From ff949d2512c5ac33d0407d26d80f1df77b2de0e7 Mon Sep 17 00:00:00 2001
From: Alexander Potapenko <glider@google.com>
Date: Tue, 10 Dec 2024 13:41:10 +0100
Subject: sys/linux/test: add syz_kvm_assert_syzos_uexit to existing tests

---
 sys/linux/test/arm64-syz_kvm_setup_syzos_vm                | 6 ++++++
 sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite       | 7 ++++++-
 sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr            | 6 ++++++
 sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc            | 8 ++++++++
 sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3         | 9 +++++++++
 sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-cpu1    | 7 +++++++
 sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its     | 7 +++++++
 sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its-cmd | 7 +++++++
 sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-unroll  | 7 +++++++
 9 files changed, 63 insertions(+), 1 deletion(-)

(limited to 'sys/linux')

diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm
index c48ec4108..73eda6746 100644
--- a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm
+++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm
@@ -19,6 +19,12 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 # Run till the first uexit.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0x0)
 # Run till the second uexit.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xaaaa)
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
+ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite
index 7a88a6aca..ca1206828 100644
--- a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite
+++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite
@@ -10,6 +10,11 @@ r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@memwrite={AUTO, AUTO, @generic={0x
 
 r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
 r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
-# Run till uexit.
+# Run till the emulated uexit.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0x0)
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
+ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr
index 56e6cc639..e2a75790c 100644
--- a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr
+++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr
@@ -8,5 +8,11 @@ r2 = syz_kvm_setup_syzos_vm(r1, &(0x7f0000c00000/0x400000)=nil)
 # 0x603000000013c600 is VBAR_EL1, it aligns the written value on 0x20.
 #
 r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@msr={AUTO, AUTO, {0x603000000013c600, 0xfefefee0}}], AUTO}, 0x0, 0x0)
+r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
+
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
 ioctl$KVM_GET_ONE_REG(r3, AUTO, &AUTO=@arm64_sys={0x603000000013c600, &AUTO})
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc
index e0cd8f2dc..9a3261dbb 100644
--- a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc
+++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc
@@ -18,3 +18,11 @@ r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@smc={AUTO, AUTO, {0xef000000, [0x0
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+
+r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
+
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
+ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3
index ddbcb978f..64f6615e5 100644
--- a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3
+++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3
@@ -6,10 +6,19 @@ r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0)
 r2 = syz_kvm_setup_syzos_vm(r1, &(0x7f0000c00000/0x400000)=nil)
 r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@irq_setup={AUTO, AUTO, {0x1, 0x20}}], AUTO}, 0x0, 0x0)
 syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
+
+r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
 #
 # Calling KVM_RUN here again would result in infinite loop.
 # Instead, signal SPI 32 (0x1000020), so that the guest can execute another uexit in the IRQ handler.
 #
 ioctl$KVM_IRQ_LINE(r1, AUTO, &AUTO={0x1000020, 0x1})
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+# 0xfffffffffffffffe is UEXIT_IRQ.
+#
+syz_kvm_assert_syzos_uexit(r5, 0xfffffffffffffffe)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-cpu1 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-cpu1
index cb21f6121..68f41ff24 100644
--- a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-cpu1
+++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-cpu1
@@ -7,10 +7,17 @@ r2 = syz_kvm_setup_syzos_vm(r1, &(0x7f0000c00000/0x400000)=nil)
 r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@irq_setup={AUTO, AUTO, {0x1, 0x20}}], AUTO}, 0x0, 0x0)
 r4 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@irq_setup={AUTO, AUTO, {0x1, 0x20}}], AUTO}, 0x0, 0x0)
 syz_kvm_vgic_v3_setup(r1, 0x2, 0x100)
+
+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)
+r7 = mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r5, 0x3, 0x1, r4, 0x0)
+
 ioctl$KVM_RUN(r4, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r7, 0xffffffffffffffff)
 #
 # Calling KVM_RUN here again would result in infinite loop.
 # Instead, signal SPI 32 on CPU 1 (0x1010020), so that the guest can execute another uexit in the IRQ handler.
 #
 ioctl$KVM_IRQ_LINE(r1, AUTO, &AUTO={0x1010020, 0x1})
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its
index cd046c1fe..e07e646ca 100644
--- a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its
+++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its
@@ -21,7 +21,13 @@ ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x4, &AUTO=0x08
 #
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x4, 0x0, 0x0})
 
+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)
+
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xffffffffffffffff)
 #
 # Calling KVM_RUN here again would result in infinite loop.
 # Instead, signal LPI 0x2000 that is mapped to the event 0, so that the guest can execute another uexit in the IRQ handler.
@@ -30,3 +36,4 @@ ioctl$KVM_RUN(r3, AUTO, 0x0)
 #
 ioctl$KVM_SIGNAL_MSI(r1, AUTO, &AUTO={0x8090040, 0x0, 0x0, 0x1, 0x0, ""})
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its-cmd b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its-cmd
index 832703eb8..efa391879 100644
--- a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its-cmd
+++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its-cmd
@@ -23,10 +23,17 @@ ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x4, &AUTO=0x08
 #
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x4, 0x0, 0x0})
 #
+# Map struct kvm_run for the VCPU.
+#
+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)
+#
 # This KVM_RUN will stop after receiving the LPI.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)
 #
 # This KVM_RUN will stop after finishing the user program.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xffffffffffffffff)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-unroll b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-unroll
index d203ea921..880cc4b7d 100644
--- a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-unroll
+++ b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-unroll
@@ -13,11 +13,18 @@ ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x3, 0x0, &AUTO=0x10
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x2, &AUTO=0x08000000})
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x5, &AUTO=0x400000080a0000})
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x4, 0x0, 0x0})
+#
+# Map struct kvm_run for the VCPU.
+#
+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)
 
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xffffffffffffffff)
 #
 # Calling KVM_RUN here again would result in infinite loop.
 # Instead, signal SPI 32 (0x1000020), so that the guest can execute another uexit in the IRQ handler.
 #
 ioctl$KVM_IRQ_LINE(r1, AUTO, &AUTO={0x1000020, 0x1})
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)
-- 
cgit mrf-deployment