github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/docs/starnix/README.md (about) 1 # starnix support 2 3 ## Prerequisites 4 5 To run syzkaller for fuzzing starnix, you will need a checkout of the Fuchsia 6 source repository. 7 8 The rest of this document will use the environment variable `SOURCEDIR` to 9 identify the path to your Fuchsia checkout (e.g. `/home/you/fuchsia`). The 10 commands below assume you have set `SOURCEDIR`, like so: 11 12 ```bash 13 export SOURCEDIR=/home/you/fuchsia 14 ``` 15 16 To build Fuchsia for qemu-x64, run: 17 ``` 18 fx --dir "out/qemu-x64" set workstation_eng.qemu-x64 \ 19 --with "//bundles/tools" \ 20 --with "//src/proc/bin/starnix" 21 fx build 22 ``` 23 24 You will also need to follow the instructions in the sections `GCC` and `Kernel` 25 of the [setup\_ubuntu-host\_qemu-vm\_x86-64-kernel.md](../linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md) file. 26 27 28 ## syzkaller 29 30 ### Building binaries for starnix 31 First, you need to build all the binaries required for running syzkaller in starnix. 32 For that, you only need to run this from inside your syzkaller checkout (assuming you built Fuchsia for x64): 33 34 ```bash 35 SYZ_STARNIX_HACK=1 make TARGETOS=linux TARGETARCH=amd64 36 ``` 37 38 ### Configuration file 39 Create a manager config like the following, replacing the environment variables `$SYZKALLER`, `$KERNEL` and `$IMAGE` with their actual values. 40 41 > **_NOTE:_** `ffx` is still under development, for that reason VM count of 1 is recommended until fxbug.dev/118926 is solved. 42 43 ```bash 44 { 45 "target": "linux/amd64", 46 "http": "127.0.0.1:56741", 47 "workdir": "$SYZKALLER/workdir", 48 "kernel_obj": "$KERNEL", 49 "kernel_src": "$SOURCEDIR", 50 "syzkaller": "$SYZKALLER", 51 "procs": 8, 52 "type": "starnix", 53 "vm": { 54 "count": 1 55 }, 56 "cover": false 57 } 58 ``` 59 60 ### Running 61 62 Lastly, just run the command below to start fuzzing. 63 64 ```bash 65 SYZ_STARNIX_HACK=1 bin/syz-manager -config=./starnix.cfg 66 ```