From ad14f7dd69da328645e91364dc941d6ebbbac969 Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Tue, 9 Sep 2025 12:27:32 +0200 Subject: sys/linux: apply no_squash to syz_kvm_add_vcpu Not passing flattened arguments to syz_kvm_add_vcpu() serves two purposes: - makes it easier to reason about the SYZOS program contents; - prevents nonsensial mutations of them. --- sys/linux/dev_kvm_amd64.txt | 3 ++- sys/linux/dev_kvm_arm64.txt | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'sys') diff --git a/sys/linux/dev_kvm_amd64.txt b/sys/linux/dev_kvm_amd64.txt index 14c27edd1..6f052c375 100644 --- a/sys/linux/dev_kvm_amd64.txt +++ b/sys/linux/dev_kvm_amd64.txt @@ -19,7 +19,8 @@ resource sev_handle[int32] syz_kvm_setup_syzos_vm$x86(fd fd_kvmvm, usermem vma[1024]) kvm_syz_vm$x86 # Create a VCPU inside a kvm_syz_vm VM. -syz_kvm_add_vcpu$x86(vm kvm_syz_vm$x86, text ptr[in, kvm_text$x86]) fd_kvmcpu +# Prohibit flattening the input arguments, so that it is easier to reason about them. +syz_kvm_add_vcpu$x86(vm kvm_syz_vm$x86, text ptr[in, kvm_text$x86]) fd_kvmcpu (no_squash) # Test assertions, will not be used by the fuzzer. syz_kvm_assert_syzos_uexit$x86(run kvm_run_ptr, exitcode intptr) (no_generate) diff --git a/sys/linux/dev_kvm_arm64.txt b/sys/linux/dev_kvm_arm64.txt index 9a6d8dffd..71c27dba1 100644 --- a/sys/linux/dev_kvm_arm64.txt +++ b/sys/linux/dev_kvm_arm64.txt @@ -18,7 +18,8 @@ resource kvm_syz_vm$arm64[int64] syz_kvm_setup_syzos_vm$arm64(fd fd_kvmvm, usermem vma[1024]) kvm_syz_vm$arm64 # Create a VCPU inside a kvm_syz_vm VM. -syz_kvm_add_vcpu$arm64(vm kvm_syz_vm$arm64, text ptr[in, kvm_text_arm64], opts ptr[in, array[kvm_setup_opt_arm64, 1]], nopt len[opts]) fd_kvmcpu +# Prohibit flattening the input arguments, so that it is easier to reason about them. +syz_kvm_add_vcpu$arm64(vm kvm_syz_vm$arm64, text ptr[in, kvm_text_arm64], opts ptr[in, array[kvm_setup_opt_arm64, 1]], nopt len[opts]) fd_kvmcpu (no_squash) kvm_num_irqs = 32, 64, 128, 256, 512 -- cgit mrf-deployment