sys/linux: move some ARM-specific descriptions to a separate file

This is done to solve a particular test failure running:

 $ tools/syz-env go test ./prog -run TestSpecialStructs

, which failed on PPC64, because prog/rand.go instanciated a call to
syz_kvm_setup_syzos_vm(), which requested too much memory (1024 pages)
from the allocator (PPC64 uses 64k pages, so the number of available pages
is lower).

On the other hand, factoring out syzos-related descriptions is probably
a nice thing to do anyway.

6 files changed, 432 insertions, 430 deletions

diff --git a/executor/common_linux.h b/executor/common_linux.h
index b6214563e..ef78a5175 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -3209,24 +3209,6 @@ static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volat
 	return 0;
 }
 #endif
-#if !GOARCH_arm64 && (SYZ_EXECUTOR || __NR_syz_kvm_vgic_v3_setup)
-static long syz_kvm_vgic_v3_setup(volatile long a0, volatile long a1, volatile long a2)
-{
-	return 0;
-}
-#endif
-#if !GOARCH_arm64 && (SYZ_EXECUTOR || __NR_syz_kvm_add_vcpu)
-static long syz_kvm_add_vcpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3)
-{
-	return 0;
-}
-#endif
-#if !GOARCH_arm64 && (SYZ_EXECUTOR || __NR_syz_kvm_setup_syzos_vm)
-static long syz_kvm_setup_syzos_vm(volatile long a0, volatile long a1)
-{
-	return 0;
-}
-#endif
 #endif
 #endif
 
diff --git a/pkg/vminfo/linux_test.go b/pkg/vminfo/linux_test.go
index 4df5b017a..5be6a7a8d 100644
--- a/pkg/vminfo/linux_test.go
+++ b/pkg/vminfo/linux_test.go
@@ -46,11 +46,7 @@ func TestLinuxSyscalls(t *testing.T) {
 		t.Fatal(err)
 	}
 	expectDisabled := map[string]bool{
-		"syz_kvm_add_vcpu":        true,
-		"syz_kvm_setup_cpu$arm64": true,
 		"syz_kvm_setup_cpu$ppc64": true,
-		"syz_kvm_setup_syzos_vm":  true,
-		"syz_kvm_vgic_v3_setup":   true,
 	}
 	// All mount and syz_mount_image calls except for ext4 and binder will be disabled.
 	for call := range disabled {
diff --git a/sys/linux/dev_kvm.txt b/sys/linux/dev_kvm.txt
index 784b625fb..6d25e6041 100644
--- a/sys/linux/dev_kvm.txt
+++ b/sys/linux/dev_kvm.txt
@@ -6,8 +6,6 @@ meta arches["386", "amd64", "arm64", "mips64le", "ppc64le", "s390x"]
 include <linux/kvm.h>
 include <linux/kvm_host.h>
 include <uapi/linux/fcntl.h>
-include <uapi/linux/psci.h>
-include <asm/kvm.h>
 include <asm/mce.h>
 
 resource fd_kvm[fd]
@@ -106,12 +104,6 @@ ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[
 ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_X86_APIC_BUS_CYCLES_NS, int64]])
 ioctl$KVM_CAP_PMU_CAPABILITY(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_PMU_CAPABILITY, int64]])
 
-# ARM-specific VM capabilities.
-ioctl$KVM_CAP_ARM_MTE(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_MTE, void]])
-ioctl$KVM_CAP_ARM_USER_IRQ(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_USER_IRQ, void]])
-ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_INJECT_SERROR_ESR, void]])
-ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_SYSTEM_SUSPEND, void]])
-ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE, int64]])
 ioctl$KVM_CAP_PTP_KVM(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_PTP_KVM, void]])
 
 ioctl$KVM_RUN(fd fd_kvmcpu, cmd const[KVM_RUN], arg const[0])
@@ -162,13 +154,6 @@ ioctl$KVM_SET_VAPIC_ADDR(fd fd_kvmcpu, cmd const[KVM_SET_VAPIC_ADDR], arg ptr[in
 ioctl$KVM_X86_SETUP_MCE(fd fd_kvmcpu, cmd const[KVM_X86_SETUP_MCE], arg ptr[in, kvm_mce_cap])
 ioctl$KVM_X86_SET_MCE(fd fd_kvmcpu, cmd const[KVM_X86_SET_MCE], arg ptr[in, kvm_x86_mce])
 
-ioctl$KVM_ARM_VCPU_INIT(fd fd_kvmcpu, cmd const[KVM_ARM_VCPU_INIT], arg ptr[in, kvm_vcpu_init])
-ioctl$KVM_ARM_PREFERRED_TARGET(fd fd_kvmcpu, cmd const[KVM_ARM_PREFERRED_TARGET], arg ptr[out, kvm_vcpu_init])
-# KVM_ARM_VCPU_FINALIZE accepts a single CPU feature encoded as a bit number: https://docs.kernel.org/virt/kvm/api.html#kvm-arm-vcpu-finalize.
-ioctl$KVM_ARM_VCPU_FINALIZE(fd fd_kvmcpu, cmd const[KVM_ARM_VCPU_FINALIZE], arg ptr[in, flags[kvm_vcpu_features_arm64, int32]])
-ioctl$KVM_ARM_SET_DEVICE_ADDR(fd fd_kvmcpu, cmd const[KVM_ARM_SET_DEVICE_ADDR], arg ptr[in, kvm_arm_device_addr])
-ioctl$KVM_ARM_SET_COUNTER_OFFSET(fd fd_kvmvm, cmd const[KVM_ARM_SET_COUNTER_OFFSET], arg ptr[in, kvm_arm_counter_offset])
-
 ioctl$KVM_GET_NESTED_STATE(fd fd_kvmcpu, cmd const[KVM_GET_NESTED_STATE], arg ptr[out, kvm_nested_state_arg])
 ioctl$KVM_SET_NESTED_STATE(fd fd_kvmcpu, cmd const[KVM_SET_NESTED_STATE], arg ptr[in, kvm_nested_state_arg])
 
@@ -219,18 +204,6 @@ kvm_mce_flags = 1, 2, 4
 kvm_mcg_status = MCG_STATUS_RIPV, MCG_STATUS_EIPV, MCG_STATUS_MCIP, MCG_STATUS_LMCES
 kvm_mce_status = MCI_STATUS_VAL, MCI_STATUS_OVER, MCI_STATUS_UC, MCI_STATUS_EN, MCI_STATUS_MISCV, MCI_STATUS_ADDRV, MCI_STATUS_PCC, MCI_STATUS_S, MCI_STATUS_AR
 kvm_cpuid_flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX, KVM_CPUID_FLAG_STATEFUL_FUNC, KVM_CPUID_FLAG_STATE_READ_NEXT
-kvm_vcpu_target = KVM_ARM_TARGET_CORTEX_A53, KVM_ARM_TARGET_AEM_V8, KVM_ARM_TARGET_FOUNDATION_V8, KVM_ARM_TARGET_CORTEX_A57, KVM_ARM_TARGET_XGENE_POTENZA, KVM_ARM_TARGET_GENERIC_V8
-
-# Some ioctls accept single CPU features as `bitnr`, whereas others take a set of `1 << bitnr`.
-define KVM_ARM_VCPU_POWER_OFF_BIT	(1 << KVM_ARM_VCPU_POWER_OFF)
-define KVM_ARM_VCPU_EL1_32BIT_BIT	(1 << KVM_ARM_VCPU_EL1_32BIT)
-define KVM_ARM_VCPU_PSCI_0_2_BIT	(1 << KVM_ARM_VCPU_PSCI_0_2)
-define KVM_ARM_VCPU_PMU_V3_BIT	(1 << KVM_ARM_VCPU_PMU_V3)
-define KVM_ARM_VCPU_PTRAUTH_ADDRESS_BIT	(1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS)
-define KVM_ARM_VCPU_PTRAUTH_GENERIC_BIT	(1 << KVM_ARM_VCPU_PTRAUTH_GENERIC)
-define KVM_ARM_VCPU_SVE_BIT	(1 << KVM_ARM_VCPU_SVE)
-kvm_vcpu_features_arm64 = KVM_ARM_VCPU_POWER_OFF, KVM_ARM_VCPU_EL1_32BIT, KVM_ARM_VCPU_PSCI_0_2, KVM_ARM_VCPU_PMU_V3, KVM_ARM_VCPU_PTRAUTH_ADDRESS, KVM_ARM_VCPU_PTRAUTH_GENERIC, KVM_ARM_VCPU_SVE
-kvm_vcpu_feature_bits_arm64 = KVM_ARM_VCPU_POWER_OFF_BIT, KVM_ARM_VCPU_EL1_32BIT_BIT, KVM_ARM_VCPU_PSCI_0_2_BIT, KVM_ARM_VCPU_PMU_V3_BIT, KVM_ARM_VCPU_PTRAUTH_ADDRESS_BIT, KVM_ARM_VCPU_PTRAUTH_GENERIC_BIT, KVM_ARM_VCPU_SVE_BIT
 
 kvm_dirty_log_protect = KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE, KVM_DIRTY_LOG_INITIALLY_SET
 kvm_dirty_log_sizes = 4096, 8192, 16384, 32768, 65536
@@ -260,16 +233,8 @@ kvm_x86_rflags = 1, 2, 4, 16, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384,
 # Pseudo call that setups VCPU into a reasonable interesting state for execution.
 # The interface is designed for extensibility so that addition of new options does not invalidate all existing programs.
 syz_kvm_setup_cpu$x86(fd fd_kvmvm, cpufd fd_kvmcpu, usermem vma[24], text ptr[in, array[kvm_text_x86, 1]], ntext len[text], flags flags[kvm_setup_flags], opts ptr[in, array[kvm_setup_opt_x86, 0:2]], nopt len[opts])
-syz_kvm_setup_cpu$arm64(fd fd_kvmvm, cpufd fd_kvmcpu, usermem vma[1024], text ptr[in, array[kvm_text_arm64, 1]], ntext len[text], flags const[0], opts ptr[in, array[kvm_setup_opt_arm64, 1]], nopt len[opts])
 syz_kvm_setup_cpu$ppc64(fd fd_kvmvm, cpufd fd_kvmcpu, usermem vma[24], text ptr[in, array[kvm_text_ppc64, 1]], ntext len[text], flags flags[kvm_setup_flags_ppc64], opts ptr[in, array[kvm_setup_opt_ppc64, 1]], nopt len[opts])
 
-kvm_num_irqs = 32, 64, 128, 256, 512
-# This pseudo-syscall is ARM64-specific.
-syz_kvm_vgic_v3_setup(fd fd_kvmvm, ncpus intptr[0:4], nirqs flags[kvm_num_irqs]) fd_kvmdev
-resource kvm_syz_vm[int64]
-syz_kvm_setup_syzos_vm(fd fd_kvmvm, usermem vma[1024]) kvm_syz_vm
-syz_kvm_add_vcpu(vm kvm_syz_vm, text ptr[in, kvm_text_arm64], opts ptr[in, array[kvm_setup_opt_arm64, 1]], nopt len[opts]) fd_kvmcpu
-
 resource kvm_run_ptr[int64]
 define KVM_RUN_SIZE	sizeof(struct kvm_run)
 mmap$KVM_VCPU(addr vma, len vcpu_mmap_size, prot flags[mmap_prot], flags flags[mmap_flags], cpufd fd_kvmcpu, offset const[0]) kvm_run_ptr
@@ -314,197 +279,6 @@ kvm_text_x86_64 {
 	size	len[text, intptr]
 }
 
-# Unlike on other architectures, ARM64 text is a sequence of commands, each starting with
-# the call number and the command length.
-kvm_text_arm64 {
-	typ	const[0, intptr]
-	text	ptr[in, array[syzos_api_call, 1:32]]
-	size	bytesize[text, int64]
-}
-
-syzos_api_code {
-	insns	text[arm64]
-	ret	const[0xd65f03c0, int32]
-} [packed]
-
-syzos_api_msr {
-	arg_reg		flags[kvm_regs_arm64_sys, int64]
-	arg_value	int64
-}
-
-# Based on the "SMC Calling Convention" doc, https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6
-# Bit 31 is Standard (0) / Fast Call (1)
-# Bit 30 is SMC32 (0) / SMC64 (1)
-# Bits 29:24 denote the owning entity (relevant constants below are 0x01000000-0x3f000000
-# Bits 23:16 are ignored (must be zero in most cases)
-# Bits 15:0 denote the function number (0-0xffff) within the specified range, so we list all the possible bit values
-# here and hope that the fuzzer will be able to combine them into a number.
-#
-# Numeric constants are used to help the fuzzer construct arbitrary SMC function IDs.
-# We also include IDs from include/linux/arm-smccc.h here.
-kvm_smc_id = 0x80000000, 0x40000000, 0x1000000, 0x2000000, 0x3000000, 0x4000000, 0x5000000, 0x6000000, 0x30000000, 0x31000000, 0x32000000, 0x3f000000, 0x0, 0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80, 0x100, 0x200, 0x400, 0x800, 0x1000, 0x2000, 0x4000, 0x8000, 0xffff, ARM_SMCCC_VERSION_FUNC_ID, ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_SOC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, ARM_SMCCC_ARCH_WORKAROUND_2, ARM_SMCCC_ARCH_WORKAROUND_3, ARM_SMCCC_VENDOR_HYP_CALL_UID_FUNC_ID, ARM_SMCCC_VENDOR_HYP_KVM_FEATURES_FUNC_ID, ARM_SMCCC_VENDOR_HYP_KVM_PTP_FUNC_ID, ARM_SMCCC_HV_PV_TIME_FEATURES, ARM_SMCCC_HV_PV_TIME_ST, ARM_SMCCC_TRNG_VERSION, ARM_SMCCC_TRNG_FEATURES, ARM_SMCCC_TRNG_GET_UUID, ARM_SMCCC_TRNG_RND32, ARM_SMCCC_TRNG_RND64, PSCI_0_2_FN_PSCI_VERSION, PSCI_0_2_FN_CPU_SUSPEND, PSCI_0_2_FN_CPU_OFF, PSCI_0_2_FN_CPU_ON, PSCI_0_2_FN_AFFINITY_INFO, PSCI_0_2_FN_MIGRATE, PSCI_0_2_FN_MIGRATE_INFO_TYPE, PSCI_0_2_FN_MIGRATE_INFO_UP_CPU, PSCI_0_2_FN_SYSTEM_OFF, PSCI_0_2_FN_SYSTEM_RESET, PSCI_0_2_FN64_CPU_SUSPEND, PSCI_0_2_FN64_CPU_ON, PSCI_0_2_FN64_AFFINITY_INFO, PSCI_0_2_FN64_MIGRATE, PSCI_0_2_FN64_MIGRATE_INFO_UP_CPU, PSCI_1_0_FN_PSCI_FEATURES, PSCI_1_0_FN_CPU_FREEZE, PSCI_1_0_FN_CPU_DEFAULT_SUSPEND, PSCI_1_0_FN_NODE_HW_STATE, PSCI_1_0_FN_SYSTEM_SUSPEND, PSCI_1_0_FN_SET_SUSPEND_MODE, PSCI_1_0_FN_STAT_RESIDENCY, PSCI_1_0_FN_STAT_COUNT, PSCI_1_1_FN_SYSTEM_RESET2, PSCI_1_1_FN_MEM_PROTECT, PSCI_1_1_FN_MEM_PROTECT_CHECK_RANGE, PSCI_1_0_FN64_CPU_DEFAULT_SUSPEND, PSCI_1_0_FN64_NODE_HW_STATE, PSCI_1_0_FN64_SYSTEM_SUSPEND, PSCI_1_0_FN64_STAT_RESIDENCY, PSCI_1_0_FN64_STAT_COUNT, PSCI_1_1_FN64_SYSTEM_RESET2, PSCI_1_1_FN64_MEM_PROTECT_CHECK_RANGE
-
-syzos_api_smccc {
-	arg_id		flags[kvm_smc_id, int32]
-	arg_params	array[int64, 5]
-}
-
-syzos_api_irq_setup {
-	nr_cpus	int32[0:4]
-	nr_spis	int32[0:987]
-}
-
-syzos_memwrite_len = 1, 2, 4, 8
-
-syzos_api_memwrite [
-	generic		syzos_api_memwrite_generic
-	vgic_gicd	syzos_api_memwrite_vgic_gicd
-	vgic_gicr	syzos_api_memwrite_vgic_gicr
-]
-
-syzos_api_memwrite_generic {
-	base	flags[kvm_guest_addrs, int64]
-	offset	int64[0:4096]
-	value	int64
-	len	flags[syzos_memwrite_len, int64]
-}
-
-syzos_api_its_setup {
-	nr_cpus		int64[0:4]
-	nr_devices	int64[0:4]
-	nr_ints		int64[0:1024]
-}
-
-# Definitions from <linux/irqchip/arm-gic-v3.h>
-
-define GITS_CMD_MAPD	0x08
-define GITS_CMD_MAPC	0x09
-define GITS_CMD_MAPTI	0x0a
-define GITS_CMD_MAPI	0x0b
-define GITS_CMD_MOVI	0x01
-define GITS_CMD_DISCARD	0x0f
-define GITS_CMD_INV	0x0c
-define GITS_CMD_MOVALL	0x0e
-define GITS_CMD_INVALL	0x0d
-define GITS_CMD_INT	0x03
-define GITS_CMD_CLEAR	0x04
-define GITS_CMD_SYNC	0x05
-
-gits_commands = GITS_CMD_MAPD, GITS_CMD_MAPC, GITS_CMD_MAPTI, GITS_CMD_MAPI, GITS_CMD_MOVI, GITS_CMD_DISCARD, GITS_CMD_INV, GITS_CMD_MOVALL, GITS_CMD_INVALL, GITS_CMD_INT, GITS_CMD_CLEAR, GITS_CMD_SYNC
-
-syzos_api_its_send_cmd {
-	type	flags[gits_commands, int8]
-	valid	int8[0:1]
-	cpuid	int32[0:4]
-	devid	int32[0:16]
-	eventid	int32
-	intid	int32
-	cpuid2	int32[0:4]
-} [packed]
-
-# Definitions from include/linux/irqchip/arm-gic-v3.h
-define GICD_CTLR	0x0000
-define GICD_TYPER	0x0004
-define GICD_IIDR	0x0008
-define GICD_TYPER2	0x000C
-define GICD_STATUSR	0x0010
-define GICD_SETSPI_NSR	0x0040
-define GICD_CLRSPI_NSR	0x0048
-define GICD_SETSPI_SR	0x0050
-define GICD_CLRSPI_SR	0x0058
-define GICD_IGROUPR	0x0080
-define GICD_ISENABLER	0x0100
-define GICD_ICENABLER	0x0180
-define GICD_ISPENDR	0x0200
-define GICD_ICPENDR	0x0280
-define GICD_ISACTIVER	0x0300
-define GICD_ICACTIVER	0x0380
-define GICD_IPRIORITYR	0x0400
-define GICD_ICFGR	0x0C00
-define GICD_IGRPMODR	0x0D00
-define GICD_NSACR	0x0E00
-define GICD_IGROUPRnE	0x1000
-define GICD_ISENABLERnE	0x1200
-define GICD_ICENABLERnE	0x1400
-define GICD_ISPENDRnE	0x1600
-define GICD_ICPENDRnE	0x1800
-define GICD_ISACTIVERnE	0x1A00
-define GICD_ICACTIVERnE	0x1C00
-define GICD_IPRIORITYRnE	0x2000
-define GICD_ICFGRnE	0x3000
-define GICD_IROUTER	0x6000
-define GICD_IROUTERnE	0x8000
-define GICD_IDREGS	0xFFD0
-define GICD_PIDR2	0xFFE8
-define GICD_ITARGETSR	0x0800
-define GICD_SGIR	0x0F00
-define GICD_CPENDSGIR	0x0F10
-define GICD_SPENDSGIR	0x0F20
-
-kvm_vgic_gicd_regs = GICD_CTLR, GICD_TYPER, GICD_IIDR, GICD_TYPER2, GICD_STATUSR, GICD_SETSPI_NSR, GICD_CLRSPI_NSR, GICD_SETSPI_SR, GICD_CLRSPI_SR, GICD_IGROUPR, GICD_ISENABLER, GICD_ICENABLER, GICD_ISPENDR, GICD_ICPENDR, GICD_ISACTIVER, GICD_ICACTIVER, GICD_IPRIORITYR, GICD_ICFGR, GICD_IGRPMODR, GICD_NSACR, GICD_IGROUPRnE, GICD_ISENABLERnE, GICD_ICENABLERnE, GICD_ISPENDRnE, GICD_ICPENDRnE, GICD_ISACTIVERnE, GICD_ICACTIVERnE, GICD_IPRIORITYRnE, GICD_ICFGRnE, GICD_IROUTER, GICD_IROUTERnE, GICD_IDREGS, GICD_PIDR2, GICD_ITARGETSR, GICD_SGIR, GICD_CPENDSGIR, GICD_SPENDSGIR
-
-# 0x08000000 is ARM64_ADDR_GICD_BASE from executor/kvm.h
-syzos_api_memwrite_vgic_gicd {
-	base	const[0x8000000, int64]
-	offset	flags[kvm_vgic_gicd_regs, int64]
-	value	int64
-	len	flags[syzos_memwrite_len, int64]
-}
-
-define GICR_CTLR	GICD_CTLR
-define GICR_IIDR	0x0004
-define GICR_TYPER	0x0008
-define GICR_STATUSR	GICD_STATUSR
-define GICR_WAKER	0x0014
-define GICR_SETLPIR	0x0040
-define GICR_CLRLPIR	0x0048
-define GICR_PROPBASER	0x0070
-define GICR_PENDBASER	0x0078
-define GICR_INVLPIR	0x00A0
-define GICR_INVALLR	0x00B0
-define GICR_SYNCR	0x00C0
-define GICR_IDREGS	GICD_IDREGS
-define GICR_PIDR2	GICD_PIDR2
-define GICR_IGROUPR0	GICD_IGROUPR
-define GICR_ISENABLER0	GICD_ISENABLER
-define GICR_ICENABLER0	GICD_ICENABLER
-define GICR_ISPENDR0	GICD_ISPENDR
-define GICR_ICPENDR0	GICD_ICPENDR
-define GICR_ISACTIVER0	GICD_ISACTIVER
-define GICR_ICACTIVER0	GICD_ICACTIVER
-define GICR_IPRIORITYR0	GICD_IPRIORITYR
-define GICR_ICFGR0	GICD_ICFGR
-define GICR_IGRPMODR0	GICD_IGRPMODR
-define GICR_NSACR	GICD_NSACR
-
-kvm_vgic_gicr_regs = GICR_CTLR, GICR_IIDR, GICR_TYPER, GICR_STATUSR, GICR_WAKER, GICR_SETLPIR, GICR_CLRLPIR, GICR_PROPBASER, GICR_PENDBASER, GICR_INVLPIR, GICR_INVALLR, GICR_SYNCR, GICR_IDREGS, GICR_PIDR2, GICR_IGROUPR0, GICR_ISENABLER0, GICR_ICENABLER0, GICR_ISPENDR0, GICR_ICPENDR0, GICR_ISACTIVER0, GICR_ICACTIVER0, GICR_IPRIORITYR0, GICR_ICFGR0, GICR_IGRPMODR0, GICR_NSACR
-
-# 0x080a0000 is ARM64_ADDR_GICR_BASE from executor/kvm.h, 0x20000 is redistributor size. We assume the maximum number of VCPUs is 4.
-syzos_api_memwrite_vgic_gicr {
-	base	int64[0x80a0000:0x8100000, 0x20000]
-	offset	flags[kvm_vgic_gicr_regs, int64]
-	value	int64
-	len	flags[syzos_memwrite_len, int64]
-}
-
-type syzos_api[NUM, PAYLOAD] {
-	call	const[NUM, int64]
-	size	bytesize[parent, int64]
-	payload	PAYLOAD
-}
-
-syzos_api_call [
-	uexit		syzos_api[0, intptr]
-	code		syzos_api[1, syzos_api_code]
-	msr		syzos_api[2, syzos_api_msr]
-	smc		syzos_api[3, syzos_api_smccc]
-	hvc		syzos_api[4, syzos_api_smccc]
-	irq_setup	syzos_api[5, syzos_api_irq_setup]
-	memwrite	syzos_api[6, syzos_api_memwrite]
-	its_setup	syzos_api[7, syzos_api_its_setup]
-	its_send_cmd	syzos_api[8, syzos_api_its_send_cmd]
-] [varlen]
-
 kvm_text_ppc64 {
 	typ	const[0, intptr]
 	text	ptr[in, text[ppc64]]
@@ -576,18 +350,6 @@ kvm_setup_opt_vmwrite {
 	val	int64:48
 }
 
-kvm_setup_opt_arm64 [
-# unions need at least 2 fields, but we have only 1 now, but we want to have it as union for future extention
-	featur1	kvm_setup_opt_feature
-	featur2	kvm_setup_opt_feature
-]
-
-# syz_kvm_setup_cpu$arm64 takes the same feature bitmap as ioctl$KVM_ARM_VCPU_INIT.
-kvm_setup_opt_feature {
-	typ	const[1, int64]
-	val	flags[kvm_vcpu_feature_bits_arm64, int64]
-}
-
 kvm_setup_opt_ppc64 [
 # unions need at least 2 fields, but we have only 1 now, but we want to have it as union for future extention
 	featur1	kvm_setup_opt_ppc64_feature
@@ -628,16 +390,6 @@ kvm_guest_debug {
 	reg	array[int64, 8]
 }
 
-kvm_arm_device_addr {
-	id	int64
-	addr	flags[kvm_guest_addrs, int64]
-}
-
-kvm_arm_counter_offset {
-	counter_offset	int64
-	reserved	int64
-}
-
 kvm_reg_list {
 	n	len[reg, int64]
 	reg	array[int64]
@@ -1288,13 +1040,6 @@ kvm_coalesced_mmio_zone {
 	pio_or_pad	int32[0:1]
 }
 
-# `feature` is a set of feature bits: https://docs.kernel.org/virt/kvm/api.html#kvm-arm-vcpu-init
-kvm_vcpu_init {
-	target	flags[kvm_vcpu_target, int32]
-	feature	flags[kvm_vcpu_feature_bits_arm64, int32]
-	pad	array[const[0, int32], 6]
-}
-
 kvm_hyperv_eventfd {
 	conn_id	int32[0:4]
 	fd	fd_event
diff --git a/sys/linux/dev_kvm.txt.const b/sys/linux/dev_kvm.txt.const
index 1b6ad1af2..33980e8c7 100644
--- a/sys/linux/dev_kvm.txt.const
+++ b/sys/linux/dev_kvm.txt.const
@@ -1,128 +1,13 @@
 # Code generated by syz-sysgen. DO NOT EDIT.
 arches = 386, amd64, arm64, mips64le, ppc64le, s390x
-ARM_SMCCC_ARCH_FEATURES_FUNC_ID = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2147483649
-ARM_SMCCC_ARCH_SOC_ID = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2147483650
-ARM_SMCCC_ARCH_WORKAROUND_1 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2147516416
-ARM_SMCCC_ARCH_WORKAROUND_2 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2147516415
-ARM_SMCCC_ARCH_WORKAROUND_3 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2147500031
-ARM_SMCCC_HV_PV_TIME_FEATURES = 386:amd64:mips64le:ppc64le:s390x:???, arm64:3305111584
-ARM_SMCCC_HV_PV_TIME_ST = 386:amd64:mips64le:ppc64le:s390x:???, arm64:3305111585
-ARM_SMCCC_TRNG_FEATURES = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2214592593
-ARM_SMCCC_TRNG_GET_UUID = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2214592594
-ARM_SMCCC_TRNG_RND32 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2214592595
-ARM_SMCCC_TRNG_RND64 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:3288334419
-ARM_SMCCC_TRNG_VERSION = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2214592592
-ARM_SMCCC_VENDOR_HYP_CALL_UID_FUNC_ID = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2248212225
-ARM_SMCCC_VENDOR_HYP_KVM_FEATURES_FUNC_ID = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2248146944
-ARM_SMCCC_VENDOR_HYP_KVM_PTP_FUNC_ID = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2248146945
-ARM_SMCCC_VERSION_FUNC_ID = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2147483648
 AT_FDCWD = 18446744073709551516
-GICD_CLRSPI_NSR = 72
-GICD_CLRSPI_SR = 88
-GICD_CPENDSGIR = 3856
-GICD_CTLR = 0
-GICD_ICACTIVER = 896
-GICD_ICACTIVERnE = 7168
-GICD_ICENABLER = 384
-GICD_ICENABLERnE = 5120
-GICD_ICFGR = 3072
-GICD_ICFGRnE = 12288
-GICD_ICPENDR = 640
-GICD_ICPENDRnE = 6144
-GICD_IDREGS = 65488
-GICD_IGROUPR = 128
-GICD_IGROUPRnE = 4096
-GICD_IGRPMODR = 3328
-GICD_IIDR = 8
-GICD_IPRIORITYR = 1024
-GICD_IPRIORITYRnE = 8192
-GICD_IROUTER = 24576
-GICD_IROUTERnE = 32768
-GICD_ISACTIVER = 768
-GICD_ISACTIVERnE = 6656
-GICD_ISENABLER = 256
-GICD_ISENABLERnE = 4608
-GICD_ISPENDR = 512
-GICD_ISPENDRnE = 5632
-GICD_ITARGETSR = 2048
-GICD_NSACR = 3584
-GICD_PIDR2 = 65512
-GICD_SETSPI_NSR = 64
-GICD_SETSPI_SR = 80
-GICD_SGIR = 3840
-GICD_SPENDSGIR = 3872
-GICD_STATUSR = 16
-GICD_TYPER = 4
-GICD_TYPER2 = 12
-GICR_CLRLPIR = 72
-GICR_CTLR = 0
-GICR_ICACTIVER0 = 896
-GICR_ICENABLER0 = 384
-GICR_ICFGR0 = 3072
-GICR_ICPENDR0 = 640
-GICR_IDREGS = 65488
-GICR_IGROUPR0 = 128
-GICR_IGRPMODR0 = 3328
-GICR_IIDR = 4
-GICR_INVALLR = 176
-GICR_INVLPIR = 160
-GICR_IPRIORITYR0 = 1024
-GICR_ISACTIVER0 = 768
-GICR_ISENABLER0 = 256
-GICR_ISPENDR0 = 512
-GICR_NSACR = 3584
-GICR_PENDBASER = 120
-GICR_PIDR2 = 65512
-GICR_PROPBASER = 112
-GICR_SETLPIR = 64
-GICR_STATUSR = 16
-GICR_SYNCR = 192
-GICR_TYPER = 8
-GICR_WAKER = 20
-GITS_CMD_CLEAR = 4
-GITS_CMD_DISCARD = 15
-GITS_CMD_INT = 3
-GITS_CMD_INV = 12
-GITS_CMD_INVALL = 13
-GITS_CMD_MAPC = 9
-GITS_CMD_MAPD = 8
-GITS_CMD_MAPI = 11
-GITS_CMD_MAPTI = 10
-GITS_CMD_MOVALL = 14
-GITS_CMD_MOVI = 1
-GITS_CMD_SYNC = 5
-KVM_ARM_PREFERRED_TARGET = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2149625519
-KVM_ARM_SET_COUNTER_OFFSET = 386:amd64:mips64le:ppc64le:s390x:???, arm64:1074835125
-KVM_ARM_SET_DEVICE_ADDR = 1074835115, mips64le:ppc64le:2148576939
-KVM_ARM_TARGET_AEM_V8 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:0
-KVM_ARM_TARGET_CORTEX_A53 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:4
-KVM_ARM_TARGET_CORTEX_A57 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2
-KVM_ARM_TARGET_FOUNDATION_V8 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:1
-KVM_ARM_TARGET_GENERIC_V8 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:5
-KVM_ARM_TARGET_XGENE_POTENZA = 386:amd64:mips64le:ppc64le:s390x:???, arm64:3
-KVM_ARM_VCPU_EL1_32BIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:1
-KVM_ARM_VCPU_EL1_32BIT_BIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2
-KVM_ARM_VCPU_FINALIZE = 1074048706, mips64le:ppc64le:2147790530
-KVM_ARM_VCPU_INIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:1075883694
-KVM_ARM_VCPU_PMU_V3 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:3
-KVM_ARM_VCPU_PMU_V3_BIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:8
 KVM_ARM_VCPU_PMU_V3_CTRL = 386:amd64:mips64le:ppc64le:s390x:???, arm64:0
 KVM_ARM_VCPU_PMU_V3_FILTER = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2
 KVM_ARM_VCPU_PMU_V3_INIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:1
 KVM_ARM_VCPU_PMU_V3_IRQ = 386:amd64:mips64le:ppc64le:s390x:???, arm64:0
 KVM_ARM_VCPU_PMU_V3_SET_PMU = 386:amd64:mips64le:ppc64le:s390x:???, arm64:3
-KVM_ARM_VCPU_POWER_OFF = 386:amd64:mips64le:ppc64le:s390x:???, arm64:0
-KVM_ARM_VCPU_POWER_OFF_BIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:1
-KVM_ARM_VCPU_PSCI_0_2 = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2
-KVM_ARM_VCPU_PSCI_0_2_BIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:4
-KVM_ARM_VCPU_PTRAUTH_ADDRESS = 386:amd64:mips64le:ppc64le:s390x:???, arm64:5
-KVM_ARM_VCPU_PTRAUTH_ADDRESS_BIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:32
-KVM_ARM_VCPU_PTRAUTH_GENERIC = 386:amd64:mips64le:ppc64le:s390x:???, arm64:6
-KVM_ARM_VCPU_PTRAUTH_GENERIC_BIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:64
 KVM_ARM_VCPU_PVTIME_CTRL = 386:amd64:mips64le:ppc64le:s390x:???, arm64:2
 KVM_ARM_VCPU_PVTIME_IPA = 386:amd64:mips64le:ppc64le:s390x:???, arm64:0
-KVM_ARM_VCPU_SVE = 386:amd64:mips64le:ppc64le:s390x:???, arm64:4
-KVM_ARM_VCPU_SVE_BIT = 386:amd64:mips64le:ppc64le:s390x:???, arm64:16
 KVM_ARM_VCPU_TIMER_CTRL = 386:amd64:mips64le:ppc64le:s390x:???, arm64:1
 KVM_ARM_VCPU_TIMER_IRQ_PTIMER = 386:amd64:mips64le:ppc64le:s390x:???, arm64:1
 KVM_ARM_VCPU_TIMER_IRQ_VTIMER = 386:amd64:mips64le:ppc64le:s390x:???, arm64:0
@@ -135,11 +20,6 @@ KVM_ASSIGN_SET_MSIX_ENTRY = 1074835060
 KVM_ASSIGN_SET_MSIX_NR = 1074310771
 KVM_BUS_LOCK_DETECTION_EXIT = 2
 KVM_BUS_LOCK_DETECTION_OFF = 1
-KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE = 228
-KVM_CAP_ARM_INJECT_SERROR_ESR = 158
-KVM_CAP_ARM_MTE = 205
-KVM_CAP_ARM_SYSTEM_SUSPEND = 216
-KVM_CAP_ARM_USER_IRQ = 144
 KVM_CAP_DIRTY_LOG_RING = 192
 KVM_CAP_DIRTY_LOG_RING_ACQ_REL = 223
 KVM_CAP_DISABLE_QUIRKS = 116
@@ -428,39 +308,6 @@ MCI_STATUS_PCC = 144115188075855872, arm64:mips64le:ppc64le:s390x:???
 MCI_STATUS_S = 72057594037927936, arm64:mips64le:ppc64le:s390x:???
 MCI_STATUS_UC = 2305843009213693952, arm64:mips64le:ppc64le:s390x:???
 MCI_STATUS_VAL = 9223372036854775808, arm64:mips64le:ppc64le:s390x:???
-PSCI_0_2_FN64_AFFINITY_INFO = 3288334340
-PSCI_0_2_FN64_CPU_ON = 3288334339
-PSCI_0_2_FN64_CPU_SUSPEND = 3288334337
-PSCI_0_2_FN64_MIGRATE = 3288334341
-PSCI_0_2_FN64_MIGRATE_INFO_UP_CPU = 3288334343
-PSCI_0_2_FN_AFFINITY_INFO = 2214592516
-PSCI_0_2_FN_CPU_OFF = 2214592514
-PSCI_0_2_FN_CPU_ON = 2214592515
-PSCI_0_2_FN_CPU_SUSPEND = 2214592513
-PSCI_0_2_FN_MIGRATE = 2214592517
-PSCI_0_2_FN_MIGRATE_INFO_TYPE = 2214592518
-PSCI_0_2_FN_MIGRATE_INFO_UP_CPU = 2214592519
-PSCI_0_2_FN_PSCI_VERSION = 2214592512
-PSCI_0_2_FN_SYSTEM_OFF = 2214592520
-PSCI_0_2_FN_SYSTEM_RESET = 2214592521
-PSCI_1_0_FN64_CPU_DEFAULT_SUSPEND = 3288334348
-PSCI_1_0_FN64_NODE_HW_STATE = 3288334349
-PSCI_1_0_FN64_STAT_COUNT = 3288334353
-PSCI_1_0_FN64_STAT_RESIDENCY = 3288334352
-PSCI_1_0_FN64_SYSTEM_SUSPEND = 3288334350
-PSCI_1_0_FN_CPU_DEFAULT_SUSPEND = 2214592524
-PSCI_1_0_FN_CPU_FREEZE = 2214592523
-PSCI_1_0_FN_NODE_HW_STATE = 2214592525
-PSCI_1_0_FN_PSCI_FEATURES = 2214592522
-PSCI_1_0_FN_SET_SUSPEND_MODE = 2214592527
-PSCI_1_0_FN_STAT_COUNT = 2214592529
-PSCI_1_0_FN_STAT_RESIDENCY = 2214592528
-PSCI_1_0_FN_SYSTEM_SUSPEND = 2214592526
-PSCI_1_1_FN64_MEM_PROTECT_CHECK_RANGE = 3288334356
-PSCI_1_1_FN64_SYSTEM_RESET2 = 3288334354
-PSCI_1_1_FN_MEM_PROTECT = 2214592531
-PSCI_1_1_FN_MEM_PROTECT_CHECK_RANGE = 2214592532
-PSCI_1_1_FN_SYSTEM_RESET2 = 2214592530
 VMCS12_SIZE = 4096
 __NR_ioctl = 54, amd64:16, arm64:29, mips64le:5015
 __NR_mmap = 90, 386:192, amd64:9, arm64:222, mips64le:5009
diff --git a/sys/linux/dev_kvm_arm64.txt b/sys/linux/dev_kvm_arm64.txt
new file mode 100644
index 000000000..91100be40
--- /dev/null
+++ b/sys/linux/dev_kvm_arm64.txt
@@ -0,0 +1,274 @@
+# Copyright 2024 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# ARM64-specific KVM syscall declarations.
+
+meta arches["arm64"]
+
+include <linux/kvm.h>
+include <linux/arm-smccc.h>
+include <uapi/linux/psci.h>
+include <asm/kvm.h>
+
+# kvm_syz_vm is a VM handler used by syzos-related pseudo-syscalls. It is actually an opaque pointer under the hood.
+resource kvm_syz_vm[int64]
+
+# Map the given memory into the VM and set up syzos there.
+syz_kvm_setup_syzos_vm(fd fd_kvmvm, usermem vma[1024]) kvm_syz_vm
+
+# Create a VCPU inside a kvm_syz_vm VM.
+syz_kvm_add_vcpu(vm kvm_syz_vm, text ptr[in, kvm_text_arm64], opts ptr[in, array[kvm_setup_opt_arm64, 1]], nopt len[opts]) fd_kvmcpu
+
+kvm_num_irqs = 32, 64, 128, 256, 512
+
+# Set up the VGICv3 IRQ controller inside a VM.
+syz_kvm_vgic_v3_setup(fd fd_kvmvm, ncpus intptr[0:4], nirqs flags[kvm_num_irqs]) fd_kvmdev
+
+# Old-style way to set up a CPU inside a KVM VM.
+syz_kvm_setup_cpu$arm64(fd fd_kvmvm, cpufd fd_kvmcpu, usermem vma[1024], text ptr[in, array[kvm_text_arm64, 1]], ntext len[text], flags const[0], opts ptr[in, array[kvm_setup_opt_arm64, 1]], nopt len[opts])
+
+kvm_setup_opt_arm64 [
+# unions need at least 2 fields, but we have only 1 now, but we want to have it as union for future extention
+	featur1	kvm_setup_opt_feature
+	featur2	kvm_setup_opt_feature
+]
+
+kvm_vcpu_target = KVM_ARM_TARGET_CORTEX_A53, KVM_ARM_TARGET_AEM_V8, KVM_ARM_TARGET_FOUNDATION_V8, KVM_ARM_TARGET_CORTEX_A57, KVM_ARM_TARGET_XGENE_POTENZA, KVM_ARM_TARGET_GENERIC_V8
+# `feature` is a set of feature bits: https://docs.kernel.org/virt/kvm/api.html#kvm-arm-vcpu-init
+kvm_vcpu_init {
+	target	flags[kvm_vcpu_target, int32]
+	feature	flags[kvm_vcpu_feature_bits_arm64, int32]
+	pad	array[const[0, int32], 6]
+}
+
+kvm_arm_counter_offset {
+	counter_offset	int64
+	reserved	int64
+}
+
+kvm_arm_device_addr {
+	id	int64
+	addr	flags[kvm_guest_addrs, int64]
+}
+
+ioctl$KVM_ARM_VCPU_INIT(fd fd_kvmcpu, cmd const[KVM_ARM_VCPU_INIT], arg ptr[in, kvm_vcpu_init])
+ioctl$KVM_ARM_PREFERRED_TARGET(fd fd_kvmcpu, cmd const[KVM_ARM_PREFERRED_TARGET], arg ptr[out, kvm_vcpu_init])
+# KVM_ARM_VCPU_FINALIZE accepts a single CPU feature encoded as a bit number: https://docs.kernel.org/virt/kvm/api.html#kvm-arm-vcpu-finalize.
+ioctl$KVM_ARM_VCPU_FINALIZE(fd fd_kvmcpu, cmd const[KVM_ARM_VCPU_FINALIZE], arg ptr[in, flags[kvm_vcpu_features_arm64, int32]])
+ioctl$KVM_ARM_SET_DEVICE_ADDR(fd fd_kvmcpu, cmd const[KVM_ARM_SET_DEVICE_ADDR], arg ptr[in, kvm_arm_device_addr])
+ioctl$KVM_ARM_SET_COUNTER_OFFSET(fd fd_kvmvm, cmd const[KVM_ARM_SET_COUNTER_OFFSET], arg ptr[in, kvm_arm_counter_offset])
+
+# ARM-specific VM capabilities.
+ioctl$KVM_CAP_ARM_MTE(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_MTE, void]])
+ioctl$KVM_CAP_ARM_USER_IRQ(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_USER_IRQ, void]])
+ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_INJECT_SERROR_ESR, void]])
+ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_SYSTEM_SUSPEND, void]])
+ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(fd fd_kvmvm, cmd const[KVM_ENABLE_CAP], arg ptr[in, kvm_enable_cap[KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE, int64]])
+
+# syz_kvm_setup_cpu$arm64 takes the same feature bitmap as ioctl$KVM_ARM_VCPU_INIT.
+kvm_setup_opt_feature {
+	typ	const[1, int64]
+	val	flags[kvm_vcpu_feature_bits_arm64, int64]
+}
+
+# Some ioctls accept single CPU features as `bitnr`, whereas others take a set of `1 << bitnr`.
+define KVM_ARM_VCPU_POWER_OFF_BIT	(1 << KVM_ARM_VCPU_POWER_OFF)
+define KVM_ARM_VCPU_EL1_32BIT_BIT	(1 << KVM_ARM_VCPU_EL1_32BIT)
+define KVM_ARM_VCPU_PSCI_0_2_BIT	(1 << KVM_ARM_VCPU_PSCI_0_2)
+define KVM_ARM_VCPU_PMU_V3_BIT	(1 << KVM_ARM_VCPU_PMU_V3)
+define KVM_ARM_VCPU_PTRAUTH_ADDRESS_BIT	(1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS)
+define KVM_ARM_VCPU_PTRAUTH_GENERIC_BIT	(1 << KVM_ARM_VCPU_PTRAUTH_GENERIC)
+define KVM_ARM_VCPU_SVE_BIT	(1 << KVM_ARM_VCPU_SVE)
+kvm_vcpu_features_arm64 = KVM_ARM_VCPU_POWER_OFF, KVM_ARM_VCPU_EL1_32BIT, KVM_ARM_VCPU_PSCI_0_2, KVM_ARM_VCPU_PMU_V3, KVM_ARM_VCPU_PTRAUTH_ADDRESS, KVM_ARM_VCPU_PTRAUTH_GENERIC, KVM_ARM_VCPU_SVE
+kvm_vcpu_feature_bits_arm64 = KVM_ARM_VCPU_POWER_OFF_BIT, KVM_ARM_VCPU_EL1_32BIT_BIT, KVM_ARM_VCPU_PSCI_0_2_BIT, KVM_ARM_VCPU_PMU_V3_BIT, KVM_ARM_VCPU_PTRAUTH_ADDRESS_BIT, KVM_ARM_VCPU_PTRAUTH_GENERIC_BIT, KVM_ARM_VCPU_SVE_BIT
+
+# Unlike on other architectures, ARM64 text is a sequence of commands, each starting with
+# the call number and the command length.
+kvm_text_arm64 {
+	typ	const[0, intptr]
+	text	ptr[in, array[syzos_api_call, 1:32]]
+	size	bytesize[text, int64]
+}
+
+syzos_api_code {
+	insns	text[arm64]
+	ret	const[0xd65f03c0, int32]
+} [packed]
+
+syzos_api_msr {
+	arg_reg		flags[kvm_regs_arm64_sys, int64]
+	arg_value	int64
+}
+
+# Based on the "SMC Calling Convention" doc, https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6
+# Bit 31 is Standard (0) / Fast Call (1)
+# Bit 30 is SMC32 (0) / SMC64 (1)
+# Bits 29:24 denote the owning entity (relevant constants below are 0x01000000-0x3f000000
+# Bits 23:16 are ignored (must be zero in most cases)
+# Bits 15:0 denote the function number (0-0xffff) within the specified range, so we list all the possible bit values
+# here and hope that the fuzzer will be able to combine them into a number.
+#
+# Numeric constants are used to help the fuzzer construct arbitrary SMC function IDs.
+# We also include IDs from include/linux/arm-smccc.h here.
+kvm_smc_id = 0x80000000, 0x40000000, 0x1000000, 0x2000000, 0x3000000, 0x4000000, 0x5000000, 0x6000000, 0x30000000, 0x31000000, 0x32000000, 0x3f000000, 0x0, 0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80, 0x100, 0x200, 0x400, 0x800, 0x1000, 0x2000, 0x4000, 0x8000, 0xffff, ARM_SMCCC_VERSION_FUNC_ID, ARM_SMCCC_ARCH_FEATURES_FUNC_ID, ARM_SMCCC_ARCH_SOC_ID, ARM_SMCCC_ARCH_WORKAROUND_1, ARM_SMCCC_ARCH_WORKAROUND_2, ARM_SMCCC_ARCH_WORKAROUND_3, ARM_SMCCC_VENDOR_HYP_CALL_UID_FUNC_ID, ARM_SMCCC_VENDOR_HYP_KVM_FEATURES_FUNC_ID, ARM_SMCCC_VENDOR_HYP_KVM_PTP_FUNC_ID, ARM_SMCCC_HV_PV_TIME_FEATURES, ARM_SMCCC_HV_PV_TIME_ST, ARM_SMCCC_TRNG_VERSION, ARM_SMCCC_TRNG_FEATURES, ARM_SMCCC_TRNG_GET_UUID, ARM_SMCCC_TRNG_RND32, ARM_SMCCC_TRNG_RND64, PSCI_0_2_FN_PSCI_VERSION, PSCI_0_2_FN_CPU_SUSPEND, PSCI_0_2_FN_CPU_OFF, PSCI_0_2_FN_CPU_ON, PSCI_0_2_FN_AFFINITY_INFO, PSCI_0_2_FN_MIGRATE, PSCI_0_2_FN_MIGRATE_INFO_TYPE, PSCI_0_2_FN_MIGRATE_INFO_UP_CPU, PSCI_0_2_FN_SYSTEM_OFF, PSCI_0_2_FN_SYSTEM_RESET, PSCI_0_2_FN64_CPU_SUSPEND, PSCI_0_2_FN64_CPU_ON, PSCI_0_2_FN64_AFFINITY_INFO, PSCI_0_2_FN64_MIGRATE, PSCI_0_2_FN64_MIGRATE_INFO_UP_CPU, PSCI_1_0_FN_PSCI_FEATURES, PSCI_1_0_FN_CPU_FREEZE, PSCI_1_0_FN_CPU_DEFAULT_SUSPEND, PSCI_1_0_FN_NODE_HW_STATE, PSCI_1_0_FN_SYSTEM_SUSPEND, PSCI_1_0_FN_SET_SUSPEND_MODE, PSCI_1_0_FN_STAT_RESIDENCY, PSCI_1_0_FN_STAT_COUNT, PSCI_1_1_FN_SYSTEM_RESET2, PSCI_1_1_FN_MEM_PROTECT, PSCI_1_1_FN_MEM_PROTECT_CHECK_RANGE, PSCI_1_0_FN64_CPU_DEFAULT_SUSPEND, PSCI_1_0_FN64_NODE_HW_STATE, PSCI_1_0_FN64_SYSTEM_SUSPEND, PSCI_1_0_FN64_STAT_RESIDENCY, PSCI_1_0_FN64_STAT_COUNT, PSCI_1_1_FN64_SYSTEM_RESET2, PSCI_1_1_FN64_MEM_PROTECT_CHECK_RANGE
+
+syzos_api_smccc {
+	arg_id		flags[kvm_smc_id, int32]
+	arg_params	array[int64, 5]
+}
+
+syzos_api_irq_setup {
+	nr_cpus	int32[0:4]
+	nr_spis	int32[0:987]
+}
+
+syzos_memwrite_len = 1, 2, 4, 8
+
+syzos_api_memwrite [
+	generic		syzos_api_memwrite_generic
+	vgic_gicd	syzos_api_memwrite_vgic_gicd
+	vgic_gicr	syzos_api_memwrite_vgic_gicr
+]
+
+syzos_api_memwrite_generic {
+	base	flags[kvm_guest_addrs, int64]
+	offset	int64[0:4096]
+	value	int64
+	len	flags[syzos_memwrite_len, int64]
+}
+
+syzos_api_its_setup {
+	nr_cpus		int64[0:4]
+	nr_devices	int64[0:4]
+	nr_ints		int64[0:1024]
+}
+
+define GICR_CTLR	GICD_CTLR
+define GICR_IIDR	0x0004
+define GICR_TYPER	0x0008
+define GICR_STATUSR	GICD_STATUSR
+define GICR_WAKER	0x0014
+define GICR_SETLPIR	0x0040
+define GICR_CLRLPIR	0x0048
+define GICR_PROPBASER	0x0070
+define GICR_PENDBASER	0x0078
+define GICR_INVLPIR	0x00A0
+define GICR_INVALLR	0x00B0
+define GICR_SYNCR	0x00C0
+define GICR_IDREGS	GICD_IDREGS
+define GICR_PIDR2	GICD_PIDR2
+define GICR_IGROUPR0	GICD_IGROUPR
+define GICR_ISENABLER0	GICD_ISENABLER
+define GICR_ICENABLER0	GICD_ICENABLER
+define GICR_ISPENDR0	GICD_ISPENDR
+define GICR_ICPENDR0	GICD_ICPENDR
+define GICR_ISACTIVER0	GICD_ISACTIVER
+define GICR_ICACTIVER0	GICD_ICACTIVER
+define GICR_IPRIORITYR0	GICD_IPRIORITYR
+define GICR_ICFGR0	GICD_ICFGR
+define GICR_IGRPMODR0	GICD_IGRPMODR
+define GICR_NSACR	GICD_NSACR
+
+kvm_vgic_gicr_regs = GICR_CTLR, GICR_IIDR, GICR_TYPER, GICR_STATUSR, GICR_WAKER, GICR_SETLPIR, GICR_CLRLPIR, GICR_PROPBASER, GICR_PENDBASER, GICR_INVLPIR, GICR_INVALLR, GICR_SYNCR, GICR_IDREGS, GICR_PIDR2, GICR_IGROUPR0, GICR_ISENABLER0, GICR_ICENABLER0, GICR_ISPENDR0, GICR_ICPENDR0, GICR_ISACTIVER0, GICR_ICACTIVER0, GICR_IPRIORITYR0, GICR_ICFGR0, GICR_IGRPMODR0, GICR_NSACR
+
+# 0x080a0000 is ARM64_ADDR_GICR_BASE from executor/kvm.h, 0x20000 is redistributor size. We assume the maximum number of VCPUs is 4.
+syzos_api_memwrite_vgic_gicr {
+	base	int64[0x80a0000:0x8100000, 0x20000]
+	offset	flags[kvm_vgic_gicr_regs, int64]
+	value	int64
+	len	flags[syzos_memwrite_len, int64]
+}
+
+# Definitions from <linux/irqchip/arm-gic-v3.h>
+
+define GITS_CMD_MAPD	0x08
+define GITS_CMD_MAPC	0x09
+define GITS_CMD_MAPTI	0x0a
+define GITS_CMD_MAPI	0x0b
+define GITS_CMD_MOVI	0x01
+define GITS_CMD_DISCARD	0x0f
+define GITS_CMD_INV	0x0c
+define GITS_CMD_MOVALL	0x0e
+define GITS_CMD_INVALL	0x0d
+define GITS_CMD_INT	0x03
+define GITS_CMD_CLEAR	0x04
+define GITS_CMD_SYNC	0x05
+
+gits_commands = GITS_CMD_MAPD, GITS_CMD_MAPC, GITS_CMD_MAPTI, GITS_CMD_MAPI, GITS_CMD_MOVI, GITS_CMD_DISCARD, GITS_CMD_INV, GITS_CMD_MOVALL, GITS_CMD_INVALL, GITS_CMD_INT, GITS_CMD_CLEAR, GITS_CMD_SYNC
+
+syzos_api_its_send_cmd {
+	type	flags[gits_commands, int8]
+	valid	int8[0:1]
+	cpuid	int32[0:4]
+	devid	int32[0:16]
+	eventid	int32
+	intid	int32
+	cpuid2	int32[0:4]
+} [packed]
+
+# Definitions from include/linux/irqchip/arm-gic-v3.h
+define GICD_CTLR	0x0000
+define GICD_TYPER	0x0004
+define GICD_IIDR	0x0008
+define GICD_TYPER2	0x000C
+define GICD_STATUSR	0x0010
+define GICD_SETSPI_NSR	0x0040
+define GICD_CLRSPI_NSR	0x0048
+define GICD_SETSPI_SR	0x0050
+define GICD_CLRSPI_SR	0x0058
+define GICD_IGROUPR	0x0080
+define GICD_ISENABLER	0x0100
+define GICD_ICENABLER	0x0180
+define GICD_ISPENDR	0x0200
+define GICD_ICPENDR	0x0280
+define GICD_ISACTIVER	0x0300
+define GICD_ICACTIVER	0x0380
+define GICD_IPRIORITYR	0x0400
+define GICD_ICFGR	0x0C00
+define GICD_IGRPMODR	0x0D00
+define GICD_NSACR	0x0E00
+define GICD_IGROUPRnE	0x1000
+define GICD_ISENABLERnE	0x1200
+define GICD_ICENABLERnE	0x1400
+define GICD_ISPENDRnE	0x1600
+define GICD_ICPENDRnE	0x1800
+define GICD_ISACTIVERnE	0x1A00
+define GICD_ICACTIVERnE	0x1C00
+define GICD_IPRIORITYRnE	0x2000
+define GICD_ICFGRnE	0x3000
+define GICD_IROUTER	0x6000
+define GICD_IROUTERnE	0x8000
+define GICD_IDREGS	0xFFD0
+define GICD_PIDR2	0xFFE8
+define GICD_ITARGETSR	0x0800
+define GICD_SGIR	0x0F00
+define GICD_CPENDSGIR	0x0F10
+define GICD_SPENDSGIR	0x0F20
+
+kvm_vgic_gicd_regs = GICD_CTLR, GICD_TYPER, GICD_IIDR, GICD_TYPER2, GICD_STATUSR, GICD_SETSPI_NSR, GICD_CLRSPI_NSR, GICD_SETSPI_SR, GICD_CLRSPI_SR, GICD_IGROUPR, GICD_ISENABLER, GICD_ICENABLER, GICD_ISPENDR, GICD_ICPENDR, GICD_ISACTIVER, GICD_ICACTIVER, GICD_IPRIORITYR, GICD_ICFGR, GICD_IGRPMODR, GICD_NSACR, GICD_IGROUPRnE, GICD_ISENABLERnE, GICD_ICENABLERnE, GICD_ISPENDRnE, GICD_ICPENDRnE, GICD_ISACTIVERnE, GICD_ICACTIVERnE, GICD_IPRIORITYRnE, GICD_ICFGRnE, GICD_IROUTER, GICD_IROUTERnE, GICD_IDREGS, GICD_PIDR2, GICD_ITARGETSR, GICD_SGIR, GICD_CPENDSGIR, GICD_SPENDSGIR
+
+# 0x08000000 is ARM64_ADDR_GICD_BASE from executor/kvm.h
+syzos_api_memwrite_vgic_gicd {
+	base	const[0x8000000, int64]
+	offset	flags[kvm_vgic_gicd_regs, int64]
+	value	int64
+	len	flags[syzos_memwrite_len, int64]
+}
+
+type syzos_api[NUM, PAYLOAD] {
+	call	const[NUM, int64]
+	size	bytesize[parent, int64]
+	payload	PAYLOAD
+}
+
+syzos_api_call [
+	uexit		syzos_api[0, intptr]
+	code		syzos_api[1, syzos_api_code]
+	msr		syzos_api[2, syzos_api_msr]
+	smc		syzos_api[3, syzos_api_smccc]
+	hvc		syzos_api[4, syzos_api_smccc]
+	irq_setup	syzos_api[5, syzos_api_irq_setup]
+	memwrite	syzos_api[6, syzos_api_memwrite]
+	its_setup	syzos_api[7, syzos_api_its_setup]
+	its_send_cmd	syzos_api[8, syzos_api_its_send_cmd]
+] [varlen]
diff --git a/sys/linux/dev_kvm_arm64.txt.const b/sys/linux/dev_kvm_arm64.txt.const
new file mode 100644
index 000000000..4ef652745
--- /dev/null
+++ b/sys/linux/dev_kvm_arm64.txt.const
@@ -0,0 +1,158 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = arm64
+ARM_SMCCC_ARCH_FEATURES_FUNC_ID = arm64:2147483649
+ARM_SMCCC_ARCH_SOC_ID = arm64:2147483650
+ARM_SMCCC_ARCH_WORKAROUND_1 = arm64:2147516416
+ARM_SMCCC_ARCH_WORKAROUND_2 = arm64:2147516415
+ARM_SMCCC_ARCH_WORKAROUND_3 = arm64:2147500031
+ARM_SMCCC_HV_PV_TIME_FEATURES = arm64:3305111584
+ARM_SMCCC_HV_PV_TIME_ST = arm64:3305111585
+ARM_SMCCC_TRNG_FEATURES = arm64:2214592593
+ARM_SMCCC_TRNG_GET_UUID = arm64:2214592594
+ARM_SMCCC_TRNG_RND32 = arm64:2214592595
+ARM_SMCCC_TRNG_RND64 = arm64:3288334419
+ARM_SMCCC_TRNG_VERSION = arm64:2214592592
+ARM_SMCCC_VENDOR_HYP_CALL_UID_FUNC_ID = arm64:2248212225
+ARM_SMCCC_VENDOR_HYP_KVM_FEATURES_FUNC_ID = arm64:2248146944
+ARM_SMCCC_VENDOR_HYP_KVM_PTP_FUNC_ID = arm64:2248146945
+ARM_SMCCC_VERSION_FUNC_ID = arm64:2147483648
+GICD_CLRSPI_NSR = arm64:72
+GICD_CLRSPI_SR = arm64:88
+GICD_CPENDSGIR = arm64:3856
+GICD_CTLR = arm64:0
+GICD_ICACTIVER = arm64:896
+GICD_ICACTIVERnE = arm64:7168
+GICD_ICENABLER = arm64:384
+GICD_ICENABLERnE = arm64:5120
+GICD_ICFGR = arm64:3072
+GICD_ICFGRnE = arm64:12288
+GICD_ICPENDR = arm64:640
+GICD_ICPENDRnE = arm64:6144
+GICD_IDREGS = arm64:65488
+GICD_IGROUPR = arm64:128
+GICD_IGROUPRnE = arm64:4096
+GICD_IGRPMODR = arm64:3328
+GICD_IIDR = arm64:8
+GICD_IPRIORITYR = arm64:1024
+GICD_IPRIORITYRnE = arm64:8192
+GICD_IROUTER = arm64:24576
+GICD_IROUTERnE = arm64:32768
+GICD_ISACTIVER = arm64:768
+GICD_ISACTIVERnE = arm64:6656
+GICD_ISENABLER = arm64:256
+GICD_ISENABLERnE = arm64:4608
+GICD_ISPENDR = arm64:512
+GICD_ISPENDRnE = arm64:5632
+GICD_ITARGETSR = arm64:2048
+GICD_NSACR = arm64:3584
+GICD_PIDR2 = arm64:65512
+GICD_SETSPI_NSR = arm64:64
+GICD_SETSPI_SR = arm64:80
+GICD_SGIR = arm64:3840
+GICD_SPENDSGIR = arm64:3872
+GICD_STATUSR = arm64:16
+GICD_TYPER = arm64:4
+GICD_TYPER2 = arm64:12
+GICR_CLRLPIR = arm64:72
+GICR_CTLR = arm64:0
+GICR_ICACTIVER0 = arm64:896
+GICR_ICENABLER0 = arm64:384
+GICR_ICFGR0 = arm64:3072
+GICR_ICPENDR0 = arm64:640
+GICR_IDREGS = arm64:65488
+GICR_IGROUPR0 = arm64:128
+GICR_IGRPMODR0 = arm64:3328
+GICR_IIDR = arm64:4
+GICR_INVALLR = arm64:176
+GICR_INVLPIR = arm64:160
+GICR_IPRIORITYR0 = arm64:1024
+GICR_ISACTIVER0 = arm64:768
+GICR_ISENABLER0 = arm64:256
+GICR_ISPENDR0 = arm64:512
+GICR_NSACR = arm64:3584
+GICR_PENDBASER = arm64:120
+GICR_PIDR2 = arm64:65512
+GICR_PROPBASER = arm64:112
+GICR_SETLPIR = arm64:64
+GICR_STATUSR = arm64:16
+GICR_SYNCR = arm64:192
+GICR_TYPER = arm64:8
+GICR_WAKER = arm64:20
+GITS_CMD_CLEAR = arm64:4
+GITS_CMD_DISCARD = arm64:15
+GITS_CMD_INT = arm64:3
+GITS_CMD_INV = arm64:12
+GITS_CMD_INVALL = arm64:13
+GITS_CMD_MAPC = arm64:9
+GITS_CMD_MAPD = arm64:8
+GITS_CMD_MAPI = arm64:11
+GITS_CMD_MAPTI = arm64:10
+GITS_CMD_MOVALL = arm64:14
+GITS_CMD_MOVI = arm64:1
+GITS_CMD_SYNC = arm64:5
+KVM_ARM_PREFERRED_TARGET = arm64:2149625519
+KVM_ARM_SET_COUNTER_OFFSET = arm64:1074835125
+KVM_ARM_SET_DEVICE_ADDR = arm64:1074835115
+KVM_ARM_TARGET_AEM_V8 = arm64:0
+KVM_ARM_TARGET_CORTEX_A53 = arm64:4
+KVM_ARM_TARGET_CORTEX_A57 = arm64:2
+KVM_ARM_TARGET_FOUNDATION_V8 = arm64:1
+KVM_ARM_TARGET_GENERIC_V8 = arm64:5
+KVM_ARM_TARGET_XGENE_POTENZA = arm64:3
+KVM_ARM_VCPU_EL1_32BIT = arm64:1
+KVM_ARM_VCPU_EL1_32BIT_BIT = arm64:2
+KVM_ARM_VCPU_FINALIZE = arm64:1074048706
+KVM_ARM_VCPU_INIT = arm64:1075883694
+KVM_ARM_VCPU_PMU_V3 = arm64:3
+KVM_ARM_VCPU_PMU_V3_BIT = arm64:8
+KVM_ARM_VCPU_POWER_OFF = arm64:0
+KVM_ARM_VCPU_POWER_OFF_BIT = arm64:1
+KVM_ARM_VCPU_PSCI_0_2 = arm64:2
+KVM_ARM_VCPU_PSCI_0_2_BIT = arm64:4
+KVM_ARM_VCPU_PTRAUTH_ADDRESS = arm64:5
+KVM_ARM_VCPU_PTRAUTH_ADDRESS_BIT = arm64:32
+KVM_ARM_VCPU_PTRAUTH_GENERIC = arm64:6
+KVM_ARM_VCPU_PTRAUTH_GENERIC_BIT = arm64:64
+KVM_ARM_VCPU_SVE = arm64:4
+KVM_ARM_VCPU_SVE_BIT = arm64:16
+KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE = arm64:228
+KVM_CAP_ARM_INJECT_SERROR_ESR = arm64:158
+KVM_CAP_ARM_MTE = arm64:205
+KVM_CAP_ARM_SYSTEM_SUSPEND = arm64:216
+KVM_CAP_ARM_USER_IRQ = arm64:144
+KVM_ENABLE_CAP = arm64:1080602275
+KVM_ENABLE_CAP_SIZE = ???
+PSCI_0_2_FN64_AFFINITY_INFO = arm64:3288334340
+PSCI_0_2_FN64_CPU_ON = arm64:3288334339
+PSCI_0_2_FN64_CPU_SUSPEND = arm64:3288334337
+PSCI_0_2_FN64_MIGRATE = arm64:3288334341
+PSCI_0_2_FN64_MIGRATE_INFO_UP_CPU = arm64:3288334343
+PSCI_0_2_FN_AFFINITY_INFO = arm64:2214592516
+PSCI_0_2_FN_CPU_OFF = arm64:2214592514
+PSCI_0_2_FN_CPU_ON = arm64:2214592515
+PSCI_0_2_FN_CPU_SUSPEND = arm64:2214592513
+PSCI_0_2_FN_MIGRATE = arm64:2214592517
+PSCI_0_2_FN_MIGRATE_INFO_TYPE = arm64:2214592518
+PSCI_0_2_FN_MIGRATE_INFO_UP_CPU = arm64:2214592519
+PSCI_0_2_FN_PSCI_VERSION = arm64:2214592512
+PSCI_0_2_FN_SYSTEM_OFF = arm64:2214592520
+PSCI_0_2_FN_SYSTEM_RESET = arm64:2214592521
+PSCI_1_0_FN64_CPU_DEFAULT_SUSPEND = arm64:3288334348
+PSCI_1_0_FN64_NODE_HW_STATE = arm64:3288334349
+PSCI_1_0_FN64_STAT_COUNT = arm64:3288334353
+PSCI_1_0_FN64_STAT_RESIDENCY = arm64:3288334352
+PSCI_1_0_FN64_SYSTEM_SUSPEND = arm64:3288334350
+PSCI_1_0_FN_CPU_DEFAULT_SUSPEND = arm64:2214592524
+PSCI_1_0_FN_CPU_FREEZE = arm64:2214592523
+PSCI_1_0_FN_NODE_HW_STATE = arm64:2214592525
+PSCI_1_0_FN_PSCI_FEATURES = arm64:2214592522
+PSCI_1_0_FN_SET_SUSPEND_MODE = arm64:2214592527
+PSCI_1_0_FN_STAT_COUNT = arm64:2214592529
+PSCI_1_0_FN_STAT_RESIDENCY = arm64:2214592528
+PSCI_1_0_FN_SYSTEM_SUSPEND = arm64:2214592526
+PSCI_1_1_FN64_MEM_PROTECT_CHECK_RANGE = arm64:3288334356
+PSCI_1_1_FN64_SYSTEM_RESET2 = arm64:3288334354
+PSCI_1_1_FN_MEM_PROTECT = arm64:2214592531
+PSCI_1_1_FN_MEM_PROTECT_CHECK_RANGE = arm64:2214592532
+PSCI_1_1_FN_SYSTEM_RESET2 = arm64:2214592530
+__NR_ioctl = arm64:29