diff options
Diffstat (limited to 'executor')
| -rw-r--r-- | executor/common_kvm_arm64.h | 11 | ||||
| -rw-r--r-- | executor/kvm.h | 4 |
2 files changed, 12 insertions, 3 deletions
diff --git a/executor/common_kvm_arm64.h b/executor/common_kvm_arm64.h index 94f0ac9cb..4aac95e20 100644 --- a/executor/common_kvm_arm64.h +++ b/executor/common_kvm_arm64.h @@ -106,11 +106,15 @@ static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volat } } - // Guest physical memory layout: + // Guest physical memory layout (must be in sync with executor/kvm.h): // 0x00000000 - unused pages + // 0x08000000 - GICv3 distributor region (MMIO, no memory allocated) + // 0x080a0000 - GICv3 redistributor region (MMIO, no memory allocated) // 0xdddd0000 - unmapped region to trigger a page faults for uexits etc. (1 page) + // 0xdddd1000 - writable region with KVM_MEM_LOG_DIRTY_PAGES to fuzz dirty ring (2 pages) // 0xeeee0000 - user code (1 page) // 0xeeee8000 - executor guest code (4 pages) + // 0xeeef0000 - scratch memory for code generated at runtime (1 page) // 0xffff1000 - EL1 stack (1 page) struct addr_size allocator = {.addr = host_mem, .size = guest_mem_size}; int slot = 0; // Slot numbers do not matter, they just have to be different. @@ -119,7 +123,10 @@ static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volat memcpy(host_text.addr, &__start_guest, (char*)&__stop_guest - (char*)&__start_guest); vm_set_user_memory_region(vmfd, slot++, KVM_MEM_READONLY, ARM64_ADDR_EXECUTOR_CODE, host_text.size, (uintptr_t)host_text.addr); - struct addr_size next = alloc_guest_mem(&allocator, page_size); + struct addr_size next = alloc_guest_mem(&allocator, 2 * page_size); + vm_set_user_memory_region(vmfd, slot++, KVM_MEM_LOG_DIRTY_PAGES, ARM64_ADDR_DIRTY_PAGES, next.size, (uintptr_t)next.addr); + + next = alloc_guest_mem(&allocator, page_size); if (text_size > next.size) text_size = next.size; memcpy(next.addr, text, text_size); diff --git a/executor/kvm.h b/executor/kvm.h index 32fda309d..47348e3d4 100644 --- a/executor/kvm.h +++ b/executor/kvm.h @@ -78,11 +78,13 @@ // GICv3 distributor/redistributor addresses. #define ARM64_ADDR_GICD_BASE 0x08000000 -#define ARM64_ADDR_GICR_BASE 0x080A0000 +#define ARM64_ADDR_GICR_BASE 0x080a0000 // Write to this page to trigger a page fault and stop KVM_RUN. #define ARM64_ADDR_EXIT 0xdddd0000 // Dedicated address within the exit page for the uexit command. #define ARM64_ADDR_UEXIT (ARM64_ADDR_EXIT + 256) +// Two writable pages with KVM_MEM_LOG_DIRTY_PAGES explicitly set. +#define ARM64_ADDR_DIRTY_PAGES 0xdddd1000 #define ARM64_ADDR_USER_CODE 0xeeee0000 #define ARM64_ADDR_EXECUTOR_CODE 0xeeee8000 #define ARM64_ADDR_SCRATCH_CODE 0xeeef0000 |