1 # Copyright 2018 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 include <uapi/linux/a.out.h> 5 include <uapi/linux/elf.h> 6 7 execve(file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]]) 8 execveat(dirfd fd_dir, file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]], flags flags[at_flags]) 9 10 write$binfmt_script(fd fd, data ptr[in, binfmt_script], len bytesize[data]) 11 write$binfmt_misc(fd fd, data ptr[in, binfmt_misc], len bytesize[data]) 12 write$binfmt_aout(fd fd, data ptr[in, binfmt_aout], len bytesize[data]) 13 write$binfmt_elf32(fd fd, data ptr[in, binfmt_elf32], len bytesize[data]) 14 write$binfmt_elf64(fd fd, data ptr[in, binfmt_elf64], len bytesize[data]) 15 16 binfmt_script { 17 hdr stringnoz["#! "] 18 bin stringnoz[filename] 19 args array[binfmt_script_arg] 20 nl const[0xa, int8] 21 data array[int8] 22 } [packed] 23 24 binfmt_script_arg { 25 sp const[0x20, int8] 26 arg stringnoz 27 } 28 29 binfmt_misc { 30 hdr stringnoz[binfmt_misc_headers] 31 data array[int8] 32 } 33 34 binfmt_misc_headers = "syz0", "syz1" 35 36 binfmt_aout { 37 exec exec 38 data array[int8] 39 # Just to make the file of a non-trivial size. 40 pad array[array[const[0, int64], 32], 0:10] 41 } [packed] 42 43 exec { 44 magic flags[aouthdr_magics, int16] 45 machtype int8 46 flags int8 47 a_text int32[0:1000] 48 a_data int32[0:1000] 49 a_bss int32 50 a_syms int32[0:1000] 51 a_entry int32 52 a_trsize const[0, int32] 53 a_drsize const[0, int32] 54 } 55 56 aouthdr_magics = OMAGIC, NMAGIC, ZMAGIC, QMAGIC 57 58 type binfmt_elf32 binfmt_elf[int32, elf32_phdr, ELF32_PHDR_SIZE] 59 type binfmt_elf64 binfmt_elf[int64, elf64_phdr, ELF64_PHDR_SIZE] 60 61 type binfmt_elf[ADDR, PHDR, PHENTSIZE] { 62 hdr elf_hdr[ADDR, PHENTSIZE] 63 phdr array[PHDR, 1:2] 64 data array[int8] 65 # Just to make the file of a non-trivial size. 66 pad array[array[const[0, int64], 32], 0:10] 67 } [packed] 68 69 type elf_hdr[ADDR, PHENTSIZE] { 70 e_ident0 const[0x7f, int8] 71 e_ident1 const[0x45, int8] 72 e_ident2 const[0x4c, int8] 73 e_ident3 const[0x46, int8] 74 e_ident_class int8 75 e_ident_data int8 76 e_ident_ver int8 77 e_ident_osabi int8 78 e_ident_pad int64 79 e_type flags[elf_types, int16] 80 e_machine flags[elf_machines, int16] 81 e_version int32 82 e_entry ADDR[0:1000] 83 e_phoff bytesize[parent, ADDR] 84 e_shoff ADDR[0:1000] 85 e_flags int32 86 e_ehsize int16 87 e_phentsize const[PHENTSIZE, int16] 88 e_phnum int16[1:2] 89 e_shentsize int16 90 e_shnum int16 91 e_shstrndx int16 92 } 93 94 elf32_phdr { 95 p_type flags[elf_ptypes, int32] 96 p_offset int32 97 p_vaddr int32 98 p_paddr int32 99 p_filesz int32 100 p_memsz int32 101 p_flags int32 102 p_align int32 103 } [size[ELF32_PHDR_SIZE]] 104 105 elf64_phdr { 106 p_type flags[elf_ptypes, int32] 107 p_flags int32 108 p_offset int64 109 p_vaddr int64 110 p_paddr int64 111 p_filesz int64 112 p_memsz int64 113 p_align int64 114 } [size[ELF64_PHDR_SIZE]] 115 116 elf_types = ET_EXEC, ET_DYN 117 elf_machines = EM_386, EM_486, EM_X86_64 118 elf_ptypes = PT_LOAD, PT_DYNAMIC, PT_INTERP, PT_NOTE, PT_SHLIB, PT_PHDR, PT_TLS, PT_LOOS, PT_LOPROC, PT_GNU_STACK 119 120 define ELF32_PHDR_SIZE sizeof(struct elf32_phdr) 121 define ELF64_PHDR_SIZE sizeof(struct elf64_phdr) 122
