Linux: Damn Vulnerable Kernel Module

[Wenzel]

This PR adds a new linux example based on @hardik05's Damn Vulnerable Kernel Module

The example relies on the linux-user scripts and the sharedir to send a configurable agent.sh to execute the following script:

#!/bin/sh

echo "Hello from agent.sh" | vmcall hcat

echo "Checking host config.." | vmcall hcat
vmcall check|vmcall hcat

echo "Downloading dvkm.ko" | vmcall hcat
vmcall hget -x -o /fuzz dvkm.ko
cd /fuzz

echo "Downloading fuzz_dvkm" | vmcall hcat
vmcall hget -x -o /fuzz fuzz_dvkm

echo "Inserting dvkm.ko" | vmcall hcat
insmod dvkm.ko

echo "Uploading maps" | vmcall hcat
vmcall hpush -o "modules" /proc/modules

echo "Fuzz dvkm.ko" | vmcall hcat
fuzz_dvkm

A fork of the vulnerable module is maintained here and has been added as a submodule under linux-user/dvkm/Damn_Vulnerable_Kernel_Module. A kafl has been created there to track the modification for kAFL harness implementation.

An additional submodule has been added (linux-user/linux_kafl_agent) to track a very simple modified linux kernel with Nyx API addition and PANIC interception. (agent_tutorial branch)

How to use it

• checkout https://github.com/IntelLabs/kAFL/pull/237
• run make deploy -- --tags examples,examples-dvkm to install the required packages
• cd linux-user/dvkm
• make
• make fuzz