diff options
| author | Alexander Potapenko <glider@google.com> | 2024-09-24 17:45:54 +0200 |
|---|---|---|
| committer | Alexander Potapenko <glider@google.com> | 2024-09-25 09:05:57 +0000 |
| commit | b78c4938cc764a9efbfcfcf058c0617f376eacae (patch) | |
| tree | f89287c52f5761218d29ea2678942a4ada9c6666 /sys/linux | |
| parent | 8e1f73a21d7d2105769794082be772e51abe2360 (diff) | |
sys/linux: add tests for syz_kvm_setup_syzos_vm()
Rewrite existing tests using syz_kvm_setup_cpu to use the new pseudo-syscall API
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/test/arm64-syz_kvm_setup_syzos_vm | 24 | ||||
| -rw-r--r-- | sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite | 15 | ||||
| -rw-r--r-- | sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr | 12 | ||||
| -rw-r--r-- | sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc | 20 | ||||
| -rw-r--r-- | sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3 | 15 |
5 files changed, 86 insertions, 0 deletions
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm new file mode 100644 index 000000000..4648c4595 --- /dev/null +++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm @@ -0,0 +1,24 @@ +# +# requires: arch=arm64 +# +r0 = openat$kvm(0, &AUTO='/dev/kvm\x00', 0x0, 0x0) +r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0) +r2 = syz_kvm_setup_syzos_vm(r1) +# Perform two uexits. The first one is done via a code blob: +# d2802000 mov x0, #0x100 // #256 +# f2bbbba0 movk x0, #0xdddd, lsl #16 +# f900001f str xzr, [x0] +# , which assumes registers x24-28 are zeroes. +# The second uexit is done via a syzos API command that sets uexit exit code to 0xaaaa. +# +r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@code={AUTO, AUTO, {"002080d2a0bbbbf21f0000f9", 0xd65f03c0}}, @uexit={AUTO, AUTO, 0xaaaa}], AUTO}, 0x0, 0x0) + +r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO) +r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0) + +# Run till the first uexit. +# +ioctl$KVM_RUN(r3, AUTO, 0x0) +# Run till the second uexit. +# +ioctl$KVM_RUN(r3, AUTO, 0x0) diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite new file mode 100644 index 000000000..0aaf2a6eb --- /dev/null +++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite @@ -0,0 +1,15 @@ +# +# requires: arch=arm64 +# +r0 = openat$kvm(0, &AUTO='/dev/kvm\x00', 0x0, 0x0) +r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0) +r2 = syz_kvm_setup_syzos_vm(r1) +# Emulate a uexit with the memwrite API command: write 0 at address ARM64_ADDR_UEXIT. +# +r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@memwrite={AUTO, AUTO, {0xdddd0000, 0x100, 0x0, 0x8}}], AUTO}, 0x0, 0x0) + +r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO) +r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0) +# Run till uexit. +# +ioctl$KVM_RUN(r3, AUTO, 0x0) diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr new file mode 100644 index 000000000..f242b47d5 --- /dev/null +++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr @@ -0,0 +1,12 @@ +# +# requires: arch=arm64 +# +r0 = openat$kvm(0, &AUTO='/dev/kvm\x00', 0x0, 0x0) +r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0) +r2 = syz_kvm_setup_syzos_vm(r1) +# +# 0x603000000013c600 is VBAR_EL1, it aligns the written value on 0x20. +# +r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@msr={AUTO, AUTO, {0x603000000013c600, 0xfefefee0}}], AUTO}, 0x0, 0x0) +ioctl$KVM_RUN(r3, AUTO, 0x0) +ioctl$KVM_GET_ONE_REG(r3, AUTO, &AUTO=@arm64_sys={0x603000000013c600, &AUTO}) diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc new file mode 100644 index 000000000..d165b2b92 --- /dev/null +++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc @@ -0,0 +1,20 @@ +# +# requires: arch=arm64 +# +r0 = openat$kvm(0, &AUTO='/dev/kvm\x00', 0x0, 0x0) +r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0) +r2 = syz_kvm_setup_syzos_vm(r1) +# +# KVM_SET_DEVICE_ATTR: group=KVM_ARM_VM_SMCCC_CTRL, attr=KVM_ARM_VM_SMCCC_FILTER +# Filter: base=0xef000000, nr_functions=0x1000, action=KVM_SMCCC_FILTER_FWD_TO_USER +# (Per SMC Calling Convention, 0xef000000-0xef001000 is an SMC64 fast call reserved range) +# +ioctl$KVM_SET_DEVICE_ATTR_vm(r1, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x0, &AUTO={0xef000000, 0x1000, 0x2, ""}}) + +r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@smc={AUTO, AUTO, {0xef000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @hvc={AUTO, AUTO, {0xef000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}], AUTO}, 0x0, 0x0) + +# +# Run two times, because SMC and HVC will exit. +# +ioctl$KVM_RUN(r3, AUTO, 0x0) +ioctl$KVM_RUN(r3, AUTO, 0x0) diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3 new file mode 100644 index 000000000..07bfa5f10 --- /dev/null +++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3 @@ -0,0 +1,15 @@ +# +# requires: arch=arm64 +# +r0 = openat$kvm(0, &AUTO='/dev/kvm\x00', 0x0, 0x0) +r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0) +r2 = syz_kvm_setup_syzos_vm(r1) +r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@irq_setup={AUTO, AUTO, {0x1, 0x20}}], AUTO}, 0x0, 0x0) +syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) +ioctl$KVM_RUN(r3, AUTO, 0x0) +# +# Calling KVM_RUN here again would result in infinite loop. +# Instead, signal SPI 32 (0x1000020), so that the guest can execute another uexit in the IRQ handler. +# +ioctl$KVM_IRQ_LINE(r1, AUTO, &AUTO={0x1000020, 0x1}) +ioctl$KVM_RUN(r3, AUTO, 0x0) |