2018-04-05 17:52:54 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
# Copyright 2018 syzkaller project authors. All rights reserved.
|
|
|
|
|
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
|
|
# This script setups everything that's needed to run syzkaller
|
|
|
|
|
# using qemu on known working syzkaller/kernel revisions.
|
|
|
|
|
# Tested on Ubuntu 16.04 and Debian rolling. The script downloads a bunch
|
|
|
|
|
# of stuff, so make sure you have a good internet connection.
|
|
|
|
|
# But first ensure that you have KVM enabled in BIOS and in kernel,
|
|
|
|
|
# otherwise fuzzing will be very slow and lots of things will time out, see:
|
|
|
|
|
# https://help.ubuntu.com/community/KVM/Installation
|
|
|
|
|
# https://www.linux-kvm.org/page/FAQ
|
|
|
|
|
# If everything goes successfully, the script will start syz-manager
|
|
|
|
|
# that will start fuzzing Linux kernel. You should see periodic log lines
|
|
|
|
|
# of the following form:
|
|
|
|
|
# 2018/04/01 10:00:00 VMs 10, executed 50170, cover 42270, crashes 0, repro 0
|
|
|
|
|
# syz-manager web UI contains a summary of crashes:
|
|
|
|
|
# http://localhost:20000
|
|
|
|
|
# You can always abort syz-manager with Ctrl+C and start it again by running
|
|
|
|
|
# the last command of this script.
|
|
|
|
|
|
|
|
|
|
set -eux
|
|
|
|
|
|
2018-04-07 10:33:23 +00:00
|
|
|
export DIR=$PWD
|
|
|
|
|
export PATH=$DIR/go/bin:$PATH
|
|
|
|
|
export GOPATH=$DIR/gopath
|
|
|
|
|
export GOROOT=
|
|
|
|
|
export NVM=$(((`free -g | grep "Mem:" | awk '{print $2}'`-1)/3))
|
2018-04-05 17:52:54 +00:00
|
|
|
|
|
|
|
|
sudo apt-get install -y -q make git curl bison flex bc libssl-dev gcc g++ qemu-system-x86
|
|
|
|
|
|
|
|
|
|
curl https://dl.google.com/go/go1.10.1.linux-amd64.tar.gz | tar -xz
|
|
|
|
|
curl https://storage.googleapis.com/syzkaller/gcc-7.tar.gz | tar -xz
|
|
|
|
|
curl https://storage.googleapis.com/syzkaller/corpus.db.tar.gz | tar -xz
|
|
|
|
|
wget https://storage.googleapis.com/syzkaller/wheezy.img
|
|
|
|
|
wget https://storage.googleapis.com/syzkaller/wheezy.img.key
|
|
|
|
|
chmod 0600 wheezy.img.key
|
|
|
|
|
mkdir workdir
|
|
|
|
|
mv corpus.db workdir/
|
|
|
|
|
|
|
|
|
|
go get -d github.com/google/syzkaller/...
|
|
|
|
|
(cd $GOPATH/src/github.com/google/syzkaller; \
|
|
|
|
|
git checkout ad7d294798bac1b8da37cf303e44ade90689bb1c; \
|
|
|
|
|
make; \
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
git clone --branch v4.13 --single-branch --depth=1 \
|
|
|
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
|
|
|
|
|
curl https://gist.githubusercontent.com/dvyukov/2c63231d1cd0d162ac6bebb4627f045c/raw/c3d5c80d391ba4853d6a6453db38c249f40b4b8b/gistfile1.txt > linux/.config
|
|
|
|
|
(cd linux; make -j32 CC=$DIR/gcc/bin/gcc)
|
|
|
|
|
|
|
|
|
|
cat <<'EOF' | sed "s#DIR#$DIR#g" | sed "s#NVM#$NVM#g" > config
|
|
|
|
|
{
|
|
|
|
|
"name": "demo",
|
|
|
|
|
"target": "linux/amd64",
|
|
|
|
|
"http": ":20000",
|
|
|
|
|
"workdir": "DIR/workdir",
|
|
|
|
|
"vmlinux": "DIR/linux/vmlinux",
|
|
|
|
|
"syzkaller": "DIR/gopath/src/github.com/google/syzkaller",
|
|
|
|
|
"image": "DIR/wheezy.img",
|
|
|
|
|
"sshkey": "DIR/wheezy.img.key",
|
|
|
|
|
"sandbox": "none",
|
|
|
|
|
"procs": 8,
|
|
|
|
|
"type": "qemu",
|
|
|
|
|
"vm": {
|
|
|
|
|
"count": NVM,
|
|
|
|
|
"cpu": 4,
|
|
|
|
|
"mem": 2048,
|
|
|
|
|
"kernel": "DIR/linux/arch/x86/boot/bzImage"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
gopath/src/github.com/google/syzkaller/bin/syz-manager -config config
|
