From 4b1eded1f91812d576538f106b57352d25a6b484 Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Tue, 24 Sep 2024 15:23:14 +0200 Subject: executor: arm64: sys/linux: implement syz_kvm_setup_syzos_vm and syz_kvm_add_vcpu The old syz_kvm_setup_cpu() API mixed together VM and VCPU setup, making it harder to create and fuzz two VCPUs in the same VM. Introduce two new pseudo-syscalls, syz_kvm_setup_syzos_vm() and syz_kvm_add_vcpu(), that will simplify this task. syz_kvm_setup_syzos_vm() takes a VM file descriptor, performs VM setup (allocates guest memory and installs SYZOS code into it) and returns a new kvm_syz_vm resource, which is in fact a pointer to `struct kvm_syz_vm` encapsulating VM-specific data in the C code. syz_kvm_add_vcpu() takes the VM ID denoted by kvm_syz_vm and creates a new VCPU within that VM with a proper CPU number. It then stores the fuzzer-supplied SYZOS API sequence into the corresponding part (indexed by CPU number) of the VM memory slot, and sets up the CPU registers to interpret that sequence. The new pseudo-syscall let the fuzzer create independent CPUs that run different code sequences without interfering with each other. --- executor/common_linux.h | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'executor/common_linux.h') diff --git a/executor/common_linux.h b/executor/common_linux.h index 30d29cb05..c93727058 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -3186,7 +3186,7 @@ error_clear_loop: } #endif -#if SYZ_EXECUTOR || __NR_syz_kvm_setup_cpu || __NR_syz_kvm_vgic_v3_setup +#if SYZ_EXECUTOR || __NR_syz_kvm_setup_cpu || __NR_syz_kvm_vgic_v3_setup || __NR_syz_kvm_setup_syzos_vm || __NR_syz_kvm_add_vcpu // KVM is not yet supported on RISC-V #if !GOARCH_riscv64 && !GOARCH_arm #include @@ -3215,6 +3215,18 @@ static long syz_kvm_vgic_v3_setup(volatile long a0, volatile long a1, volatile l return 0; } #endif +#if !GOARCH_arm64 && (SYZ_EXECUTOR || __NR_syz_kvm_add_vcpu) +static long syz_kvm_add_vcpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3) +{ + return 0; +} +#endif +#if !GOARCH_arm64 && (SYZ_EXECUTOR || __NR_syz_kvm_setup_syzos_vm) +static long syz_kvm_setup_syzos_vm(volatile long a0) +{ + return 0; +} +#endif #endif #endif -- cgit mrf-deployment