diff options
Diffstat (limited to 'executor')
| -rw-r--r-- | executor/common_kvm_amd64.h | 20 | ||||
| -rw-r--r-- | executor/common_kvm_amd64_syzos.h | 4 | ||||
| -rw-r--r-- | executor/kvm.h | 22 |
3 files changed, 25 insertions, 21 deletions
diff --git a/executor/common_kvm_amd64.h b/executor/common_kvm_amd64.h index 1344e635f..718d63243 100644 --- a/executor/common_kvm_amd64.h +++ b/executor/common_kvm_amd64.h @@ -890,8 +890,8 @@ static void reset_cpu_regs(int cpufd, int cpu_id, size_t text_size) regs.rflags |= 2; // bit 1 is always set // PC points to the relative offset of guest_main() within the guest code. - regs.rip = X86_ADDR_EXECUTOR_CODE + ((uint64)guest_main - (uint64)&__start_guest); - regs.rsp = X86_ADDR_STACK0; + regs.rip = X86_SYZOS_ADDR_EXECUTOR_CODE + ((uint64)guest_main - (uint64)&__start_guest); + regs.rsp = X86_SYZOS_ADDR_STACK0; // Pass parameters to guest_main(). regs.rdi = text_size; regs.rsi = cpu_id; @@ -973,29 +973,29 @@ static void setup_vm(int vmfd, void* host_mem, void** text_slot) vm_set_user_memory_region(vmfd, slot++, 0, 0, next.size, (uintptr_t)next.addr); next = alloc_guest_mem(&allocator, 10 * KVM_PAGE_SIZE); - vm_set_user_memory_region(vmfd, slot++, 0, X86_ADDR_SMRAM, next.size, (uintptr_t)next.addr); + vm_set_user_memory_region(vmfd, slot++, 0, X86_SYZOS_ADDR_SMRAM, next.size, (uintptr_t)next.addr); next = alloc_guest_mem(&allocator, 2 * KVM_PAGE_SIZE); - vm_set_user_memory_region(vmfd, slot++, KVM_MEM_LOG_DIRTY_PAGES, X86_ADDR_DIRTY_PAGES, next.size, (uintptr_t)next.addr); + vm_set_user_memory_region(vmfd, slot++, KVM_MEM_LOG_DIRTY_PAGES, X86_SYZOS_ADDR_DIRTY_PAGES, next.size, (uintptr_t)next.addr); next = alloc_guest_mem(&allocator, KVM_MAX_VCPU * KVM_PAGE_SIZE); - vm_set_user_memory_region(vmfd, slot++, KVM_MEM_READONLY, X86_ADDR_USER_CODE, next.size, (uintptr_t)next.addr); + vm_set_user_memory_region(vmfd, slot++, KVM_MEM_READONLY, X86_SYZOS_ADDR_USER_CODE, next.size, (uintptr_t)next.addr); if (text_slot) *text_slot = next.addr; struct addr_size host_text = alloc_guest_mem(&allocator, 4 * KVM_PAGE_SIZE); install_syzos_code(host_text.addr, host_text.size); - vm_set_user_memory_region(vmfd, slot++, KVM_MEM_READONLY, X86_ADDR_EXECUTOR_CODE, host_text.size, (uintptr_t)host_text.addr); + vm_set_user_memory_region(vmfd, slot++, KVM_MEM_READONLY, X86_SYZOS_ADDR_EXECUTOR_CODE, host_text.size, (uintptr_t)host_text.addr); next = alloc_guest_mem(&allocator, KVM_PAGE_SIZE); - vm_set_user_memory_region(vmfd, slot++, 0, X86_ADDR_SCRATCH_CODE, next.size, (uintptr_t)next.addr); + vm_set_user_memory_region(vmfd, slot++, 0, X86_SYZOS_ADDR_SCRATCH_CODE, next.size, (uintptr_t)next.addr); next = alloc_guest_mem(&allocator, KVM_PAGE_SIZE); - vm_set_user_memory_region(vmfd, slot++, 0, X86_ADDR_IOAPIC, next.size, (uintptr_t)next.addr); + vm_set_user_memory_region(vmfd, slot++, 0, X86_SYZOS_ADDR_IOAPIC, next.size, (uintptr_t)next.addr); // Map the remaining pages at an unused address. next = alloc_guest_mem(&allocator, allocator.size); - vm_set_user_memory_region(vmfd, slot++, 0, X86_ADDR_UNUSED, next.size, (uintptr_t)next.addr); + vm_set_user_memory_region(vmfd, slot++, 0, X86_SYZOS_ADDR_UNUSED, next.size, (uintptr_t)next.addr); } #endif @@ -1059,7 +1059,7 @@ static long syz_kvm_assert_syzos_uexit(volatile long a0, volatile long a1) struct kvm_run* run = (struct kvm_run*)a0; uint64 expect = a1; - if (!run || (run->exit_reason != KVM_EXIT_MMIO) || (run->mmio.phys_addr != X86_ADDR_UEXIT)) { + if (!run || (run->exit_reason != KVM_EXIT_MMIO) || (run->mmio.phys_addr != X86_SYZOS_ADDR_UEXIT)) { errno = EINVAL; return -1; } diff --git a/executor/common_kvm_amd64_syzos.h b/executor/common_kvm_amd64_syzos.h index b9c3e8315..a8e825ab9 100644 --- a/executor/common_kvm_amd64_syzos.h +++ b/executor/common_kvm_amd64_syzos.h @@ -83,7 +83,7 @@ __attribute__((used)) GUEST_CODE static void guest_main(uint64 size, uint64 cpu) { - uint64 addr = X86_ADDR_USER_CODE + cpu * KVM_PAGE_SIZE; + uint64 addr = X86_SYZOS_ADDR_USER_CODE + cpu * KVM_PAGE_SIZE; while (size >= sizeof(struct api_call_header)) { struct api_call_header* cmd = (struct api_call_header*)addr; @@ -151,7 +151,7 @@ GUEST_CODE static noinline void guest_execute_code(uint8* insns, uint64 size) // and can handle the call depending on the data passed as exit code. GUEST_CODE static noinline void guest_uexit(uint64 exit_code) { - volatile uint64* ptr = (volatile uint64*)X86_ADDR_UEXIT; + volatile uint64* ptr = (volatile uint64*)X86_SYZOS_ADDR_UEXIT; *ptr = exit_code; } diff --git a/executor/kvm.h b/executor/kvm.h index 056f8ae65..79dddc486 100644 --- a/executor/kvm.h +++ b/executor/kvm.h @@ -32,17 +32,21 @@ #define X86_ADDR_VAR_VMEXIT_CODE 0x9000 #define X86_ADDR_VAR_USER_CODE 0x9100 #define X86_ADDR_VAR_USER_CODE2 0x9120 -#define X86_ADDR_SMRAM 0x30000 + +// x86 SYZOS definitions. +#define X86_SYZOS_ADDR_SMRAM 0x30000 // Write to this page to trigger a page fault and stop KVM_RUN. -#define X86_ADDR_EXIT 0x40000 +#define X86_SYZOS_ADDR_EXIT 0x40000 // Dedicated address within the exit page for the uexit command. -#define X86_ADDR_UEXIT (X86_ADDR_EXIT + 256) -#define X86_ADDR_DIRTY_PAGES 0x41000 -#define X86_ADDR_USER_CODE 0x50000 -#define X86_ADDR_EXECUTOR_CODE 0x54000 -#define X86_ADDR_SCRATCH_CODE 0x58000 -#define X86_ADDR_UNUSED 0x200000 -#define X86_ADDR_IOAPIC 0xfec00000 +#define X86_SYZOS_ADDR_UEXIT (X86_SYZOS_ADDR_EXIT + 256) +#define X86_SYZOS_ADDR_DIRTY_PAGES 0x41000 +#define X86_SYZOS_ADDR_USER_CODE 0x50000 +#define X86_SYZOS_ADDR_EXECUTOR_CODE 0x54000 +#define X86_SYZOS_ADDR_SCRATCH_CODE 0x58000 +#define X86_SYZOS_ADDR_STACK_BOTTOM 0x0 +#define X86_SYZOS_ADDR_STACK0 0xf80 +#define X86_SYZOS_ADDR_UNUSED 0x200000 +#define X86_SYZOS_ADDR_IOAPIC 0xfec00000 #define X86_CR0_PE 1ULL #define X86_CR0_MP (1ULL << 1) |