From: Sam Caccavale <samcacc@amazon.de>
To: unlisted-recipients:; (no To-header on input)
Cc: <samcaccavale@gmail.com>, <nmanthey@amazon.de>,
<wipawel@amazon.de>, <dwmw@amazon.co.uk>, <mpohlack@amazon.de>,
<graf@amazon.de>, <karahmed@amazon.de>,
<andrew.cooper3@citrix.com>, <JBeulich@suse.com>,
<pbonzini@redhat.com>, <rkrcmar@redhat.com>, <tglx@linutronix.de>,
<mingo@redhat.com>, <bp@alien8.de>, <hpa@zytor.com>,
<paullangton4@gmail.com>, <x86@kernel.org>, <kvm@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, Sam Caccavale <samcacc@amazon.de>
Subject: [PATCH v4 4/5] Added build and install scripts
Date: Fri, 28 Jun 2019 11:26:20 +0200 [thread overview]
Message-ID: <20190628092621.17823-5-samcacc@amazon.de> (raw)
In-Reply-To: <20190628092621.17823-1-samcacc@amazon.de>
install_afl.sh installs AFL locally and emits AFLPATH,
build.sh, and run.sh build and run respectively
---
v1 -> v2:
- Introduced this patch
v2 -> v3:
- Moved non-essential development scripts to a later patch
v3 -> v4:
- Building checks for existing .config and no longer overwrites it
- Removed extraneous forcing of some config options
- Renamed afl-many to afl-many.sh
- Added a timeout option to afl-many.sh
- Fixed an incorrect path in afl-many.sh
Signed-off-by: Sam Caccavale <samcacc@amazon.de>
---
tools/fuzz/x86ie/scripts/afl-many.sh | 31 ++++++++++++++++++++++
tools/fuzz/x86ie/scripts/build.sh | 34 +++++++++++++++++++++++++
tools/fuzz/x86ie/scripts/install_afl.sh | 17 +++++++++++++
tools/fuzz/x86ie/scripts/run.sh | 10 ++++++++
4 files changed, 92 insertions(+)
create mode 100755 tools/fuzz/x86ie/scripts/afl-many.sh
create mode 100755 tools/fuzz/x86ie/scripts/build.sh
create mode 100755 tools/fuzz/x86ie/scripts/install_afl.sh
create mode 100755 tools/fuzz/x86ie/scripts/run.sh
diff --git a/tools/fuzz/x86ie/scripts/afl-many.sh b/tools/fuzz/x86ie/scripts/afl-many.sh
new file mode 100755
index 000000000000..e56923ae16ff
--- /dev/null
+++ b/tools/fuzz/x86ie/scripts/afl-many.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0+
+# This is for running AFL over NPROC or `nproc` cores with normal AFL options ex:
+# ./tools/fuzz/x86ie/scripts/afl-many.sh -m 22000000000 -i $FUZZDIR/in -o $FUZZDIR/out tools/fuzz/x86ie/afl-harness @@
+
+export AFL_NO_AFFINITY=1
+
+while [ -z "$sync_dir" ]; do
+ while getopts ":o:" opt; do
+ case "${opt}" in
+ o)
+ sync_dir="${OPTARG}"
+ ;;
+ *)
+ ;;
+ esac
+ done
+ ((OPTIND++))
+ [ $OPTIND -gt $# ] && break
+done
+
+# AFL/linux do some weird stuff with core affinity and will often run
+# N processes over < N virtual cores. In order to avoid that, we taskset
+# each process to its own core.
+for i in $(seq 1 $(( ${NPROC:-$(nproc)} - 1)) ); do
+ taskset -c "$i" $AFLPATH/afl-fuzz -S "slave$i" $@ >/dev/null 2>&1 &
+done
+taskset -c 0 $AFLPATH/afl-fuzz -M master $@ >/dev/null 2>&1 &
+
+${TIMEOUT:+timeout -sKILL $TIMEOUT} watch -n1 "echo \"Executing '$AFLPATH/afl-fuzz $@' on ${NPROC:-$(nproc)} cores.\" && $AFLPATH/afl-whatsup -s ${sync_dir}"
+pkill afl-fuzz
diff --git a/tools/fuzz/x86ie/scripts/build.sh b/tools/fuzz/x86ie/scripts/build.sh
new file mode 100755
index 000000000000..5e0eab8ad721
--- /dev/null
+++ b/tools/fuzz/x86ie/scripts/build.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0+
+# Run from root of linux via `./tools/fuzz/x86ie/scripts/build.sh`
+
+kernel_objects="arch/x86/kvm/emulate.o arch/x86/lib/retpoline.o lib/find_bit.o"
+
+disable() { sed -i -r "/\b$1\b/c\# $1" .config; }
+enable() { sed -i -r "/\b$1\b/c\\$1=y" .config; }
+
+if [ ! -f .config ]; then
+ make ${CC:+ "CC=$CC"} defconfig
+fi
+
+# enable "CONFIG_DEBUG_INFO"
+
+yes ' ' | make ${CC:+ "CC=$CC"} ${DEBUG:+ "DEBUG=1"} $kernel_objects
+
+omit_arg () { args=$(echo "$args" | sed "s/ $1//g"); }
+add_arg () { args+=" $1"; }
+
+rebuild () {
+ args="$(head -1 $(dirname $1)/.$(basename $1).cmd | sed -e 's/.*:= //g')"
+ omit_arg "-mcmodel=kernel"
+ omit_arg "-mpreferred-stack-boundary=3"
+ add_arg "-fsanitize=address"
+ echo -e "Rebuilding $1 with \n$args"
+ eval "$args"
+}
+
+for object in $kernel_objects; do
+ rebuild $object
+done
+
+make ${CC:+ "CC=$CC"} ${DEBUG:+ "DEBUG=1"} tools/fuzz
diff --git a/tools/fuzz/x86ie/scripts/install_afl.sh b/tools/fuzz/x86ie/scripts/install_afl.sh
new file mode 100755
index 000000000000..3bdbdf2a040b
--- /dev/null
+++ b/tools/fuzz/x86ie/scripts/install_afl.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0+
+# Can be run where ever, but usually run from linux root:
+# `source ./tools/fuzz/x86ie/scripts/install_afl.sh`
+# (must be sourced to get the AFLPATH envvar, otherwise set manually)
+
+wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
+mkdir -p afl
+tar xzf afl-latest.tgz -C afl --strip-components 1
+
+pushd afl
+set AFL_USE_ASAN
+make clean all
+export AFLPATH="$(pwd)"
+popd
+
+sudo bash -c "echo core >/proc/sys/kernel/core_pattern"
diff --git a/tools/fuzz/x86ie/scripts/run.sh b/tools/fuzz/x86ie/scripts/run.sh
new file mode 100755
index 000000000000..348c9c41021a
--- /dev/null
+++ b/tools/fuzz/x86ie/scripts/run.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0+
+
+FUZZDIR="${FUZZDIR:-$(pwd)/fuzz}"
+
+mkdir -p $FUZZDIR/in
+cp tools/fuzz/x86ie/rand_sample.bin $FUZZDIR/in
+mkdir -p $FUZZDIR/out
+
+screen bash -c "ulimit -Sv $[21999999999 << 10]; ${TIMEOUT:+TIMEOUT=$TIMEOUT} ./tools/fuzz/x86ie/scripts/afl-many.sh -m 22000000000 -i $FUZZDIR/in -o $FUZZDIR/out tools/fuzz/x86ie/afl-harness @@; exit \$?;"
--
2.17.1
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
next prev parent reply other threads:[~2019-06-28 9:27 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-28 9:26 [PATCH v4 0/5] x86 instruction emulator fuzzing Sam Caccavale
2019-06-28 9:26 ` [PATCH v4 1/5] Build target for emulate.o as a userspace binary Sam Caccavale
2019-06-28 9:26 ` [PATCH v4 2/5] Emulate simple x86 instructions in userspace Sam Caccavale
2019-06-28 9:26 ` [PATCH v4 3/5] Demonstrating unit testing via simple-harness Sam Caccavale
2019-06-28 9:26 ` Sam Caccavale [this message]
2019-06-28 9:26 ` [PATCH v4 5/5] Development scripts for crash triage and deploy Sam Caccavale
2019-06-28 9:33 ` [PATCH v4 0/5] x86 instruction emulator fuzzing Alexander Graf
2019-07-03 16:20 ` Paolo Bonzini
2019-07-03 20:04 ` Sam Caccavale
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190628092621.17823-5-samcacc@amazon.de \
--to=samcacc@amazon.de \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=dwmw@amazon.co.uk \
--cc=graf@amazon.de \
--cc=hpa@zytor.com \
--cc=karahmed@amazon.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mpohlack@amazon.de \
--cc=nmanthey@amazon.de \
--cc=paullangton4@gmail.com \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=samcaccavale@gmail.com \
--cc=tglx@linutronix.de \
--cc=wipawel@amazon.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox