1.8 KiB
Linux kernel configs
List of recommended kernel configs for syzkaller:
Syzkaller features
To enable coverage collection, which is extremely important for effective fuzzing:
CONFIG_KCOV=y
CONFIG_KCOV_INSTRUMENT_ALL=y
CONFIG_DEBUG_FS=y
To show code coverage in web interface:
CONFIG_DEBUG_INFO=y
For namespace sandbox:
CONFIG_NAMESPACES=y
CONFIG_USER_NS=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
If your kernel doesn't have commits arm64: setup: introduce kaslr_offset() and kcov: make kcov work properly with KASLR enabled, disable the following config:
# CONFIG_RANDOMIZE_BASE is not set
Bug detection configs
Syzkaller is meant to be used with
KASAN (available upstream with CONFIG_KASAN=y),
KTSAN (prototype available),
KMSAN (prototype available),
or KUBSAN (available upstream with CONFIG_UBSAN=y).
Enable KASAN for use-after-free and out-of-bounds detection:
CONFIG_KASAN=y
CONFIG_KASAN_INLINE=y
Any other debugging configs, the more the better, here are some that proved to be especially useful:
CONFIG_LOCKDEP=y
CONFIG_PROVE_LOCKING=y
CONFIG_DEBUG_ATOMIC_SLEEP=y
CONFIG_PROVE_RCU=y
CONFIG_DEBUG_VM=y
CONFIG_REFCOUNT_FULL=y
CONFIG_FORTIFY_SOURCE=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_LOCKUP_DETECTOR=y
CONFIG_SOFTLOCKUP_DETECTOR=y
CONFIG_HARDLOCKUP_DETECTOR=y
CONFIG_DETECT_HUNG_TASK=y
CONFIG_WQ_WATCHDOG=y
Increase RCU stall timeout to reduce false positive rate:
CONFIG_RCU_CPU_STALL_TIMEOUT=60