From 91601ce4199e5c85a51aa48270101c7fa5bff51a Mon Sep 17 00:00:00 2001 From: Ethan Graham Date: Mon, 15 Sep 2025 13:07:51 +0000 Subject: prog/target: add fetching function for syz_kfuzztest_run ID All non-base variants of syz_kfuzztest_run (i.e., those that are discovered dynamically) are encoded so that they map onto the base variant which is defined in kfuzztest.txt, and known by the executor. We add a function for fetching this, that is wrapped in a sync.once block to avoid repeated iteration over the target's array of syscalls. Signed-off-by: Ethan Graham --- prog/target.go | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'prog') diff --git a/prog/target.go b/prog/target.go index 5d35f7803..300a86a32 100644 --- a/prog/target.go +++ b/prog/target.go @@ -146,6 +146,10 @@ func (target *Target) lazyInit() { target.initUselessHints() target.initRelatedFields() target.initArch(target) + // We ignore the return value here as they are cached, and it makes more + // sense to react to them when we attempt to execute a KFuzzTest call. + _, _ = target.KFuzzTestRunID() + // Give these 2 known addresses fixed positions and prepend target-specific ones at the end. target.SpecialPointers = append([]uint64{ 0x0000000000000000, // NULL pointer (keep this first because code uses special index=0 as NULL) @@ -531,3 +535,24 @@ func (pg *Builder) Finalize() (*Prog, error) { pg.p = nil return p, nil } + +var kFuzzTestIDCache struct { + sync.Once + id int + err error +} + +// KFuzzTestRunID returns the ID for the syz_kfuzztest_run pseudo-syscall, +// or an error if it is not found in the target. +func (t *Target) KFuzzTestRunID() (int, error) { + kFuzzTestIDCache.Do(func() { + for _, call := range t.Syscalls { + if call.Attrs.KFuzzTest { + kFuzzTestIDCache.id = call.ID + return + } + } + kFuzzTestIDCache.err = fmt.Errorf("could not find ID for syz_kfuzztest_run - does it exist?") + }) + return kFuzzTestIDCache.id, kFuzzTestIDCache.err +} -- cgit mrf-deployment