From a0f00cc5a05c4e3954578808e0fb75a3a3f5d89c Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Fri, 1 Feb 2019 14:48:17 +0100 Subject: docs: move netbsd.md into own dir The latest trend is to create a dir per OS as we now have too many of them. Create a dir netbsd and move the existing doc into it. --- docs/netbsd.md | 165 -------------------------------------------------- docs/netbsd/README.md | 165 ++++++++++++++++++++++++++++++++++++++++++++++++++ docs/setup.md | 2 +- 3 files changed, 166 insertions(+), 166 deletions(-) delete mode 100644 docs/netbsd.md create mode 100644 docs/netbsd/README.md (limited to 'docs') diff --git a/docs/netbsd.md b/docs/netbsd.md deleted file mode 100644 index 7aceab859..000000000 --- a/docs/netbsd.md +++ /dev/null @@ -1,165 +0,0 @@ -# NetBSD - -Instructions to set up syzkaller for a Linux Host and an amd64 NetBSD kernel. - -## Installing and building Syzkaller on Linux Host - -1. Install all the dependencies for Syzkaller (Go distribution can be downloaded from https://golang.org/dl/) - -2. Clone the Syzkaller Repository - ```sh - $ go get -u -d github.com/google/syzkaller/.. - $ cd ~/go/src/github.com/google/syzkaller - ``` - -3. Compile Syzkaller for NetBSD - ```sh - $ make TARGETOS=netbsd - ``` - -The above steps should have built the Syzkaller binaries (Except the syz-executor -binary) for NetBSD. - -You can see the compiled binaries in `bin/netbsd_amd64`. - - -## Setting up a NetBSD VM with qemu - -Please follow the tutorial given [here](https://wiki.qemu.org/Hosts/BSD#NetBSD) to -setup a basic NetBSD VM with qemu. - -After installing and running the NetBSD VM on qemu please follow the steps below to -configure ssh. - -1. Create a ssh-keypair on the host and save it as `netbsdkey`. - ```sh - $ ssh-keygen -t rsa - ``` - -2. Append the following lines to `/etc/rc.conf` on the guest. - ``` - sshd=YES - ifconfig_wm0="inet 10.0.2.15 netmask 255.255.255.0" - ``` - -3. Append this to `/etc/ssh/sshd_config` on the guest. - ``` - Port 22 - ListenAddress 10.0.2.15 - PermitRootLogin without-password - ``` - -4. Copy your public key to `/root/.ssh/authorized_keys` on the guest and `reboot` the - VM. - -5. After reboot make sure that the ssh is working properly. Replace the port with what - you have configured. - ```sh - $ ssh -i path/to/netbsdkey -p 10022 root@127.0.0.1 - ``` - -If the last command returns a proper shell it means the VM has been configured. - - -## Compiling the executor binary - -Syzkaller doesn't support compiling the executor binary on a linux host hence you have -to copy the required files to the NetBSD guest and compile them separately. - -1. Copy the content of the `executor/` folder to the NetBSD guest. (You can use the - scp command for the same) - -2. Compile the executor binary with the following command on the guest. (replace - GIT_VERSION_HERE with the output of `git rev-parse HEAD` in the host) - ```sh - $ gcc executor.cc -o syz-executor -O1 -lpthread -DGOOS_netbsd=1 -DGOARCH_amd64=1 -DGIT_REVISION=\"GIT_VERSION_HERE\" - ``` - -3. Copy the `syz-executor` file back to `bin/netbsd_amd64` on the linux host. - - -## Compiling a NetBSD kernel (Optional) - -You can compile a kernel with KASAN to increase the chances of finding bugs. - -1. Make a copy of the config file - ```sh - $ cp sys/arch/amd64/conf/GENERIC sys/arch/amd64/conf/SYZKALLER - ``` - -2. Uncomment the following lines in `sys/arch/amd64/conf/SYZKALLER` to enable KASAN - ``` - #makeoptions KASAN=1 # Kernel Address Sanitizer - #options KASAN - #no options SVS - ``` - -4. Compile the kernel with KASAN - ```sh - $ ./build.sh -m amd64 -j4 tools - $ ./build.sh -m amd64 -j4 kernel=SYZKALLER - - ``` - -4. Compiled kernel image should be found in `sys/arch/amd64/compile/SYZKALLER` and - should have the name `netbsd`. You need to copy it to the installed VM and reboot - the VM. - -## Running Syzkaller - -1. If all of the above worked, `poweroff` the VM and create `netbsd.cfg` config file with the following contents (alter paths as necessary): - ``` - { - "name": "netbsd", - "target": "netbsd/amd64", - "http": ":10000", - "workdir": "work", - "syzkaller": "$GOPATH/src/github.com/google/syzkaller", - "image": "path/to/netbsd.img", - "sshkey": "/path/to/netbsdkey", - "sandbox": "none", - "procs": 2, - "cover": false, - "type": "qemu", - "vm": { - "qemu": "qemu-system-x86_64", - "count": 2, - "cpu": 2, - "mem": 2048 - } - } - ``` - -(Above directories have to be specified to the exact locations and the ssh keys must be in a separate directory with chmod 700 permissions set to that directory and chmod 600 permissions to the files in both the guest and the host.) - - -2. Then, start `syz-manager` with: (Inside the syzkaller folder where the netbsd.cfg file also exists) - ```sh - $ bin/syz-manager -config netbsd.cfg - ``` - -(You can add a `-debug` flag to the above command to view the log if any issues arise.) - -3. Once syzkaller has started executing, it should start printing output along the lines of: - ``` - booting test machines... - wait for the connection from test machine... - machine check: 253 calls enabled, kcov=true, kleakcheck=false, faultinjection=false, comps=false - executed 3622, cover 1219, crashes 0, repro 0 - executed 7921, cover 1239, crashes 0, repro 0 - executed 32807, cover 1244, crashes 0, repro 0 - executed 35803, cover 1248, crashes 0, repro 0 - ``` - -## Missing things - -- Automating the configuation changes (like appending to config files), generating the json config file on the fly (with customizable values to the keys using command line parameters) and calling syz-manager with `anita` using just a single command. -- Coverage. `executor/executor_netbsd.cc` uses a very primitive fallback for coverage. We need KCOV for NetBSD. It will also help to assess what's covered and what's missing. -- System call descriptions. `sys/netbsd/*.txt` is a dirty copy from `sys/linux/*.txt` with everything that does not compile dropped. We need to go through syscalls and verify/fix/extend them, including devices/ioctls/etc. -- Currently only `amd64` arch is supported. Supporting `386` would be useful, because it should cover compat paths. Also, we could do testing of the linux-compatibility subsystem. -- `pkg/csource` needs to be taught how to generate/build C reproducers. -- `pkg/host` needs to be taught how to detect supported syscalls/devices. -- `pkg/report`/`pkg/symbolizer` need to be taught how to extract/symbolize kernel crash reports. -- We need to learn how to build/use debug version of kernel. -- On Linux we have emission of exernal networking/USB traffic into kernel using tun/gadgetfs. Implementing these for NetBSD could uncover a number of high-profile bugs. -- Last but not least, we need to support NetBSD in `syz-ci` command (including building kernel/image continuously from git). diff --git a/docs/netbsd/README.md b/docs/netbsd/README.md new file mode 100644 index 000000000..7aceab859 --- /dev/null +++ b/docs/netbsd/README.md @@ -0,0 +1,165 @@ +# NetBSD + +Instructions to set up syzkaller for a Linux Host and an amd64 NetBSD kernel. + +## Installing and building Syzkaller on Linux Host + +1. Install all the dependencies for Syzkaller (Go distribution can be downloaded from https://golang.org/dl/) + +2. Clone the Syzkaller Repository + ```sh + $ go get -u -d github.com/google/syzkaller/.. + $ cd ~/go/src/github.com/google/syzkaller + ``` + +3. Compile Syzkaller for NetBSD + ```sh + $ make TARGETOS=netbsd + ``` + +The above steps should have built the Syzkaller binaries (Except the syz-executor +binary) for NetBSD. + +You can see the compiled binaries in `bin/netbsd_amd64`. + + +## Setting up a NetBSD VM with qemu + +Please follow the tutorial given [here](https://wiki.qemu.org/Hosts/BSD#NetBSD) to +setup a basic NetBSD VM with qemu. + +After installing and running the NetBSD VM on qemu please follow the steps below to +configure ssh. + +1. Create a ssh-keypair on the host and save it as `netbsdkey`. + ```sh + $ ssh-keygen -t rsa + ``` + +2. Append the following lines to `/etc/rc.conf` on the guest. + ``` + sshd=YES + ifconfig_wm0="inet 10.0.2.15 netmask 255.255.255.0" + ``` + +3. Append this to `/etc/ssh/sshd_config` on the guest. + ``` + Port 22 + ListenAddress 10.0.2.15 + PermitRootLogin without-password + ``` + +4. Copy your public key to `/root/.ssh/authorized_keys` on the guest and `reboot` the + VM. + +5. After reboot make sure that the ssh is working properly. Replace the port with what + you have configured. + ```sh + $ ssh -i path/to/netbsdkey -p 10022 root@127.0.0.1 + ``` + +If the last command returns a proper shell it means the VM has been configured. + + +## Compiling the executor binary + +Syzkaller doesn't support compiling the executor binary on a linux host hence you have +to copy the required files to the NetBSD guest and compile them separately. + +1. Copy the content of the `executor/` folder to the NetBSD guest. (You can use the + scp command for the same) + +2. Compile the executor binary with the following command on the guest. (replace + GIT_VERSION_HERE with the output of `git rev-parse HEAD` in the host) + ```sh + $ gcc executor.cc -o syz-executor -O1 -lpthread -DGOOS_netbsd=1 -DGOARCH_amd64=1 -DGIT_REVISION=\"GIT_VERSION_HERE\" + ``` + +3. Copy the `syz-executor` file back to `bin/netbsd_amd64` on the linux host. + + +## Compiling a NetBSD kernel (Optional) + +You can compile a kernel with KASAN to increase the chances of finding bugs. + +1. Make a copy of the config file + ```sh + $ cp sys/arch/amd64/conf/GENERIC sys/arch/amd64/conf/SYZKALLER + ``` + +2. Uncomment the following lines in `sys/arch/amd64/conf/SYZKALLER` to enable KASAN + ``` + #makeoptions KASAN=1 # Kernel Address Sanitizer + #options KASAN + #no options SVS + ``` + +4. Compile the kernel with KASAN + ```sh + $ ./build.sh -m amd64 -j4 tools + $ ./build.sh -m amd64 -j4 kernel=SYZKALLER + + ``` + +4. Compiled kernel image should be found in `sys/arch/amd64/compile/SYZKALLER` and + should have the name `netbsd`. You need to copy it to the installed VM and reboot + the VM. + +## Running Syzkaller + +1. If all of the above worked, `poweroff` the VM and create `netbsd.cfg` config file with the following contents (alter paths as necessary): + ``` + { + "name": "netbsd", + "target": "netbsd/amd64", + "http": ":10000", + "workdir": "work", + "syzkaller": "$GOPATH/src/github.com/google/syzkaller", + "image": "path/to/netbsd.img", + "sshkey": "/path/to/netbsdkey", + "sandbox": "none", + "procs": 2, + "cover": false, + "type": "qemu", + "vm": { + "qemu": "qemu-system-x86_64", + "count": 2, + "cpu": 2, + "mem": 2048 + } + } + ``` + +(Above directories have to be specified to the exact locations and the ssh keys must be in a separate directory with chmod 700 permissions set to that directory and chmod 600 permissions to the files in both the guest and the host.) + + +2. Then, start `syz-manager` with: (Inside the syzkaller folder where the netbsd.cfg file also exists) + ```sh + $ bin/syz-manager -config netbsd.cfg + ``` + +(You can add a `-debug` flag to the above command to view the log if any issues arise.) + +3. Once syzkaller has started executing, it should start printing output along the lines of: + ``` + booting test machines... + wait for the connection from test machine... + machine check: 253 calls enabled, kcov=true, kleakcheck=false, faultinjection=false, comps=false + executed 3622, cover 1219, crashes 0, repro 0 + executed 7921, cover 1239, crashes 0, repro 0 + executed 32807, cover 1244, crashes 0, repro 0 + executed 35803, cover 1248, crashes 0, repro 0 + ``` + +## Missing things + +- Automating the configuation changes (like appending to config files), generating the json config file on the fly (with customizable values to the keys using command line parameters) and calling syz-manager with `anita` using just a single command. +- Coverage. `executor/executor_netbsd.cc` uses a very primitive fallback for coverage. We need KCOV for NetBSD. It will also help to assess what's covered and what's missing. +- System call descriptions. `sys/netbsd/*.txt` is a dirty copy from `sys/linux/*.txt` with everything that does not compile dropped. We need to go through syscalls and verify/fix/extend them, including devices/ioctls/etc. +- Currently only `amd64` arch is supported. Supporting `386` would be useful, because it should cover compat paths. Also, we could do testing of the linux-compatibility subsystem. +- `pkg/csource` needs to be taught how to generate/build C reproducers. +- `pkg/host` needs to be taught how to detect supported syscalls/devices. +- `pkg/report`/`pkg/symbolizer` need to be taught how to extract/symbolize kernel crash reports. +- We need to learn how to build/use debug version of kernel. +- On Linux we have emission of exernal networking/USB traffic into kernel using tun/gadgetfs. Implementing these for NetBSD could uncover a number of high-profile bugs. +- Last but not least, we need to support NetBSD in `syz-ci` command (including building kernel/image continuously from git). diff --git a/docs/setup.md b/docs/setup.md index e40d2e70a..98184c221 100644 --- a/docs/setup.md +++ b/docs/setup.md @@ -1,7 +1,7 @@ # How to set up syzkaller Generic setup instructions for fuzzing Linux kernel are outlined [here](linux/setup.md). -For other OS kernels check: [Akaros](/docs/akaros/README.md), [FreeBSD](/docs/freebsd.md), [Fuchsia](/docs/fuchsia.md), [NetBSD](/docs/netbsd.md), [OpenBSD](/docs/openbsd/setup.md), [Windows](/docs/windows/README.md). +For other OS kernels check: [Akaros](/docs/akaros/README.md), [FreeBSD](/docs/freebsd.md), [Fuchsia](/docs/fuchsia.md), [NetBSD](/docs/netbsd/README.md), [OpenBSD](/docs/openbsd/setup.md), [Windows](/docs/windows/README.md). After following these instructions you should be able to run `syz-manager`, see it executing programs and be able to access statistics exposed at `http://127.0.0.1:56741`: -- cgit mrf-deployment