summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-test
diff options
context:
space:
mode:
authorOvidiu Panait <ovidiu.panait@windriver.com>2022-10-21 13:25:36 +0300
committerKhem Raj <raj.khem@gmail.com>2022-10-21 09:57:59 -0700
commitcfac82c560e514333ebb1de772778554d1aca49c (patch)
treeabba1c3d3572ff3391ffc8c97a6bfb646131363c /meta-oe/recipes-test
parentbd8defdcd8b6c8e50c7b90587c551d6505f6487c (diff)
downloadmeta-openembedded-cfac82c560e514333ebb1de772778554d1aca49c.tar.gz
syzkaller: add recipe and selftest for syzkaller fuzzing
Syzkaller is a coverage-guided fuzzer that is widely used to find bugs in the Linux kernel: https://github.com/google/syzkaller Add the recipe and a selftest for running the fuzzer in a qemux86-64 kvm environment. The following steps can be used to start the test: """ cat >> conf/local.conf <<EOF SYZ_WORKDIR="<path>" SYZ_FUZZTIME="30" SYZ_QEMU_VM_COUNT="2" SYZ_QEMU_MEM="2048" SYZ_QEMU_CPUS="2" EOF oe-selftest -r syzkaller ... loading corpus... serving http on http://127.0.0.1:49605 serving rpc on tcp://[::]:46475 booting test machines... wait for the connection from test machine... vm-0: crash: KCSAN: data-race in poll_schedule_timeout.constprop.NUM / pollwake vm-1: crash: KCSAN: data-race in mutex_spin_on_owner machine check: syscalls : 2227/4223 code coverage : enabled comparison tracing : enabled extra coverage : enabled delay kcov mmap : mmap returned an invalid pointer setuid sandbox : enabled namespace sandbox : enabled Android sandbox : /sys/fs/selinux/policy does not exist fault injection : enabled leak checking : enabled net packet injection : enabled net device setup : enabled concurrency sanitizer : enabled devlink PCI setup : PCI device 0000:00:10.0 is not available USB emulation : enabled hci packet injection : enabled wifi device emulation : enabled 802.15.4 emulation : enabled corpus : 0 (deleted 0 broken) seeds : 0/0 VMs 2, executed 1, cover 0, signal 0/0, crashes 2, repro 0 vm-1: crash: KCSAN: data-race in mutex_spin_on_owner """ This will fuzz the yocto kernel for 30 minutes using 2 qemu VMs, each VM getting 2048MB of memory and 2 CPUs. The path in SYZ_WORKDIR must be an absolute path that is persistent across oe-selftest runs, so that fuzzing does not start all over again on each invocation. Syzkaller will save the corpus database in that directory and will use the database to keep track of the interfaces already fuzzed. After the test is done, <workdir>/crashes directory will contain the report files for all the bugs found. Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-test')
-rw-r--r--meta-oe/recipes-test/syzkaller/syzkaller/0001-sys-targets-targets.go-allow-users-to-override-hardc.patch67
-rw-r--r--meta-oe/recipes-test/syzkaller/syzkaller_git.bb73
2 files changed, 140 insertions, 0 deletions
diff --git a/meta-oe/recipes-test/syzkaller/syzkaller/0001-sys-targets-targets.go-allow-users-to-override-hardc.patch b/meta-oe/recipes-test/syzkaller/syzkaller/0001-sys-targets-targets.go-allow-users-to-override-hardc.patch
new file mode 100644
index 000000000..d647b8d4a
--- /dev/null
+++ b/meta-oe/recipes-test/syzkaller/syzkaller/0001-sys-targets-targets.go-allow-users-to-override-hardc.patch
@@ -0,0 +1,67 @@
1From aca1030d29f627314d13884ebc7b2c313d718df7 Mon Sep 17 00:00:00 2001
2From: Ovidiu Panait <ovidiu.panait@windriver.com>
3Date: Wed, 13 Apr 2022 17:17:54 +0300
4Subject: [PATCH] sys/targets/targets.go: allow users to override hardcoded
5 cross-compilers
6
7Currently, cross compiler names are hardcoded for each os/arch combo. However,
8toolchain tuples differ, especially when using vendor provided toolchains.
9Allow users to specify the cross compiler for an os/arch combo using
10SYZ_CC_<os>_<arch> environment variables.
11
12Also, remove hardcoded "-march=armv6" flag to fix compilation on arm.
13
14Upstream-Status: Inappropriate [embedded specific]
15
16Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
17---
18 sys/targets/targets.go | 19 +++++++++++--------
19 1 file changed, 11 insertions(+), 8 deletions(-)
20
21diff --git a/sys/targets/targets.go b/sys/targets/targets.go
22index f3be708f3..19a8bb681 100644
23--- a/sys/targets/targets.go
24+++ b/sys/targets/targets.go
25@@ -258,7 +258,6 @@ var List = map[string]map[string]*Target{
26 PtrSize: 4,
27 PageSize: 4 << 10,
28 LittleEndian: true,
29- CFlags: []string{"-D__LINUX_ARM_ARCH__=6", "-march=armv6"},
30 Triple: "arm-linux-gnueabi",
31 KernelArch: "arm",
32 KernelHeaderArch: "arm",
33@@ -670,12 +669,16 @@ func initTarget(target *Target, OS, arch string) {
34 for i := range target.CFlags {
35 target.replaceSourceDir(&target.CFlags[i], sourceDir)
36 }
37- if OS == Linux && arch == runtime.GOARCH {
38- // Don't use cross-compiler for native compilation, there are cases when this does not work:
39- // https://github.com/google/syzkaller/pull/619
40- // https://github.com/google/syzkaller/issues/387
41- // https://github.com/google/syzkaller/commit/06db3cec94c54e1cf720cdd5db72761514569d56
42- target.Triple = ""
43+ if OS == Linux {
44+ if cc := os.Getenv("SYZ_CC_" + OS + "_" + arch); cc != "" {
45+ target.CCompiler = cc
46+ } else if arch == runtime.GOARCH {
47+ // Don't use cross-compiler for native compilation, there are cases when this does not work:
48+ // https://github.com/google/syzkaller/pull/619
49+ // https://github.com/google/syzkaller/issues/387
50+ // https://github.com/google/syzkaller/commit/06db3cec94c54e1cf720cdd5db72761514569d56
51+ target.Triple = ""
52+ }
53 }
54 if target.CCompiler == "" {
55 target.setCompiler(useClang)
56@@ -803,7 +806,7 @@ func (target *Target) lazyInit() {
57 // On CI we want to fail loudly if cross-compilation breaks.
58 // Also fail if SOURCEDIR_GOOS is set b/c in that case user probably assumes it will work.
59 if (target.OS != runtime.GOOS || !runningOnCI) && os.Getenv("SOURCEDIR_"+strings.ToUpper(target.OS)) == "" {
60- if _, err := exec.LookPath(target.CCompiler); err != nil {
61+ if _, err := exec.LookPath(strings.Fields(target.CCompiler)[0]); err != nil {
62 target.BrokenCompiler = fmt.Sprintf("%v is missing (%v)", target.CCompiler, err)
63 return
64 }
65--
662.25.1
67
diff --git a/meta-oe/recipes-test/syzkaller/syzkaller_git.bb b/meta-oe/recipes-test/syzkaller/syzkaller_git.bb
new file mode 100644
index 000000000..f7c751f80
--- /dev/null
+++ b/meta-oe/recipes-test/syzkaller/syzkaller_git.bb
@@ -0,0 +1,73 @@
1DESCRIPTION = "syzkaller is an unsupervised coverage-guided kernel fuzzer"
2LICENSE = "Apache-2.0"
3LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=5335066555b14d832335aa4660d6c376"
4
5inherit go-mod
6
7GO_IMPORT = "github.com/google/syzkaller"
8
9SRC_URI = "git://${GO_IMPORT};protocol=https;destsuffix=${BPN}-${PV}/src/${GO_IMPORT};branch=master \
10 file://0001-sys-targets-targets.go-allow-users-to-override-hardc.patch;patchdir=src/${GO_IMPORT} \
11 "
12SRCREV = "67cb024cd1a3c95e311263a5c95e957f9abfd8ca"
13
14COMPATIBLE_HOST = "(x86_64|i.86|arm|aarch64).*-linux"
15
16B = "${S}/src/${GO_IMPORT}/bin"
17
18GO_EXTRA_LDFLAGS += ' -X ${GO_IMPORT}/prog.GitRevision=${SRCREV}'
19
20export GOHOSTFLAGS="${GO_LINKSHARED} ${GOBUILDFLAGS}"
21export GOTARGETFLAGS="${GO_LINKSHARED} ${GOBUILDFLAGS}"
22export TARGETOS = '${GOOS}'
23export TARGETARCH = '${GOARCH}'
24export TARGETVMARCH = '${GOARCH}'
25
26CGO_ENABLED = "0"
27
28DEPENDS:class-native += "qemu-system-native"
29
30do_compile:class-native() {
31 export HOSTOS="${GOHOSTOS}"
32 export HOSTARCH="${GOHOSTARCH}"
33
34 oe_runmake HOSTGO="${GO}" host
35}
36
37do_compile:class-target() {
38 export HOSTOS="${GOOS}"
39 export HOSTARCH="${GOARCH}"
40 export SYZ_CC_${TARGETOS}_${TARGETARCH}="${CC}"
41
42 # Unset GOOS and GOARCH so that the correct syz-sysgen binary can be
43 # generated. Fixes:
44 # go install: cannot install cross-compiled binaries when GOBIN is set
45 unset GOOS
46 unset GOARCH
47
48 oe_runmake GO="${GO}" CC="${CXX}" CFLAGS="${CXXFLAGS} ${LDFLAGS}" REV=${SRCREV} target
49}
50
51do_install:class-native() {
52 SYZ_BINS_NATIVE="syz-manager syz-runtest syz-repro syz-mutate syz-prog2c \
53 syz-db syz-upgrade"
54
55 install -d ${D}${bindir}
56
57 for i in ${SYZ_BINS_NATIVE}; do
58 install -m 0755 ${B}/${i} ${D}${bindir}
59 done
60}
61
62do_install:class-target() {
63 SYZ_TARGET_DIR="${TARGETOS}_${TARGETARCH}"
64 SYZ_BINS_TARGET="syz-fuzzer syz-execprog syz-stress syz-executor"
65
66 install -d ${D}${bindir}/${SYZ_TARGET_DIR}
67
68 for i in ${SYZ_BINS_TARGET}; do
69 install -m 0755 ${B}/${SYZ_TARGET_DIR}/${i} ${D}${bindir}/${SYZ_TARGET_DIR}
70 done
71}
72
73BBCLASSEXTEND += "native"