From e2c47158756b66f9f8b645e2762bc1b3b15e0dd8 Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Mon, 29 Jul 2024 19:59:33 +0200 Subject: executor: arm64: add SYZOS_API_MSR MSR is an ARM64 instruction that writes a value from a GP register to one of the system CPU registers. Exposing those registers to a fuzzer will let us trigger unexpected behavior in handling them on the kernel side. The SYZOS_API_MSR call has two int64 arguments, register ID and value. Register IDs are 64-bit values obtained from ARM64_SYS_REG() in the Linux asm/kvm.h UAPI header. Same register IDs are used by ioctl$KVM_GET_ONE_REG and ioctl$KVM_SET_ONE_REG. Also add sys/linux/test/syz_kvm_setup_cpu_arm64-msr --- executor/common_kvm_arm64.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'executor/common_kvm_arm64.h') diff --git a/executor/common_kvm_arm64.h b/executor/common_kvm_arm64.h index e6bb2b665..a4fe7c57a 100644 --- a/executor/common_kvm_arm64.h +++ b/executor/common_kvm_arm64.h @@ -126,6 +126,9 @@ static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volat next = alloc_guest_mem(&allocator, page_size); vm_set_user_memory_region(vmfd, slot++, 0, ARM64_ADDR_EL1_STACK_BOTTOM, next.size, (uintptr_t)next.addr); + next = alloc_guest_mem(&allocator, page_size); + vm_set_user_memory_region(vmfd, slot++, 0, ARM64_ADDR_SCRATCH_CODE, next.size, (uintptr_t)next.addr); + // Map the remaining pages at address 0. next = alloc_guest_mem(&allocator, allocator.size); vm_set_user_memory_region(vmfd, slot++, 0, 0, next.size, (uintptr_t)next.addr); -- cgit mrf-deployment