Update freebsd.md

1 files changed, 66 insertions, 8 deletions

diff --git a/docs/freebsd.md b/docs/freebsd.md
index 33e7ce872..e43c269ed 100644
--- a/docs/freebsd.md
+++ b/docs/freebsd.md
@@ -1,25 +1,34 @@
 # FreeBSD
 
-To setup a VM follow the [qemu instructions](https://wiki.qemu.org/Hosts/BSD).
-Start a VM with:
+## How to run syzkaller on FreeBSD using qemu
+
+So far the process is tested only on linux/amd64 host. To build Go binaries do:
 ```
-qemu-system-x86_64 -m 2048 -hda FreeBSD-11.0-RELEASE-amd64.qcow2 -enable-kvm -netdev user,id=mynet0,host=10.0.2.10,hostfwd=tcp::10022-:22 -device e1000,netdev=mynet0 -nographic
+make manager fuzzer execprog TARGETOS=freebsd
+```
+To build C `syz-executor` binary, copy `executor/*` files to a FreeBSD machines and build there with:
 ```
-(for me it required building a fresh qemu-system-x86_64)
+gcc executor/executor_freebsd.cc -o syz-executor -O1 -lpthread -DGOOS=\"freebsd\" -DGIT_REVISION=\"CURRENT_GIT_REVISION\"
+```
+Then, copy out the binary back to host into `bin/freebsd_amd64` dir.
+
+Building/running on a FreeBSD host should work as well, but currently our `Makefile` does not work there, so you will need to do its work manually.
 
-After booting add the following to `/boot/loader.conf`:
+Then, you need a FreeBSD image with root ssh access with a key. General instructions can be found here [qemu instructions](https://wiki.qemu.org/Hosts/BSD). I used `FreeBSD-11.0-RELEASE-amd64.qcow2` image, and it required a freashly built `qemu-system-x86_64` (networking did not work in the system-provided one). Check that you can run the VM with:
+```
+qemu-system-x86_64 -m 2048 -hda FreeBSD-11.0-RELEASE-amd64.qcow2 -enable-kvm -netdev user,id=mynet0,host=10.0.2.10,hostfwd=tcp::10022-:22 -device e1000,netdev=mynet0 -nographic
+```
+and ssh into it with a key. After booting add the following to `/boot/loader.conf`:
 ```
 autoboot_delay="-1"
 console="comconsole"
 ```
-
 and the following to `/etc/rc.conf`:
 ```
 sshd_enable="YES"
 ifconfig_em0="inet 10.0.0.1 netmask 255.255.255.0"
 ```
-
-setup sshd in `/etc/ssh/sshd_config` along the lines of:
+Here is `/etc/ssh/sshd_config` that I used:
 ```
 Port 22
 AddressFamily any
@@ -37,3 +46,52 @@ PasswordAuthentication yes
 PermitEmptyPasswords yes
 Subsystem sftp /usr/libexec/sftp-server
 ```
+
+If all of the above worked, create `freebsd.cfg` config file with the following contents (alter paths as necessary):
+```
+{
+	"name": "freebsd",
+	"target": "freebsd/amd64",
+	"http": ":10000",
+	"workdir": "/workdir",
+	"syzkaller": "/gopath/src/github.com/google/syzkaller",
+	"image": "/FreeBSD-11.1-RELEASE-amd64.qcow2",
+	"sshkey": "/freebsd_id_rsa",
+	"sandbox": "none",
+	"procs": 8,
+	"type": "qemu",
+	"vm": {
+		"qemu": "/qemu/build/x86_64-softmmu/qemu-system-x86_64",
+		"count": 10,
+		"cpu": 4,
+		"mem": 2048
+	}
+}
+```
+
+Then, start `syz-manager` with:
+```
+bin/syz-manager -config freebsd.cfg
+```
+It should start printing output along the lines of:
+```
+booting test machines...
+wait for the connection from test machine...
+machine check: 253 calls enabled, kcov=true, kleakcheck=false, faultinjection=false, comps=false
+executed 3622, cover 1219, crashes 0, repro 0
+executed 7921, cover 1239, crashes 0, repro 0
+executed 32807, cover 1244, crashes 0, repro 0
+executed 35803, cover 1248, crashes 0, repro 0
+```
+If something does not work, add `-debug` flag to `syz-manager`.
+
+## Missing things
+
+- Coverage. `executor/executor_freebsd.cc` uses a very primitive fallback for coverage. We need KCOV for FreeBSD.
+- System call descriptions. `sys/freebsd/*.txt` is a dirty copy from `sys/linux` with everything that does not compile dropped. We need to go through syscalls and verify/fix/extend them, including devices/ioctls/etc.
+- Currently only `amd64` arch is supported. Supporting `386` would be useful, because it should cover compat paths. Also, we could do testing of the linux-compatibility subsystem.
+- `pkg/csource` needs to be taught how to generate/build C reproducers.
+- `pkg/host` needs to be taught how to detect supported syscalls/devices.
+- `pkg/report`/`pkg/symbolizer` need to be taught how to extract/symbolize kernel crash reports.
+- We need to learn how to build/use debug version of kernel.
+- Last but not least, we need to support FreeBSD in `syz-ci` command (including building kernel/image continuously from git).