FORCE_PACK_ID(fd fd_sg, cmd const[SG_SET_FORCE_PACK_ID], arg ptr[in, bool32])
21ioctl$SG_GET_PACK_ID(fd fd_sg, cmd const[SG_GET_PACK_ID], arg ptr[out, int32])
22ioctl$SG_GET_NUM_WAITING(fd fd_sg, cmd const[SG_GET_NUM_WAITING], arg ptr[out, int32])
23ioctl$SG_GET_SG_TABLESIZE(fd fd_sg, cmd const[SG_GET_SG_TABLESIZE], arg ptr[out, int32])
24ioctl$SG_SET_RESERVED_SIZE(fd fd_sg, cmd const[SG_SET_RESERVED_SIZE], arg ptr[in, int32])
25ioctl$SG_GET_RESERVED_SIZE(fd fd_sg, cmd const[SG_GET_RESERVED_SIZE], arg ptr[out, int32])
26ioctl$SG_GET_COMMAND_Q(fd fd_sg, cmd const[SG_GET_COMMAND_Q], arg ptr[out, int32])
27ioctl$SG_GET_KEEP_ORPHAN(fd fd_sg, cmd const[SG_GET_KEEP_ORPHAN], arg ptr[out, int32])
28ioctl$SG_GET_VERSION_NUM(fd fd_sg, cmd const[SG_GET_VERSION_NUM], arg ptr[out, int32])
29ioctl$SG_GET_ACCESS_COUNT(fd fd_sg, cmd const[SG_GET_ACCESS_COUNT], arg ptr[out, int32])
30ioctl$SG_EMULATED_HOST(fd fd_sg, cmd const[SG_EMULATED_HOST], arg ptr[out, int32])
31ioctl$SG_SET_COMMAND_Q(fd fd_sg, cmd const[SG_SET_COMMAND_Q], arg ptr[in, bool32])
32ioctl$SG_SET_KEEP_ORPHAN(fd fd_sg, cmd const[SG_SET_KEEP_ORPHAN], arg ptr[in, int32])
33ioctl$SG_NEXT_CMD_LEN(fd fd_sg, cmd const[SG_NEXT_CMD_LEN], arg ptr[in, int32[0:SG_MAX_CDB_SIZE]])
34ioctl$SG_SET_DEBUG(fd fd_sg, cmd const[SG_SET_DEBUG], arg ptr[in, bool32])
35ioctl$SG_SCSI_RESET(fd fd_sg, cmd const[SG_SCSI_RESET], arg const[0])
36ioctl$SG_GET_REQUEST_TABLE(fd fd_sg, cmd const[SG_GET_REQUEST_TABLE], arg ptr[out, array[int8, SG_REQUEST_TABLE_SIZE]])
37
38ioctl$SCSI_IOCTL_SEND_COMMAND(fd fd_sg, cmd const[SCSI_IOCTL_SEND_COMMAND], arg ptr[in, scsi_ioctl_command])
39ioctl$SCSI_IOCTL_TEST_UNIT_READY(fd fd_sg, cmd const[SCSI_IOCTL_TEST_UNIT_READY])
40ioctl$SCSI_IOCTL_DOORLOCK(fd fd_sg, cmd const[SCSI_IOCTL_DOORLOCK])
41ioctl$SCSI_IOCTL_DOORUNLOCK(fd fd_sg, cmd const[SCSI_IOCTL_DOORUNLOCK])
42ioctl$SCSI_IOCTL_START_UNIT(fd fd_sg, cmd const[SCSI_IOCTL_START_UNIT])
43ioctl$SCSI_IOCTL_STOP_UNIT(fd fd_sg, cmd const[SCSI_IOCTL_STOP_UNIT])
44ioctl$SCSI_IOCTL_SYNC(fd fd_sg, cmd const[SCSI_IOCTL_SYNC])
45ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(fd fd_sg, cmd const[SCSI_IOCTL_BENCHMARK_COMMAND])
46ioctl$SCSI_IOCTL_GET_BUS_NUMBER(fd fd_sg, cmd const[SCSI_IOCTL_GET_BUS_NUMBER], arg ptr[out, int32])
47ioctl$SCSI_IOCTL_GET_PCI(fd fd_sg, cmd const[SCSI_IOCTL_GET_PCI], arg ptr[out, array[int8, 20]])
48ioctl$SCSI_IOCTL_PROBE_HOST(fd fd_sg, cmd const[SCSI_IOCTL_PROBE_HOST], arg ptr[out, scsi_ioctl_probe_host_out_buffer])
49ioctl$SCSI_IOCTL_GET_IDLUN(fd fd_sg, cmd const[SCSI_IOCTL_GET_IDLUN], arg ptr[out, scsi_idlun])
50
51sg_io_hdr {
52	interface_id	flags[sg_interface_id, int32]
53	dxfer_direction	flags[sg_dxfer_direction, int32]
54	cmd_len		len[cmdp, int8]
55	mx_sb_len	int8
56	data		sg_io_hdr_data
57	cmdp		ptr[in, array[int8]]
58	sbp		ptr[out, array[int8]]
59	timeout		int32
60	flags		flags[sg_flags, int32]
61	pack_id		flags[sg_pack_id, int32]
62	usr_ptr		ptr[out, int8]
63	status		const[0, int8]
64	masked_status	const[0, int8]
65	msg_status	const[0, int8]
66	sb_len_wr	const[0, int8]
67	host_status	const[0, int16]
68	driver_status	const[0, int16]
69	resid		const[0, int32]
70	duration	const[0, int32]
71	info		const[0, int32]
72} [packed, size[SG_IO_HDR_SIZE]]
73
74sg_io_hdr_data [
75	buffer	sg_io_hdr_data_buffer
76	scatter	sg_io_hdr_data_scatter
77]
78
79sg_io_hdr_data_buffer {
80	iovec_count	const[0, int16]
81	dxfer_len	bytesize[dxferp, int32]
82	dxferp		ptr[out, array[int8]]
83} [packed]
84
85sg_io_hdr_data_scatter {
86	iovec_count	len[dxferp, int16]
87	dxfer_len	const[0, int32]
88	dxferp		ptr[in, array[iovec_out]]
89} [packed]
90
91scsi_ioctl_command {
92	inlen	len[data, int32]
93	outlen	int32
94	opcode	int32
95# TODO: this needs improvement: there are some command headers depending on opcode
96# and inlen only describes data past header.
97	data	array[int8]
98}
99
100scsi_idlun {
101	dev_id		int32
102	host_unique_id	int32
103}
104
105scsi_ioctl_probe_host_out_buffer {
106	len	bytesize[data, int32]
107	data	array[int8]
108}
109
110sg_interface_id = 0, 'S'
111sg_dxfer_direction = SG_DXFER_NONE, SG_DXFER_TO_DEV, SG_DXFER_FROM_DEV, SG_DXFER_TO_FROM_DEV, SG_DXFER_UNKNOWN
112sg_flags = SG_FLAG_DIRECT_IO, SG_FLAG_UNUSED_LUN_INHIBIT, SG_FLAG_MMAP_IO, SG_FLAG_NO_DXFER, SG_FLAG_Q_AT_TAIL, SG_FLAG_Q_AT_HEAD
113# TODO: we need negative integers for -1
114sg_pack_id = -1, 0, 1, 2, 3
115
116define SG_MAX_CDB_SIZE	252
117define SG_REQUEST_TABLE_SIZE	SG_MAX_QUEUE * sizeof(sg_req_info_t)
118define SG_IO_HDR_SIZE	sizeof(struct sg_io_hdr)
119define SG_SCSI_ID_T_SIZE	sizeof(sg_scsi_id_t)
120