github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/docs/linux/setup_linux-host_qemu-vm_arm-kernel.md (about) 1 # Setup: Debian host, QEMU vm, arm kernel 2 3 # GCC 4 5 Obtain a fresh `arm-linux-gnueabihf-gcc`. Latest Debian distributions provide 6 version 7.2.0, which should be enough. Otherwise you can download Linaro 7 compiler [here](https://www.linaro.org/downloads). 8 9 # Kernel 10 11 The instructions are tested with `v4.16.1`. Check that you have/backport 12 ["arm: port KCOV to arm"](https://groups.google.com/d/msg/syzkaller/zLThPHplyIc/9ncfpRvVCAAJ) 13 patch. Create kernel config with: 14 15 ```shell 16 make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- vexpress_defconfig 17 ``` 18 19 Then enable the following configs on top: 20 21 ``` 22 CONFIG_KCOV=y 23 CONFIG_DEBUG_INFO=y 24 CONFIG_DEVTMPFS_MOUNT=y 25 CONFIG_NAMESPACES=y 26 CONFIG_USER_NS=y 27 CONFIG_UTS_NS=y 28 CONFIG_IPC_NS=y 29 CONFIG_PID_NS=y 30 CONFIG_NET_NS=y 31 ``` 32 33 Also check out general kernel configuration [recommendations](/docs/linux/kernel_configs.md). 34 35 Then build kernel with: 36 37 ``` 38 make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- 39 ``` 40 41 # Image 42 43 We will use buildroot to create the disk image. You can obtain buildroot 44 [here](https://buildroot.uclibc.org/download.html). Instructions were tested 45 with buildroot `c665c7c9cd6646b135cdd9aa7036809f7771ab80`. First run: 46 47 ``` 48 make qemu_arm_vexpress_defconfig 49 make menuconfig 50 ``` 51 52 Choose the following options: 53 54 ``` 55 Target packages 56 Networking applications 57 [*] dhcpcd 58 [*] iproute2 59 [*] openssh 60 Filesystem images 61 exact size - 1g 62 ``` 63 64 Unselect: 65 66 ``` 67 Kernel 68 Linux Kernel 69 ``` 70 71 Run `make`. 72 73 Then add the following line to `output/target/etc/fstab`: 74 75 ``` 76 debugfs /sys/kernel/debug debugfs defaults 0 0 77 ``` 78 79 Then replace `output/target/etc/ssh/sshd_config` with the following contents: 80 81 ``` 82 PermitRootLogin yes 83 PasswordAuthentication yes 84 PermitEmptyPasswords yes 85 ``` 86 87 Run `make` again. 88 89 # Test kernel and image 90 91 Run: 92 93 ``` 94 qemu-system-arm -m 512 -smp 2 -net nic -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -display none -serial stdio -machine vexpress-a15 -dtb /linux/arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb -sd /buildroot/output/images/rootfs.ext2 -snapshot -kernel /linux/arch/arm/boot/zImage -append "earlyprintk=serial console=ttyAMA0 root=/dev/mmcblk0" 95 ``` 96 97 This should boot the kernel. Wait for login prompt, then in another console run: 98 99 ``` 100 ssh -p 10022 root@localhost 101 ``` 102 103 ssh should succeed. 104 105 # syzkaller 106 107 Build syzkaller as described [here](/docs/linux/setup.md#go-and-syzkaller), with `arm` target: 108 109 ``` 110 make TARGETOS=linux TARGETARCH=arm 111 ``` 112 113 Create manager config `arm.cfg` similar to the following one (changing paths as necessary): 114 115 ``` 116 { 117 "name": "arm", 118 "target": "linux/arm", 119 "http": ":12345", 120 "workdir": "/workdir", 121 "kernel_obj": "/linux", 122 "syzkaller": "/gopath/src/github.com/google/syzkaller", 123 "image": "/buildroot/output/images/rootfs.ext2", 124 "sandbox": "none", 125 "reproduce": false, 126 "procs": 4, 127 "type": "qemu", 128 "vm": { 129 "count": 10, 130 "qemu_args": "-machine vexpress-a15 -dtb /linux/arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb", 131 "cmdline": "console=ttyAMA0 root=/dev/mmcblk0", 132 "kernel": "/linux/arch/arm/boot/zImage", 133 "image_device": "sd", 134 "mem": 512, 135 "cpu": 2 136 } 137 } 138 ``` 139 140 Finally, run `bin/syz-manager -config arm.cfg`.