From 5ac84ab421465f8f15ac9350f9f33a4416b4b3b7 Mon Sep 17 00:00:00 2001
From: Alexander Potapenko <glider@google.com>
Date: Tue, 9 Sep 2025 12:09:02 +0200
Subject: prog: pkg/compiler: docs: introduce the `no_squash` attribute

The `no_squash` per-syscall attribute prevents the fuzzer from generating
squashed arguments to a particular syscall.

This is particularly helpful for pseudo-syscalls with elaborate
arguments that are hard to reason about when they are squashed - e.g.
for syz_kvm_add_vcpu() that takes a SYZOS program as an input.

I've considered an alternative solution that prohibits ANY for all
pseudo-syscalls. But there is a bunch of existing programs (both
the tests and the repros) for syscalls like syz_mount_image() for which
the benefit of not passing ANY is not immediately obvious.

I therefore decided to go with an explicit attribute that can later
be enforced for every pseudo-syscall at compile time.
---
 prog/mutation.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'prog/mutation.go')

diff --git a/prog/mutation.go b/prog/mutation.go
index eb9e8285d..4d05e0a7d 100644
--- a/prog/mutation.go
+++ b/prog/mutation.go
@@ -145,6 +145,9 @@ func (ctx *mutator) squashAny() bool {
 	if ctx.noMutate[ptr.call.Meta.ID] {
 		return false
 	}
+	if ptr.call.Meta.Attrs.NoSquash {
+		return false
+	}
 	if !p.Target.isAnyPtr(ptr.arg.Type()) {
 		p.Target.squashPtr(ptr.arg)
 	}
-- 
cgit mrf-deployment