1 files changed, 124 insertions, 0 deletions
diff --git a/meta-oe/lib/oeqa/selftest/cases/syzkaller.py b/meta-oe/lib/oeqa/selftest/cases/syzkaller.py
new file mode 100644
index 0000000000..64fc864bf8
--- /dev/null
+++ b/meta-oe/lib/oeqa/selftest/cases/syzkaller.py
@@ -0,0 +1,124 @@
+#
+# SPDX-License-Identifier: MIT
+#
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars
+from oeqa.utils.network import get_free_port
+class TestSyzkaller(OESelftestTestCase):
+    def setUpSyzkallerConfig(self, os_arch, qemu_postfix):
+        syz_target_sysroot = get_bb_var('PKGD', 'syzkaller')
+        syz_target = os.path.join(syz_target_sysroot, 'usr')
+        qemu_native_bin = os.path.join(self.syz_native_sysroot, 'usr/bin/qemu-system-' + qemu_postfix)
+        kernel_cmdline = "ip=dhcp rootfs=/dev/sda dummy_hcd.num=%s" % (self.dummy_hcd_num)
+        kernel_objdir = self.deploy_dir_image
+        port = get_free_port()
+        if not os.path.exists(self.syz_workdir):
+            os.mkdir(self.syz_workdir)
+        with open(self.syz_cfg, 'w') as f:
+            f.write(
+"""
+{
+        "target": "%s",
+        "http": "127.0.0.1:%s",
+        "workdir": "%s",
+        "kernel_obj": "%s",
+        "kernel_src": "%s",
+        "image": "%s",
+        "syzkaller": "%s",
+        "type": "qemu",
+        "reproduce" : false,
+        "sandbox": "none",
+        "vm": {
+                "count": %s,
+                "kernel": "%s",
+                "cmdline": "%s",
+                "cpu": %s,
+                "mem": %s,
+                "qemu": "%s",
+                "qemu_args": "-device virtio-scsi-pci,id=scsi -device scsi-hd,drive=rootfs -enable-kvm -cpu host,migratable=off",
+                "image_device": "drive index=0,id=rootfs,if=none,media=disk,file="
+        }
+}
+"""
+% (os_arch, port, self.syz_workdir, kernel_objdir, self.kernel_src,
+   self.rootfs, syz_target, self.syz_qemu_vms, self.kernel, kernel_cmdline,
+   self.syz_qemu_cpus, self.syz_qemu_mem, qemu_native_bin))
+    def test_syzkallerFuzzingQemux86_64(self):
+        self.image = 'core-image-minimal'
+        self.machine = 'qemux86-64'
+        self.fstype = "ext4"
+        self.write_config(
+"""
+MACHINE = "%s"
+IMAGE_FSTYPES = "%s"
+KERNEL_IMAGETYPES += "vmlinux"
+EXTRA_IMAGE_FEATURES += " ssh-server-openssh"
+IMAGE_ROOTFS_EXTRA_SPACE = "512000"
+KERNEL_EXTRA_FEATURES += " \
+    cfg/debug/syzkaller/debug-syzkaller.scc \
+"
+IMAGE_INSTALL:append = " syzkaller"
+"""
+% (self.machine, self.fstype))
+        build_vars = ['TOPDIR', 'DEPLOY_DIR_IMAGE', 'STAGING_KERNEL_DIR']
+        syz_fuzz_vars = ['SYZ_WORKDIR', 'SYZ_FUZZTIME', 'SYZ_QEMU_MEM', 'SYZ_QEMU_CPUS', 'SYZ_QEMU_VM_COUNT']
+        syz_aux_vars = ['SYZ_DUMMY_HCD_NUM']
+        needed_vars = build_vars + syz_fuzz_vars + syz_aux_vars
+        bb_vars = get_bb_vars(needed_vars)
+        for var in syz_fuzz_vars:
+                if not bb_vars[var]:
+                    self.skipTest(
+"""
+%s variable not set.
+Please configure %s fuzzing parameters to run this test.
+Example local.conf config:
+SYZ_WORKDIR="<path>"  # syzkaller workdir location (must be persistent across os-selftest runs)
+SYZ_FUZZTIME="30"     # fuzzing time in minutes
+SYZ_QEMU_VM_COUNT="1" # number of qemu VMs to be used for fuzzing
+SYZ_QEMU_MEM="2048"'  # memory used by each qemu VM
+SYZ_QEMU_CPUS="2"'    # number of cpus used by each qemu VM
+"""
+% (var, ', '.join(syz_fuzz_vars)))
+        self.topdir = bb_vars['TOPDIR']
+        self.deploy_dir_image = bb_vars['DEPLOY_DIR_IMAGE']
+        self.kernel_src = bb_vars['STAGING_KERNEL_DIR']
+        """
+        SYZ_WORKDIR must be set to an absolute path where syzkaller will store
+        the corpus database, config, runtime and crash data generated during
+        fuzzing. It must be persistent between oe-selftest runs, so the fuzzer
+        does not start over again on each run.
+        """
+        self.syz_workdir = bb_vars['SYZ_WORKDIR']
+        self.syz_fuzztime = int(bb_vars['SYZ_FUZZTIME']) * 60
+        self.syz_qemu_mem = int(bb_vars['SYZ_QEMU_MEM'])
+        self.syz_qemu_cpus = int(bb_vars['SYZ_QEMU_CPUS'])
+        self.syz_qemu_vms = int(bb_vars['SYZ_QEMU_VM_COUNT'])
+        self.dummy_hcd_num = int(bb_vars['SYZ_DUMMY_HCD_NUM'] or 8)
+        self.syz_cfg = os.path.join(self.syz_workdir, 'syzkaller.cfg')
+        self.kernel = os.path.join(self.deploy_dir_image, 'bzImage')
+        self.rootfs = os.path.join(self.deploy_dir_image, '%s-%s.%s' % (self.image, self.machine, self.fstype))
+        self.syz_native_sysroot = get_bb_var('RECIPE_SYSROOT_NATIVE', 'syzkaller-native')
+        self.setUpSyzkallerConfig("linux/amd64", "x86_64")
+        bitbake(self.image)
+        bitbake('syzkaller')
+        bitbake('syzkaller-native -c addto_recipe_sysroot')
+        cmd = "syz-manager -config %s" % self.syz_cfg
+        runCmd(cmd, native_sysroot = self.syz_native_sysroot, timeout=self.syz_fuzztime, output_log=self.logger, ignore_status=True, shell=True)

diff --git a/meta-oe/lib/oeqa/selftest/cases/syzkaller.py b/meta-oe/lib/oeqa/selftest/cases/syzkaller.py new file mode 100644 index 0000000000..64fc864bf8 --- /dev/null +++ b/meta-oe/lib/oeqa/selftest/cases/syzkaller.py
@@ -0,0 +1,124 @@
	1	#
	2	# SPDX-License-Identifier: MIT
	3	#
	4
	5	from oeqa.selftest.case import OESelftestTestCase
	6	from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars
	7	from oeqa.utils.network import get_free_port
	8
	9	class TestSyzkaller(OESelftestTestCase):
	10	def setUpSyzkallerConfig(self, os_arch, qemu_postfix):
	11	syz_target_sysroot = get_bb_var('PKGD', 'syzkaller')
	12	syz_target = os.path.join(syz_target_sysroot, 'usr')
	13
	14	qemu_native_bin = os.path.join(self.syz_native_sysroot, 'usr/bin/qemu-system-' + qemu_postfix)
	15	kernel_cmdline = "ip=dhcp rootfs=/dev/sda dummy_hcd.num=%s" % (self.dummy_hcd_num)
	16	kernel_objdir = self.deploy_dir_image
	17	port = get_free_port()
	18
	19	if not os.path.exists(self.syz_workdir):
	20	os.mkdir(self.syz_workdir)
	21
	22	with open(self.syz_cfg, 'w') as f:
	23	f.write(
	24	"""
	25	{
	26	"target": "%s",
	27	"http": "127.0.0.1:%s",
	28	"workdir": "%s",
	29	"kernel_obj": "%s",
	30	"kernel_src": "%s",
	31	"image": "%s",
	32	"syzkaller": "%s",
	33	"type": "qemu",
	34	"reproduce" : false,
	35	"sandbox": "none",
	36	"vm": {
	37	"count": %s,
	38	"kernel": "%s",
	39	"cmdline": "%s",
	40	"cpu": %s,
	41	"mem": %s,
	42	"qemu": "%s",
	43	"qemu_args": "-device virtio-scsi-pci,id=scsi -device scsi-hd,drive=rootfs -enable-kvm -cpu host,migratable=off",
	44	"image_device": "drive index=0,id=rootfs,if=none,media=disk,file="
	45	}
	46	}
	47	"""
	48	% (os_arch, port, self.syz_workdir, kernel_objdir, self.kernel_src,
	49	self.rootfs, syz_target, self.syz_qemu_vms, self.kernel, kernel_cmdline,
	50	self.syz_qemu_cpus, self.syz_qemu_mem, qemu_native_bin))
	51
	52	def test_syzkallerFuzzingQemux86_64(self):
	53	self.image = 'core-image-minimal'
	54	self.machine = 'qemux86-64'
	55	self.fstype = "ext4"
	56
	57	self.write_config(
	58	"""
	59	MACHINE = "%s"
	60	IMAGE_FSTYPES = "%s"
	61	KERNEL_IMAGETYPES += "vmlinux"
	62	EXTRA_IMAGE_FEATURES += " ssh-server-openssh"
	63	IMAGE_ROOTFS_EXTRA_SPACE = "512000"
	64	KERNEL_EXTRA_FEATURES += " \
	65	cfg/debug/syzkaller/debug-syzkaller.scc \
	66	"
	67	IMAGE_INSTALL:append = " syzkaller"
	68	"""
	69	% (self.machine, self.fstype))
	70
	71	build_vars = ['TOPDIR', 'DEPLOY_DIR_IMAGE', 'STAGING_KERNEL_DIR']
	72	syz_fuzz_vars = ['SYZ_WORKDIR', 'SYZ_FUZZTIME', 'SYZ_QEMU_MEM', 'SYZ_QEMU_CPUS', 'SYZ_QEMU_VM_COUNT']
	73	syz_aux_vars = ['SYZ_DUMMY_HCD_NUM']
	74
	75	needed_vars = build_vars + syz_fuzz_vars + syz_aux_vars
	76	bb_vars = get_bb_vars(needed_vars)
	77
	78	for var in syz_fuzz_vars:
	79	if not bb_vars[var]:
	80	self.skipTest(
	81	"""
	82	%s variable not set.
	83	Please configure %s fuzzing parameters to run this test.
	84
	85	Example local.conf config:
	86	SYZ_WORKDIR="<path>" # syzkaller workdir location (must be persistent across os-selftest runs)
	87	SYZ_FUZZTIME="30" # fuzzing time in minutes
	88	SYZ_QEMU_VM_COUNT="1" # number of qemu VMs to be used for fuzzing
	89	SYZ_QEMU_MEM="2048"' # memory used by each qemu VM
	90	SYZ_QEMU_CPUS="2"' # number of cpus used by each qemu VM
	91	"""
	92	% (var, ', '.join(syz_fuzz_vars)))
	93
	94	self.topdir = bb_vars['TOPDIR']
	95	self.deploy_dir_image = bb_vars['DEPLOY_DIR_IMAGE']
	96	self.kernel_src = bb_vars['STAGING_KERNEL_DIR']
	97
	98	"""
	99	SYZ_WORKDIR must be set to an absolute path where syzkaller will store
	100	the corpus database, config, runtime and crash data generated during
	101	fuzzing. It must be persistent between oe-selftest runs, so the fuzzer
	102	does not start over again on each run.
	103	"""
	104	self.syz_workdir = bb_vars['SYZ_WORKDIR']
	105	self.syz_fuzztime = int(bb_vars['SYZ_FUZZTIME']) * 60
	106	self.syz_qemu_mem = int(bb_vars['SYZ_QEMU_MEM'])
	107	self.syz_qemu_cpus = int(bb_vars['SYZ_QEMU_CPUS'])
	108	self.syz_qemu_vms = int(bb_vars['SYZ_QEMU_VM_COUNT'])
	109	self.dummy_hcd_num = int(bb_vars['SYZ_DUMMY_HCD_NUM'] or 8)
	110
	111	self.syz_cfg = os.path.join(self.syz_workdir, 'syzkaller.cfg')
	112	self.kernel = os.path.join(self.deploy_dir_image, 'bzImage')
	113	self.rootfs = os.path.join(self.deploy_dir_image, '%s-%s.%s' % (self.image, self.machine, self.fstype))
	114
	115	self.syz_native_sysroot = get_bb_var('RECIPE_SYSROOT_NATIVE', 'syzkaller-native')
	116
	117	self.setUpSyzkallerConfig("linux/amd64", "x86_64")
	118
	119	bitbake(self.image)
	120	bitbake('syzkaller')
	121	bitbake('syzkaller-native -c addto_recipe_sysroot')
	122
	123	cmd = "syz-manager -config %s" % self.syz_cfg
	124	runCmd(cmd, native_sysroot = self.syz_native_sysroot, timeout=self.syz_fuzztime, output_log=self.logger, ignore_status=True, shell=True)