From 4b1eded1f91812d576538f106b57352d25a6b484 Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Tue, 24 Sep 2024 15:23:14 +0200 Subject: executor: arm64: sys/linux: implement syz_kvm_setup_syzos_vm and syz_kvm_add_vcpu The old syz_kvm_setup_cpu() API mixed together VM and VCPU setup, making it harder to create and fuzz two VCPUs in the same VM. Introduce two new pseudo-syscalls, syz_kvm_setup_syzos_vm() and syz_kvm_add_vcpu(), that will simplify this task. syz_kvm_setup_syzos_vm() takes a VM file descriptor, performs VM setup (allocates guest memory and installs SYZOS code into it) and returns a new kvm_syz_vm resource, which is in fact a pointer to `struct kvm_syz_vm` encapsulating VM-specific data in the C code. syz_kvm_add_vcpu() takes the VM ID denoted by kvm_syz_vm and creates a new VCPU within that VM with a proper CPU number. It then stores the fuzzer-supplied SYZOS API sequence into the corresponding part (indexed by CPU number) of the VM memory slot, and sets up the CPU registers to interpret that sequence. The new pseudo-syscall let the fuzzer create independent CPUs that run different code sequences without interfering with each other. --- sys/linux/dev_kvm.txt | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sys') diff --git a/sys/linux/dev_kvm.txt b/sys/linux/dev_kvm.txt index a369be758..bbf7a673b 100644 --- a/sys/linux/dev_kvm.txt +++ b/sys/linux/dev_kvm.txt @@ -266,6 +266,9 @@ syz_kvm_setup_cpu$ppc64(fd fd_kvmvm, cpufd fd_kvmcpu, usermem vma[24], text ptr[ kvm_num_irqs = 32, 64, 128, 256, 512 # This pseudo-syscall is ARM64-specific. syz_kvm_vgic_v3_setup(fd fd_kvmvm, ncpus intptr[0:4], nirqs flags[kvm_num_irqs]) +resource kvm_syz_vm[int64] +syz_kvm_setup_syzos_vm(fd fd_kvmvm) kvm_syz_vm +syz_kvm_add_vcpu(vm kvm_syz_vm, text ptr[in, kvm_text_arm64], opts ptr[in, array[kvm_setup_opt_arm64, 1]], nopt len[opts]) fd_kvmcpu resource kvm_run_ptr[int64] define KVM_RUN_SIZE sizeof(struct kvm_run) -- cgit mrf-deployment