prog: use separate allocation size for KFuzzTest arguments

Ethan Graham · Ethan Graham · commit 81f2154661cb · 2025-09-18T14:22:09.000Z
diff --git a/prog/kfuzztest.go b/prog/kfuzztest.go
@@ -22,6 +22,9 @@ const (
 	// x86_64, so we hardcode it for now. A more robust solution would involve
 	// reading this from the debugfs entry at boot before fuzzing begins.
 	kFuzzTestMinalign uint64 = 8
+
+	// Maximum input size accepted by the KFuzzTest kernel module.
+	KFuzzTestMaxInputSize uint64 = 64 << 10
 )
 
 func kFuzzTestWritePrefix(buf *bytes.Buffer) {
diff --git a/prog/rand.go b/prog/rand.go
@@ -368,6 +368,10 @@ func (r *randGen) randString(s *state, t *BufferType) []byte {
 }
 
 func (r *randGen) allocAddr(s *state, typ Type, dir Dir, size uint64, data Arg) *PointerArg {
+	_, isStruct := data.(*GroupArg)
+	if r.genKFuzzTest && isStruct {
+		size = KFuzzTestMaxInputSize
+	}
 	return MakePointerArg(typ, dir, s.ma.alloc(r, size, data.Type().Alignment()), data)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,9 @@ const (`
`22`	`22`	`// x86_64, so we hardcode it for now. A more robust solution would involve`
`23`	`23`	`// reading this from the debugfs entry at boot before fuzzing begins.`
`24`	`24`	`kFuzzTestMinalign uint64 = 8`
	`25`	`+`
	`26`	`+ // Maximum input size accepted by the KFuzzTest kernel module.`
	`27`	`+ KFuzzTestMaxInputSize uint64 = 64 << 10`
`25`	`28`	`)`
`26`	`29`
`27`	`30`	`func kFuzzTestWritePrefix(buf *bytes.Buffer) {`
Original file line number	Diff line number	Diff line change
`@@ -368,6 +368,10 @@ func (r randGen) randString(s state, t *BufferType) []byte {`
`368`	`368`	`}`
`369`	`369`
`370`	`370`	`func (r randGen) allocAddr(s state, typ Type, dir Dir, size uint64, data Arg) *PointerArg {`
	`371`	`+ _, isStruct := data.(*GroupArg)`
	`372`	`+ if r.genKFuzzTest && isStruct {`
	`373`	`+ size = KFuzzTestMaxInputSize`
	`374`	`+ }`
`371`	`375`	`return MakePointerArg(typ, dir, s.ma.alloc(r, size, data.Type().Alignment()), data)`
`372`	`376`	`}`
`373`	`377`