Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there a patch or document that can show how to patch kafl agent into the target linux kernel? #246

Closed
liujf628995 opened this issue Oct 20, 2023 · 7 comments
Closed

Is there a patch or document that can show how to patch kafl agent into the target linux kernel? #246

liujf628995 opened this issue Oct 20, 2023 · 7 comments

Comments

@liujf628995
Copy link

liujf628995 commented Oct 20, 2023
edited by Wenzel
Loading

And are there explanations about the kafl kernel config parameters?For example:

grep KAFL config.vanilla.virtio

CONFIG_TDX_FUZZ_KAFL=y
CONFIG_TDX_FUZZ_KAFL_DETERMINISTIC=y
CONFIG_TDX_FUZZ_KAFL_DEBUGFS=y
CONFIG_TDX_FUZZ_KAFL_TRACE_LOCATIONS is not set
CONFIG_TDX_FUZZ_KAFL_VIRTIO=y
CONFIG_TDX_FUZZ_KAFL_SKIP_MSR=y
CONFIG_TDX_FUZZ_KAFL_SKIP_CPUID=y
CONFIG_TDX_FUZZ_KAFL_SKIP_IOAPIC_READS is not set
CONFIG_TDX_FUZZ_KAFL_SKIP_ACPI_PIO is not set
CONFIG_TDX_FUZZ_KAFL_SKIP_RNG_SEEDING=y
CONFIG_TDX_FUZZ_KAFL_SKIP_PARAVIRT_REWRITE is not set
CONFIG_TDX_FUZZ_KAFL_VANILLA_PAYLOAD=y
CONFIG_TDX_FUZZ_KAFL_VANILLA_INJECTION_SAMPLE=y
@Wenzel
Copy link
Collaborator

Wenzel commented Oct 20, 2023

Hi @liujf628995,

I totally agree that the currrent Linux Kernel Tutorial lacks documentation on the internals of the kafl-agent, and its configuration options.

In my opinion it doesn't serve it's purpose very well as an introduction to kAFL.
I started an initiative to improve the documentation, but it will take time.

That's why I started to build another Linux based target, more accessible: the DVKM module:
IntelLabs/kafl.targets#31

I'm currently building a detailed tutorial for this, and will be publishing it in a few weeks.

Were you specifically interested by the Linux kernel virtualization interfaces fuzzing (Virtio, MSR, CPUID, IOAPIC, RNG,...), and the new DVKM (Damn Vulnerable Kernel Module) target could suit your needs ?

@liujf628995
Copy link
Author

Hi @liujf628995,

I totally agree that the currrent Linux Kernel Tutorial lacks documentation on the internals of the kafl-agent, and its configuration options.

In my opinion it doesn't serve it's purpose very well as an introduction to kAFL. I started an initiative to improve the documentation, but it will take time.

That's why I started to build another Linux based target, more accessible: the DVKM module: IntelLabs/kafl.targets#31

I'm currently building a detailed tutorial for this, and will be publishing it in a few weeks.

Were you specifically interested by the Linux kernel virtualization interfaces fuzzing (Virtio, MSR, CPUID, IOAPIC, RNG,...), and the new DVKM (Damn Vulnerable Kernel Module) target could suit your needs ?

HI, @Wenzel,

Yes,I'm intersting in fuzz the linux kernel and I think the new DVKM will be helpful for me.Would you want to replace the KAFL Agent with DVKM?Or just add this module to the existing agent?

I took a look at this link: IntelLabs/kafl.targets#31
Build the module as a ko-file and just insmod it to different target will be very convenient,I am looking forward to the progress of the project.

@Wenzel
Copy link
Collaborator

Wenzel commented Oct 24, 2023

Would you want to replace the KAFL Agent with DVKM?Or just add this module to the existing agent?

The exisitng kafl-agent was very specialized to fuzz the linux kernel virtualization communication channels, it's very complicated to understand and maintain, even more for a beginner.

The kafl-agent for DVKM will be minimal, only inserting crash hypercalls at the right locations in the kernel, and the rest will be in userland.

I will keep you up to date on this !

@liujf628995
Copy link
Author

Would you want to replace the KAFL Agent with DVKM?Or just add this module to the existing agent?

The exisitng kafl-agent was very specialized to fuzz the linux kernel virtualization communication channels, it's very complicated to understand and maintain, even more for a beginner.

The kafl-agent for DVKM will be minimal, only inserting crash hypercalls at the right locations in the kernel, and the rest will be in userland.

I will keep you up to date on this !

That sounds great!Thanks!

@Wenzel Wenzel mentioned this issue Oct 27, 2023
Merged
@Wenzel
Copy link
Collaborator

Wenzel commented Oct 31, 2023

Hi @liujf628995

The DVKM tutorial has now been merged upstream, and the documentation is online:
https://intellabs.github.io/kAFL/tutorials/linux/dvkm/target.html

I'm eager to receive your feedback on it, what works and what doesn't, what's unclear and what unanswered questions you might have.

@liujf628995
Copy link
Author

Thanks for your detailed tutorial,I'll try it these days and give you feedback later.

Hi @liujf628995

The DVKM tutorial has now been merged upstream, and the documentation is online: https://intellabs.github.io/kAFL/tutorials/linux/dvkm/target.html

I'm eager to receive your feedback on it, what works and what doesn't, what's unclear and what unanswered questions you might have.

@Wenzel
Copy link
Collaborator

Wenzel commented Nov 3, 2023

Thanks !
Closing this issue for now, feel free to reopen if necessary

@Wenzel Wenzel closed this as completed Nov 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Wenzel @liujf628995