[google/syzkaller] 554d3e: executor: rename SYZOS-related address definitions
0 views
Skip to first unread message
Alexander Potapenko
Oct 17, 2025, 2:51:59 AM (3 days ago) Oct 17
to syzk...@googlegroups.com
Branch: refs/heads/gh-readonly-queue/master/pr-6383-19568248c8bdb031004760d49df5045a85aa517b
Home: https://github.com/google/syzkaller
Commit: 554d3ef1c24ae1bc3c8c439e8c8f3a9006434244
https://github.com/google/syzkaller/commit/554d3ef1c24ae1bc3c8c439e8c8f3a9006434244
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/common_kvm_amd64_syzos.h
M executor/kvm.h
Log Message:
-----------
executor: rename SYZOS-related address definitions
To distinguish SYZOS addresses from other x86 definitions, change them
to start with X86_SYZOS_ADDR_
No functional change.
Commit: 6ca4530067ac25a78291b176b6d3dbe6ba592d15
https://github.com/google/syzkaller/commit/6ca4530067ac25a78291b176b6d3dbe6ba592d15
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm.h
M executor/common_kvm_amd64.h
M executor/common_kvm_arm64.h
Log Message:
-----------
executor: introduce DEFINE_GUEST_FN_TO_GPA_FN()
DEFINE_GUEST_FN_TO_GPA_FN() allows to define helper functions to
calculate guest addresses in the host/guest code.
Commit: c7354acdafe9a5bdf11bafed36b695588185a198
https://github.com/google/syzkaller/commit/c7354acdafe9a5bdf11bafed36b695588185a198
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/kvm.h
Log Message:
-----------
executor: more robust x86 page table creation in SYZOS
Provide map_4k_region() to ease page table creation for different
regions.
While at it, also move the stack from 0x0 to 0x90000.
Commit: fe2df35c1db3ce6dece1feb776f6a7c22e89be22
https://github.com/google/syzkaller/commit/fe2df35c1db3ce6dece1feb776f6a7c22e89be22
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
Log Message:
-----------
executor: use a list of memory regions to set up SYZOS guest
Instead of open-coding every memory region in several places,
use a single array to configure their creation.
Commit: bc704f36a2d3ef35b1857bc077e58e98c9af4f94
https://github.com/google/syzkaller/commit/bc704f36a2d3ef35b1857bc077e58e98c9af4f94
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
Log Message:
-----------
executor: fix the definition of struct tss64
Per https://wiki.osdev.org/Task_State_Segment#Long_Mode,
io_bitmap and reserved3 should be 16-bit.
Commit: 1bf5eb12ff86ff72f837a79ea186d4391edd4214
https://github.com/google/syzkaller/commit/1bf5eb12ff86ff72f837a79ea186d4391edd4214
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/common_kvm_amd64_syzos.h
M executor/kvm.h
Log Message:
-----------
executor: rework GDT setup for SYZOS
Untangle SYZOS GDT setup from the legacy one.
Drop LDT and TSS for now.
Commit: 8437e9b3412387dade0961faf0c3616de3903d91
https://github.com/google/syzkaller/commit/8437e9b3412387dade0961faf0c3616de3903d91
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
A sys/linux/test/amd64-syz_kvm_setup_syzos_vm-default_irq_handler
Log Message:
-----------
sys/linux/test: add amd64-syz_kvm_setup_syzos_vm-default_irq_handler
Verify that the default IRQ handler correctly handles an injected
interrupt.
Commit: 6f255ae2c60c113dc8eeae689561e439791cc502
https://github.com/google/syzkaller/commit/6f255ae2c60c113dc8eeae689561e439791cc502
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
R sys/linux/test/amd64-syz_kvm_setup_syzos_vm-wr_drn-shutdown
A sys/linux/test/amd64-syz_kvm_setup_syzos_vm-wr_drn-soft
Log Message:
-----------
sys/linux/test: fix amd64-syz_kvm_setup_syzos_vm-wr_drn-shutdown
Now that we handle interrupts in the guest code, this program does
not shutdown anymore. Make sure it finishes correctly, and
rename the test case to avoid confusion.
Commit: 2606b77513573de02745daefe9de925c9494cfff
https://github.com/google/syzkaller/commit/2606b77513573de02745daefe9de925c9494cfff
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/kvm.h
Log Message:
-----------
executor: refactor x86 SYZOS setup
Pass around struct kvm_syzos_vm instead of one-off pointers to
various guest memory ranges.
Commit: c42fde19c0fd97583e4c8f6f88e2059ba630bc08
https://github.com/google/syzkaller/commit/c42fde19c0fd97583e4c8f6f88e2059ba630bc08
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/kvm.h
Log Message:
-----------
executor: use dynamic page table allocation for guest
Use a pool of 32 pages to allocate PT and PE entries for the guest
page tables.
This eliminates the need for manually assigned page table entries
that are brittle and may break when someone changes the memory
layout.
Commit: b2cf58f4862666d3b14f051b1e8cddcde9f8186f
https://github.com/google/syzkaller/commit/b2cf58f4862666d3b14f051b1e8cddcde9f8186f
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M tools/check-syzos.sh
Log Message:
-----------
tools/check-syzos.sh: allow RIP-relative references to .guest
When loading guest code at another address, RIP-relative references
to the same section should not be a problem.
Modify check-syzos.sh to allow that.
Commit: e69835fc40b5e00c0996ce3a85d8287eea57d162
https://github.com/google/syzkaller/commit/e69835fc40b5e00c0996ce3a85d8287eea57d162
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/common_kvm_amd64_syzos.h
M sys/linux/dev_kvm_amd64.txt
A sys/linux/test/amd64-syz_kvm_set_irq_handler
Log Message:
-----------
executor: sys/linux: implement SYZOS_API_SET_IRQ_HANDLER
The new API call allows to initialize the handler with one of the
three possible values:
- NULL (should cause a page fault)
- dummy_null_handler (should call iret)
- uexit_irq_handler (should perform guest_uexit(UEXIT_IRQ))
Also add a test for uexit_irq_handler()
Commit: 58474fc3a56058e6db818eabd8b0adfa5b2f077e
https://github.com/google/syzkaller/commit/58474fc3a56058e6db818eabd8b0adfa5b2f077e
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
Log Message:
-----------
executor: fix setup_cpuid() declaration
Make sure setup_cpuid() is only declared together with install_user_code()
Commit: e253a80f735974088faae059a2fa9593550370b6
https://github.com/google/syzkaller/commit/e253a80f735974088faae059a2fa9593550370b6
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64_syzos.h
Log Message:
-----------
executor: amd64: remove the switch from guest_main()
Somehow Clang still manages to emit a jump table for it.
Commit: bc0cbe5709e294d9755f481e7f41be68413e14f9
https://github.com/google/syzkaller/commit/bc0cbe5709e294d9755f481e7f41be68413e14f9
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/common_kvm_arm64.h
M executor/kvm.h
Log Message:
-----------
executor: unify ARM64_ADDR_EXECUTOR_CODE and X86_SYZOS_ADDR_EXECUTOR_CODE
Use SYZOS_ADDR_EXECUTOR_CODE instead of both. Also put platform-specific
definitions under #if GOARCH_xxx.
Commit: e18aa5057febfc3f9f61c8755234e361528def0e
https://github.com/google/syzkaller/commit/e18aa5057febfc3f9f61c8755234e361528def0e
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm.h
M executor/common_kvm_amd64.h
M executor/common_kvm_amd64_syzos.h
M executor/common_kvm_arm64.h
M executor/common_kvm_arm64_syzos.h
M executor/common_kvm_syzos.h
Log Message:
-----------
executor: introduce __addrspace_guest
Apply __addrspace_guest to every guest function and use a C++ template
to statically validate that host functions are not passed to
executor_fn_guest_addr().
This only works in Clang builds of syz-executor, because GCC does not
support address spaces, and C reproducers cannot use templates.
The static check allows us to drop the dynamic checks in DEFINE_GUEST_FN_TO_GPA_FN().
While at it, replace DEFINE_GUEST_FN_TO_GPA_FN() with explicit declarations of
host_fn_guest_addr() and guest_fn_guest_addr().
Compare: https://github.com/google/syzkaller/compare/554d3ef1c24a%5E...e18aa5057feb
To unsubscribe from these emails, change your notification settings at https://github.com/google/syzkaller/settings/notifications
Home: https://github.com/google/syzkaller
Commit: 554d3ef1c24ae1bc3c8c439e8c8f3a9006434244
https://github.com/google/syzkaller/commit/554d3ef1c24ae1bc3c8c439e8c8f3a9006434244
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/common_kvm_amd64_syzos.h
M executor/kvm.h
Log Message:
-----------
executor: rename SYZOS-related address definitions
To distinguish SYZOS addresses from other x86 definitions, change them
to start with X86_SYZOS_ADDR_
No functional change.
Commit: 6ca4530067ac25a78291b176b6d3dbe6ba592d15
https://github.com/google/syzkaller/commit/6ca4530067ac25a78291b176b6d3dbe6ba592d15
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm.h
M executor/common_kvm_amd64.h
M executor/common_kvm_arm64.h
Log Message:
-----------
executor: introduce DEFINE_GUEST_FN_TO_GPA_FN()
DEFINE_GUEST_FN_TO_GPA_FN() allows to define helper functions to
calculate guest addresses in the host/guest code.
Commit: c7354acdafe9a5bdf11bafed36b695588185a198
https://github.com/google/syzkaller/commit/c7354acdafe9a5bdf11bafed36b695588185a198
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/kvm.h
Log Message:
-----------
executor: more robust x86 page table creation in SYZOS
Provide map_4k_region() to ease page table creation for different
regions.
While at it, also move the stack from 0x0 to 0x90000.
Commit: fe2df35c1db3ce6dece1feb776f6a7c22e89be22
https://github.com/google/syzkaller/commit/fe2df35c1db3ce6dece1feb776f6a7c22e89be22
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
Log Message:
-----------
executor: use a list of memory regions to set up SYZOS guest
Instead of open-coding every memory region in several places,
use a single array to configure their creation.
Commit: bc704f36a2d3ef35b1857bc077e58e98c9af4f94
https://github.com/google/syzkaller/commit/bc704f36a2d3ef35b1857bc077e58e98c9af4f94
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
Log Message:
-----------
executor: fix the definition of struct tss64
Per https://wiki.osdev.org/Task_State_Segment#Long_Mode,
io_bitmap and reserved3 should be 16-bit.
Commit: 1bf5eb12ff86ff72f837a79ea186d4391edd4214
https://github.com/google/syzkaller/commit/1bf5eb12ff86ff72f837a79ea186d4391edd4214
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/common_kvm_amd64_syzos.h
M executor/kvm.h
Log Message:
-----------
executor: rework GDT setup for SYZOS
Untangle SYZOS GDT setup from the legacy one.
Drop LDT and TSS for now.
Commit: 8437e9b3412387dade0961faf0c3616de3903d91
https://github.com/google/syzkaller/commit/8437e9b3412387dade0961faf0c3616de3903d91
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
A sys/linux/test/amd64-syz_kvm_setup_syzos_vm-default_irq_handler
Log Message:
-----------
sys/linux/test: add amd64-syz_kvm_setup_syzos_vm-default_irq_handler
Verify that the default IRQ handler correctly handles an injected
interrupt.
Commit: 6f255ae2c60c113dc8eeae689561e439791cc502
https://github.com/google/syzkaller/commit/6f255ae2c60c113dc8eeae689561e439791cc502
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
R sys/linux/test/amd64-syz_kvm_setup_syzos_vm-wr_drn-shutdown
A sys/linux/test/amd64-syz_kvm_setup_syzos_vm-wr_drn-soft
Log Message:
-----------
sys/linux/test: fix amd64-syz_kvm_setup_syzos_vm-wr_drn-shutdown
Now that we handle interrupts in the guest code, this program does
not shutdown anymore. Make sure it finishes correctly, and
rename the test case to avoid confusion.
Commit: 2606b77513573de02745daefe9de925c9494cfff
https://github.com/google/syzkaller/commit/2606b77513573de02745daefe9de925c9494cfff
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/kvm.h
Log Message:
-----------
executor: refactor x86 SYZOS setup
Pass around struct kvm_syzos_vm instead of one-off pointers to
various guest memory ranges.
Commit: c42fde19c0fd97583e4c8f6f88e2059ba630bc08
https://github.com/google/syzkaller/commit/c42fde19c0fd97583e4c8f6f88e2059ba630bc08
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/kvm.h
Log Message:
-----------
executor: use dynamic page table allocation for guest
Use a pool of 32 pages to allocate PT and PE entries for the guest
page tables.
This eliminates the need for manually assigned page table entries
that are brittle and may break when someone changes the memory
layout.
Commit: b2cf58f4862666d3b14f051b1e8cddcde9f8186f
https://github.com/google/syzkaller/commit/b2cf58f4862666d3b14f051b1e8cddcde9f8186f
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M tools/check-syzos.sh
Log Message:
-----------
tools/check-syzos.sh: allow RIP-relative references to .guest
When loading guest code at another address, RIP-relative references
to the same section should not be a problem.
Modify check-syzos.sh to allow that.
Commit: e69835fc40b5e00c0996ce3a85d8287eea57d162
https://github.com/google/syzkaller/commit/e69835fc40b5e00c0996ce3a85d8287eea57d162
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/common_kvm_amd64_syzos.h
M sys/linux/dev_kvm_amd64.txt
A sys/linux/test/amd64-syz_kvm_set_irq_handler
Log Message:
-----------
executor: sys/linux: implement SYZOS_API_SET_IRQ_HANDLER
The new API call allows to initialize the handler with one of the
three possible values:
- NULL (should cause a page fault)
- dummy_null_handler (should call iret)
- uexit_irq_handler (should perform guest_uexit(UEXIT_IRQ))
Also add a test for uexit_irq_handler()
Commit: 58474fc3a56058e6db818eabd8b0adfa5b2f077e
https://github.com/google/syzkaller/commit/58474fc3a56058e6db818eabd8b0adfa5b2f077e
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
Log Message:
-----------
executor: fix setup_cpuid() declaration
Make sure setup_cpuid() is only declared together with install_user_code()
Commit: e253a80f735974088faae059a2fa9593550370b6
https://github.com/google/syzkaller/commit/e253a80f735974088faae059a2fa9593550370b6
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64_syzos.h
Log Message:
-----------
executor: amd64: remove the switch from guest_main()
Somehow Clang still manages to emit a jump table for it.
Commit: bc0cbe5709e294d9755f481e7f41be68413e14f9
https://github.com/google/syzkaller/commit/bc0cbe5709e294d9755f481e7f41be68413e14f9
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm_amd64.h
M executor/common_kvm_arm64.h
M executor/kvm.h
Log Message:
-----------
executor: unify ARM64_ADDR_EXECUTOR_CODE and X86_SYZOS_ADDR_EXECUTOR_CODE
Use SYZOS_ADDR_EXECUTOR_CODE instead of both. Also put platform-specific
definitions under #if GOARCH_xxx.
Commit: e18aa5057febfc3f9f61c8755234e361528def0e
https://github.com/google/syzkaller/commit/e18aa5057febfc3f9f61c8755234e361528def0e
Author: Alexander Potapenko <gli...@google.com>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M executor/common_kvm.h
M executor/common_kvm_amd64.h
M executor/common_kvm_amd64_syzos.h
M executor/common_kvm_arm64.h
M executor/common_kvm_arm64_syzos.h
M executor/common_kvm_syzos.h
Log Message:
-----------
executor: introduce __addrspace_guest
Apply __addrspace_guest to every guest function and use a C++ template
to statically validate that host functions are not passed to
executor_fn_guest_addr().
This only works in Clang builds of syz-executor, because GCC does not
support address spaces, and C reproducers cannot use templates.
The static check allows us to drop the dynamic checks in DEFINE_GUEST_FN_TO_GPA_FN().
While at it, replace DEFINE_GUEST_FN_TO_GPA_FN() with explicit declarations of
host_fn_guest_addr() and guest_fn_guest_addr().
Compare: https://github.com/google/syzkaller/compare/554d3ef1c24a%5E...e18aa5057feb
To unsubscribe from these emails, change your notification settings at https://github.com/google/syzkaller/settings/notifications
Alexander Potapenko
Oct 17, 2025, 3:04:52 AM (3 days ago) Oct 17
to syzk...@googlegroups.com
Branch: refs/heads/master
Compare: https://github.com/google/syzkaller/compare/19568248c8bd...e18aa5057feb
Reply all
Reply to author
Forward
0 new messages