fef6c8d1b1
* run qemu fuzzers (qemu_systemmode only for now) in self-hosted runners * Remove qemu-related fuzzers to general fuzzers * fix * Install dependencies before anything else * Do not use sudo * Install sudo * Revert "Install dependencies before anything else" This reverts commit 107addad5d9f68dec5a9af50831112cd72c28f4d. * added qemu specific prerequisites * add -y flag * Format with nightly * Do not use nightly only. Install fmt and clippy for stable as well. * Install qemu-img for qemu * fix qemu-img install * apt update * Changed timeout. * Fix qemu_systemmode test * fmt * clippy + decorrelate build and run for qemu_systemmode. * fix fuzzer * clippy * add sqlite3-dev to package prerequisites. * add arm-none-eabi-gcc * fix profile dir * fix condition. * Run less QEMU stuff faster --------- Co-authored-by: Toka <tokazerkje@outlook.com>
45 lines
1.4 KiB
Markdown
45 lines
1.4 KiB
Markdown
# Qemu systemmode with launcher
|
|
|
|
This folder contains an example fuzzer for the qemu systemmode, using LLMP for fast multi-process fuzzing and crash detection.
|
|
|
|
It comes in three flavours (can be set through features):
|
|
|
|
-`classic`: The low-level way to interact with QEMU.
|
|
-`breakpoint`: Interaction with QEMU using the command system, leveraging breakpoints.
|
|
-`sync_exit`: Interaction with QEMU using the command system, leveraging sync exits.
|
|
|
|
## Prerequisite
|
|
|
|
You will need to have `qemu-img` and `arm-none-eabi-gcc` installed.
|
|
|
|
On Ubuntu and Debian, you will need to run
|
|
```bash
|
|
sudo apt update
|
|
sudo apt -y install qemu-utils gcc-arm-none-eabi
|
|
```
|
|
|
|
## Build
|
|
|
|
```bash
|
|
cargo make build
|
|
```
|
|
|
|
## Run
|
|
|
|
```bash
|
|
cargo make run
|
|
```
|
|
|
|
It is also possible to run the fuzzer with the other features:
|
|
|
|
```bash
|
|
cargo make <feature>
|
|
```
|
|
|
|
With feature being `classic`, `breakpoint` or `sync_exit`.
|
|
|
|
This will build the desired fuzzer (src/fuzzer_<feature>.rs) and a small example binary based on FreeRTOS, which can run under a qemu emulation target.
|
|
Since the instrumentation is based on snapshots, QEMU needs a virtual drive (even if it is unused...).
|
|
Thus, the makefile creates a dummy QCOW2 image `dummy.qcow2` (can be found in the `target directory`).
|
|
Currently, the ``KERNEL`` variable is needed because the fuzzer does not parse QEMUs arguments to find the binary.
|
|
It is automatically set in the build script. |