Docs: add linux dvkm tutorial #250
Conversation
|
Helps to fix #246 |
| (venv) $ kafl fuzz --kernel /path/to/linux/arch/x86/boot/bzImage --initrd /path/to/initrd.cpio.gz | ||
| ``` | ||
|
|
||
| Below, we outline how to construct an efficient development workflow leveraging this approach. |
There was a problem hiding this comment.
The sentence is kind of redundant here (too verbose intro?). Also the headline levels are confusing. The previous and next headlines look the same in generated HTML but I see that "## Initrd" is actually higher level?
How about enumerating the next couple headlines to mark them as obvious steps under "Direct Boot"?
There was a problem hiding this comment.
This is how the headline structure looks like
We introduce the 2 approches to virtualize our target, and then we dive into the "agent.sh based" workflow
So gen_initrd is below the Initrd and agent.sh` workflow
| The payload should be specified throught the [`--input`](../../../reference/fuzzer_configuration.md#input) parameter. | ||
|
|
||
| :::{Important} | ||
| We should always specify [`--resume`](../../../reference/fuzzer_configuration.md#resume) when using either `kafl cov` or `kafl debug`, since it will replay from the original snapshot taken by the first call on [`NEXT_PAYLAOD`](../../../reference/hypercall_api.md#next_payload), and will make our execution deterministic. |
There was a problem hiding this comment.
Reformulated this a bit. This assumes that the corpus for that input still exists & if the input is actually generated from the corpus that kafl single will find at --kafl-workdir / $KAFL_WORKDIR. Otherwise things will go down badly..
When replaying a payload from an previous kAFL run at $KAFL_WORKDIR, it is recommended to use --resume so that the tool will use the exact same snapshot and page cache as in the fuzzing run. This improves our odds at reproducing the crash. If the workdir does not exist anymore or the snapshot is not found, running kafl single without --resume will simply boot a new VM with the given configuration and execute the agent a single time with the given input.
Adds a new tutorial based on the DVKM module:
Build is available as HTML here @il-steffen:
singlehtml.zip