From: Alexander Graf <graf@amazon.com>
To: Sam Caccavale <samcacc@amazon.de>
Cc: <samcaccavale@gmail.com>, <nmanthey@amazon.de>,
<wipawel@amazon.de>, <dwmw@amazon.co.uk>, <mpohlack@amazon.de>,
<karahmed@amazon.de>, <andrew.cooper3@citrix.com>,
<JBeulich@suse.com>, <pbonzini@redhat.com>, <rkrcmar@redhat.com>,
<tglx@linutronix.de>, <mingo@redhat.com>, <bp@alien8.de>,
<hpa@zytor.com>, <paullangton4@gmail.com>,
<anirudhkaushik@google.com>, <x86@kernel.org>,
<kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 4/5] Added build and install scripts
Date: Thu, 27 Jun 2019 18:57:57 +0200 [thread overview]
Message-ID: <e0b29f4d-7471-c5d8-c9d4-2a352831a4bd@amazon.com> (raw)
In-Reply-To: <20190624142414.22096-5-samcacc@amazon.de>
On 24.06.19 16:24, Sam Caccavale wrote:
> install_afl.sh installs AFL locally and emits AFLPATH,
> build.sh, and run.sh build and run respectively
>
> ---
>
> v1 -> v2:
> - Introduced this patch
>
> v2 -> v3:
> - Moved non-essential development scripts to a later patch
>
> Signed-off-by: Sam Caccavale <samcacc@amazon.de>
> ---
> tools/fuzz/x86ie/scripts/afl-many | 31 +++++++++++++++++++++++
> tools/fuzz/x86ie/scripts/build.sh | 33 +++++++++++++++++++++++++
> tools/fuzz/x86ie/scripts/install_afl.sh | 17 +++++++++++++
> tools/fuzz/x86ie/scripts/run.sh | 10 ++++++++
> 4 files changed, 91 insertions(+)
> create mode 100755 tools/fuzz/x86ie/scripts/afl-many
> create mode 100755 tools/fuzz/x86ie/scripts/build.sh
> create mode 100755 tools/fuzz/x86ie/scripts/install_afl.sh
> create mode 100755 tools/fuzz/x86ie/scripts/run.sh
>
> diff --git a/tools/fuzz/x86ie/scripts/afl-many b/tools/fuzz/x86ie/scripts/afl-many
> new file mode 100755
> index 000000000000..e55ff115a777
> --- /dev/null
> +++ b/tools/fuzz/x86ie/scripts/afl-many
> @@ -0,0 +1,31 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0+
> +# This is for running AFL over NPROC or `nproc` cores with normal AFL options ex:
> +# ulimit -Sv $[21999999999 << 10]; ./tools/fuzz/x86ie/scripts/afl-many -m 22000000000 -i $FUZZDIR/in -o $FUZZDIR/out tools/fuzz/x86ie/afl-harness @@
> +
> +export AFL_NO_AFFINITY=1
> +
> +while [ -z "$sync_dir" ]; do
> + while getopts ":o:" opt; do
> + case "${opt}" in
> + o)
> + sync_dir="${OPTARG}"
> + ;;
> + *)
> + ;;
> + esac
> + done
> + ((OPTIND++))
> + [ $OPTIND -gt $# ] && break
> +done
> +
> +# AFL/linux do some weird stuff with core affinity and will often run
> +# N processes over < N virtual cores. In order to avoid that, we taskset
> +# each process to its own core.
> +for i in $(seq 1 $(( ${NPROC:-$(nproc)} - 1)) ); do
> + taskset -c "$i" ./afl-fuzz -S "slave$i" $@ >/dev/null 2>&1 &
> +done
> +taskset -c 0 ./afl-fuzz -M master $@ >/dev/null 2>&1 &
> +
> +watch -n1 "echo \"Executing '$AFLPATH/afl-fuzz $@' on ${NPROC:-$(nproc)} cores.\" && $AFLPATH/afl-whatsup -s ${sync_dir}"
> +pkill afl-fuzz
> diff --git a/tools/fuzz/x86ie/scripts/build.sh b/tools/fuzz/x86ie/scripts/build.sh
> new file mode 100755
> index 000000000000..032762bf56ef
> --- /dev/null
> +++ b/tools/fuzz/x86ie/scripts/build.sh
> @@ -0,0 +1,33 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0+
> +# Run from root of linux via `./tools/fuzz/x86ie/scripts/build.sh`
> +
> +kernel_objects="arch/x86/kvm/emulate.o arch/x86/lib/retpoline.o lib/find_bit.o"
> +
> +disable() { sed -i -r "/\b$1\b/c\# $1" .config; }
> +enable() { sed -i -r "/\b$1\b/c\\$1=y" .config; }
> +
> +make ${CC:+ "CC=$CC"} ${DEBUG:+ "DEBUG=1"} defconfig
> +
> +enable "CONFIG_DEBUG_INFO"
> +enable "CONFIG_STACKPROTECTOR"
> +
> +yes ' ' | make ${CC:+ "CC=$CC"} ${DEBUG:+ "DEBUG=1"} $kernel_objects
> +
> +omit_arg () { args=$(echo "$args" | sed "s/ $1//g"); }
> +add_arg () { args+=" $1"; }
> +
> +rebuild () {
> + args="$(head -1 $(dirname $1)/.$(basename $1).cmd | sed -e 's/.*:= //g')"
> + omit_arg "-mcmodel=kernel"
> + omit_arg "-mpreferred-stack-boundary=3"
> + add_arg "-fsanitize=address"
> + echo -e "Rebuilding $1 with \n$args"
> + eval "$args"
> +}
> +
> +for object in $kernel_objects; do
> + rebuild $object
> +done
> +
> +make ${CC:+ "CC=$CC"} ${DEBUG:+ "DEBUG=1"} tools/fuzz
> diff --git a/tools/fuzz/x86ie/scripts/install_afl.sh b/tools/fuzz/x86ie/scripts/install_afl.sh
> new file mode 100755
> index 000000000000..3bdbdf2a040b
> --- /dev/null
> +++ b/tools/fuzz/x86ie/scripts/install_afl.sh
> @@ -0,0 +1,17 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0+
> +# Can be run where ever, but usually run from linux root:
> +# `source ./tools/fuzz/x86ie/scripts/install_afl.sh`
> +# (must be sourced to get the AFLPATH envvar, otherwise set manually)
> +
> +wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
> +mkdir -p afl
> +tar xzf afl-latest.tgz -C afl --strip-components 1
> +
> +pushd afl
> +set AFL_USE_ASAN
> +make clean all
> +export AFLPATH="$(pwd)"
> +popd
> +
> +sudo bash -c "echo core >/proc/sys/kernel/core_pattern"
What is this? :)
Surely if it's important to generate core dumps, it's not only important
during installation, no?
Alex
> diff --git a/tools/fuzz/x86ie/scripts/run.sh b/tools/fuzz/x86ie/scripts/run.sh
> new file mode 100755
> index 000000000000..0571cd524c01
> --- /dev/null
> +++ b/tools/fuzz/x86ie/scripts/run.sh
> @@ -0,0 +1,10 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0+
> +
> +FUZZDIR="${FUZZDIR:-$(pwd)/fuzz}"
> +
> +mkdir -p $FUZZDIR/in
> +cp tools/fuzz/x86ie/rand_sample.bin $FUZZDIR/in
> +mkdir -p $FUZZDIR/out
> +
> +screen bash -c "ulimit -Sv $[21999999999 << 10]; ./tools/fuzz/x86ie/scripts/afl-many -m 22000000000 -i $FUZZDIR/in -o $FUZZDIR/out tools/fuzz/x86ie/afl-harness @@"
>
next prev parent reply other threads:[~2019-06-27 16:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-24 14:24 [PATCH v3 0/5] x86 instruction emulator fuzzing Sam Caccavale
2019-06-24 14:24 ` [PATCH v3 1/5] Build target for emulate.o as a userspace binary Sam Caccavale
2019-06-24 14:24 ` [PATCH v3 2/5] Emulate simple x86 instructions in userspace Sam Caccavale
2019-06-24 14:24 ` [PATCH v3 3/5] Demonstrating unit testing via simple-harness Sam Caccavale
2019-06-24 14:24 ` [PATCH v3 4/5] Added build and install scripts Sam Caccavale
2019-06-27 16:57 ` Alexander Graf [this message]
2019-06-28 7:59 ` samcacc
2019-06-28 8:17 ` Paolo Bonzini
2019-06-28 8:27 ` samcacc
2019-06-24 14:24 ` [PATCH v3 5/5] Development scripts for crash triage and deploy Sam Caccavale
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e0b29f4d-7471-c5d8-c9d4-2a352831a4bd@amazon.com \
--to=graf@amazon.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=anirudhkaushik@google.com \
--cc=bp@alien8.de \
--cc=dwmw@amazon.co.uk \
--cc=hpa@zytor.com \
--cc=karahmed@amazon.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mpohlack@amazon.de \
--cc=nmanthey@amazon.de \
--cc=paullangton4@gmail.com \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=samcacc@amazon.de \
--cc=samcaccavale@gmail.com \
--cc=tglx@linutronix.de \
--cc=wipawel@amazon.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).