sys/linux/test: add syz_kvm_assert_syzos_uexit to existing tests

ramosian-glider · ramosian-glider · commit f0d8d00fdb99 · 2024-12-10T13:41:10.000+01:00
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm
@@ -19,6 +19,12 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 # Run till the first uexit.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0x0)
 # Run till the second uexit.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xaaaa)
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
+ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-memwrite
@@ -10,6 +10,11 @@ r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@memwrite={AUTO, AUTO, @generic={0x
 
 r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
 r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
-# Run till uexit.
+# Run till the emulated uexit.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0x0)
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
+ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr
@@ -8,5 +8,11 @@ r2 = syz_kvm_setup_syzos_vm(r1, &(0x7f0000c00000/0x400000)=nil)
 # 0x603000000013c600 is VBAR_EL1, it aligns the written value on 0x20.
 #
 r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@msr={AUTO, AUTO, {0x603000000013c600, 0xfefefee0}}], AUTO}, 0x0, 0x0)
+r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
+
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
 ioctl$KVM_GET_ONE_REG(r3, AUTO, &AUTO=@arm64_sys={0x603000000013c600, &AUTO})
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-smc
@@ -18,3 +18,11 @@ r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@smc={AUTO, AUTO, {0xef000000, [0x0
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+
+r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
+
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
+ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3
@@ -6,10 +6,19 @@ r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0)
 r2 = syz_kvm_setup_syzos_vm(r1, &(0x7f0000c00000/0x400000)=nil)
 r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@irq_setup={AUTO, AUTO, {0x1, 0x20}}], AUTO}, 0x0, 0x0)
 syz_kvm_vgic_v3_setup(r1, 0x1, 0x100)
+
+r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)
 #
 # Calling KVM_RUN here again would result in infinite loop.
 # Instead, signal SPI 32 (0x1000020), so that the guest can execute another uexit in the IRQ handler.
 #
 ioctl$KVM_IRQ_LINE(r1, AUTO, &AUTO={0x1000020, 0x1})
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+# 0xfffffffffffffffe is UEXIT_IRQ.
+#
+syz_kvm_assert_syzos_uexit(r5, 0xfffffffffffffffe)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-cpu1 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-cpu1
@@ -7,10 +7,17 @@ r2 = syz_kvm_setup_syzos_vm(r1, &(0x7f0000c00000/0x400000)=nil)
 r3 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@irq_setup={AUTO, AUTO, {0x1, 0x20}}], AUTO}, 0x0, 0x0)
 r4 = syz_kvm_add_vcpu(r2, &AUTO={0x0, &AUTO=[@irq_setup={AUTO, AUTO, {0x1, 0x20}}], AUTO}, 0x0, 0x0)
 syz_kvm_vgic_v3_setup(r1, 0x2, 0x100)
+
+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)
+r7 = mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r5, 0x3, 0x1, r4, 0x0)
+
 ioctl$KVM_RUN(r4, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r7, 0xffffffffffffffff)
 #
 # Calling KVM_RUN here again would result in infinite loop.
 # Instead, signal SPI 32 on CPU 1 (0x1010020), so that the guest can execute another uexit in the IRQ handler.
 #
 ioctl$KVM_IRQ_LINE(r1, AUTO, &AUTO={0x1010020, 0x1})
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its
@@ -21,7 +21,13 @@ ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x4, &AUTO=0x08
 #
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x4, 0x0, 0x0})
 
+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)
+
+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.
+#
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xffffffffffffffff)
 #
 # Calling KVM_RUN here again would result in infinite loop.
 # Instead, signal LPI 0x2000 that is mapped to the event 0, so that the guest can execute another uexit in the IRQ handler.
@@ -30,3 +36,4 @@ ioctl$KVM_RUN(r3, AUTO, 0x0)
 #
 ioctl$KVM_SIGNAL_MSI(r1, AUTO, &AUTO={0x8090040, 0x0, 0x0, 0x1, 0x0, ""})
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its-cmd b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-its-cmd
@@ -23,10 +23,17 @@ ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x4, &AUTO=0x08
 #
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x4, 0x0, 0x0})
 #
+# Map struct kvm_run for the VCPU.
+#
+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)
+#
 # This KVM_RUN will stop after receiving the LPI.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)
 #
 # This KVM_RUN will stop after finishing the user program.
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xffffffffffffffff)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-unroll b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-vgicv3-unroll
@@ -13,11 +13,18 @@ ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x3, 0x0, &AUTO=0x10
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x2, &AUTO=0x08000000})
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x5, &AUTO=0x400000080a0000})
 ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x4, 0x0, 0x0})
+#
+# Map struct kvm_run for the VCPU.
+#
+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)
+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)
 
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xffffffffffffffff)
 #
 # Calling KVM_RUN here again would result in infinite loop.
 # Instead, signal SPI 32 (0x1000020), so that the guest can execute another uexit in the IRQ handler.
 #
 ioctl$KVM_IRQ_LINE(r1, AUTO, &AUTO={0x1000020, 0x1})
 ioctl$KVM_RUN(r3, AUTO, 0x0)
+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,12 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)`
`19`	`19`	`# Run till the first uexit.`
`20`	`20`	`#`
`21`	`21`	`ioctl$KVM_RUN(r3, AUTO, 0x0)`
	`22`	`+syz_kvm_assert_syzos_uexit(r5, 0x0)`
`22`	`23`	`# Run till the second uexit.`
`23`	`24`	`#`
`24`	`25`	`ioctl$KVM_RUN(r3, AUTO, 0x0)`
	`26`	`+syz_kvm_assert_syzos_uexit(r5, 0xaaaa)`
	`27`	`+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.`
	`28`	`+#`
	`29`	`+ioctl$KVM_RUN(r3, AUTO, 0x0)`
	`30`	`+syz_kvm_assert_syzos_uexit(r5, 0xffffffffffffffff)`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,13 @@ ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x4, &AUTO=0x08`
`21`	`21`	`#`
`22`	`22`	`ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x4, 0x0, 0x0})`
`23`	`23`
	`24`	`+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)`
	`25`	`+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)`
	`26`	`+`
	`27`	`+# Run till the end of guest_main(). 0xffffffffffffffff is UEXIT_END.`
	`28`	`+#`
`24`	`29`	`ioctl$KVM_RUN(r3, AUTO, 0x0)`
	`30`	`+syz_kvm_assert_syzos_uexit(r6, 0xffffffffffffffff)`
`25`	`31`	`#`
`26`	`32`	`# Calling KVM_RUN here again would result in infinite loop.`
`27`	`33`	`# Instead, signal LPI 0x2000 that is mapped to the event 0, so that the guest can execute another uexit in the IRQ handler.`
`@@ -30,3 +36,4 @@ ioctl$KVM_RUN(r3, AUTO, 0x0)`
`30`	`36`	`#`
`31`	`37`	`ioctl$KVM_SIGNAL_MSI(r1, AUTO, &AUTO={0x8090040, 0x0, 0x0, 0x1, 0x0, ""})`
`32`	`38`	`ioctl$KVM_RUN(r3, AUTO, 0x0)`
	`39`	`+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)`
Original file line number	Diff line number	Diff line change
`@@ -23,10 +23,17 @@ ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x0, 0x4, &AUTO=0x08`
`23`	`23`	`#`
`24`	`24`	`ioctl$KVM_SET_DEVICE_ATTR(r4, AUTO, &AUTO=@attr_arm64={0x0, 0x4, 0x0, 0x0})`
`25`	`25`	`#`
	`26`	`+# Map struct kvm_run for the VCPU.`
	`27`	`+#`
	`28`	`+r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, AUTO)`
	`29`	`+r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x1, r3, 0x0)`
	`30`	`+#`
`26`	`31`	`# This KVM_RUN will stop after receiving the LPI.`
`27`	`32`	`#`
`28`	`33`	`ioctl$KVM_RUN(r3, AUTO, 0x0)`
	`34`	`+syz_kvm_assert_syzos_uexit(r6, 0xfffffffffffffffe)`
`29`	`35`	`#`
`30`	`36`	`# This KVM_RUN will stop after finishing the user program.`
`31`	`37`	`#`
`32`	`38`	`ioctl$KVM_RUN(r3, AUTO, 0x0)`
	`39`	`+syz_kvm_assert_syzos_uexit(r6, 0xffffffffffffffff)`