search

IntelLabs / kAFL

A fuzzer for full VM kernel/driver targets
https://intellabs.github.io/kAFL/
MIT License
625 stars 88 forks source link

Document Error #251

Closed 5angjun closed 8 months ago

5angjun commented 8 months ago

Hi, i'm sangjun.

I think there is an error in kAFL hypercall API document. https://intellabs.github.io/kAFL/reference/hypercall_api.html

it should be changed. i guess so.

kAFL_hypercall(HYPERCALL_KAFL_DUMP_FILE, (uint64_t)&dump_file);

because QEMU-PT recieve structure format through hypercall args1


static void handle_hypercall_kafl_dump_file(struct kvm_run *run,
                                            CPUState       *cpu,
                                            uint64_t        hypercall_arg)
{
    kafl_dump_file_t file_obj;
    char             filename[256] = { 0 };
    char            *host_path     = NULL;
    FILE            *f             = NULL;

    uint64_t vaddr = hypercall_arg;
    memset((void *)&file_obj, 0, sizeof(kafl_dump_file_t));

    if (!read_virtual_memory(vaddr, (uint8_t *)&file_obj, sizeof(kafl_dump_file_t),
                             cpu))
    {
        nyx_error("Failed to read file_obj in %s. Skipping..\n", __func__);
        goto err_out1;
    }
....
...
...

dump

**However,

Also, I would like to ask another question with different content than this one. There is a work that created a new fuzzer custom based on kAFL and found many bugs.

Could you please refer to related work in kAFL, just as you reference related work in syzkaller?**

In order for kAFL to be shared more actively as an open source project, I think it would be good to have related work based on kAFL.

Wenzel commented 8 months ago

Hi @5angjun

thanks for this documentation bug report ! I already opened a PR to fix it.

Regarding your second question, what fuzzer are you referring to ? Any Github repo or paper you can share ?

I'd be happy to include it in the docs.

Also, please in the future just open a second issue, even if it's for asking a question. It increases clarity on how we track and close issues on the repo.

5angjun commented 8 months ago

@Wenzel Hi i'm sangjun.

I'm happy to contribute to your project. https://github.com/IntelLabs/kAFL/releases/tag/v0.8 However, it seems that someone other than me was tagged in kafl 0.8 release. The beginning of my name is 5. LOL 🙃🙃

Wenzel commented 8 months ago

Sorry for the mistake ! It has been fixed just now.

Thanks for contributing to kAFL ! :wave:

5angjun commented 8 months ago

its okay. Very Thanks!!