From 2fb4dcc9c10e100beedbbc223c2a9762bc45403e Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Tue, 23 Jul 2024 14:17:26 +0200 Subject: executor: arm64: sys/linux: introduce syzos API Allow guest payload to call syzos API functions. The available calls are enumerated by SYZOS_API_* constants, and have a form of: struct api_call { uint64 call; uint64 struct_size; /* arbitrary call-related data here */ }; Complex instruction sequences are too easy to break, so most of the time fuzzer won't be able to efficiently mutate them. We replace kvm_text_arm64 with a sequence of `struct api_call`, making it possible to intermix assembly instructions (SYZOS_API_CODE) with higher-level constructs. Right now the supported calls are: - SYZOS_API_UEXIT - abort from KVM_RUN (1 argument: exit code, uint64) - SYZOS_API_CODE - execute an ARM64 assembly blob (1 argument: inline array of int32's) --- executor/kvm.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'executor/kvm.h') diff --git a/executor/kvm.h b/executor/kvm.h index 49a493818..1afbcd40e 100644 --- a/executor/kvm.h +++ b/executor/kvm.h @@ -76,6 +76,10 @@ #define NEXT_INSN $0xbadc0de #define PREFIX_SIZE 0xba1d +// Write to this page to trigger a page fault and stop KVM_RUN. +#define ARM64_ADDR_EXIT 0xdddd0000 +// Dedicated address within the exit page for the uexit command. +#define ARM64_ADDR_UEXIT (ARM64_ADDR_EXIT + 256) #define ARM64_ADDR_USER_CODE 0xeeee0000 #define ARM64_ADDR_EXECUTOR_CODE 0xeeee8000 #define ARM64_ADDR_EL1_STACK_BOTTOM 0xffff1000 -- cgit mrf-deployment