search

intel / ccc-linux-guest-hardening

Linux Security Hardening for Confidential Compute
https://intel.github.io/ccc-linux-guest-hardening-docs
MIT License
66 stars 14 forks source link

kafl_gui doesn't work #92

Closed williamcroberts closed 1 year ago

williamcroberts commented 1 year ago

The instructions in docs/https://github.com/intel/ccc-linux-guest-hardening/blob/master/docs/getting_started.md#34-launch-kafl-based-on-assetsconfigs-in-pwd say to execute kafl_gui $KAFL_WORKDIR is incorrect for two things:

  1. It is missing the .py extension
  2. It needs to be run in the env, so one needs to execute make env first so KAFL_WORKDIR is avaialble.

Running the kafl_gui

However, running the gui, it just exits with return code of 1:

Traceback (most recent call last):
  File "/usr/lib/python3.10/curses/__init__.py", line 78, in wrapper
    cbreak()
_curses.error: cbreak() returned ERR

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/bill/workspace/ccc-linux-guest-hardening/kafl/.venv/bin/kafl_gui.py", line 7, in <module>
    exec(compile(f.read(), __file__, 'exec'))
  File "/home/bill/workspace/ccc-linux-guest-hardening/kafl/fuzzer/kafl_gui.py", line 819, in <module>
    curses.wrapper(main)
  File "/usr/lib/python3.10/curses/__init__.py", line 100, in wrapper
    nocbreak()
_curses.error: nocbreak() returned ERR
(.venv) bill@fang:~/workspace/ccc-linux-guest-hardening$

Start of the fuzzer:

(.venv) bill@fang:~/data/test1/BOOT_POST_TRAP$ fuzz.sh run build -p 16 --redqueen --log-crashes
PT trace regions:
0xffffffff81000000-0xffffffff83203000 (text)
0xffffffff84f73000-0xffffffff85018000 (inittext)
0xffffffff8501a000-0xffffffff850d3000 (drivers(??)) // disabled
Collecting target info from /home/bill/data/test1/BOOT_POST_TRAP/build..
fatal: not a git repository (or any of the parent directories): .git
Launching kAFL with workdir /dev/shm/kafl_bill..

    __                        __  ___    ________
   / /_____  _________  ___  / / /   |  / ____/ /
  / //_/ _ \/ ___/ __ \/ _ \/ / / /| | / /_  / /
 / ,< /  __/ /  / / / /  __/ / / ___ |/ __/ / /___
/_/|_|\___/_/  /_/ /_/\___/_/ /_/  |_/_/   /_____/
===================================================

<< kAFL Fuzzer >>

Warning: Launching without --seed-dir?
Requested 16 workers but only 8 vCPUs detected.

I tried attaching a debugger to it using:

$ gdb
(gdb) target remote localhost:1234
localhost:1234: Connection timed out.
il-steffen commented 1 year ago

The first issue, env + kafl_gui.py, seems to be fixed in docs. kafl_gui.py is the syntax for older python frontend, the ccc repo is lacking behind a little #79.

Attaching gdb does not work in a normal fuzzer run, you have to launch it via kafl_debug.py -action debug or fuzz.sh debug. Those will add -s -S to qemu commandline, limit the execution to a single Qemu instance and payload provided as file argument..

ereshetova commented 1 year ago

@williamcroberts Do you still have GUI failing? I have it working on a default setup from the repo. If it is still failing for you, could you please share the steps for reproduce?

ereshetova commented 1 year ago

Closing this one since the issue was resolved