From e2c47158756b66f9f8b645e2762bc1b3b15e0dd8 Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Mon, 29 Jul 2024 19:59:33 +0200 Subject: executor: arm64: add SYZOS_API_MSR MSR is an ARM64 instruction that writes a value from a GP register to one of the system CPU registers. Exposing those registers to a fuzzer will let us trigger unexpected behavior in handling them on the kernel side. The SYZOS_API_MSR call has two int64 arguments, register ID and value. Register IDs are 64-bit values obtained from ARM64_SYS_REG() in the Linux asm/kvm.h UAPI header. Same register IDs are used by ioctl$KVM_GET_ONE_REG and ioctl$KVM_SET_ONE_REG. Also add sys/linux/test/syz_kvm_setup_cpu_arm64-msr --- sys/linux/dev_kvm.txt | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'sys/linux/dev_kvm.txt') diff --git a/sys/linux/dev_kvm.txt b/sys/linux/dev_kvm.txt index ace3a7330..16434a1d0 100644 --- a/sys/linux/dev_kvm.txt +++ b/sys/linux/dev_kvm.txt @@ -254,9 +254,17 @@ syzos_api_code { ret const[0xd65f03c0, int32] } [packed] +syzos_api_msr { + call const[2, int64] + size bytesize[parent, int64] + arg_reg flags[kvm_regs_arm64_sys, int64] + arg_value int64 +} + syzos_api_call [ uexit syzos_api_uexit code syzos_api_code + msr syzos_api_msr ] [varlen] kvm_text_ppc64 { -- cgit mrf-deployment