executor: arm64: sys/linux: introduce syzos API

Allow guest payload to call syzos API functions. The available calls
are enumerated by SYZOS_API_* constants, and have a form of:

  struct api_call {
         uint64 call;
         uint64 struct_size;
         /* arbitrary call-related data here */
  };

Complex instruction sequences are too easy to break, so most of the time
fuzzer won't be able to efficiently mutate them.
We replace kvm_text_arm64 with a sequence of `struct api_call`, making it
possible to intermix assembly instructions (SYZOS_API_CODE) with
higher-level constructs.

Right now the supported calls are:
 - SYZOS_API_UEXIT - abort from KVM_RUN (1 argument: exit code, uint64)
 - SYZOS_API_CODE - execute an ARM64 assembly blob
                    (1 argument: inline array of int32's)

1 files changed, 22 insertions, 2 deletions

diff --git a/sys/linux/dev_kvm.txt b/sys/linux/dev_kvm.txt
index bcc4edec8..98554e303 100644
--- a/sys/linux/dev_kvm.txt
+++ b/sys/linux/dev_kvm.txt
@@ -232,12 +232,32 @@ kvm_text_x86_64 {
 	size	len[text, intptr]
 }
 
+# Unlike on other architectures, ARM64 text is a sequence of commands, each starting with
+# the call number and the command length.
 kvm_text_arm64 {
 	typ	const[0, intptr]
-	text	ptr[in, text[arm64]]
-	size	len[text, intptr]
+	text	ptr[in, array[syzos_api_call, 1:32]]
+	size	bytesize[text, int64]
+}
+
+syzos_api_uexit {
+	call		const[0, int64]
+	size		bytesize[parent, int64]
+	exit_code	intptr
 }
 
+syzos_api_code {
+	call	const[1, int64]
+	size	bytesize[parent, int64]
+	insns	text[arm64]
+	ret	const[0xd65f03c0, int32]
+} [packed]
+
+syzos_api_call [
+	uexit	syzos_api_uexit
+	code	syzos_api_code
+] [varlen]
+
 kvm_text_ppc64 {
 	typ	const[0, intptr]
 	text	ptr[in, text[ppc64]]