search

IntelLabs / kAFL

A fuzzer for full VM kernel/driver targets
https://intellabs.github.io/kAFL/
MIT License
645 stars 87 forks source link

Is there a patch or document that can show how to patch kafl agent into the target linux kernel? #246

Closed liujf628995 closed 11 months ago

liujf628995 commented 11 months ago

And are there explanations about the kafl kernel config parameters?For example:

grep KAFL config.vanilla.virtio

CONFIG_TDX_FUZZ_KAFL=y
CONFIG_TDX_FUZZ_KAFL_DETERMINISTIC=y
CONFIG_TDX_FUZZ_KAFL_DEBUGFS=y
CONFIG_TDX_FUZZ_KAFL_TRACE_LOCATIONS is not set
CONFIG_TDX_FUZZ_KAFL_VIRTIO=y
CONFIG_TDX_FUZZ_KAFL_SKIP_MSR=y
CONFIG_TDX_FUZZ_KAFL_SKIP_CPUID=y
CONFIG_TDX_FUZZ_KAFL_SKIP_IOAPIC_READS is not set
CONFIG_TDX_FUZZ_KAFL_SKIP_ACPI_PIO is not set
CONFIG_TDX_FUZZ_KAFL_SKIP_RNG_SEEDING=y
CONFIG_TDX_FUZZ_KAFL_SKIP_PARAVIRT_REWRITE is not set
CONFIG_TDX_FUZZ_KAFL_VANILLA_PAYLOAD=y
CONFIG_TDX_FUZZ_KAFL_VANILLA_INJECTION_SAMPLE=y
Wenzel commented 11 months ago

Hi @liujf628995,

I totally agree that the currrent Linux Kernel Tutorial lacks documentation on the internals of the kafl-agent, and its configuration options.

In my opinion it doesn't serve it's purpose very well as an introduction to kAFL. I started an initiative to improve the documentation, but it will take time.

That's why I started to build another Linux based target, more accessible: the DVKM module: https://github.com/IntelLabs/kafl.targets/pull/31

I'm currently building a detailed tutorial for this, and will be publishing it in a few weeks.

Were you specifically interested by the Linux kernel virtualization interfaces fuzzing (Virtio, MSR, CPUID, IOAPIC, RNG,...), and the new DVKM (Damn Vulnerable Kernel Module) target could suit your needs ?

liujf628995 commented 11 months ago

Hi @liujf628995,

I totally agree that the currrent Linux Kernel Tutorial lacks documentation on the internals of the kafl-agent, and its configuration options.

In my opinion it doesn't serve it's purpose very well as an introduction to kAFL. I started an initiative to improve the documentation, but it will take time.

That's why I started to build another Linux based target, more accessible: the DVKM module: IntelLabs/kafl.targets#31

I'm currently building a detailed tutorial for this, and will be publishing it in a few weeks.

Were you specifically interested by the Linux kernel virtualization interfaces fuzzing (Virtio, MSR, CPUID, IOAPIC, RNG,...), and the new DVKM (Damn Vulnerable Kernel Module) target could suit your needs ?

HI, @Wenzel,

Yes,I'm intersting in fuzz the linux kernel and I think the new DVKM will be helpful for me.Would you want to replace the KAFL Agent with DVKM?Or just add this module to the existing agent?

I took a look at this link: https://github.com/IntelLabs/kafl.targets/pull/31
Build the module as a ko-file and just insmod it to different target will be very convenient,I am looking forward to the progress of the project.

Wenzel commented 11 months ago

Would you want to replace the KAFL Agent with DVKM?Or just add this module to the existing agent?

The exisitng kafl-agent was very specialized to fuzz the linux kernel virtualization communication channels, it's very complicated to understand and maintain, even more for a beginner.

The kafl-agent for DVKM will be minimal, only inserting crash hypercalls at the right locations in the kernel, and the rest will be in userland.

I will keep you up to date on this !

liujf628995 commented 11 months ago

Would you want to replace the KAFL Agent with DVKM?Or just add this module to the existing agent?

The exisitng kafl-agent was very specialized to fuzz the linux kernel virtualization communication channels, it's very complicated to understand and maintain, even more for a beginner.

The kafl-agent for DVKM will be minimal, only inserting crash hypercalls at the right locations in the kernel, and the rest will be in userland.

I will keep you up to date on this !

That sounds great!Thanks!

Wenzel commented 11 months ago

Hi @liujf628995

The DVKM tutorial has now been merged upstream, and the documentation is online: https://intellabs.github.io/kAFL/tutorials/linux/dvkm/target.html

I'm eager to receive your feedback on it, what works and what doesn't, what's unclear and what unanswered questions you might have.

liujf628995 commented 11 months ago

Thanks for your detailed tutorial,I'll try it these days and give you feedback later.

Hi @liujf628995

The DVKM tutorial has now been merged upstream, and the documentation is online: https://intellabs.github.io/kAFL/tutorials/linux/dvkm/target.html

I'm eager to receive your feedback on it, what works and what doesn't, what's unclear and what unanswered questions you might have.

Wenzel commented 11 months ago

Thanks ! Closing this issue for now, feel free to reopen if necessary