Skip to content

Latest commit

 

History

History
140 lines (110 loc) · 3.01 KB

setup.md

File metadata and controls

140 lines (110 loc) · 3.01 KB

Setup

Instructions for running OpenBSD host, OpenBSD vm, amd64 kernel. In addition, the host must be running -current.

Variables used throughout the instructions:

  • $KERNEL - Custom built kernel, see Compile Kernel. Defaults to /sys/arch/amd64/compile/SYZKALLER/obj/bsd if the instructions are honored.
  • $SSHKEY - SSH key without a passphrase used to connect to the VMs, it's advised to use a dedicated key.
  • $USER - The name of the user intended to run syzkaller.
  • $VMIMG - VM disk image.
  • $VMID - The numeric ID of last started VM.

Install syzkaller

  1. Install dependencies:

    # pkg_add git gmake go

    In order for reproducers to work, GCC from ports is also required:

    # pkg_add gcc
  2. Clone repository:

    $ git clone https://github.com/google/syzkaller
    $ cd syzkaller
    $ gmake all

Compile Kernel

A GENERIC kernel must be compiled with kcov(4) enabled:

$ cd /sys/arch/amd64
$ cat <<EOF >conf/SYZKALLER
include "arch/amd64/conf/GENERIC"
pseudo-device kcov 1
EOF
$ cp -R compile/GENERIC compile/SYZKALLER
$ make -C compile/SYZKALLER obj
$ make -C compile/SYZKALLER config
$ make -C compile/SYZKALLER

Create VM

  1. vmd(8) must be configured to allow non-root users to create VMs since it removes the need to run syzkaller as root:

    $ cat /etc/vm.conf
    vm "syzkaller" {
      disable
      disk "/dev/null"
      local interface
      owner $USER
      allow instance { boot, disk, memory }
    }
  2. Create disk image:

    $ vmctl create -s 4G "qcow2:$VMIMG"
  3. Install VM:

    $ vmctl start -c -t syzkaller -b /bsd.rd -d "$VMIMG" syzkaller-1

    Answers to questions that deviates from the defaults:

    Password for root account? ******
    Allow root ssh login? yes
    
  4. Restart the newly created VM and copy the SSH-key:

    $ vmctl stop -w syzkaller-1
    $ vmctl start -c -t syzkaller -d "$VMIMG" syzkaller-1
    $ ssh "root@100.64.${VMID}.3" 'cat >~/.ssh/authorized_keys' <$SSHKEY.pub
  5. Optionally, library ASLR can be disabled in order to improve boot time:

    $ ssh "root@100.64.${VMID}.3" 'echo library_aslr=NO >>/etc/rc.conf.local'
  6. Finally, stop the VM:

    $ vmctl stop -w syzkaller-1

Configure and run syzkaller

$ pwd
~/go/src/github.com/google/syzkaller
$ cat openbsd.cfg
{
  "name": "openbsd",
  "target": "openbsd/amd64",
  "http": ":10000",
  "workdir": "$HOME/go/src/github.com/google/syzkaller/workdir",
  "kernel_obj": "/sys/arch/amd64/compile/SYZKALLER/obj",
  "kernel_src": "/",
  "syzkaller": "$HOME/go/src/github.com/google/syzkaller",
  "image": "$VMIMG",
  "sshkey": "$SSHKEY",
  "sandbox": "none",
  "procs": 2,
  "type": "vmm",
  "vm": {
    "count": 4,
    "mem": 512,
    "kernel": "$KERNEL",
    "template": "syzkaller"
  }
}
$ ./bin/syz-manager -config openbsd.cfg