executor: arm64: sys/linux: introduce syzos API

Allow guest payload to call syzos API functions. The available calls are enumerated by SYZOS_API_* constants, and have a form of: struct api_call { uint64 call; uint64 struct_size; /* arbitrary call-related data here */ }; Complex instruction sequences are too easy to break, so most of the time fuzzer won't be able to efficiently mutate them. We replace kvm_text_arm64 with a sequence of `struct api_call`, making it possible to intermix assembly instructions (SYZOS_API_CODE) with higher-level constructs. Right now the supported calls are: - SYZOS_API_UEXIT - abort from KVM_RUN (1 argument: exit code, uint64) - SYZOS_API_CODE - execute an ARM64 assembly blob (1 argument: inline array of int32's)
author: Alexander Potapenko <glider@google.com> 2024-07-23 14:17:26 +0200
committer: Alexander Potapenko <glider@google.com> 2024-07-29 15:29:47 +0000
commit: 2fb4dcc9c10e100beedbbc223c2a9762bc45403e (patch)
tree: 7cae62f7ec97510df2f58be325ce630de2206c56 /executor/kvm.h
parent: a22b1135716d02277936c6f48acb1086b3f9a362 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/executor/kvm.h b/executor/kvm.h
index 49a493818..1afbcd40e 100644
--- a/executor/kvm.h
+++ b/executor/kvm.h
@@ -76,6 +76,10 @@
 #define NEXT_INSN $0xbadc0de
 #define PREFIX_SIZE 0xba1d
 
+// Write to this page to trigger a page fault and stop KVM_RUN.
+#define ARM64_ADDR_EXIT 0xdddd0000
+// Dedicated address within the exit page for the uexit command.
+#define ARM64_ADDR_UEXIT (ARM64_ADDR_EXIT + 256)
 #define ARM64_ADDR_USER_CODE 0xeeee0000
 #define ARM64_ADDR_EXECUTOR_CODE 0xeeee8000
 #define ARM64_ADDR_EL1_STACK_BOTTOM 0xffff1000
author	Alexander Potapenko <glider@google.com>	2024-07-23 14:17:26 +0200
committer	Alexander Potapenko <glider@google.com>	2024-07-29 15:29:47 +0000
commit	2fb4dcc9c10e100beedbbc223c2a9762bc45403e (patch)
tree	7cae62f7ec97510df2f58be325ce630de2206c56 /executor/kvm.h
parent	a22b1135716d02277936c6f48acb1086b3f9a362 (diff)