From e2c47158756b66f9f8b645e2762bc1b3b15e0dd8 Mon Sep 17 00:00:00 2001
From: Alexander Potapenko <glider@google.com>
Date: Mon, 29 Jul 2024 19:59:33 +0200
Subject: executor: arm64: add SYZOS_API_MSR

MSR is an ARM64 instruction that writes a value from a GP register to
one of the system CPU registers. Exposing those registers to a fuzzer will
let us trigger unexpected behavior in handling them on the kernel side.

The SYZOS_API_MSR call has two int64 arguments, register ID and value.
Register IDs are 64-bit values obtained from ARM64_SYS_REG() in the Linux asm/kvm.h
UAPI header. Same register IDs are used by ioctl$KVM_GET_ONE_REG and
ioctl$KVM_SET_ONE_REG.

Also add sys/linux/test/syz_kvm_setup_cpu_arm64-msr
---
 sys/linux/test/syz_kvm_setup_cpu_arm64-msr | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 sys/linux/test/syz_kvm_setup_cpu_arm64-msr

(limited to 'sys/linux/test')

diff --git a/sys/linux/test/syz_kvm_setup_cpu_arm64-msr b/sys/linux/test/syz_kvm_setup_cpu_arm64-msr
new file mode 100644
index 000000000..210223d8a
--- /dev/null
+++ b/sys/linux/test/syz_kvm_setup_cpu_arm64-msr
@@ -0,0 +1,12 @@
+#
+# requires: arch=arm64
+#
+r0 = openat$kvm(0, &AUTO='/dev/kvm\x00', 0x0, 0x0)
+r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0)
+r2 = ioctl$KVM_CREATE_VCPU(r1, AUTO, 0x0)
+#
+# 0x603000000013c600 is VBAR_EL1, it aligns the written value on 0x20.
+#
+syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &AUTO=[{0x0, &AUTO=[@msr={AUTO, AUTO, 0x603000000013c600, 0xfefefee0}], AUTO}], 0x1, 0x0, 0x0, 0x0)
+ioctl$KVM_RUN(r2, AUTO, 0x0)
+ioctl$KVM_GET_ONE_REG(r2, AUTO, &AUTO=@arm64_sys={0x603000000013c600, &AUTO})
-- 
cgit mrf-deployment