Regarding additions of new system call in syzkaller

321 views
Skip to first unread message

Anurag Verma

unread,
Sep 8, 2021, 11:08:19 AM9/8/21
to syzk...@googlegroups.com

Hi

This is Anurag Verma from Broadcom Inc.

I am using syzkaller for fuzzing linux kernel and I have added a new system call in my custom kernel source. The system is fully added in the custom kernel and am able to access it through a user program post reboot.

 

Now I want to add new system call in syzkaller as well, so in order to accomplish that, I followed this link (Non-mainline subsystems):

https://github.com/google/syzkaller/blob/master/docs/syscall_descriptions.md

 

1.       I have added a new system call file sisips.txt in which I have mentioned the system call. Here is the entry of this file:

# Copyright 2018 syzkaller project authors. All rights reserved.

# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

 

include <uapi/linux/a.out.h>

include <uapi/linux/elf.h>

 

sisips_AppfireCreateProcess(file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]])

 

2.       After that I followed the above link especially the section Non-mainline subsystems and ran following commands at bash prompt.

 

# export SRCDIR="/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0"

# make bin/syz-extract

# bin/syz-extract -os linux -arch amd64 -sourcedir "$SRCDIR" sisips.txt

 

The issue is that every time I get following error:

 

GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=5c2fe34603646834e7fdb710c1b128aac772f772+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20210608-094917'" -o bin/syz-extract ./sys/syz-extract

generating linux/amd64...

sisips.txt: failed to run compiler: gcc [-nostdinc -w -fmessage-length=0 -O3 -I. -D__KERNEL__ -DKBUILD_MODNAME="-" -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/generated/uapi -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/generated -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/asm/mach-malta -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/asm/mach-generic -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/uapi -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/generated/uapi -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/uapi -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/generated/uapi -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0 -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/linux -I/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/syzkaller -include /mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/linux/kconfig.h -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static]

exit status 1

In file included from <command-line>:0:0:

/mnt/nfs_datadisk_sdc_dev_projects/linux_kernel_source_code/ubuntu/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/linux/kconfig.h:5:10: fatal error: generated/autoconf.h: No such file or directory

#include <generated/autoconf.h>

          ^~~~~~~~~~~~~~~~~~~~~~

compilation terminated.

 

The fact is that I am able to compile my kernel source successfully and no issues observed there. Please let me know what am I missing here when I try to add a new system call in syzkaller.

 

Thanks and Regards

/A\nurag \V/erma

RnD Engineer

Broadcom Inc

 


This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.

Anurag Verma

unread,
Sep 9, 2021, 11:04:35 AM9/9/21
to syzkaller
Hi All,
I checked out the latest syzkaller code and tried to add new system call following the link.

I am still getting the errors in syz-extract step. PSB.
Please let me know what am I missing here. My custom kernel source is from Ubuntu 18 of kernel version 5.4.0-66 
Thanks and Regards,
/A\nurag \V/erma


root@FuzzingTargetUB18D: syzkaller:# make bin/syz-extract
root@FuzzingTargetUB18D: syzkaller:# 
root@FuzzingTargetUB18D: syzkaller:# 
root@FuzzingTargetUB18D: syzkaller:# bin/syz-extract -os linux -arch amd64 -sourcedir $SRCDIR sisips.txt
generating linux/amd64...
sisips.txt: failed to run compiler: gcc [-nostdinc -w -fmessage-length=0 -O3 -I. -D__KERNEL__ -DKBUILD_MODNAME="-" -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/generated/uapi -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/generated -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/asm/mach-malta -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/asm/mach-generic -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/uapi -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/arch/x86/include/generated/uapi -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/uapi -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/generated/uapi -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0 -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/linux -I/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/syzkaller -include /averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/linux/kconfig.h -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static]
exit status 1
In file included from <command-line>:0:0:
/averma2/5.4.0-66.74.CUSTOM_KERNEL_WITH_BRCM_SYSCALLS_WITH_DCS_DRIVERS_SUPPORTED.default_kernel_build/linux-5.4.0/include/linux/kconfig.h:5:10: fatal error: generated/autoconf.h: No such file or directory
 #include <generated/autoconf.h>
          ^~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

root@FuzzingTargetUB18D: syzkaller:# 

Kainaat Singh

unread,
Sep 9, 2021, 11:45:48 AM9/9/21
to syzkaller
Hi Anurag,

I see that in your command "bin/syz-extract -os linux -arch amd64 -sourcedir $SRCDIR sisips.txt" you do not mention the -builddir $LINUXBLD. 

Regards,
Kainaat Singh

Anurag Verma

unread,
Sep 9, 2021, 3:06:37 PM9/9/21
to syzkaller
Thanks Kainaat,
As per the description given in the link : 


I think the builddir option is required when you compile the kernel source with make O=output_dir. I compiled my custom kernel with default make options and no special flags were passed.

But since as you said, so Yes, I tried that option as well, and I got errors during make generate. I got lot of errors but am pasting the top ones.

One thing I noted that, I gave -arch as amd64 but the make description is still processing for linux/386. I think instead of 386 it should have been for amd64.

See the operations and output .


root@FuzzingTargetUB18D: syzkaller:# bin/syz-extract -vv 3 -os linux -arch amd64 -sourcedir $SRCDIR -builddir $SRCDIR sisips.txt
generating linux/amd64...
root@FuzzingTargetUB18D: syzkaller:# 

root@FuzzingTargetUB18D: syzkaller:# make generate
make descriptions
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
compilation of linux/386 target failed:
sys/linux/dev_qat_adf_ctl.txt:27:14: string value "GENERAL\x00" exceeds buffer length 1
sys/linux/dev_qat_adf_ctl.txt:27:14: string value "KERNEL\x00" exceeds buffer length 1
sys/linux/dev_qat_adf_ctl.txt:27:14: string value "Accelerator\x00" exceeds buffer length 1



Thanks and Regards
/A\nurag \V/erma
Symantec Enterprise Division
Broadcom Inc

Aleksandr Nogikh

unread,
Sep 10, 2021, 8:49:02 AM9/10/21
to Anurag Verma, syzkaller
Hi Anurag,

Regarding your first email - try to add a `-build` flag, e.g. `./bin/syz-extract -build -os linux <...>`.
Regarding the "exceeds buffer length 1" errors - by coincidence a similar issue was reported at the sime - please see my comment in that discussion.
https://github.com/google/syzkaller/issues/2749

--
Best Regards,
Aleksandr

--
You received this message because you are subscribed to the Google Groups "syzkaller" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/2b914d63-ba5c-4db9-962d-a6188dfcb345n%40googlegroups.com.

Anurag Verma

unread,
Sep 11, 2021, 3:04:58 PM9/11/21
to syzkaller
Thanks Aleksandr,
I followed your suggestions. This time I encountered another error during 'make generate'. Please see my set of operations.

root@FuzzingTargetUB18D: syzkaller:# bin/syz-extract -build -os linux  -sourcedir "$SRCDIR"  sisips.txt
generating linux/386...
generating linux/amd64...
generating linux/arm...
generating linux/arm64...
generating linux/mips64le...
generating linux/ppc64le...
generating linux/riscv64...
generating linux/s390x...
root@FuzzingTargetUB18D: syzkaller:# make generate
make descriptions
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
dev_video4linux_vim2m.txt.const:8: const=VIDIOC_DQBUF arch=386 has different values: 3225703953[true] vs 3226228241[true]
Makefile:147: recipe for target '.descriptions' failed
make[2]: *** [.descriptions] Error 1
Makefile:143: recipe for target 'descriptions' failed
make[1]: *** [descriptions] Error 2
Makefile:227: recipe for target 'generate' failed
make: *** [generate] Error 2
root@FuzzingTargetUB18D: syzkaller:# 

Thanks and Regards
/A\nurag \V/erma
Symantec Enterprise Division
Broadcom Inc

Aleksandr Nogikh

unread,
Sep 13, 2021, 12:50:00 PM9/13/21
to Anurag Verma, syzkaller
Hi Anurag,

It would be very helpful to see the diff of your sys/linux/ folder with its upstream version. At least the diff of all .const files there after you ran `syz-extract`.

--
Best regards,
Aleksandr

To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/4e942178-af69-413d-a8ee-a3128e7b9b8an%40googlegroups.com.

Anurag Verma

unread,
Sep 13, 2021, 3:07:30 PM9/13/21
to Aleksandr Nogikh, syzkaller

Thanks Aleksandr,

Appreciate your timely reply.

I’ll do the needful as you suggested and share the results.

 

Regards,

Reply all
Reply to author
Forward
0 new messages