executor: sys/linux: implement SYZOS_API_NESTED_AMD_VMCB_WRITE_MASK

The new command allows mutation of AMD VMCB block with plain 64-bit writes.
In addition to VM ID and VMCB offset, @nested_amd_vmcb_write_mask takes
three 64-bit numbers: the set mask, the unset mask, and the flip mask.
This allows to make bitwise modifications to VMCB without disturbing
the execution too much.

Also add sys/linux/test/amd64-syz_kvm_nested_amd_vmcb_write_mask to test the
new command behavior.

1 files changed, 16 insertions, 0 deletions

diff --git a/sys/linux/dev_kvm_amd64.txt b/sys/linux/dev_kvm_amd64.txt
index 29dab16e4..9d1b6fdfc 100644
--- a/sys/linux/dev_kvm_amd64.txt
+++ b/sys/linux/dev_kvm_amd64.txt
@@ -131,6 +131,21 @@ syzos_api_nested_intel_vmwrite_mask {
 	flip_mask	int64
 }
 
+# See AMD Secure Virtual Machine Architecture Reference Manual,
+# Appendix C: Layout of VMCB.
+vmcb_offset [
+	control_area	int64[0x0:0xc0]
+	save_area	int64[0x400:0x698]
+]
+
+syzos_api_nested_amd_vmcb_write_mask {
+	vm_id		syzos_api_vm_id
+	offset		vmcb_offset
+	set_mask	int64
+	unset_mask	int64
+	flip_mask	int64
+}
+
 # IDs here must match those in executor/common_kvm_amd64_syzos.h.
 syzos_api_call$x86 [
 	uexit				syzos_api$x86[0, intptr]
@@ -149,6 +164,7 @@ syzos_api_call$x86 [
 	nested_vmlaunch			syzos_api$x86[303, syzos_api_vm_id]
 	nested_vmresume			syzos_api$x86[304, syzos_api_vm_id]
 	nested_intel_vmwrite_mask	syzos_api$x86[340, syzos_api_nested_intel_vmwrite_mask]
+	nested_amd_vmcb_write_mask	syzos_api$x86[380, syzos_api_nested_amd_vmcb_write_mask]
 ] [varlen]
 
 kvm_text_x86 [