vm/isolated: add initial support for fuzzing chromebooks

(WIP PR)

Add support for StartupScript.
* Modify Config{} to contain PostRepairScript.
* Allow repair() to execute a startup_script after reboot. The contents
of this script execute on the DUT.

Add pstore support:
* Modify Config{} to contain Pstore.
* Modify Diagnose() to reboot the DUT and fetch pstore logs,
conditional on inst.cfg.Pstore.
* Add readPstoreContents().
* Allow clearing previous pstore logs upon Create() and after use inside
readPstoreContents().
* Fetching pstore crashlogs relies on reliably getting lost connection
on DUT reboot. Use "ServerAliveInterval=6 ServerAliveCountMax=5" ssh
options when running syz-fuzzer with Pstore support enabled.

Allow parsing pstore contents:
* Diagnose() now returns pstore contents.

Refactoring:
* Move out some reusable parts of repair() to waitRebootAndSSH().
* Have an early return inside repair() if inst.waitForSSH() fails.

1 files changed, 12 insertions, 0 deletions

diff --git a/docs/linux/setup_linux-host_isolated.md b/docs/linux/setup_linux-host_isolated.md
index ec434cd12..387ff1052 100644
--- a/docs/linux/setup_linux-host_isolated.md
+++ b/docs/linux/setup_linux-host_isolated.md
@@ -53,6 +53,17 @@ Host *
 Before fuzzing, connect to the machine and keep the connection open so all scp
 and ssh usage will reuse it.
 
+# Optional: Pstore support
+
+If the device under test (DUT) has Pstore support, it is possible to configure syzkaller to
+fetch crashlogs from /sys/fs/pstore. You can do this by setting `"pstore": true` within
+the `vm` section of the syzkaller configuration file.
+
+# Optional: Startup script
+
+To execute commands on the DUT before fuzzing (re-)starts,
+`startup_script` can be used.
+
 ## Syzkaller
 
 Build syzkaller as described [here](/docs/contributing.md).
@@ -71,6 +82,7 @@ Use the following config:
 	"type": "isolated",
 	"vm": {
 		"targets" : [ "10.0.0.1" ],
+		"pstore": false,
 		"target_dir" : "/home/user/tmp/syzkaller",
                 "target_reboot" : false
 	}