| # Copyright 2018 syzkaller project authors. All rights reserved. |
| # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. |
| |
| include <linux/types.h> |
| include <uapi/linux/fs.h> |
| include <scsi/sg.h> |
| include <scsi/scsi.h> |
| include <scsi/scsi_ioctl.h> |
| include <uapi/linux/blktrace_api.h> |
| |
| resource fd_sg[fd_block_trace] |
| |
| syz_open_dev$sg(dev ptr[in, string["/dev/sg#"]], id intptr, flags flags[open_flags]) fd_sg |
| |
| ioctl$SG_IO(fd fd_sg, cmd const[SG_IO], arg ptr[in, sg_io_hdr]) |
| ioctl$SG_SET_TIMEOUT(fd fd_sg, cmd const[SG_SET_TIMEOUT], arg ptr[in, int32]) |
| ioctl$SG_GET_TIMEOUT(fd fd_sg, cmd const[SG_GET_TIMEOUT], arg const[0]) |
| ioctl$SG_GET_LOW_DMA(fd fd_sg, cmd const[SG_GET_LOW_DMA], arg ptr[out, int32]) |
| ioctl$SG_GET_SCSI_ID(fd fd_sg, cmd const[SG_GET_SCSI_ID], arg ptr[out, array[int8, SG_SCSI_ID_T_SIZE]]) |
| ioctl$SG_SET_FORCE_PACK_ID(fd fd_sg, cmd const[SG_SET_FORCE_PACK_ID], arg ptr[in, bool32]) |
| ioctl$SG_GET_PACK_ID(fd fd_sg, cmd const[SG_GET_PACK_ID], arg ptr[out, int32]) |
| ioctl$SG_GET_NUM_WAITING(fd fd_sg, cmd const[SG_GET_NUM_WAITING], arg ptr[out, int32]) |
| ioctl$SG_GET_SG_TABLESIZE(fd fd_sg, cmd const[SG_GET_SG_TABLESIZE], arg ptr[out, int32]) |
| ioctl$SG_SET_RESERVED_SIZE(fd fd_sg, cmd const[SG_SET_RESERVED_SIZE], arg ptr[in, int32]) |
| ioctl$SG_GET_RESERVED_SIZE(fd fd_sg, cmd const[SG_GET_RESERVED_SIZE], arg ptr[out, int32]) |
| ioctl$SG_GET_COMMAND_Q(fd fd_sg, cmd const[SG_GET_COMMAND_Q], arg ptr[out, int32]) |
| ioctl$SG_GET_KEEP_ORPHAN(fd fd_sg, cmd const[SG_GET_KEEP_ORPHAN], arg ptr[out, int32]) |
| ioctl$SG_GET_VERSION_NUM(fd fd_sg, cmd const[SG_GET_VERSION_NUM], arg ptr[out, int32]) |
| ioctl$SG_GET_ACCESS_COUNT(fd fd_sg, cmd const[SG_GET_ACCESS_COUNT], arg ptr[out, int32]) |
| ioctl$SG_EMULATED_HOST(fd fd_sg, cmd const[SG_EMULATED_HOST], arg ptr[out, int32]) |
| ioctl$SG_SET_COMMAND_Q(fd fd_sg, cmd const[SG_SET_COMMAND_Q], arg ptr[in, bool32]) |
| ioctl$SG_SET_KEEP_ORPHAN(fd fd_sg, cmd const[SG_SET_KEEP_ORPHAN], arg ptr[in, int32]) |
| ioctl$SG_NEXT_CMD_LEN(fd fd_sg, cmd const[SG_NEXT_CMD_LEN], arg ptr[in, int32[0:SG_MAX_CDB_SIZE]]) |
| ioctl$SG_SET_DEBUG(fd fd_sg, cmd const[SG_SET_DEBUG], arg ptr[in, bool32]) |
| ioctl$SG_SCSI_RESET(fd fd_sg, cmd const[SG_SCSI_RESET], arg const[0]) |
| ioctl$SG_GET_REQUEST_TABLE(fd fd_sg, cmd const[SG_GET_REQUEST_TABLE], arg ptr[out, array[int8, SG_REQUEST_TABLE_SIZE]]) |
| |
| ioctl$SCSI_IOCTL_SEND_COMMAND(fd fd_sg, cmd const[SCSI_IOCTL_SEND_COMMAND], arg ptr[in, scsi_ioctl_command]) |
| ioctl$SCSI_IOCTL_TEST_UNIT_READY(fd fd_sg, cmd const[SCSI_IOCTL_TEST_UNIT_READY]) |
| ioctl$SCSI_IOCTL_DOORLOCK(fd fd_sg, cmd const[SCSI_IOCTL_DOORLOCK]) |
| ioctl$SCSI_IOCTL_DOORUNLOCK(fd fd_sg, cmd const[SCSI_IOCTL_DOORUNLOCK]) |
| ioctl$SCSI_IOCTL_START_UNIT(fd fd_sg, cmd const[SCSI_IOCTL_START_UNIT]) |
| ioctl$SCSI_IOCTL_STOP_UNIT(fd fd_sg, cmd const[SCSI_IOCTL_STOP_UNIT]) |
| ioctl$SCSI_IOCTL_SYNC(fd fd_sg, cmd const[SCSI_IOCTL_SYNC]) |
| ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(fd fd_sg, cmd const[SCSI_IOCTL_BENCHMARK_COMMAND]) |
| ioctl$SCSI_IOCTL_GET_BUS_NUMBER(fd fd_sg, cmd const[SCSI_IOCTL_GET_BUS_NUMBER], arg ptr[out, int32]) |
| ioctl$SCSI_IOCTL_GET_PCI(fd fd_sg, cmd const[SCSI_IOCTL_GET_PCI], arg ptr[out, array[int8, 20]]) |
| ioctl$SCSI_IOCTL_PROBE_HOST(fd fd_sg, cmd const[SCSI_IOCTL_PROBE_HOST], arg ptr[out, scsi_ioctl_probe_host_out_buffer]) |
| ioctl$SCSI_IOCTL_GET_IDLUN(fd fd_sg, cmd const[SCSI_IOCTL_GET_IDLUN], arg ptr[out, scsi_idlun]) |
| |
| sg_io_hdr { |
| interface_id flags[sg_interface_id, int32] |
| dxfer_direction flags[sg_dxfer_direction, int32] |
| cmd_len len[cmdp, int8] |
| mx_sb_len int8 |
| data sg_io_hdr_data |
| cmdp ptr[in, array[int8]] |
| sbp ptr[out, array[int8]] |
| timeout int32 |
| flags flags[sg_flags, int32] |
| pack_id flags[sg_pack_id, int32] |
| usr_ptr ptr[out, int8] |
| status const[0, int8] |
| masked_status const[0, int8] |
| msg_status const[0, int8] |
| sb_len_wr const[0, int8] |
| host_status const[0, int16] |
| driver_status const[0, int16] |
| resid const[0, int32] |
| duration const[0, int32] |
| info const[0, int32] |
| } [packed, size[SG_IO_HDR_SIZE]] |
| |
| sg_io_hdr_data [ |
| buffer sg_io_hdr_data_buffer |
| scatter sg_io_hdr_data_scatter |
| ] |
| |
| sg_io_hdr_data_buffer { |
| iovec_count const[0, int16] |
| dxfer_len bytesize[dxferp, int32] |
| dxferp ptr[out, array[int8]] |
| } [packed] |
| |
| sg_io_hdr_data_scatter { |
| iovec_count len[dxferp, int16] |
| dxfer_len const[0, int32] |
| dxferp ptr[in, array[iovec_out]] |
| } [packed] |
| |
| scsi_ioctl_command { |
| inlen len[data, int32] |
| outlen int32 |
| opcode int32 |
| # TODO: this needs improvement: there are some command headers depending on opcode |
| # and inlen only describes data past header. |
| data array[int8] |
| } |
| |
| scsi_idlun { |
| dev_id int32 |
| host_unique_id int32 |
| } |
| |
| scsi_ioctl_probe_host_out_buffer { |
| len bytesize[data, int32] |
| data array[int8] |
| } |
| |
| sg_interface_id = 0, 'S' |
| sg_dxfer_direction = SG_DXFER_NONE, SG_DXFER_TO_DEV, SG_DXFER_FROM_DEV, SG_DXFER_TO_FROM_DEV, SG_DXFER_UNKNOWN |
| sg_flags = SG_FLAG_DIRECT_IO, SG_FLAG_UNUSED_LUN_INHIBIT, SG_FLAG_MMAP_IO, SG_FLAG_NO_DXFER, SG_FLAG_Q_AT_TAIL, SG_FLAG_Q_AT_HEAD |
| # TODO: we need negative integers for -1 |
| sg_pack_id = -1, 0, 1, 2, 3 |
| |
| define SG_MAX_CDB_SIZE 252 |
| define SG_REQUEST_TABLE_SIZE SG_MAX_QUEUE * sizeof(sg_req_info_t) |
| define SG_IO_HDR_SIZE sizeof(struct sg_io_hdr) |
| define SG_SCSI_ID_T_SIZE sizeof(sg_scsi_id_t) |
