Skip to content

Docs: add linux dvkm tutorial#250

Merged
Wenzel merged 2 commits intomasterfrom
docs/linux_dvkm_tutorial
Oct 31, 2023
Merged

Docs: add linux dvkm tutorial#250
Wenzel merged 2 commits intomasterfrom
docs/linux_dvkm_tutorial

Conversation

@Wenzel
Copy link
Copy Markdown
Contributor

@Wenzel Wenzel commented Oct 27, 2023
edited
Loading

Adds a new tutorial based on the DVKM module:

image

Build is available as HTML here @il-steffen:
singlehtml.zip

@Wenzel Wenzel requested a review from il-steffen October 27, 2023 01:02
@Wenzel
Copy link
Copy Markdown
Contributor Author

Wenzel commented Oct 27, 2023

Helps to fix #246

il-steffen
il-steffen approved these changes Oct 29, 2023
View reviewed changes
docs/source/tutorials/linux/dvkm/workflow.md
(venv) $ kafl fuzz --kernel /path/to/linux/arch/x86/boot/bzImage --initrd /path/to/initrd.cpio.gz
```

Below, we outline how to construct an efficient development workflow leveraging this approach.
Copy link
Copy Markdown
Collaborator

@il-steffen il-steffen Oct 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The sentence is kind of redundant here (too verbose intro?). Also the headline levels are confusing. The previous and next headlines look the same in generated HTML but I see that "## Initrd" is actually higher level?

How about enumerating the next couple headlines to mark them as obvious steps under "Direct Boot"?

Copy link
Copy Markdown
Contributor Author

@Wenzel Wenzel Oct 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is how the headline structure looks like
image

We introduce the 2 approches to virtualize our target, and then we dive into the "agent.sh based" workflow
So gen_initrd is below the Initrd and agent.sh` workflow

docs/source/tutorials/linux/dvkm/results.md
The payload should be specified throught the [`--input`](../../../reference/fuzzer_configuration.md#input) parameter.

:::{Important}
We should always specify [`--resume`](../../../reference/fuzzer_configuration.md#resume) when using either `kafl cov` or `kafl debug`, since it will replay from the original snapshot taken by the first call on [`NEXT_PAYLAOD`](../../../reference/hypercall_api.md#next_payload), and will make our execution deterministic.
Copy link
Copy Markdown
Collaborator

@il-steffen il-steffen Oct 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reformulated this a bit. This assumes that the corpus for that input still exists & if the input is actually generated from the corpus that kafl single will find at --kafl-workdir / $KAFL_WORKDIR. Otherwise things will go down badly..

When replaying a payload from an previous kAFL run at $KAFL_WORKDIR, it is recommended to use --resume so that the tool will use the exact same snapshot and page cache as in the fuzzing run. This improves our odds at reproducing the crash. If the workdir does not exist anymore or the snapshot is not found, running kafl single without --resume will simply boot a new VM with the given configuration and execute the agent a single time with the given input.

@Wenzel Wenzel merged commit 9b64769 into master Oct 31, 2023
@Wenzel Wenzel deleted the docs/linux_dvkm_tutorial branch October 31, 2023 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@il-steffen il-steffen il-steffen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Wenzel @il-steffen