Re: How to compile syscall descriptions for a modified kernel
107 views
Skip to first unread message
Aleksandr Nogikh
Nov 22, 2023, 9:36:02 AM11/22/23
to kabuto hokage, syzkaller
Hi,
On Wed, Nov 15, 2023 at 3:45 PM kabuto hokage <snakek...@gmail.com> wrote:
>
> Hey,
> Im fuzzing a modified kernel of v5.10 and I'm unable to compile the syscall desriptions.
> When I try to add the attached file and compiling it the following happens. I run the syz-extract as follows followed by make generate and make.
>
> bin/syz-extract -os linux -arch amd64 -sourcedir ../usr/src/kernels/linux-5.10.0-136.12.0.86.h1261.osv2r12 -builddir ../root/rpmbuild/BUILD/kernel-5.10.0_136.12.0.86.h1261.osv2r12.x86_64/ proc_testxy.txt
>
> The compilation fails at different points.
>
> The first case:
> fails on `make` with proc_testxy.txt as the only txt file in /sys/linux .
> So here extract and make generate work fine, but the make at the end doesn't and returns the following to console:
>
> go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
> GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=65faba36470e75a1339e6f79c8631c9578786b7b+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231002-164030'" -o ./bin/syz-cover github.com/google/syzkaller/tools/syz-cover
> go: finding module for package github.com/google/syzkaller/sys/linux
> make .descriptions
> sys/linux/gen/386.go:9:8: cannot query module due to -mod=vendor
> (Go version in go.mod is at least 1.14 and vendor directory exists.)
> make: *** [Makefile:217: cover] Error 1
> make: *** Waiting for unfinished jobs....
> make[1]: '.descriptions' is up to date.
What golang version do you use?
FWIW you may try to use our recommended Docker containers:
$ ./tools/syz-env make extract TARGETOS=linux SOURCEDIR=/path/to/kernel
>
> second case :
> fails on `make generate` for proc_testxy.txt placed in the dir with all the other txt files in /linux/sys. Here is some of the console output :
> sys/linux/socket.txt:332:32: string value "geneve0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "geneve1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wg0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wg1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wg2\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wlan0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wlan1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "dvmrp0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "dvmrp1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pimreg\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pimreg0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pimreg1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pim6reg\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pim6reg0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pim6reg1\x00" exceeds buffer length 1
This output means that syzkaller did not manage to extract consts for
your descriptions.
>
> Note I saw a mention that sourcedir has to point to latest linux-next, but I'm not fuzzing the latest, so how do I go about this?
This is more relevant for syzbot that always fuzzes the latest Linux
revision. If you want to fuzz a particular (older) Linux kernel
version, you should extract consts based on the revision you need.
--
Aleksandr
>
> best regards
>
On Wed, Nov 15, 2023 at 3:45 PM kabuto hokage <snakek...@gmail.com> wrote:
>
> Hey,
> Im fuzzing a modified kernel of v5.10 and I'm unable to compile the syscall desriptions.
> When I try to add the attached file and compiling it the following happens. I run the syz-extract as follows followed by make generate and make.
>
> bin/syz-extract -os linux -arch amd64 -sourcedir ../usr/src/kernels/linux-5.10.0-136.12.0.86.h1261.osv2r12 -builddir ../root/rpmbuild/BUILD/kernel-5.10.0_136.12.0.86.h1261.osv2r12.x86_64/ proc_testxy.txt
>
> The compilation fails at different points.
>
> The first case:
> fails on `make` with proc_testxy.txt as the only txt file in /sys/linux .
> So here extract and make generate work fine, but the make at the end doesn't and returns the following to console:
>
> go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
> GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=65faba36470e75a1339e6f79c8631c9578786b7b+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231002-164030'" -o ./bin/syz-cover github.com/google/syzkaller/tools/syz-cover
> go: finding module for package github.com/google/syzkaller/sys/linux
> make .descriptions
> sys/linux/gen/386.go:9:8: cannot query module due to -mod=vendor
> (Go version in go.mod is at least 1.14 and vendor directory exists.)
> make: *** [Makefile:217: cover] Error 1
> make: *** Waiting for unfinished jobs....
> make[1]: '.descriptions' is up to date.
What golang version do you use?
FWIW you may try to use our recommended Docker containers:
$ ./tools/syz-env make extract TARGETOS=linux SOURCEDIR=/path/to/kernel
>
> second case :
> fails on `make generate` for proc_testxy.txt placed in the dir with all the other txt files in /linux/sys. Here is some of the console output :
> sys/linux/socket.txt:332:32: string value "geneve0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "geneve1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wg0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wg1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wg2\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wlan0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "wlan1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "dvmrp0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "dvmrp1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pimreg\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pimreg0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pimreg1\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pim6reg\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pim6reg0\x00" exceeds buffer length 1
> sys/linux/socket.txt:332:32: string value "pim6reg1\x00" exceeds buffer length 1
This output means that syzkaller did not manage to extract consts for
your descriptions.
>
> Note I saw a mention that sourcedir has to point to latest linux-next, but I'm not fuzzing the latest, so how do I go about this?
This is more relevant for syzbot that always fuzzes the latest Linux
revision. If you want to fuzz a particular (older) Linux kernel
version, you should extract consts based on the revision you need.
--
Aleksandr
>
> best regards
>
kabuto hokage
Nov 24, 2023, 6:24:47 AM11/24/23
to syzkaller
Hi ,
When I try to make extract pointing to the kernel I'm fuzzing I get warnings regarding this particular header file cifsacl.h. I also got warning regarding another file called filelock.h but I was able
to resolve that by inserting the header file in include/uapi/linux. The kernel I'm fuzzing is 5.10 and I have tried going back a year and copied all of the txt files from 45fd7169d5def6b5bc3fb4ff028ba831d1ffa063 to latest version of syzkaller. The attached file shows the output of make extract. And the golang version I use is 1.20
best regards
Aleksandr Nogikh
Nov 27, 2023, 6:57:49 AM11/27/23
to kabuto hokage, syzkaller
Hi,
> When I try to make extract pointing to the kernel I'm fuzzing I get warnings regarding this particular header file cifsacl.h.
You included cifsacl.h directly in your syzkaller descriptions, right?
If yes, looks like you need to clarify the path to it, not just use
the file name.
--
Aleksandr
> --
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/7d88322f-6d6d-4a6b-99b4-88c365164a70n%40googlegroups.com.
> When I try to make extract pointing to the kernel I'm fuzzing I get warnings regarding this particular header file cifsacl.h.
If yes, looks like you need to clarify the path to it, not just use
the file name.
--
Aleksandr
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/7d88322f-6d6d-4a6b-99b4-88c365164a70n%40googlegroups.com.
kabuto hokage
Nov 27, 2023, 10:16:06 AM11/27/23
to syzkaller
Hi,
Yes that indeed resolves some of the errors but there is an implicit declaration error in sched.h.
I don't understand why it expects rwsem_is_contended instead of rwlock_is_contended in function: rwlock_needbreak.
This more exactly happens when doing make extract for amd64, which is the architecture I'm fuzzing on, but all the others are generated now.
best regards
Aleksandr Nogikh
Nov 27, 2023, 11:42:09 AM11/27/23
to kabuto hokage, syzkaller
> I don't understand why it expects rwsem_is_contended instead of rwlock_is_contended in function: rwlock_needbreak.
It means that sched.h does not include the header file that defines
rwsem_is_contended. I don't know if it's considered a problem in Linux
source code (apparently that header file somehow at least transitively
included by all .c files that also include sched.h), but I think it
might still be worth sending them a one-line patch with a fix.
You can try to first patch it locally and see how it goes then or try
to include the missing file directly from syzkaller descriptions.
Reply all
Reply to author
Forward
0 new messages