forked from google/syzkaller
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dev_bifrost.txt
329 lines (280 loc) · 12.9 KB
/
dev_bifrost.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
# Copyright 2021 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# The source file of mali bifrost ioctl can be found in ChromeOS source tree:
# https://chromium.googlesource.com/chromiumos/third_party/kernel/+/chromeos-4.19/drivers/gpu/arm/bifrost/mali_kbase_ioctl.h
# Not upstream, generated on:
# https://chromium.googlesource.com/chromiumos/third_party/kernel d2a8a1eb8b86
meta noextract
include <asm/page.h>
include <drivers/gpu/arm/bifrost/mali_kbase_debug.h>
include <drivers/gpu/arm/bifrost/mali_kbase_hwcnt_reader.h>
include <drivers/gpu/arm/bifrost/mali_kbase_ioctl.h>
include <drivers/gpu/arm/bifrost/mali_base_kernel.h>
include <uapi/linux/fcntl.h>
resource fd_bifrost[fd]
resource gpu_addr[int64]: BASEP_MEM_INVALID_HANDLE, BASEP_MEM_WRITE_ALLOC_PAGES_HANDLE
resource user_addr[int64]: -1
resource fd_fence[fd]
resource fd_hwcnt[fd]
openat$bifrost(fd const[AT_FDCWD], file ptr[in, string["/dev/bifrost"]], flags flags[open_flags], mode const[0]) fd_bifrost
# Device name on Android
openat$mali(fd const[AT_FDCWD], file ptr[in, string["/dev/mali0"]], flags flags[open_flags], mode const[0]) fd_bifrost
mmap$bifrost(addr const[0], len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd_bifrost, offset fileoff) user_addr
_ = __NR_mmap2
ioctl$KBASE_IOCTL_JOB_SUBMIT(fd fd_bifrost, cmd const[KBASE_IOCTL_JOB_SUBMIT], arg ptr[in, kbase_ioctl_job_submit])
ioctl$KBASE_IOCTL_POST_TERM(fd fd_bifrost, cmd const[KBASE_IOCTL_POST_TERM], arg const[0])
ioctl$KBASE_IOCTL_SOFT_EVENT_UPDATE(fd fd_bifrost, cmd const[KBASE_IOCTL_SOFT_EVENT_UPDATE], arg ptr[in, kbase_ioctl_soft_event_update])
ioctl$KBASE_IOCTL_VERSION_CHECK(fd fd_bifrost, cmd const[KBASE_IOCTL_VERSION_CHECK], arg ptr[inout, kbase_ioctl_version_check])
ioctl$KBASE_IOCTL_SET_FLAGS(fd fd_bifrost, cmd const[KBASE_IOCTL_SET_FLAGS], arg ptr[in, kbase_ioctl_set_flags])
ioctl$KBASE_IOCTL_GET_GPUPROPS(fd fd_bifrost, cmd const[KBASE_IOCTL_GET_GPUPROPS], arg ptr[inout, kbase_ioctl_get_gpuprops])
ioctl$KBASE_IOCTL_MEM_ALLOC(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_ALLOC], arg ptr[inout, kbase_ioctl_mem_alloc])
ioctl$KBASE_IOCTL_MEM_QUERY(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_QUERY], arg ptr[inout, kbase_ioctl_mem_query])
ioctl$KBASE_IOCTL_MEM_FREE(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_FREE], arg ptr[in, kbase_ioctl_mem_free])
ioctl$KBASE_IOCTL_HWCNT_READER_SETUP(fd fd_bifrost, cmd const[KBASE_IOCTL_HWCNT_READER_SETUP], arg ptr[in, kbase_ioctl_hwcnt_reader_setup]) fd_hwcnt
ioctl$KBASE_IOCTL_HWCNT_ENABLE(fd fd_bifrost, cmd const[KBASE_IOCTL_HWCNT_ENABLE], arg ptr[in, kbase_ioctl_hwcnt_enable])
ioctl$KBASE_IOCTL_HWCNT_DUMP(fd fd_bifrost, cmd const[KBASE_IOCTL_HWCNT_DUMP], arg const[0])
ioctl$KBASE_IOCTL_HWCNT_CLEAR(fd fd_bifrost, cmd const[KBASE_IOCTL_HWCNT_CLEAR], arg const[0])
ioctl$KBASE_IOCTL_HWCNT_SET(fd fd_bifrost, cmd const[KBASE_IOCTL_HWCNT_SET], arg ptr[inout, kbase_ioctl_hwcnt_values])
ioctl$KBASE_IOCTL_DISJOINT_QUERY(fd fd_bifrost, cmd const[KBASE_IOCTL_DISJOINT_QUERY], arg ptr[out, kbase_ioctl_disjoint_query])
ioctl$KBASE_IOCTL_GET_DDK_VERSION(fd fd_bifrost, cmd const[KBASE_IOCTL_GET_DDK_VERSION], arg ptr[inout, kbase_ioctl_get_ddk_version])
ioctl$KBASE_IOCTL_MEM_JIT_INIT_10_2(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_JIT_INIT_10_2], arg ptr[in, kbase_ioctl_mem_jit_init_10_2])
ioctl$KBASE_IOCTL_MEM_JIT_INIT_11_5(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_JIT_INIT_11_5], arg ptr[in, kbase_ioctl_mem_jit_init_11_5])
ioctl$KBASE_IOCTL_MEM_JIT_INIT(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_JIT_INIT], arg ptr[in, kbase_ioctl_mem_jit_init])
ioctl$KBASE_IOCTL_MEM_SYNC(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_SYNC], arg ptr[in, kbase_ioctl_mem_sync])
ioctl$KBASE_IOCTL_MEM_FIND_CPU_OFFSET(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_FIND_CPU_OFFSET], arg ptr[inout, kbase_ioctl_mem_find_cpu_offset])
ioctl$KBASE_IOCTL_GET_CONTEXT_ID(fd fd_bifrost, cmd const[KBASE_IOCTL_GET_CONTEXT_ID], arg ptr[out, kbase_ioctl_get_context_id])
ioctl$KBASE_IOCTL_TLSTREAM_ACQUIRE(fd fd_bifrost, cmd const[KBASE_IOCTL_TLSTREAM_ACQUIRE], arg ptr[in, kbase_ioctl_tlstream_acquire])
ioctl$KBASE_IOCTL_TLSTREAM_FLUSH(fd fd_bifrost, cmd const[KBASE_IOCTL_TLSTREAM_FLUSH], arg const[0])
ioctl$KBASE_IOCTL_MEM_COMMIT(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_COMMIT], arg ptr[in, kbase_ioctl_mem_commit])
ioctl$KBASE_IOCTL_MEM_ALIAS(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_ALIAS], arg ptr[inout, kbase_ioctl_mem_alias])
ioctl$KBASE_IOCTL_MEM_IMPORT(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_IMPORT], arg ptr[inout, kbase_ioctl_mem_import])
ioctl$KBASE_IOCTL_MEM_FLAGS_CHANGE(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_FLAGS_CHANGE], arg ptr[in, kbase_ioctl_mem_flags_change])
ioctl$KBASE_IOCTL_STREAM_CREATE(fd fd_bifrost, cmd const[KBASE_IOCTL_STREAM_CREATE], arg ptr[in, kbase_ioctl_stream_create]) fd_fence
ioctl$KBASE_IOCTL_FENCE_VALIDATE(fd fd_bifrost, cmd const[KBASE_IOCTL_FENCE_VALIDATE], arg ptr[in, kbase_ioctl_fence_validate])
ioctl$KBASE_IOCTL_MEM_PROFILE_ADD(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_PROFILE_ADD], arg ptr[in, kbase_ioctl_mem_profile_add])
ioctl$KBASE_IOCTL_STICKY_RESOURCE_MAP(fd fd_bifrost, cmd const[KBASE_IOCTL_STICKY_RESOURCE_MAP], arg ptr[in, kbase_ioctl_sticky_resource_map])
ioctl$KBASE_IOCTL_STICKY_RESOURCE_UNMAP(fd fd_bifrost, cmd const[KBASE_IOCTL_STICKY_RESOURCE_UNMAP], arg ptr[in, kbase_ioctl_sticky_resource_unmap])
ioctl$KBASE_IOCTL_MEM_FIND_GPU_START_AND_OFFSET(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_FIND_GPU_START_AND_OFFSET], arg ptr[inout, kbase_ioctl_mem_find_gpu_start_and_offset])
ioctl$KBASE_IOCTL_MEM_EXEC_INIT(fd fd_bifrost, cmd const[KBASE_IOCTL_MEM_EXEC_INIT], arg ptr[in, kbase_ioctl_mem_exec_init])
ioctl$KBASE_IOCTL_GET_CPU_GPU_TIMEINFO(fd fd_bifrost, cmd const[KBASE_IOCTL_GET_CPU_GPU_TIMEINFO], arg ptr[inout, kbase_ioctl_get_cpu_gpu_timeinfo])
ioctl$KBASE_HWCNT_READER_GET_HWVER(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_GET_HWVER], arg const[0])
ioctl$KBASE_HWCNT_READER_GET_BUFFER_SIZE(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_GET_BUFFER_SIZE], arg const[0])
ioctl$KBASE_HWCNT_READER_DUMP(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_DUMP], arg const[0])
ioctl$KBASE_HWCNT_READER_CLEAR(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_CLEAR], arg const[0])
ioctl$KBASE_HWCNT_READER_GET_BUFFER(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_GET_BUFFER], arg ptr[out, kbase_hwcnt_reader_metadata])
ioctl$KBASE_HWCNT_READER_PUT_BUFFER(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_PUT_BUFFER], arg ptr[in, kbase_hwcnt_reader_metadata])
ioctl$KBASE_HWCNT_READER_SET_INTERVAL(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_SET_INTERVAL], arg intptr)
ioctl$KBASE_HWCNT_READER_ENABLE_EVENT(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_ENABLE_EVENT], arg const[0])
ioctl$KBASE_HWCNT_READER_DISABLE_EVENT(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_DISABLE_EVENT], arg const[0])
ioctl$KBASE_HWCNT_READER_GET_API_VERSION(fd fd_hwcnt, cmd const[KBASE_HWCNT_READER_GET_API_VERSION], arg const[0])
type base_atom_id int8
base_jd_atom_v2 {
jc int64
udata base_jd_udata
extres_list int64
nr_extres int16
compat_core_req int16
pre_dep array[base_dependency, 2]
atom_number base_atom_id
prio flags[base_jd_prio, int8]
device_nr int8
jobslot int8
core_req flags[base_jd_core_req, int32]
renderpass_id int8
padding array[const[0, int8], 7]
}
base_dependency {
atom_id base_atom_id
dependency_type flags[base_jd_dep_type, int8]
}
base_jd_udata {
blob array[int64, 2]
}
kbase_ioctl_job_submit {
addr ptr64[out, array[base_jd_atom_v2]]
nr_atoms len[addr, int32]
# sizeof(base_jd_atom_v2)
stride const[56, int32]
}
kbase_ioctl_soft_event_update {
event gpu_addr
new_status int32
flags const[0, int32]
}
kbase_ioctl_version_check {
major int16
minor int16
}
kbase_ioctl_set_flags {
create_flags flags[basep_context_create_kernel_flags, int32]
}
kbase_ioctl_get_gpuprops {
buffer ptr64[out, array[int8]]
size len[buffer, int32]
flags const[0, int32]
}
kbase_ioctl_mem_alloc {
va_pages int64
commit_pages int64
extent int64
flags flags[base_mem_alloc_flags, int64]
out_flags int64 (out_overlay)
gpu_va gpu_addr
}
kbase_ioctl_mem_query {
gpu_addr gpu_addr
query flags[kbase_ioctl_mem_query_flags, int64]
value int64 (out_overlay)
}
kbase_ioctl_mem_free {
gpu_addr gpu_addr
}
kbase_ioctl_hwcnt_reader_setup {
buffer_count int32
jm_bm int32
shader_bm int32
tiler_bm int32
mmu_l2_bm int32
}
kbase_ioctl_hwcnt_enable {
dump_buffer gpu_addr
jm_bm int32
shader_bm int32
tiler_bm int32
mmu_l2_bm int32
}
kbase_ioctl_hwcnt_values {
data ptr64[out, array[int8]]
size len[data, int32]
padding const[0, int32]
}
kbase_ioctl_disjoint_query {
counter int32
}
kbase_ioctl_get_ddk_version {
version_buffer ptr64[out, array[int8]]
size len[version_buffer, int32]
padding const[0, int32]
}
kbase_ioctl_mem_jit_init_10_2 {
va_pages int64
}
kbase_ioctl_mem_jit_init_11_5 {
va_pages int64
max_allocations int8
trim_level int8
group_id int8
padding array[const[0, int8], 5]
}
kbase_ioctl_mem_jit_init {
va_pages int64
max_allocations int8
trim_level int8
group_id int8
padding array[const[0, int8], 5]
phys_pages int64
}
kbase_ioctl_mem_sync {
handle gpu_addr
user_addr user_addr
size int64
type flags[base_syncset_op_flags, int8]
padding array[const[0, int8], 7]
}
kbase_ioctl_mem_find_cpu_offset {
gpu_addr gpu_addr
cpu_addr user_addr
size int64
offset int64 (out_overlay)
}
kbase_ioctl_get_context_id {
id int32
}
kbase_ioctl_tlstream_acquire {
flags int32
}
kbase_ioctl_mem_commit {
gpu_addr gpu_addr
pages int64
}
kbase_ioctl_mem_alias {
flags flags[base_mem_alloc_flags, int64]
stride int64
nents len[aliasing_info, int64]
aliasing_info ptr64[in, array[base_mem_aliasing_info]]
out_flags int64 (out_overlay)
gpu_va gpu_addr
va_pages int64
}
base_mem_aliasing_info {
handle gpu_addr
offset int64
length int64
}
kbase_ioctl_mem_import {
flags flags[base_mem_alloc_flags, int64]
phandle int64
type flags[base_mem_import_type, int32]
padding const[0, int32]
out_flags int64 (out_overlay)
gpu_va gpu_addr
va_pages int64
}
kbase_ioctl_mem_flags_change {
gpu_va gpu_addr
flags flags[base_mem_alloc_flags, int64]
mask int64
}
kbase_ioctl_stream_create {
name array[int8, 32]
}
kbase_ioctl_fence_validate {
fd fd_fence
}
kbase_ioctl_mem_profile_add {
buffer ptr64[in, array[int8]]
len len[buffer, int32]
padding const[0, int32]
}
kbase_ioctl_sticky_resource_map {
count len[address, int64]
address ptr64[in, array[int64]]
}
kbase_ioctl_sticky_resource_unmap {
count len[address, int64]
address ptr64[in, array[int64]]
}
kbase_ioctl_mem_find_gpu_start_and_offset {
gpu_addr gpu_addr
size int64
start gpu_addr (out_overlay)
offset int64
}
kbase_ioctl_mem_exec_init {
va_pages int64
}
kbase_ioctl_get_cpu_gpu_timeinfo {
request_flags flags[base_timerequest_allowed_flags, int32]
paddings array[const[0, int8], 7]
sec int64 (out_overlay)
nsec int32
padding int32
timestamp int64
cycle_counter int64
}
kbase_hwcnt_reader_metadata {
timestamp int64
event_id int32
buffer_idx int32
}
base_jd_dep_type = BASE_JD_DEP_TYPE_INVALID, BASE_JD_DEP_TYPE_DATA, BASE_JD_DEP_TYPE_ORDER
base_jd_prio = BASE_JD_PRIO_MEDIUM, BASE_JD_PRIO_HIGH, BASE_JD_PRIO_LOW
base_jd_core_req = BASE_JD_REQ_DEP, BASE_JD_REQ_FS, BASE_JD_REQ_CS, BASE_JD_REQ_T, BASE_JD_REQ_CF, BASE_JD_REQ_V, BASE_JD_REQ_FS_AFBC, BASE_JD_REQ_EVENT_COALESCE, BASE_JD_REQ_COHERENT_GROUP, BASE_JD_REQ_PERMON, BASE_JD_REQ_EXTERNAL_RESOURCES, BASE_JD_REQ_SOFT_JOB, BASE_JD_REQ_ONLY_COMPUTE, BASE_JD_REQ_SPECIFIC_COHERENT_GROUP, BASE_JD_REQ_EVENT_ONLY_ON_FAILURE, BASE_JD_REQ_SKIP_CACHE_START, BASE_JD_REQ_SKIP_CACHE_END, BASE_JD_REQ_JOB_SLOT, BASE_JD_REQ_START_RENDERPASS, BASE_JD_REQ_END_RENDERPASS
kbase_ioctl_mem_query_flags = KBASE_MEM_QUERY_COMMIT_SIZE, KBASE_MEM_QUERY_VA_SIZE, KBASE_MEM_QUERY_FLAGS
base_syncset_op_flags = BASE_SYNCSET_OP_MSYNC, BASE_SYNCSET_OP_CSYNC
# 0x400000-0x2000000 are individual bits of BASE_MEM_GROUP_ID_MASK
base_mem_alloc_flags = BASE_MEM_PROT_CPU_RD, BASE_MEM_PROT_CPU_WR, BASE_MEM_PROT_GPU_RD, BASE_MEM_PROT_GPU_WR, BASE_MEM_PROT_GPU_EX, BASEP_MEM_PERMANENT_KERNEL_MAPPING, BASE_MEM_GPU_VA_SAME_4GB_PAGE, BASEP_MEM_NO_USER_FREE, BASE_MEM_RESERVED_BIT_8, BASE_MEM_GROW_ON_GPF, BASE_MEM_COHERENT_SYSTEM, BASE_MEM_COHERENT_LOCAL, BASE_MEM_CACHED_CPU, BASE_MEM_SAME_VA, BASE_MEM_NEED_MMAP, BASE_MEM_COHERENT_SYSTEM_REQUIRED, BASE_MEM_PROTECTED, BASE_MEM_DONT_NEED, BASE_MEM_IMPORT_SHARED, BASE_MEM_RESERVED_BIT_19, BASE_MEM_TILER_ALIGN_TOP_EXTENT_MAX_PAGES, BASE_MEM_TILER_ALIGN_TOP, BASE_MEM_UNCACHED_GPU, 0x400000, 0x800000, 0x1000000, 0x2000000, BASE_MEM_IMPORT_SYNC_ON_MAP_UNMAP, BASE_MEM_FLAG_MAP_FIXED
base_mem_import_type = BASE_MEM_IMPORT_TYPE_INVALID, BASE_MEM_IMPORT_TYPE_UMM, BASE_MEM_IMPORT_TYPE_USER_BUFFER
# 0x08-0x20 are individual bits of BASEP_CONTEXT_MMU_GROUP_ID_MASK
basep_context_create_kernel_flags = BASE_CONTEXT_SYSTEM_MONITOR_SUBMIT_DISABLED, 0x8, 0x10, 0x20, 0x40
base_timerequest_allowed_flags = BASE_TIMEINFO_MONOTONIC_FLAG, BASE_TIMEINFO_TIMESTAMP_FLAG, BASE_TIMEINFO_CYCLE_COUNTER_FLAG, BASE_TIMEINFO_KERNEL_SOURCE_FLAG, BASE_TIMEINFO_USER_SOURCE_FLAG