[google/syzkaller] 3611c0: executor/common_kvm_ppc64: enable nested KVM
19 views
Skip to first unread message
Alexey Kardashevskiy
Sep 16, 2021, 3:38:03 PM9/16/21
to syzk...@googlegroups.com
Branch: refs/heads/master
Home: https://github.com/google/syzkaller
Commit: 3611c0a0c1166f09038ed05f21dbbec8f2e29834
https://github.com/google/syzkaller/commit/3611c0a0c1166f09038ed05f21dbbec8f2e29834
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M executor/common_kvm_ppc64.h
M pkg/csource/generated.go
Log Message:
-----------
executor/common_kvm_ppc64: enable nested KVM
This is necessary to make KVM actually execute the instructions.
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Commit: cac54be7ff77e2e220d7b477c82984b26157e09b
https://github.com/google/syzkaller/commit/cac54be7ff77e2e220d7b477c82984b26157e09b
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M executor/common_kvm_ppc64.h
M pkg/csource/generated.go
M pkg/ifuzz/powerpc/pseudo.go
Log Message:
-----------
executor/common_kvm_ppc64: fuzz more hypercalls
At the moment syzkaller only fuzzes the platform architecture defined
hypercalls. However there are custom defined hypercalls which KVM handles,
they make 2 groups - an extension of hypercalls and so-called ultracalls
which are handled by the secure VM firmware but in absense of the secure
VM facility, KVM gets to handle those as errors.
This enables the two extra groups of hypercalls in KVM. If not enabled,
KVM exits to let the userspace handle them (which syzkaller does not do).
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Commit: ca8716cc3a7a2ca6b077951ee3c0629a18f7bc28
https://github.com/google/syzkaller/commit/ca8716cc3a7a2ca6b077951ee3c0629a18f7bc28
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M pkg/ifuzz/powerpc/pseudo.go
Log Message:
-----------
pkg/ifuzz/powerpc: fuzz the machine state register (MSR)
MSR is an SPR (Special Purpose Register) which controls endianness,
32/64 bits, privilege state and other CPU state bits. Some bits can be
changed by the "mtmsr" instruction ("Move To MSR") but for the privilege
bits "rfid" ("Return From Interrrupt Doubleword") needs to be used and
SRR0/SRR1 SPRs need to be preloaded with the desired mode and an address
to jump.
This adds an "rfid" pseudo instruction.
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Commit: ec8573b1f61d4321a736204c9e14d62f8a5e5405
https://github.com/google/syzkaller/commit/ec8573b1f61d4321a736204c9e14d62f8a5e5405
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M pkg/ifuzz/powerpc/powerpc.go
Log Message:
-----------
pkg/ifuzz/powerpc: fuzz instruction bits which are not opcodes
The instructions are made of opcode (split in 1..3 groups of fields) and
parameters (immediate values, register numbers, flags). The insns.go is
expected to have all the bits covered but some bits might be missing which
this randomizes.
This adds preloading of "RS" for better fuzzing of "mtmsr(d)"
instructions ("Move To Machine State Register (Doubleword)").
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Commit: 5b989942e1043028009d3a08610a8f52efad7330
https://github.com/google/syzkaller/commit/5b989942e1043028009d3a08610a8f52efad7330
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M pkg/ifuzz/powerpc/gen/powerisa30_to_syz
M pkg/ifuzz/powerpc/generated/insns.go
M pkg/ifuzz/powerpc/powerpc.go
Log Message:
-----------
pkg/ifuzz/powerpc: fix instructions
The PowerISA pdf parser made several wrong assumptions about the format
("copy"/"paste."/...) and missed that some fields are split and have
reverse order ("rldicr" and similar). Another problem with parsing
2 column page layout.
This makes powerpc.Insn.Fields value type from tuple to an array of
tuples and fixes encodeBits() accordingly.
This fixes powerisa30_to_syz to store all the bits and split "MB"/"ME"
in 2 halves sorted in the way encodeBits() loops.
This should not change the coverage dramatically but this improves
pseudo instructions as "rldicr" is used to preload registers although
no huge difference expected there either as the problem was with top
32bits and hypercall/rtastoken numbers are 16bit anyway.
While at this, this fixes powerisa30_to_syz to make "make generate" not
change insns.go. This also drops comments from the generated file as are
proven to be useless and just increase lengths of already long lines
(vim hates it).
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Compare: https://github.com/google/syzkaller/compare/aae492f20ef3...5b989942e104
Home: https://github.com/google/syzkaller
Commit: 3611c0a0c1166f09038ed05f21dbbec8f2e29834
https://github.com/google/syzkaller/commit/3611c0a0c1166f09038ed05f21dbbec8f2e29834
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M executor/common_kvm_ppc64.h
M pkg/csource/generated.go
Log Message:
-----------
executor/common_kvm_ppc64: enable nested KVM
This is necessary to make KVM actually execute the instructions.
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Commit: cac54be7ff77e2e220d7b477c82984b26157e09b
https://github.com/google/syzkaller/commit/cac54be7ff77e2e220d7b477c82984b26157e09b
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M executor/common_kvm_ppc64.h
M pkg/csource/generated.go
M pkg/ifuzz/powerpc/pseudo.go
Log Message:
-----------
executor/common_kvm_ppc64: fuzz more hypercalls
At the moment syzkaller only fuzzes the platform architecture defined
hypercalls. However there are custom defined hypercalls which KVM handles,
they make 2 groups - an extension of hypercalls and so-called ultracalls
which are handled by the secure VM firmware but in absense of the secure
VM facility, KVM gets to handle those as errors.
This enables the two extra groups of hypercalls in KVM. If not enabled,
KVM exits to let the userspace handle them (which syzkaller does not do).
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Commit: ca8716cc3a7a2ca6b077951ee3c0629a18f7bc28
https://github.com/google/syzkaller/commit/ca8716cc3a7a2ca6b077951ee3c0629a18f7bc28
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M pkg/ifuzz/powerpc/pseudo.go
Log Message:
-----------
pkg/ifuzz/powerpc: fuzz the machine state register (MSR)
MSR is an SPR (Special Purpose Register) which controls endianness,
32/64 bits, privilege state and other CPU state bits. Some bits can be
changed by the "mtmsr" instruction ("Move To MSR") but for the privilege
bits "rfid" ("Return From Interrrupt Doubleword") needs to be used and
SRR0/SRR1 SPRs need to be preloaded with the desired mode and an address
to jump.
This adds an "rfid" pseudo instruction.
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Commit: ec8573b1f61d4321a736204c9e14d62f8a5e5405
https://github.com/google/syzkaller/commit/ec8573b1f61d4321a736204c9e14d62f8a5e5405
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M pkg/ifuzz/powerpc/powerpc.go
Log Message:
-----------
pkg/ifuzz/powerpc: fuzz instruction bits which are not opcodes
The instructions are made of opcode (split in 1..3 groups of fields) and
parameters (immediate values, register numbers, flags). The insns.go is
expected to have all the bits covered but some bits might be missing which
this randomizes.
This adds preloading of "RS" for better fuzzing of "mtmsr(d)"
instructions ("Move To Machine State Register (Doubleword)").
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Commit: 5b989942e1043028009d3a08610a8f52efad7330
https://github.com/google/syzkaller/commit/5b989942e1043028009d3a08610a8f52efad7330
Author: Alexey Kardashevskiy <a...@linux.ibm.com>
Date: 2021-09-16 (Thu, 16 Sep 2021)
Changed paths:
M pkg/ifuzz/powerpc/gen/powerisa30_to_syz
M pkg/ifuzz/powerpc/generated/insns.go
M pkg/ifuzz/powerpc/powerpc.go
Log Message:
-----------
pkg/ifuzz/powerpc: fix instructions
The PowerISA pdf parser made several wrong assumptions about the format
("copy"/"paste."/...) and missed that some fields are split and have
reverse order ("rldicr" and similar). Another problem with parsing
2 column page layout.
This makes powerpc.Insn.Fields value type from tuple to an array of
tuples and fixes encodeBits() accordingly.
This fixes powerisa30_to_syz to store all the bits and split "MB"/"ME"
in 2 halves sorted in the way encodeBits() loops.
This should not change the coverage dramatically but this improves
pseudo instructions as "rldicr" is used to preload registers although
no huge difference expected there either as the problem was with top
32bits and hypercall/rtastoken numbers are 16bit anyway.
While at this, this fixes powerisa30_to_syz to make "make generate" not
change insns.go. This also drops comments from the generated file as are
proven to be useless and just increase lengths of already long lines
(vim hates it).
Signed-off-by: Alexey Kardashevskiy <a...@linux.ibm.com>
Compare: https://github.com/google/syzkaller/compare/aae492f20ef3...5b989942e104
Reply all
Reply to author
Forward
0 new messages