From cac54be7ff77e2e220d7b477c82984b26157e09b Mon Sep 17 00:00:00 2001
From: Alexey Kardashevskiy <aik@linux.ibm.com>
Date: Mon, 13 Sep 2021 16:09:14 +1000
Subject: executor/common_kvm_ppc64: fuzz more hypercalls

At the moment syzkaller only fuzzes the platform architecture defined
hypercalls. However there are custom defined hypercalls which KVM handles,
they make 2 groups - an extension of hypercalls and so-called ultracalls
which are handled by the secure VM firmware but in absense of the secure
VM facility, KVM gets to handle those as errors.

This enables the two extra groups of hypercalls in KVM. If not enabled,
KVM exits to let the userspace handle them (which syzkaller does not do).

Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
---
 pkg/ifuzz/powerpc/pseudo.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'pkg/ifuzz')

diff --git a/pkg/ifuzz/powerpc/pseudo.go b/pkg/ifuzz/powerpc/pseudo.go
index c2a1b568f..4790cea9f 100644
--- a/pkg/ifuzz/powerpc/pseudo.go
+++ b/pkg/ifuzz/powerpc/pseudo.go
@@ -81,7 +81,18 @@ func (gen *generator) sc(lev uint) {
 	imap := gen.imap
 
 	n := gen.r.Intn(9)
-	gen.byte(imap.ld64(3, uint64(gen.r.Intn(4+(MaxHcall-4)/4))))
+	hcrange := gen.r.Intn(3)
+	offset := 4
+	maxhc := MaxHcall
+	if hcrange == 1 {
+		offset = 0xf000
+		maxhc = 0xf810
+	} else if hcrange == 2 {
+		offset = 0xef00
+		maxhc = 0xef20
+	}
+	hc := gen.r.Intn((maxhc-offset)/4)*4 + offset
+	gen.byte(imap.ld64(3, uint64(hc)))
 	for i := 4; i < n+4; i++ {
 		gen.byte(imap.ld64(uint(i), gen.r.Uint64()))
 	}
-- 
cgit mrf-deployment