syz-ci: allow to specify cmdline/sysctls

Allow to specify per-kernel command line and sysctl values
to more closely mimic the target kernel.

6 files changed, 45 insertions, 16 deletions

diff --git a/pkg/kernel/generated.go b/pkg/kernel/generated.go
index e9b00b345..a3d0ffcd6 100644
--- a/pkg/kernel/generated.go
+++ b/pkg/kernel/generated.go
@@ -35,11 +35,13 @@ sudo sed -i "/^root/ { s/:x:/::/ }" disk.mnt/etc/passwd
 echo "T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100" | sudo tee -a disk.mnt/etc/inittab
 echo -en "auto lo\niface lo inet loopback\nauto eth0\niface eth0 inet dhcp\n" | sudo tee disk.mnt/etc/network/interfaces
 echo "debugfs /sys/kernel/debug debugfs defaults 0 0" | sudo tee -a disk.mnt/etc/fstab
+
 echo "kernel.printk = 7 4 1 3" | sudo tee -a disk.mnt/etc/sysctl.conf
 echo "debug.exception-trace = 0" | sudo tee -a disk.mnt/etc/sysctl.conf
-echo "net.core.bpf_jit_enable = 1" | sudo tee -a disk.mnt/etc/sysctl.conf
-echo "net.core.bpf_jit_harden = 2" | sudo tee -a disk.mnt/etc/sysctl.conf
-echo "net.ipv4.ping_group_range = 0 65535" | sudo tee -a disk.mnt/etc/sysctl.conf
+if [ -f $SYZ_SYSCTL_FILE ]; then
+	cat $SYZ_SYSCTL_FILE | sudo tee -a disk.mnt/etc/sysctl.conf
+fi
+
 echo -en "127.0.0.1\tlocalhost\n" | sudo tee disk.mnt/etc/hosts
 echo "nameserver 8.8.8.8" | sudo tee -a disk.mnt/etc/resolve.conf
 echo "ClientAliveInterval 420" | sudo tee -a disk.mnt/etc/ssh/sshd_config
@@ -50,6 +52,12 @@ sudo mkdir -p disk.mnt/root/.ssh
 sudo cp key.pub disk.mnt/root/.ssh/authorized_keys
 sudo chown root disk.mnt/root/.ssh/authorized_keys
 sudo mkdir -p disk.mnt/boot/grub
+
+CMDLINE=""
+if [ -f $SYZ_CMDLINE_FILE ]; then
+	CMDLINE=$(awk '{printf("%s ", $0)}' $SYZ_CMDLINE_FILE)
+fi
+
 cat << EOF | sudo tee disk.mnt/boot/grub/grub.cfg
 terminal_input console
 terminal_output console
@@ -63,7 +71,7 @@ menuentry 'linux' --class gnu-linux --class gnu --class os {
 	insmod part_msdos
 	insmod ext2
 	set root='(hd0,1)'
-	linux /vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 kvm-intel.nested=1 kvm-intel.unrestricted_guest=1 kvm-intel.vmm_exclusive=1 kvm-intel.fasteoi=1 kvm-intel.ept=1 kvm-intel.flexpriority=1 kvm-intel.vpid=1 kvm-intel.emulate_invalid_guest_state=1 kvm-intel.eptad=1 kvm-intel.enable_shadow_vmcs=1 kvm-intel.pml=1 kvm-intel.enable_apicv=1
+	linux /vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 $CMDLINE
 }
 EOF
 sudo grub-install --boot-directory=disk.mnt/boot --no-floppy /dev/nbd0
diff --git a/pkg/kernel/kernel.go b/pkg/kernel/kernel.go
index 208b61815..5b97715b4 100644
--- a/pkg/kernel/kernel.go
+++ b/pkg/kernel/kernel.go
@@ -68,8 +68,10 @@ func build(dir, compiler string) error {
 
 // CreateImage creates a disk image that is suitable for syzkaller.
 // Kernel is taken from kernelDir, userspace system is taken from userspaceDir.
+// If cmdlineFile is not empty, contents of the file are appended to the kernel command line.
+// If sysctlFile is not empty, contents of the file are appended to the image /etc/sysctl.conf.
 // Produces image and root ssh key in the specified files.
-func CreateImage(kernelDir, userspaceDir, image, sshkey string) error {
+func CreateImage(kernelDir, userspaceDir, cmdlineFile, sysctlFile, image, sshkey string) error {
 	tempDir, err := ioutil.TempDir("", "syz-build")
 	if err != nil {
 		return err
diff --git a/syz-ci/manager.go b/syz-ci/manager.go
index 630a7cdbd..6d0ea871d 100644
--- a/syz-ci/manager.go
+++ b/syz-ci/manager.go
@@ -229,7 +229,9 @@ func (mgr *Manager) build() error {
 
 	image := filepath.Join(tmpDir, "image")
 	key := filepath.Join(tmpDir, "key")
-	if err := kernel.CreateImage(mgr.kernelDir, mgr.mgrcfg.Userspace, image, key); err != nil {
+	err = kernel.CreateImage(mgr.kernelDir, mgr.mgrcfg.Userspace,
+		mgr.mgrcfg.Kernel_Cmdline, mgr.mgrcfg.Kernel_Sysctl, image, key)
+	if err != nil {
 		return fmt.Errorf("image build failed: %v", err)
 	}
 	// TODO(dvyukov): test that the image is good (boots and we can ssh into it).
diff --git a/syz-ci/syz-ci.go b/syz-ci/syz-ci.go
index 49f0ae79b..caf68f0d1 100644
--- a/syz-ci/syz-ci.go
+++ b/syz-ci/syz-ci.go
@@ -65,10 +65,10 @@ var flagConfig = flag.String("config", "", "config file")
 type Config struct {
 	Name             string
 	Http             string
-	Dashboard_Addr   string
-	Hub_Addr         string
-	Hub_Key          string
-	Goroot           string
+	Dashboard_Addr   string // Optional.
+	Hub_Addr         string // Optional.
+	Hub_Key          string // Optional.
+	Goroot           string // Go 1.8+ toolchain dir.
 	Syzkaller_Repo   string
 	Syzkaller_Branch string
 	Managers         []*ManagerConfig
@@ -83,6 +83,8 @@ type ManagerConfig struct {
 	Compiler         string
 	Userspace        string
 	Kernel_Config    string
+	Kernel_Cmdline   string // File with kernel cmdline values (optional).
+	Kernel_Sysctl    string // File with sysctl values (e.g. output of sysctl -a, optional).
 	Manager_Config   json.RawMessage
 }
 
diff --git a/syz-gce/syz-gce.go b/syz-gce/syz-gce.go
index 2a7511221..5ed29df85 100644
--- a/syz-gce/syz-gce.go
+++ b/syz-gce/syz-gce.go
@@ -365,7 +365,7 @@ func (a *LocalBuildAction) Build() error {
 	}
 	Logf(0, "building image...")
 	osutil.MkdirAll("image/obj")
-	if err := kernel.CreateImage(dir, a.UserspaceDir, "image/disk.raw", "image/key"); err != nil {
+	if err := kernel.CreateImage(dir, a.UserspaceDir, "", "", "image/disk.raw", "image/key"); err != nil {
 		return fmt.Errorf("image build failed: %v", err)
 	}
 	if err := osutil.WriteFile("image/tag", []byte(hash)); err != nil {
diff --git a/tools/create-gce-image.sh b/tools/create-gce-image.sh
index 3329fcfe0..dccab5f7b 100755
--- a/tools/create-gce-image.sh
+++ b/tools/create-gce-image.sh
@@ -17,6 +17,11 @@
 # Usage:
 #   ./create-gce-image.sh /dir/with/user/space/system /path/to/bzImage
 #
+# If SYZ_SYSCTL_FILE env var is set and points to a file,
+# then its contents will be appended to the image /etc/sysctl.conf.
+# If SYZ_CMDLINE_FILE env var is set and points to a file,
+# then its contents will be appended to the kernel command line.
+#
 # Outputs are (in the current dir):
 # - disk.raw: the image
 # - key: root ssh key
@@ -66,11 +71,14 @@ sudo sed -i "/^root/ { s/:x:/::/ }" disk.mnt/etc/passwd
 echo "T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100" | sudo tee -a disk.mnt/etc/inittab
 echo -en "auto lo\niface lo inet loopback\nauto eth0\niface eth0 inet dhcp\n" | sudo tee disk.mnt/etc/network/interfaces
 echo "debugfs /sys/kernel/debug debugfs defaults 0 0" | sudo tee -a disk.mnt/etc/fstab
+
+# sysctls
 echo "kernel.printk = 7 4 1 3" | sudo tee -a disk.mnt/etc/sysctl.conf
 echo "debug.exception-trace = 0" | sudo tee -a disk.mnt/etc/sysctl.conf
-echo "net.core.bpf_jit_enable = 1" | sudo tee -a disk.mnt/etc/sysctl.conf
-echo "net.core.bpf_jit_harden = 2" | sudo tee -a disk.mnt/etc/sysctl.conf
-echo "net.ipv4.ping_group_range = 0 65535" | sudo tee -a disk.mnt/etc/sysctl.conf
+if [ -f $SYZ_SYSCTL_FILE ]; then
+	cat $SYZ_SYSCTL_FILE | sudo tee -a disk.mnt/etc/sysctl.conf
+fi
+
 echo -en "127.0.0.1\tlocalhost\n" | sudo tee disk.mnt/etc/hosts
 echo "nameserver 8.8.8.8" | sudo tee -a disk.mnt/etc/resolve.conf
 echo "ClientAliveInterval 420" | sudo tee -a disk.mnt/etc/ssh/sshd_config
@@ -81,11 +89,18 @@ sudo mkdir -p disk.mnt/root/.ssh
 sudo cp key.pub disk.mnt/root/.ssh/authorized_keys
 sudo chown root disk.mnt/root/.ssh/authorized_keys
 sudo mkdir -p disk.mnt/boot/grub
+
+CMDLINE=""
+if [ -f $SYZ_CMDLINE_FILE ]; then
+	CMDLINE=$(awk '{printf("%s ", $0)}' $SYZ_CMDLINE_FILE)
+fi
+
 cat << EOF | sudo tee disk.mnt/boot/grub/grub.cfg
 terminal_input console
 terminal_output console
 set timeout=0
-# vsyscall=native: required to run x86_64 executables on android kernels (for some reason they disable VDSO by default)
+# vsyscall=native: required to run x86_64 executables on android kernels
+#   (for some reason they disable VDSO by default)
 # rodata=n: mark_rodata_ro becomes very slow with KASAN (lots of PGDs)
 # panic=86400: prevents kernel from rebooting so that we don't get reboot output in all crash reports
 # debug is not set as it produces too much output
@@ -98,7 +113,7 @@ menuentry 'linux' --class gnu-linux --class gnu --class os {
 	insmod part_msdos
 	insmod ext2
 	set root='(hd0,1)'
-	linux /vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 kvm-intel.nested=1 kvm-intel.unrestricted_guest=1 kvm-intel.vmm_exclusive=1 kvm-intel.fasteoi=1 kvm-intel.ept=1 kvm-intel.flexpriority=1 kvm-intel.vpid=1 kvm-intel.emulate_invalid_guest_state=1 kvm-intel.eptad=1 kvm-intel.enable_shadow_vmcs=1 kvm-intel.pml=1 kvm-intel.enable_apicv=1
+	linux /vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 $CMDLINE
 }
 EOF
 sudo grub-install --boot-directory=disk.mnt/boot --no-floppy /dev/nbd0