docs: add instructions for arm kernel

1 files changed, 134 insertions, 0 deletions

diff --git a/docs/linux/setup_linux-host_qemu-vm_arm-kernel.md b/docs/linux/setup_linux-host_qemu-vm_arm-kernel.md
new file mode 100644
index 000000000..7684f54ea
--- /dev/null
+++ b/docs/linux/setup_linux-host_qemu-vm_arm-kernel.md
@@ -0,0 +1,134 @@
+# Setup: Debian host, QEMU vm, arm kernel
+
+# GCC
+
+Obtain a fresh `arm-linux-gnueabihf-gcc`. Latest Debian distributions provide
+version 7.2.0, which should be enough. Otherwise you can download Linaro
+compiler [here](https://www.linaro.org/downloads).
+ 
+# Kernel
+
+The instructions are tested with `v4.16.1`. Check that you have/backport
+["arm: port KCOV to arm"](https://groups.google.com/d/msg/syzkaller/zLThPHplyIc/9ncfpRvVCAAJ)
+patch. Create kernel config with:
+
+```shell
+make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- vexpress_defconfig
+```
+
+Then enable the following configs on top:
+
+```
+CONFIG_KCOV=y
+CONFIG_DEBUG_INFO=y
+CONFIG_DEVTMPFS_MOUNT=y
+CONFIG_NAMESPACES=y
+CONFIG_USER_NS=y
+CONFIG_UTS_NS=y
+CONFIG_IPC_NS=y
+CONFIG_PID_NS=y
+CONFIG_NET_NS=y
+
+Also check out general kernel configuration [recommendations](/docs/linux/kernel_configs.md).
+
+Then build kernel with:
+
+```
+make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi-
+```
+
+# Image
+
+We will use buildroot to create the disk image. You can obtain buildroot
+[here](https://buildroot.uclibc.org/download.html). Instructions were tested
+with buildroot `c665c7c9cd6646b135cdd9aa7036809f7771ab80`. First run:
+
+```
+make qemu_arm_vexpress_defconfig
+make menuconfig
+```
+
+Choose the following options:
+
+```
+    Target packages
+	    Networking applications
+	        [*] dhcpcd
+	        [*] iproute2
+	        [*] openssh
+    Filesystem images
+	        exact size - 1g
+```
+
+Unselect:
+
+```
+    Kernel
+	    Linux Kernel
+```
+
+Run `make`.
+
+Then add the following line to `output/target/etc/fstab`:
+
+```
+debugfs	/sys/kernel/debug	debugfs	defaults	0	0
+```
+
+Then replace `output/target/etc/ssh/sshd_config` with the following contents:
+ 
+```
+PermitRootLogin yes
+PasswordAuthentication yes
+PermitEmptyPasswords yes
+```
+
+Run `make` again.
+
+# Test kernel and image
+
+Run:
+
+```
+qemu-system-arm -m 512 -smp 2 -net nic -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -display none -serial stdio -machine vexpress-a15 -dtb /linux/arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb -sd /buildroot/output/images/rootfs.ext2 -snapshot -kernel /linux/arch/arm/boot/zImage -append "earlyprintk=serial console=ttyAMA0 root=/dev/sda root=/dev/mmcblk0"
+```
+
+This should boot the kernel. Wait for login prompt, then in another console run:
+
+```
+ssh -p 10022 root@localhost
+```
+
+ssh should succeed.
+
+# syzkaller
+
+Build `syzkaller` with `make TARGETARCH=arm`. Create manager config `arm.cfg`
+similar to the following one (changing paths as necessary):
+
+```
+{
+	"name": "arm",
+	"target": "linux/arm",
+	"http": ":12345",
+	"workdir": "/workdir",
+	"vmlinux": "/linux/vmlinux",
+	"syzkaller": "/gopath/src/github.com/google/syzkaller",
+	"image": "/buildroot/output/images/rootfs.ext2",
+	"sandbox": "none",
+	"reproduce": false,
+	"procs": 4,
+	"type": "qemu",
+	"vm": {
+		"count": 10,
+		"qemu_args": "-machine vexpress-a15 -dtb /linux/arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb",
+		"cmdline": "console=ttyAMA0 root=/dev/mmcblk0",
+		"kernel": "/linux/arch/arm/boot/zImage",
+		"image_device": "sd",
+		"mem": 512
+		"cpu": 2,
+	}
+}
+```
+
+Finally, run `bin/syz-manager -config arm.cfg`.