Home | History | Annotate | Download | only in test 
      1 # Copyright 2015 syzkaller project authors. All rights reserved.
      2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
      3 
      4 # Syscalls used in syzkaller tests.
      5 
      6 test()
      7 
      8 # Integer types.
      9 
     10 test$int(a0 intptr, a1 int8, a2 int16, a3 int32, a4 int64)
     11 
     12 # Opt arguments
     13 
     14 test$opt0(a0 intptr[opt])
     15 test$opt1(a0 ptr[in, intptr, opt])
     16 test$opt2(a0 vma[opt])
     17 test$opt3(a0 proc[100, 4, opt])
     18 
     19 # Alignment and padding
     20 
     21 test$align0(a0 ptr[in, syz_align0])
     22 test$align1(a0 ptr[in, syz_align1])
     23 test$align2(a0 ptr[in, syz_align2])
     24 test$align3(a0 ptr[in, syz_align3])
     25 test$align4(a0 ptr[in, syz_align4])
     26 test$align5(a0 ptr[in, syz_align5])
     27 test$align6(a0 ptr[in, syz_align6])
     28 test$align7(a0 ptr[in, syz_align7])
     29 
     30 syz_align0 {
     31 	f0	int16
     32 	f1	int32
     33 	f2	int8
     34 	f3	int16
     35 	f4	int64
     36 }
     37 
     38 syz_align1 {
     39 	f0	int16
     40 	f1	int32
     41 	f2	int8
     42 	f3	int16
     43 	f4	int64
     44 } [packed]
     45 
     46 syz_align2_packed {
     47 	f0	array[int16, 1]
     48 } [packed]
     49 
     50 syz_align2_not_packed {
     51 	f0	array[int16, 1]
     52 }
     53 
     54 syz_align2 {
     55 	f0	int8
     56 	f1	syz_align2_packed
     57 	f2	syz_align2_not_packed
     58 }
     59 
     60 syz_align3_noalign {
     61 	f0	int8
     62 }
     63 
     64 syz_align3_align4 {
     65 	f0	int8
     66 } [align_4]
     67 
     68 syz_align3 {
     69 	f0	int8
     70 	f1	syz_align3_noalign
     71 	f2	syz_align3_align4
     72 }
     73 
     74 syz_align4_internal {
     75 	f0	int8
     76 	f1	int16
     77 } [packed, align_4]
     78 
     79 syz_align4 {
     80 	f0	syz_align4_internal
     81 	f1	int8
     82 }
     83 
     84 syz_align5_internal {
     85 	f0	int64
     86 	f1	array[int16, 0:3]
     87 }
     88 
     89 syz_align5 {
     90 	f0	syz_align5_internal
     91 	f1	syz_align5_internal
     92 	f2	int8
     93 } [packed]
     94 
     95 syz_align6 {
     96 	f0	int8
     97 	f1	array[int32]
     98 }
     99 
    100 syz_align7 {
    101 	f0	syz_align8
    102 	f1	int8
    103 }
    104 
    105 syz_align8 {
    106 	f0	int8:1
    107 	f1	int8:1
    108 	f2	int8:1
    109 	f3	int16:1
    110 	f4	int16:1
    111 	f5	int16:1
    112 } [packed, align_8]
    113 
    114 # Structs
    115 
    116 test$struct(a0 ptr[in, syz_struct0])
    117 
    118 syz_struct0 {
    119 	f0	int64
    120 	f1	syz_struct1
    121 }
    122 
    123 syz_struct1 {
    124 	f0	int8
    125 }
    126 
    127 # Unions
    128 
    129 test$union0(a0 ptr[in, syz_union0_struct])
    130 test$union1(a0 ptr[in, syz_union1_struct])
    131 test$union2(a0 ptr[in, syz_union2_struct])
    132 
    133 syz_union0 [
    134 	f0	int64
    135 	f1	array[int64, 10]
    136 	f2	int8
    137 ]
    138 
    139 syz_union0_struct {
    140 	f	int64
    141 	u	syz_union0
    142 }
    143 
    144 syz_union1 [
    145 	f0	int64
    146 	f1	int32
    147 ]
    148 
    149 syz_union1_struct {
    150 	f0	syz_union1
    151 	f1	int8
    152 } [packed]
    153 
    154 syz_union2 [
    155 	f0	int64
    156 	f1	int32
    157 ] [varlen]
    158 
    159 syz_union2_struct {
    160 	f0	syz_union2
    161 	f1	int8
    162 } [packed]
    163 
    164 syz_union3 [
    165 	f0	int32
    166 ]
    167 
    168 union_arg [
    169 	f1	int8
    170 	f2	int64
    171 	f3	ptr[in, int32]
    172 	f4	fd
    173 	f5	const[1, intptr]
    174 	f6	flags[syz_length_flags, int32]
    175 	f7	proc[0, 1, int16]
    176 ]
    177 
    178 test$syz_union3(a0 ptr[in, syz_union3])
    179 test$syz_union4(a0 union_arg)
    180 
    181 # Arrays
    182 
    183 test$array0(a0 ptr[in, syz_array_struct])
    184 test$array1(a0 ptr[in, syz_array_trailing])
    185 test$array2(a0 ptr[in, syz_array_blob])
    186 
    187 # Struct with a variable-length array or variable-length unions.
    188 syz_array_struct {
    189 	f0	int8
    190 	f1	array[syz_array_union, 1:2]
    191 	f2	int64
    192 } [packed]
    193 
    194 syz_array_union [
    195 	f0	int16
    196 	f1	int64
    197 ] [varlen]
    198 
    199 syz_array_trailing {
    200 	f0	int8
    201 	f1	array[int8, 4:8]
    202 }
    203 
    204 syz_array_blob {
    205 	f0	int16
    206 	f1	array[int8, 16]
    207 	f2	int16
    208 }
    209 
    210 # Length
    211 
    212 test$length0(a0 ptr[in, syz_length_int_struct])
    213 test$length1(a0 ptr[in, syz_length_const_struct])
    214 test$length2(a0 ptr[in, syz_length_flags_struct])
    215 test$length3(a0 ptr[in, syz_length_len_struct])
    216 test$length4(a0 ptr[in, syz_length_len2_struct])
    217 test$length5(a0 ptr[in, syz_length_parent_struct])
    218 test$length6(a0 ptr[in, syz_length_array_struct])
    219 test$length7(a0 ptr[in, syz_length_array2_struct])
    220 test$length8(a0 ptr[in, syz_length_complex_struct])
    221 test$length9(a0 ptr[in, syz_length_vma_struct])
    222 
    223 test$length10(a0 vma, a1 len[a0], a2 bytesize[a0], a3 bytesize2[a0], a4 bytesize4[a0])
    224 test$length11(a0 ptr[in, syz_length_large_struct], a1 len[a0])
    225 test$length12(a0 ptr[in, syz_length_large_struct, opt], a1 len[a0])
    226 test$length13(a0 ptr[inout, syz_length_large_struct], a1 ptr[inout, len[a0, int64]])
    227 test$length14(a0 ptr[inout, syz_length_large_struct], a1 ptr[inout, len[a0, int64], opt])
    228 test$length15(a0 int16, a1 len[a0])
    229 
    230 test$length16(a0 ptr[in, syz_length_bytesize_struct])
    231 test$length17(a0 ptr[in, syz_length_bytesize2_struct])
    232 test$length18(a0 ptr[in, syz_length_bytesize3_struct])
    233 test$length19(a0 ptr[in, syz_length_bf_struct])
    234 
    235 test$length20(a0 ptr[in, syz_length_parent2_struct])
    236 test$length21(a0 ptr[in, int64], a1 bitsize[a0])
    237 test$length22(a0 ptr[in, array[int8]], a1 bitsize[a0])
    238 
    239 syz_length_flags = 0, 1
    240 
    241 syz_length_int_struct {
    242 	f0	int16
    243 	f1	len[f0, int16]
    244 }
    245 
    246 syz_length_const_struct {
    247 	f0	const[0, int32]
    248 	f1	len[f0, int32]
    249 }
    250 
    251 syz_length_flags_struct {
    252 	f0	flags[syz_length_flags, int64]
    253 	f1	len[f0, int64]
    254 }
    255 
    256 syz_length_len_struct {
    257 	f0	int32
    258 	f1	len[f0, int16]
    259 	f2	len[f1, int16]
    260 }
    261 
    262 syz_length_len2_struct {
    263 	f0	len[f1, int16]
    264 	f1	len[f0, int16]
    265 }
    266 
    267 syz_length_parent_struct {
    268 	f0	int16
    269 	f1	len[parent, int16]
    270 }
    271 
    272 syz_length_array_struct {
    273 	f0	array[int16, 4]
    274 	f1	len[f0, int16]
    275 }
    276 
    277 syz_length_array2_struct {
    278 	f0	array[int16, 4]
    279 	f1	bytesize[f0, int16]
    280 }
    281 
    282 syz_length_complex_inner_struct {
    283 	f0	int8
    284 	f1	len[f0, int8]
    285 	f2	len[parent, int16]
    286 	f3	array[int32, 3]
    287 }
    288 
    289 syz_length_complex_struct {
    290 	f0	len[parent, int64]
    291 	f1	syz_length_complex_inner_struct
    292 	f2	array[syz_length_complex_inner_struct, 1]
    293 	f3	len[f1, int32]
    294 	f4	len[f2, int16]
    295 	f5	array[int16]
    296 }
    297 
    298 syz_length_vma_struct {
    299 	f0	vma
    300 	f1	len[f0, int64]
    301 }
    302 
    303 syz_length_large_struct {
    304 	f0	int64
    305 	f1	int64
    306 	f2	array[int32, 8]
    307 }
    308 
    309 syz_length_bytesize_struct {
    310 	f0	array[int64, 2]
    311 	f1	len[f0, int8]
    312 	f2	bytesize[f0, int8]
    313 	f3	bytesize2[f0, int8]
    314 	f4	bytesize4[f0, int8]
    315 	f5	bytesize8[f0, int8]
    316 }
    317 
    318 syz_length_bytesize2_struct {
    319 	f0	int64
    320 	f1	bytesize[f0, int8]
    321 	f2	bytesize2[f0, int8]
    322 	f3	bytesize4[f0, int8]
    323 	f4	bytesize8[f0, int8]
    324 }
    325 
    326 syz_length_bytesize3_struct {
    327 	f0	int32
    328 	f1	bytesize[parent, int8]
    329 	f2	bytesize2[parent, int8]
    330 	f3	bytesize4[parent, int8]
    331 	f4	bytesize8[parent, int8]
    332 }
    333 
    334 syz_length_bf_struct_inner {
    335 	f0	int32:10
    336 	f1	int32:10
    337 	f2	int32:10
    338 	f3	int32:32
    339 	f4	int32:16
    340 	f5	int32:16
    341 	f6	int32:10
    342 	f7	len[parent, int32]
    343 }
    344 
    345 syz_length_bf_struct {
    346 	f0	syz_length_bf_struct_inner
    347 	f1	len[f0, int8]
    348 	f2	bytesize[f0, int8]
    349 	f3	bytesize4[f0, int8]
    350 }
    351 
    352 syz_length_parent2_struct_inner_inner {
    353 	f1	len[parent, int8]
    354 	f2	len[syz_length_parent2_struct_inner_inner, int8]
    355 	f3	len[syz_length_parent2_struct_inner, int8]
    356 	f4	len[syz_length_parent2_struct, int8]
    357 }
    358 
    359 syz_length_parent2_struct_inner {
    360 	f0	syz_length_parent2_struct_inner_inner
    361 	f1	len[parent, int8]
    362 	f2	len[syz_length_parent2_struct_inner, int8]
    363 	f3	len[syz_length_parent2_struct, int8]
    364 }
    365 
    366 syz_length_parent2_struct {
    367 	f0	syz_length_parent2_struct_inner
    368 	f1	len[parent, int8]
    369 	f2	len[syz_length_parent2_struct, int8]
    370 }
    371 
    372 type len_templ1[DATA1, DATA2] {
    373 	data	DATA1
    374 	inner	len_temp2[DATA2]
    375 }
    376 
    377 type len_temp2[DATA] {
    378 	data	DATA
    379 	len	len[len_templ1, int8]
    380 }
    381 
    382 test$length23(a ptr[in, len_templ1[int8, int16]])
    383 
    384 type len_temp3[DATA] {
    385 	f1	DATA
    386 	f2	len_nontemp4
    387 }
    388 
    389 len_nontemp4 {
    390 	f1	len[len_temp3, int32]
    391 }
    392 
    393 len_nontemp5 {
    394 	f1	len_temp3[int8]
    395 	f2	len_temp3[int64]
    396 }
    397 
    398 len_unaligned {
    399 	f1	int32
    400 	f2	int8
    401 }
    402 
    403 explicitly_sized {
    404 	f1	int8
    405 } [size[42]]
    406 
    407 explicitly_sized_union [
    408 	f1	int8
    409 ] [size[42]]
    410 
    411 static_filename {
    412 	f1	string[filename, 10]
    413 	f2	string[filename, 20]
    414 	f3	bytesize[f1, int8]
    415 	f4	bytesize[f2, int8]
    416 	f5	bytesize[parent, int8]
    417 }
    418 
    419 test$length24(a ptr[in, len_nontemp5])
    420 test$length25(a0 ptr[in, array[array[int8]]], a1 len[a0])
    421 test$length26(a ptr[in, len_unaligned], b bytesize[a])
    422 test$length27(a0 ptr[in, explicitly_sized], a1 len[a0])
    423 test$length28(a0 ptr[in, explicitly_sized_union], a1 len[a0])
    424 test$length29(a ptr[in, static_filename])
    425 
    426 # Big endian
    427 
    428 test$end0(a0 ptr[in, syz_end_int_struct])
    429 test$end1(a0 ptr[in, syz_end_var_struct])
    430 
    431 syz_end_flags = 0, 1
    432 
    433 syz_end_int_struct {
    434 	f0	int8
    435 	f1	int16be
    436 	f2	int32be
    437 	f3	int64be
    438 } [packed]
    439 
    440 syz_end_var_struct {
    441 	f0	len[parent, int16be]
    442 	f1	const[0x42, int32be]
    443 	f2	flags[syz_end_flags, int64be]
    444 } [packed]
    445 
    446 # Vma type
    447 
    448 test$vma0(v0 vma, l0 len[v0], v1 vma[5], l1 len[v1], v2 vma[7:9], l2 len[v2])
    449 
    450 # Text type
    451 
    452 test$text_x86_real(a0 ptr[in, text[x86_real]], a1 len[a0])
    453 test$text_x86_16(a0 ptr[in, text[x86_16]], a1 len[a0])
    454 test$text_x86_32(a0 ptr[in, text[x86_32]], a1 len[a0])
    455 test$text_x86_64(a0 ptr[in, text[x86_64]], a1 len[a0])
    456 
    457 # Regression tests
    458 
    459 test$regression0(a0 ptr[inout, syz_regression0_struct])
    460 
    461 syz_regression0_struct {
    462 	f0	buffer[out]
    463 }
    464 
    465 test$regression1(a1 ptr[in, array[syz_regression1_struct]])
    466 
    467 syz_regression1_struct {
    468 	f0	array[int8, 4]
    469 }
    470 
    471 test$regression2(a1 ptr[in, array[int32, 4]])
    472 
    473 excessive_fields {
    474 	f1	int8
    475 }
    476 
    477 type_confusion [
    478 	f1	int8
    479 ]
    480 
    481 test$excessive_args1()
    482 test$excessive_args2(a1 int8)
    483 test$excessive_fields1(a1 ptr[in, excessive_fields])
    484 test$type_confusion1(a1 ptr[in, type_confusion])
    485 
    486 # Bitfields
    487 
    488 syz_bf_flags = 0, 1, 2
    489 
    490 syz_bf_struct0 {
    491 	f0	flags[syz_bf_flags, int16:10]
    492 	f1	int64
    493 	f2	const[0x42, int16:5]
    494 	f3	int16:6
    495 	f4	const[0x42, int32:15]
    496 	f5	len[parent, int16:11]
    497 	f6	len[parent, int16be:11]
    498 	f7	int8
    499 }
    500 
    501 syz_bf_struct1_internal {
    502 	f0	int32:10
    503 	f1	int32:10
    504 	f2	int32:10
    505 }
    506 
    507 syz_bf_struct1 {
    508 	f0	syz_bf_struct1_internal
    509 	f1	int8
    510 }
    511 
    512 test$bf0(a0 ptr[in, syz_bf_struct0])
    513 test$bf1(a0 ptr[in, syz_bf_struct1])
    514 
    515 # Checksums
    516 
    517 test$csum_encode(a0 ptr[in, syz_csum_encode])
    518 test$csum_ipv4(a0 ptr[in, syz_csum_ipv4_header])
    519 test$csum_ipv4_tcp(a0 ptr[in, syz_csum_ipv4_tcp_packet])
    520 test$csum_ipv6_tcp(a0 ptr[in, syz_csum_ipv6_tcp_packet])
    521 test$csum_ipv4_udp(a0 ptr[in, syz_csum_ipv4_udp_packet])
    522 test$csum_ipv6_udp(a0 ptr[in, syz_csum_ipv6_udp_packet])
    523 test$csum_ipv6_icmp(a0 ptr[in, syz_csum_ipv6_icmp_packet])
    524 
    525 syz_csum_encode {
    526 	f0	int16
    527 	f1	int16be
    528 	f2	array[int32, 0:4]
    529 	f3	int8:4
    530 	f4	int8:4
    531 	f5	array[int8, 4]
    532 } [packed]
    533 
    534 syz_csum_ipv4_header {
    535 	csum	csum[parent, inet, int16]
    536 	src_ip	int32be
    537 	dst_ip	int32be
    538 } [packed]
    539 
    540 syz_csum_tcp_header {
    541 	csum	csum[syz_csum_tcp_packet, pseudo, IPPROTO_TCP, int16]
    542 } [packed]
    543 
    544 syz_csum_tcp_packet {
    545 	header	syz_csum_tcp_header
    546 	payload	array[int8]
    547 } [packed]
    548 
    549 syz_csum_ipv4_tcp_packet {
    550 	header	syz_csum_ipv4_header
    551 	payload	syz_csum_tcp_packet
    552 } [packed]
    553 
    554 syz_csum_ipv6_header {
    555 	src_ip	array[int8, 16]
    556 	dst_ip	array[int8, 16]
    557 } [packed]
    558 
    559 syz_csum_ipv6_tcp_packet {
    560 	header	syz_csum_ipv6_header
    561 	payload	syz_csum_tcp_packet
    562 } [packed]
    563 
    564 syz_csum_udp_packet {
    565 	csum	csum[parent, pseudo, IPPROTO_UDP, int16]
    566 	payload	array[int8]
    567 } [packed]
    568 
    569 syz_csum_ipv4_udp_packet {
    570 	header	syz_csum_ipv4_header
    571 	payload	syz_csum_udp_packet
    572 } [packed]
    573 
    574 syz_csum_ipv6_udp_packet {
    575 	header	syz_csum_ipv6_header
    576 	payload	syz_csum_udp_packet
    577 } [packed]
    578 
    579 syz_csum_icmp_packet {
    580 	csum	csum[parent, pseudo, IPPROTO_ICMPV6, int16]
    581 	payload	array[int8]
    582 } [packed]
    583 
    584 syz_csum_ipv6_icmp_packet {
    585 	header	syz_csum_ipv6_header
    586 	payload	syz_csum_icmp_packet
    587 } [packed]
    588 
    589 # Recursion
    590 
    591 syz_recur_0 {
    592 	a0	ptr[in, syz_recur_0, opt]
    593 }
    594 
    595 syz_recur_1 {
    596 	a0	ptr[in, syz_recur_1, opt]
    597 	a1	ptr[in, syz_recur_2, opt]
    598 }
    599 
    600 syz_recur_2_0 {
    601 	a0	ptr[in, syz_recur_2_0, opt]
    602 	a1	ptr[in, syz_recur_2_0, opt]
    603 	a2	ptr[in, syz_recur_2_0, opt]
    604 	a3	ptr[in, syz_recur_2_0, opt]
    605 }
    606 
    607 syz_recur_2 {
    608 	a0	ptr[in, syz_recur_0, opt]
    609 	a1	ptr[in, syz_recur_1, opt]
    610 	a2	ptr[in, syz_recur_2_0, opt]
    611 	a3	ptr[in, syz_recur_2_0, opt]
    612 	a4	ptr[in, syz_recur_2, opt]
    613 	a5	ptr[in, syz_recur_2, opt]
    614 }
    615 
    616 test$recur0(a0 ptr[inout, syz_recur_0])
    617 test$recur1(a0 ptr[inout, syz_recur_1])
    618 test$recur2(a0 ptr[inout, syz_recur_2])
    619 
    620 # Resources.
    621 
    622 resource fd[int32]: 0xffffffffffffffff
    623 resource syz_res[int32]: 0xffff
    624 
    625 test$res0() syz_res
    626 test$res1(a0 syz_res)
    627 test$res2() fd
    628 
    629 # ONLY_32BITS_CONST const is not present on all arches.
    630 # Ensure that it does not break build.
    631 
    632 resource syz_missing_const_res[int32]: ONLY_32BITS_CONST
    633 
    634 test$missing_resource() syz_missing_const_res
    635 test$missing_struct(a ptr[in, syz_use_missing])
    636 
    637 syz_missing_const_struct {
    638 	a0	const[ONLY_32BITS_CONST, int32]
    639 }
    640 
    641 syz_use_missing {
    642 	a0	syz_missing_const_res
    643 	a1	syz_missing_const_struct
    644 }
    645 
    646 # Hints tests.
    647 
    648 test$hint_data(a0 ptr[in, array[int8]])
    649 
    650 # Mutation tests.
    651 
    652 mutate0()
    653 mutate1()
    654 mutate2()
    655 mutate3(vec ptr[in, array[int32[0:1]]], vlen len[vec])
    656 mutate4(data ptr[in, array[int8]], size bytesize[data])
    657 mutate5(filename ptr[in, filename], flags flags[open_flags]) fd
    658 mutate6(fd fd, data ptr[in, array[int8]], size bytesize[data])
    659 mutate7(a0 ptr[in, string], a1 len[a0])
    660 mutate8(a0 proc[100, 4, opt])
    661 
    662 open_flags = 0xabababababababab, 0xcdcdcdcdcdcdcdcd
    663 
    664 # Serialization tests.
    665 
    666 serialize0(a ptr[in, serialize0_struct])
    667 serialize1(a ptr[out, array[int8]], b len[a])
    668 
    669 serialize0_struct {
    670 	a	string[serialize_strings, 10]
    671 	b	string[serialize_strings, 5]
    672 }
    673 
    674 serialize_strings = "aaa", "bbb"
    675 
    676 # Unsupported syscalls due to resources.
    677 
    678 resource unsupported[int32]
    679 
    680 unsupported$0(a unsupported) unsupported
    681 unsupported$1(a unsupported) unsupported
    682