executor: pkg/vminfo: sys/linux: arm64: implement syz_kvm_assert_reg()

Add a pseudo-syscall to assert on register values.

4 files changed, 23 insertions, 1 deletions

diff --git a/executor/common_kvm_arm64.h b/executor/common_kvm_arm64.h
index 02e84aad8..6feec78ab 100644
--- a/executor/common_kvm_arm64.h
+++ b/executor/common_kvm_arm64.h
@@ -380,3 +380,22 @@ static long syz_kvm_assert_syzos_uexit(volatile long a0, volatile long a1)
 	return 0;
 }
 #endif
+
+#if SYZ_EXECUTOR || __NR_syz_kvm_assert_reg
+static long syz_kvm_assert_reg(volatile long a0, volatile long a1, volatile long a2)
+{
+	int vcpu_fd = (int)a0;
+	uint64 id = (uint64)a1;
+	uint64 expect = a2, val = 0;
+
+	struct kvm_one_reg reg = {.id = id, .addr = (uint64)&val};
+	int ret = ioctl(vcpu_fd, KVM_GET_ONE_REG, &reg);
+	if (ret)
+		return ret;
+	if (val != expect) {
+		errno = EDOM;
+		return -1;
+	}
+	return 0;
+}
+#endif
diff --git a/executor/common_linux.h b/executor/common_linux.h
index e63b0479f..635fc25ad 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -3186,7 +3186,7 @@ error_clear_loop:
 }
 #endif
 
-#if SYZ_EXECUTOR || __NR_syz_kvm_setup_cpu || __NR_syz_kvm_vgic_v3_setup || __NR_syz_kvm_setup_syzos_vm || __NR_syz_kvm_add_vcpu || __NR_syz_kvm_assert_syzos_uexit
+#if SYZ_EXECUTOR || __NR_syz_kvm_setup_cpu || __NR_syz_kvm_vgic_v3_setup || __NR_syz_kvm_setup_syzos_vm || __NR_syz_kvm_add_vcpu || __NR_syz_kvm_assert_syzos_uexit || __NR_syz_kvm_assert_reg
 // KVM is not yet supported on RISC-V
 #if !GOARCH_riscv64 && !GOARCH_arm
 #include <errno.h>
diff --git a/pkg/vminfo/linux_syscalls.go b/pkg/vminfo/linux_syscalls.go
index 935c9feea..e3755bdbc 100644
--- a/pkg/vminfo/linux_syscalls.go
+++ b/pkg/vminfo/linux_syscalls.go
@@ -84,6 +84,7 @@ var linuxSyscallChecks = map[string]func(*checkContext, *prog.Syscall) string{
 	"syz_kvm_setup_syzos_vm":      linuxSyzSupportedOnArm64,
 	"syz_kvm_add_vcpu":            linuxSyzSupportedOnArm64,
 	"syz_kvm_assert_syzos_uexit":  linuxSyzSupportedOnArm64,
+	"syz_kvm_assert_reg":          linuxSyzSupportedOnArm64,
 	"syz_emit_vhci":               linuxVhciInjectionSupported,
 	"syz_init_net_socket":         linuxSyzInitNetSocketSupported,
 	"syz_genetlink_get_family_id": linuxSyzGenetlinkGetFamilyIDSupported,
diff --git a/sys/linux/dev_kvm_arm64.txt b/sys/linux/dev_kvm_arm64.txt
index a510041dc..686cf2575 100644
--- a/sys/linux/dev_kvm_arm64.txt
+++ b/sys/linux/dev_kvm_arm64.txt
@@ -25,7 +25,9 @@ kvm_num_irqs = 32, 64, 128, 256, 512
 # Set up the VGICv3 IRQ controller inside a VM.
 syz_kvm_vgic_v3_setup(fd fd_kvmvm, ncpus intptr[0:4], nirqs flags[kvm_num_irqs]) fd_kvmdev
 
+# Test assertions, will not be used by the fuzzer.
 syz_kvm_assert_syzos_uexit(run kvm_run_ptr, exitcode int64) (no_generate)
+syz_kvm_assert_reg(fd fd_kvmcpu, reg int64, value int64) (no_generate)
 
 # Old-style way to set up a CPU inside a KVM VM.
 syz_kvm_setup_cpu$arm64(fd fd_kvmvm, cpufd fd_kvmcpu, usermem vma[1024], text ptr[in, array[kvm_text_arm64, 1]], ntext len[text], flags const[0], opts ptr[in, array[kvm_setup_opt_arm64, 1]], nopt len[opts])