aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md2
-rw-r--r--docs/linux_kernel_configs.md55
2 files changed, 56 insertions, 1 deletions
diff --git a/README.md b/README.md
index e20d51a6c..1f9f834e8 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ KCOV was committed upstream in Linux kernel version 4.6 and can be enabled by co
For older kernels you need to backport commit [kernel: add kcov code coverage](https://github.com/torvalds/linux/commit/5c9a8750a6409c63a0f01d51a9024861022f6593).
To enable more syzkaller features and improve bug detection abilities, it's recommended to use additional config options.
-See [Kernel configs](https://github.com/google/syzkaller/wiki/Kernel-configs) for details.
+See [this page](docs/linux_kernel_configs.md) for details.
### VM Setup
diff --git a/docs/linux_kernel_configs.md b/docs/linux_kernel_configs.md
new file mode 100644
index 000000000..5627a446f
--- /dev/null
+++ b/docs/linux_kernel_configs.md
@@ -0,0 +1,55 @@
+# Linux kernel configs
+
+List of recommended kernel configs for `syzkaller`:
+
+## Syzkaller features
+
+To enable coverage collection, which is extremely important for effective fuzzing:
+```
+CONFIG_KCOV=y
+CONFIG_KCOV_INSTRUMENT_ALL=y
+CONFIG_DEBUG_FS=y
+```
+
+To show code coverage in web interface:
+```
+CONFIG_DEBUG_INFO=y
+```
+
+For `namespace` sandbox:
+```
+CONFIG_NAMESPACES=y
+CONFIG_USER_NS=y
+CONFIG_UTS_NS=y
+CONFIG_IPC_NS=y
+CONFIG_PID_NS=y
+CONFIG_NET_NS=y
+```
+
+If your kernel doesn't have commits [arm64: setup: introduce kaslr_offset()](https://github.com/torvalds/linux/commit/7ede8665f27cde7da69e8b2fbeaa1ed0664879c5)
+ and [kcov: make kcov work properly with KASLR enabled](https://github.com/torvalds/linux/commit/4983f0ab7ffaad1e534b21975367429736475205), disable the following config:
+```
+# CONFIG_RANDOMIZE_BASE is not set
+```
+
+## Bug detection configs
+
+`KASAN` for use-after-free and out-of-bounds detection:
+```
+CONFIG_KASAN=y
+CONFIG_KASAN_INLINE=y
+```
+
+Any other debugging configs, the more the better, here are some that proved to be especially useful:
+```
+CONFIG_LOCKDEP=y
+CONFIG_PROVE_LOCKING=y
+CONFIG_DEBUG_ATOMIC_SLEEP=y
+CONFIG_PROVE_RCU=y
+CONFIG_DEBUG_VM=y
+```
+
+Increase RCU stall timeout to reduce false positive rate:
+```
+CONFIG_RCU_CPU_STALL_TIMEOUT=60
+```
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 17:39:58 +0000