1# Copyright 2018 syzkaller project authors. All rights reserved.
2# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
3
4include <uapi/linux/a.out.h>
5include <uapi/linux/elf.h>
6
7execve(file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]])
8execveat(dirfd fd_dir, file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]], flags flags[at_flags])
9
10write$binfmt_script(fd fd, data ptr[in, binfmt_script], len bytesize[data])
11write$binfmt_misc(fd fd, data ptr[in, binfmt_misc], len bytesize[data])
12write$binfmt_aout(fd fd, data ptr[in, binfmt_aout], len bytesize[data])
13write$binfmt_elf32(fd fd, data ptr[in, binfmt_elf32], len bytesize[data])
14write$binfmt_elf64(fd fd, data ptr[in, binfmt_elf64], len bytesize[data])
15
16binfmt_script {
17	hdr	stringnoz["#! "]
18	bin	stringnoz[filename]
19	args	array[binfmt_script_arg]
20	nl	const[0xa, int8]
21	data	array[int8]
22} [packed]
23
24binfmt_script_arg {
25	sp	const[0x20, int8]
26	arg	stringnoz
27}
28
29binfmt_misc {
30	hdr	stringnoz[binfmt_misc_headers]
31	data	array[int8]
32}
33
34binfmt_misc_headers = "syz0", "syz1"
35
36binfmt_aout {
37	exec	exec
38	data	array[int8]
39# Just to make the file of a non-trivial size.
40	pad	array[array[const[0, int64], 32], 0:10]
41} [packed]
42
43exec {
44	magic		flags[aouthdr_magics, int16]
45	machtype	int8
46	flags		int8
47	a_text		int32[0:1000]
48	a_data		int32[0:1000]
49	a_bss		int32
50	a_syms		int32[0:1000]
51	a_entry		int32
52	a_trsize	const[0, int32]
53	a_drsize	const[0, int32]
54}
55
56aouthdr_magics = OMAGIC, NMAGIC, ZMAGIC, QMAGIC
57
58type binfmt_elf32 binfmt_elf[int32, elf32_phdr, ELF32_PHDR_SIZE]
59type binfmt_elf64 binfmt_elf[int64, elf64_phdr, ELF64_PHDR_SIZE]
60
61type binfmt_elf[ADDR, PHDR, PHENTSIZE] {
62	hdr	elf_hdr[ADDR, PHENTSIZE]
63	phdr	array[PHDR, 1:2]
64	data	array[int8]
65# Just to make the file of a non-trivial size.
66	pad	array[array[const[0, int64], 32], 0:10]
67} [packed]
68
69type elf_hdr[ADDR, PHENTSIZE] {
70	e_ident0	const[0x7f, int8]
71	e_ident1	const[0x45, int8]
72	e_ident2	const[0x4c, int8]
73	e_ident3	const[0x46, int8]
74	e_ident_class	int8
75	e_ident_data	int8
76	e_ident_ver	int8
77	e_ident_osabi	int8
78	e_ident_pad	int64
79	e_type		flags[elf_types, int16]
80	e_machine	flags[elf_machines, int16]
81	e_version	int32
82	e_entry		ADDR[0:1000]
83	e_phoff		bytesize[parent, ADDR]
84	e_shoff		ADDR[0:1000]
85	e_flags		int32
86	e_ehsize	int16
87	e_phentsize	const[PHENTSIZE, int16]
88	e_phnum		int16[1:2]
89	e_shentsize	int16
90	e_shnum		int16
91	e_shstrndx	int16
92}
93
94elf32_phdr {
95	p_type		flags[elf_ptypes, int32]
96	p_offset	int32
97	p_vaddr		int32
98	p_paddr		int32
99	p_filesz	int32
100	p_memsz		int32
101	p_flags		int32
102	p_align		int32
103} [size[ELF32_PHDR_SIZE]]
104
105elf64_phdr {
106	p_type		flags[elf_ptypes, int32]
107	p_flags		int32
108	p_offset	int64
109	p_vaddr		int64
110	p_paddr		int64
111	p_filesz	int64
112	p_memsz		int64
113	p_align		int64
114} [size[ELF64_PHDR_SIZE]]
115
116elf_types = ET_EXEC, ET_DYN
117elf_machines = EM_386, EM_486, EM_X86_64
118elf_ptypes = PT_LOAD, PT_DYNAMIC, PT_INTERP, PT_NOTE, PT_SHLIB, PT_PHDR, PT_TLS, PT_LOOS, PT_LOPROC, PT_GNU_STACK
119
120define ELF32_PHDR_SIZE	sizeof(struct elf32_phdr)
121define ELF64_PHDR_SIZE	sizeof(struct elf64_phdr)
122