diff options
| author | Alexey Kardashevskiy <aik@linux.ibm.com> | 2021-08-11 12:20:35 +1000 |
|---|---|---|
| committer | Aleksandr Nogikh <wp32pw@gmail.com> | 2021-11-09 18:19:37 +0100 |
| commit | 22b866596bd7ad15273e24db02a0ef693737eae8 (patch) | |
| tree | 36b6a0fba753ae64b193720b79ba0de2ac0ce70f /dashboard/config/linux/android-5.4-base.config | |
| parent | be386ae8800e02b4a9a3239c9565e9d40e253c84 (diff) | |
executor/common_linux: fuzz kvm_run
Syzkaller runs KVM until it exits and this is considered the end of
the KVM_RUN syscall. We can do a bit more with a VM if the exit was
legit (for example MMIO access or a hypercall). In such cases
the userspace emulates the request and stores the result in
the kvm_run struct (mmaped from vcpu_fd) which the next KVM_RUN
checks.
This defines specialized mmap and syz_memcpy_off to allow Syzkaller
fuzz the kvm_run struct with focus on the part where the huge union is.
Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
---
Changes:
v4:
* defined offset/size constants
* re-autogenerated dev_kvm.txt.const
v3:
* fixed syz_memcpy_off's src size
v2:
* limited changes to dev_kvm.txt instead of defining all new
syz_kvm_run.
Diffstat (limited to 'dashboard/config/linux/android-5.4-base.config')
0 files changed, 0 insertions, 0 deletions