Fuzzer for Linux Kernel Drivers

Overview

difuze: Fuzzer for Linux Kernel Drivers

License

This repo contains all the sources (including setup scripts), you need to get difuze up and running.

Tested on

Ubuntu >= 14.04.5 LTS

0. Running difuze from Docker

Refer the readme

As explained in our paper, There are two main components of difuze: Interface Recovery and Fuzzing Engine

1. Interface Recovery

The Interface recovery mechanism is based on LLVM analysis passes. Every step of interface recovery are written as individual passes. Follow the below instructions on how to get the Interface Recovery up and running.

1.1 Setup

This step takes care of installing LLVM and c2xml:

First, make sure that you have libxml (required for c2xml):

sudo apt-get install libxml2-dev
sudo pip install lxml

Next, We have created a single script, which downloads and builds all the required tools.

cd helper_scripts
python setup_difuze.py --help
usage: setup_difuze.py [-h] [-b TARGET_BRANCH] [-o OUTPUT_FOLDER]

optional arguments:
  -h, --help        show this help message and exit
  -b TARGET_BRANCH  Branch (i.e. version) of the LLVM to setup. Default:
                    release_38 e.g., release_38
  -o OUTPUT_FOLDER  Folder where everything needs to be setup.

Example:

python setup_difuze.py -o difuze_deps

To complete the setup you also need modifications to your local PATH environment variable. The setup script will give you exact changes you need to do.

1.2 Building

This depends on the successful completion of Setup. We have a single script that builds everything, you are welcome.

cd InterfaceHandlers
./build.sh

1.3 Running

This depends on the successful completion of Build. To run the Interface Recovery components on kernel drivers, we need to first the drivers into llvm bitcode.

1.3.1 Building kernel

First, we need to have a buildable kernel. Which means you should be able to compile the kernel using regular build setup. i.e., make. We first capture the output of make command, from this output we extract the exact compilation command.

1.3.1.1 Generating output of make
Option 1: Using Bear (RECOMMENDED)
  1. Install Bear
  2. Run make using Bear:
    bear make <all the options to make>
    
    Example: bear make -j8

This will generate a file compile_commands.json in the current directory.

Option 2

Just pass V=1 and redirect the output to the file. Example:

make V=1 O=out ARCH=arm64 > makeout.txt 2>&1

NOTE: DO NOT USE MULTIPLE PROCESSES i.e., -j. Running in multi-processing mode will mess up the output file as multiple process try to write to the output file.

That's it. Next, in the following step our script takes the generated makeout.txt and run the Interface Recovery on all the recognized drivers.

1.3.2 Running Interface Recovery analysis

All the various steps of Interface Recovery are wrapped in a single script helper_scripts/run_all.py How to run:

cd helper_scripts
python run_all.py --help

usage: run_all.py [-h] [-l LLVM_BC_OUT] [-a CHIPSET_NUM] [-m MAKEOUT]
                  [-c COMPJSON] [-g COMPILER_NAME] [-n ARCH_NUM] [-o OUT]
                  [-k KERNEL_SRC_DIR] [-isclang] [-clangp CLANG_PATH]
                  [-llvmlinkp LLVMLINK_PATH] [-skb] [-skl] [-skp] [-skP]
                  [-ske] [-skI] [-ski] [-skv] [-skd] [-f IOCTL_FINDER_OUT]

optional arguments:
  -h, --help            show this help message and exit
  -l LLVM_BC_OUT        Destination directory where all the generated bitcode
                        files should be stored.
  -a CHIPSET_NUM        Chipset number. Valid chipset numbers are:
                        1(mediatek)|2(qualcomm)|3(huawei)|4(samsung)
  -m MAKEOUT            Path to the makeout.txt file.
  -c COMPJSON           Path to the compile_commands_json generated by Bear.
  -g COMPILER_NAME      Name of the compiler used in the makeout.txt, This is
                        needed to filter out compilation commands. Ex: aarch64
                        -linux-android-gcc
  -n ARCH_NUM           Destination architecture, 32 bit (1) or 64 bit (2).
  -o OUT                Path to the out folder. This is the folder, which
                        could be used as output directory during compiling
                        some kernels.
  -k KERNEL_SRC_DIR     Base directory of the kernel sources.
  -isclang              flag to indicate that clang was used to built the
                        kernel
  -clangp CLANG_PATH    Absolute path to the clang binary (if not provided,
                        the one available in the path will be used)
  -llvmlinkp LLVMLINK_PATH
                        Absolute path to the llvm-link binary (if not
                        provided, the one available in the path will be used)
  -skb                  Skip LLVM Build (default: not skipped).
  -skl                  Skip Dr Linker (default: not skipped).
  -skp                  Skip Parsing Headers (default: not skipped).
  -skP                  Skip Generating Preprocessed files (default: not
                        skipped).
  -ske                  Skip Entry point identification (default: not
                        skipped).
  -skI                  Skip Generate Includes (default: not skipped).
  -ski                  Skip IoctlCmdParser run (default: not skipped).
  -skv                  Skip V4L2 ioctl processing (default: not skipped).
  -skd                  Skip Device name finder (default: not skipped).
  -f IOCTL_FINDER_OUT   Path to the output folder where the ioctl command
                        finder output should be stored.


The script builds, links and runs Interface Recovery on all the recognized drivers, as such it might take considerable time(45 min-90 min).

The above script performs following tasks in a multiprocessor mode to make use of all CPU cores:

1.3.2.1 LLVM Build
  • Enabled by default.

All the bitcode files generated will be placed in the folder provided to the argument -l. This step takes considerable time, depending on the number of cores you have. So, if you had already done this step, You can skip this step by passing -skb.

1.3.2.2 Linking all driver bitcode files in s consolidated bitcode file.
  • Enabled by default

This performs linking, it goes through all the bitcode files and identifies the related bitcode files that need to be linked and links them (using llvm-link) in to a consolidated bitcode file (which will be stored along side corresponding bitcode file).

Similar to the above step, you can skip this step by passing -skl.

1.3.2.3 Parsing headers to identify entry function fields.
  • Enabled by default.

This step looks for the entry point declarations in the header files and stores their configuration in the file: hdr_file_config.txt under LLVM build directory.

To skip: -skp

1.3.2.4 Identify entry points in all the consolidated bitcode files.
  • Enabled by default

This step identifies all the entry points across all the driver consolidated bitcode files. The output will be stored in file: entry_point_out.txt under LLVM build directory.

Example of contents in the file entry_point_out.txt:

IOCTL:msm_lsm_ioctl:/home/difuze/kernels/pixel/msm/sound/soc/msm/qdsp6v2/msm-lsm-client.c:msm_lsm_ioctl.txt:/home/difuze/pixel/llvm_out/sound/soc/msm/qdsp6v2/llvm_link_final/final_to_check.bc
IOCTL:msm_pcm_ioctl:/home/difuze/kernels/pixel/msm/sound/soc/msm/qdsp6v2/msm-pcm-lpa-v2.c:msm_pcm_ioctl.txt:/home/difuze/pixel/llvm_out/sound/soc/msm/qdsp6v2/llvm_link_final/final_to_check.bc

To skip: -ske

1.3.2.5 Run Ioctl Cmd Finder on all the identified entry points.
  • Enabled by default.

This step will run the main Interface Recovery component (IoctlCmdParser) on all the entry points in the file entry_point_out.txt. The output for each entry point will be stored in the folder provided for option -f.

To skip: -ski

1.4 Example:

Now, we will show an example from the point where you have kernel sources to the point of getting Interface Recovery results.

We have uploaded a mediatek kernel 33.2.A.3.123.tar.bz2. First download and extract the above file.

Lets say you extracted the above file in a folder called: ~/mediatek_kernel

1.4.1 Building

Install Bear and follow the below steps:

cd ~/mediatek_kernel
source ./env.sh
cd kernel-3.18
# the following step may not be needed depending on the kernel
mkdir out
make O=out ARCH=arm64 tubads_defconfig
# generating compile_commands.json
bear make -j8 O=out ARCH=arm64

1.4.2 Running Interface Recovery

cd <repo_path>/helper_scripts

python run_all.py -l ~/mediatek_kernel/llvm_bitcode_out -a 1 -c ~/mediatek_kernel/kernel-3.18/compile_commands.json -n 2 -o ~/mediatek_kernel/kernel-3.18/out -k ~/mediatek_kernel/kernel-3.18 -f ~/mediatek_kernel/ioctl_finder_out

The above command takes quite some time (30 min - 1hr).

1.4.3 Understanding the output

First, all the analysis results will be in the folder: ~/mediatek_kernel/ioctl_finder_out (argument given to the option -f), for each entry point a .txt file will be created, which contains all the information about the recovered interface.

If you are interested in information about just the interface and don't care about anything else, We recommend you use the parse_interface_output.py script. This script converts the crazy output of Interface Recovery pass into nice json files with a clean and consistent format.

cd <repo_path>/helper_scripts
python parse_interface_output.py <ioctl_finder_out_dir> <output_directory_for_json_files>

Here <ioctl_finder_out_dir> should be same as the folder you provided to the -f option and <output_directory_for_json_files> is the folder where the json files should be created.

You can use the corresponding json files for the interface recovery of the corresponding ioctl.

1.4.4 Things to note:

1.4.4.1 Value for option -g (only if you use makeout.txt)

To provide value for option -g you need to know the name of the *-gcc binary used to compile the kernel. An easy way to know this would be to grep for gcc in makeout.txt and you will see compiler commands from which you can know the *-gcc binary name.

For our example above, if you do grep gcc makeout.txt for the example build, you will see lot of lines like below:

aarch64-linux-android-gcc -Wp,-MD,fs/jbd2/.transaction.o.d  -nostdinc -isystem ...

So, the value for -g should be aarch64-linux-android-gcc.

If the kernel to be built is 32-bit then the binary most likely will be arm-eabi-gcc

For Qualcomm (or msm) chipsets, you may see *gcc-wrapper.py instead of *.gcc, in which case you should provide the *gcc-wrapper.py.

1.4.4.2 Value for option -a

Depeding on the chipset type, you need to provide corresponding number.

1.4.4.3 Value for option -o

This is the path of the folder provided to the option O= for make command during kernel build.

Not all kernels need a separate out path. You may build kernel by not providing an option O, in which case you SHOULD NOT provide value for that option while running run_all.py.

Kernels built using clang

For kernels built using clang, in addition to the above options please specify the following options (assuming you used compile_commands.json):

-isclang -clangp <PATH_TO_THE_CLANG_USED_TO_BUILD_THE_KERNEL> -llvmlinkp <PATH_TO_THE_LLVM_LINK (will be in the same folder as clang)>

1.5 Post Processing

Before we can begin fuzzing we need to process the output a bit with our very much research quality (sorry) parsers.

These are found here. The main script to run will be run_all.py:

$ python run_all.py --help
usage: run_all.py [-h] -f F -o O [-n {manual,auto,hybrid}] [-m M]

run_all options

optional arguments:
  -h, --help            show this help message and exit
  -f F                  Filename of the ioctl analysis output OR the entire
                        output directory created by the system
  -o O                  Output directory to store the results. If this
                        directory does not exist it will be created
  -n {manual,auto,hybrid}
                        Specify devname options. You can choose manual
                        (specify every name manually), auto (skip anything that
                        we don't identify a name for), or hybrid (if we
                        detected a name, we use it, else we ask the user)
  -m M                  Enable multi-device output most ioctls only have one
                        applicable device node, but some may have multiple. (0
                        to disable)

You'll want to pass -f the output directory of the ioctl analysis e.g. ~/mediatek_kernel/ioctl_finder_out.

-o Is where you where to store the post-processed results. These will be easily digestible XML files (jpits).

-n Specifies the system to what degree you want to rely on our device name recovery. If you don't want to do any work/name hunting, you can specify auto. This of course comes at the cost of skipping any device for which we don't recover a name. If you want to be paranoid and not trust any of our recovery efforts (totally reasonable) you can use the manual option to name every single device yourself. hybrid then is a combination of both -- we will name the device for you when we can, and fall back to you when we've failed.

-m Sometimes ioctls can correspond to more than one device (this is common with v4l2/subdev ioctls for example). Support for this in enabled by default, but it requires user interaction to specify the numberof devices for each device. If this is too annoying for you, you can disable the prompt by passing -m 0 (we will assume a single device for each ioctl).

After running, you should have, in your out folder, a folder for each ioctl.

2 Fuzzing

2.1 Mango Fuzz

MangoFuzz is our simple prototype fuzzer and is based off of Peach (specifically MozPeach).

It's not a particularly sophisticated fuzzer but it does find bugs. It was also built to be easily expandable. There are 2 components to this fuzzer, the fuzz engine and the executor. The executor can be found here, and the fuzz engine can be found here.

2.1.1 Executor

The executor runs on the phone, listening for data that the fuzz engine will send to it.

Simply compile it for your phones architecture, adb push it on to the phone, and execute with the port you want it to listen on!

2.1.2 Fuzz Engine

Interfacing with MangoFuzz is fairly simple. You'll want an Engine object and a Parser object, which you'll feed your engine into. From here, you parse jpits with your Parser, and then run the Engine. Easy! We've provided some simple run scripts to get you started.

To run against specific drivers you can use runner.py on one of the ioctl folders in the output directory (created by our post processing scripts).

e.g. ./runner.py -f honor8/out/chb -num 1000. This tells MangoFuzz to run for 1000 iterations against all ioctl command value pairs pertaining to the chb ioctl/driver.

If instead we want to run against an entire device (phone), you can use dev_runner.py. e.g. ./dev_runner.py -f honor8/out -num 100. This will continue looping over the driver files, randomly switching between them for 100 iterations each.

Note that before the fuzz engine can communicate with the phone, you'll need to use ADB to set up port forwarding e.g. adb forward tcp:2022 tcp:2022

Comments
  • errors on ubuntu 18.04

    errors on ubuntu 18.04

    Hello,I'm trying build on 18.04,and I meet the following issues:

    /difuze/helper_scripts/difuze_deps/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc:281:22: error: aggregate ‘sigaltstack handler_stack’ has incomplete type and cannot be defined
       struct sigaltstack handler_stack;
                          ^~~~~~~~~~~~~
    projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/build.make:206: recipe for target 'projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/sanitizer_stoptheworld_linux_libcdep.cc.o' failed
    make[2]: *** [projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/sanitizer_stoptheworld_linux_libcdep.cc.o] Error 1
    CMakeFiles/Makefile2:13255: recipe for target 'projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/all' failed
    make[1]: *** [projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.x86_64.dir/all] Error 2
    Makefile:151: recipe for target 'all' failed
    make: *** [all] Error 2
    [+]  Build Complete.
    

    Any help would be appreciated.

    opened by lgkgithub 4
  • Post-processing errors on Ubuntu 17.10

    Post-processing errors on Ubuntu 17.10

    Hi, I'm encountering problems with the mediatek example kernel as well as another Samsung kernel, in the post-processing stage.

    ============================= [+] About to run on 56 ioctl info file(s) [+] Running on file ***/mediatek/kernel-3.18/ioctl_finder_out/alsps_factory_unlocked_ioctl.txt [+] ioctl name: alsps_factory_unlocked_ioctl Traceback (most recent call last): File "run_all.py", line 496, in main() File "run_all.py", line 429, in main os.mkdir(out_dir + ioctl_name) OSError: [Errno 17] File exists: '***/mediatek/kernel-3.18/ioctl_finder_out_ppxml/disp_unlocked_ioctl'

    Any help is appreciated.

    opened by nclman 4
  • hello

    hello

    I just finished reading your paper and wanted to let you know that I really enjoyed it.

    I work on building the Linux kernel with Clang (and other LLVM utilities) full time at Google, via a project called ClangBuiltLinux: https://clangbuiltlinux.github.io/

    I see you paper was published in 2017; the irony was that we had a patch set for building Pixel 1's kernel w/ Clang, but didn't end up shipping a Clang built kernel until Pixel 2 (2017, the same year as your paper).

    Looks like some commits here show you already know about building kernels with Clang. Just wanted to say thanks for the research and if you hit any bugs compiling your kernels w/ Clang, please let us know.

    (I also happened to speak with someone (Michael Spectre) this week who was looking to add the approach you describe to syzkaller; I must have found your paper from his design doc).

    opened by nickdesaulniers 2
  • Pass::print not implemented for pass:

    Pass::print not implemented for pass:

    Hello there,

    I am trying to apply difuze's interface recovery for marlin (Pixel XL) kernel drivers, and I ran into the following issues:

    After running the interface recovery's run_all.py, I found a number of Pass:: print not implemented for pass: * in the resulting .txt files. Not sure if I am missing some dependencies or this is intended.

    Following that, when invoking run_all.py from post_processing, I keep getting 0 sized directories. For instance, when applying to ion_ioctl.txt, the output I get is as follows:

    [+] About to run on 1 ioctl info file(s)
    [+] Running on file [some_path]/ion_ioctl.txt
    [+] ioctl name: ion_ioctl
    Setting global type
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [*] Using global type! <__main__.Union object at 0x7feef49b3650>
    [!] Skipping ion_ioctl. No struct or generic args.
    

    And I get a common/ and an ion_ioctl/ directory in the specified output directory, but they are empty.

    The content of my ion_ioctl.txt looks as below:

    Args: $DIFUZE/deps/llvm/build/bin/opt -analyze -debug -load $DIFUZE/InterfaceHandlers/MainAnalysisPasses/build_dir/DeviceNameFinder/libDeviceNameFinderPass.so -dev-name-finder -ioctlFunction=ion_ioctl /tmp/tmpoajTyW 
    [+] Provided Function Name: ion_ioctl
    [+] Found Fops Structure: ion_fops
    [+] Device Name: ion
    [+] Device Type: misc
    [+] Found using dynamic misc heuristic
    Printing analysis 'Device name finder':
    Pass::print not implemented for pass: 'Device name finder'!
    Args: $DIFUZE/deps/llvm/build/bin/opt -analyze -debug -load $DIFUZE/InterfaceHandlers/MainAnalysisPasses/build_dir/IoctlCmdFinder/libIoctlCmdPass.so -new-ioctl-cmd-parser -ioctlFunction=ion_ioctl -bcOutDir=$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out -srcBaseDir=$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm /tmp/tmpEGRPlT 
    Provided Function Name:ion_ioctl
    Found Cmd:3221768455:START
    Found Cmd:3221768455:END
    Found Cmd:3221506305:START
    Found Cmd:3221506305:END
    Found Cmd:3222292742:START
    Found Cmd:3222292742:END
    STARTTYPE
    union.anon.51:STARTELEMENTS:
      %struct.ion_allocation_data = type { i64, i64, i32, i32, i32 }
    union.anon.51:ENDELEMENTS:
    ENDTYPE
    Found Cmd:3223341312:START
    Found Cmd:3223341312:END
    Found Cmd:3221506305:START
    Found Cmd:3221506305:END
    Found Cmd:3221768452:START
    Found Cmd:3221768452:END
    Found Cmd:3221768450:START
    Found Cmd:3221768450:END
    Found Cmd:3221768453:START
    Found Cmd:3221768453:END
    Found Cmd:3221768455:START
    Found Cmd:3221768455:END
    Found Cmd:3222292742:START
    Found Cmd:3222292742:END
    Found Cmd:3222818048:START
    Found Cmd:3222818048:END
    Found Cmd:3222818049:START
    Found Cmd:3222818049:END
    Found Cmd:3222818050:START
    Found Cmd:3222818050:END
    Includes file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/staging/android/ion/ion.includes
    Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/staging/android/ion/ion.preprocessed
    ALL PREPROCESSED FILES:
    Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/gpio/gpiolib-legacy.preprocessed
    Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/gpio/gpiolib-of.preprocessed
    Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/gpio/gpiolib.preprocessed
    Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/soc/qcom/event_timer.preprocessed
    Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/staging/android/ion/ion.preprocessed
    Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_out/out/../drivers/video/fbdev/msm/../../msm/mdss/dsi_status_6g.preprocessed
    Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_outdrivers/gpio/gpiolib.preprocessed
    Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_outinclude/linux/printk.preprocessed
    Compl Preprocessed file:$SRC/android/external/kernels/android-8.0.0_r0.27-marlin-vanilla/msm/llvm_bc_outinclude/trace/events/gpio.preprocessed
    Printing analysis 'IOCTL Command Parser':
    Pass::print not implemented for pass: 'IOCTL Command Parser'!
    

    Any help would be much appreciated.

    Thanks!

    • billy
    opened by billy-lau 2
  • Docker setup is failing

    Docker setup is failing

    While trying to setup the difuze docker, it is failing to pull the public repository. Is there any change in the latest tag? Unable to find image 'machiry/difuzecommon:latest' locally latest: Pulling from machiry/difuzecommon 1f0bb3ca8368: Pulling fs layer ea9db39ea19f: Pulling fs layer b53a8e6c51b7: Pulling fs layer 3aebf6946a6c: Already exists 3ff24d4b745b: Already exists fc4978862f0f: Already exists 667f47cfcd0f: Already exists 8e7273480dd1: Already exists a62746ebe87d: Already exists d56b45014814: Already exists b23c0d5d341b: Already exists 0223b3692861: Already exists f1cadf9c9aa8: Already exists ed71de608000: Already exists 062faaf4e1a6: Already exists ecfd2c3f9262: Already exists d06b44c86a77: Already exists Pulling repository machiry/difuzecommon FATA[0006] Repository not found

    opened by srikanth007m 1
  • run_all.py error ......

    run_all.py error ......

    Hi, when i use python run_all.py -l ~/mediatek_kernel/llvm_bitcode_out -a 1 -m ~/mediatek_kernel/kernel-3.18/makeout.txt -g aarch64-linux-android-gcc -n 2 -o ~/mediatek_kernel/kernel-3.18/out -k ~/mediatek_kernel/kernel-3.18 -f ~/mediatek_kernel/ioctl_finder_out command line follow RADME.I allways get a lot of error log :

    /home/user/mediatek_kernel/kernel-3.18/out/../arch/arm64/crypto/aes-modes.S:486:2: note: while in macro instantiation do_decrypt_block2x ^ :3:2: error: instruction requires: crypto //<---------------------- error
    aesd v1.16b, v23.16b ^ :4:2: note: while in macro instantiation
    do_enc_Nx d, imc, v23, v0, v1, , ^ :3:2: note: while in macro instantiation
    round_Nx d, v23, v0, v1, , ^ :8:7: note: while in macro instantiation
    2222: .irp key, v21, v22, v23, v24, v25, v26, v27, v28, v29 ^ :1:1: note: while in macro instantiation
    do_block_Nx d, w3, v0, v1 ^ :1:1: note: while in macro instantiation
    decrypt_block2x v0, v1, w3, x2, x6, w7 ^ /home/user/mediatek_kernel/kernel-3.18/out/../arch/arm64/crypto/aes-modes.S:486:2: note: while in macro instantiation do_decrypt_block2x ^ :9:2: error: instruction requires: crypto
    aesimc v0.16b, v0.16b ^ :4:2: note: while in macro instantiation
    do_enc_Nx d, imc, v23, v0, v1, , ^ :3:2: note: while in macro instantiation
    round_Nx d, v23, v0, v1, , ^ :8:7: note: while in macro instantiation
    2222: .irp key, v21, v22, v23, v24, v25, v26, v27, v28, v29 ^ :1:1: note: while in macro instantiation
    do_block_Nx d, w3, v0, v1 ^ :1:1: note: while in macro instantiation
    decrypt_block2x v0, v1, w3, x2, x6, w7 ^ /home/user/mediatek_kernel/kernel-3.18/out/../arch/arm64/crypto/aes-modes.S:486:2: note: while in macro instantiation do_decrypt_block2x ^ :11:2: error: instruction requires: crypto
    aesimc v1.16b, v1.16b ^

    ....

    What's the effect of this? thank you.

    opened by Riverhac 1
  • simple_post_parse.py missing

    simple_post_parse.py missing

    the script difuze/helper_scripts/post_processing/run_all.py throws the following error: python: can't open file 'simple_post_parse.py': [Errno 2] No such file or directory

    opened by file-citas 1
  • Entries output by Bear does not have

    Entries output by Bear does not have "output" field

    I followed the readme and hit the following error:

    bo@ubuntu16-stable:~/nfs/driver_fuzz/difuze/helper_scripts$ python run_all.py -l ${BASE}/llvm_bitcode_out -a 4 -c ${BASE}/compile_commands.json -n 2 -o ${BASE}/difuze_out -k ${BASE} -f ${BASE}/ioctl_finder_out
    [*]  Trying to Run Component: BearLLVMBuild
    [+]  Setup for component: BearLLVMBuild  complete
    [!]  Error occurred while trying to parse provided json file /home/bo/nfs/google/SM-N960F_OO_Opensource/compile_commands.json error output
    [*]  Writing all compilation commands to /home/bo/nfs/llvm_bitcode_out/llvm_build.sh
    [*]  Got 0 compilation commands.
    

    I found line 43 in bear_helper.py output_file = curr_command["output"][-1] raises the exception because it cannot find the "output" filed of entries in compile_commands.json.

    I am sure compile_commands.json is generated correctly by bear (I am using bear v2.3.13). I checked bear manual and found they keep changing the output format. It seems this issue can be solved by using a different version of bear. Could you please me which version of bear works? I really appreciate your help

    opened by bofeng17 0
  • Cmake Error

    Cmake Error

    when I run python setup_difuze.py -o difuze_deps,habe these problems arise: The source directory "/home/xuanming/difuze-master/helper_scripts/difuze_deps/llvm" does not appear to contain CMakeLists.txt. make: *** No targets specified and no makefile found. Stop. However,display Setup Complete,and when I run ./build.sh this problem arise: The imported target "PollyISL" references the file

     "/usr/lib/libPollyISL.a"
    

    but this file does not exist. look forward to your replay

    opened by ming14 0
  • llvm error

    llvm error

    Looking online the IR/CallSite.h is deprecated?

    $ cd InterfaceHandlers && ./build.sh
    [*] Trying to Build AnalysisHelpers
    [*] Trying to Build Dr_linker
    ./build.sh: line 3: llvm-config: command not found 
    ./src/main.cpp:6:10: fatal error: llvm/Pass.h: No such file or directory
        6 | #include "llvm/Pass.h"
          |          ^~~~~~~~~~~~~
    compilation terminated.
    [*] Trying to Build EntryPointIdentifier
    ./build.sh: line 3: llvm-config: command not found 
    ./src/main.cpp:6:10: fatal error: llvm/Pass.h: No such file or directory
        6 | #include "llvm/Pass.h"
          |          ^~~~~~~~~~~~~
    compilation terminated.
    [*] Trying to Build MainAnalysisPasses
    [*] Trying to Run Cmake
    mkdir: cannot create directory ‘build_dir’: File exists
    CMake Warning (dev) in CMakeLists.txt:
      No project() command is present.  The top-level CMakeLists.txt file must
      contain a literal, direct call to the project() command.  Add a line of
      code such as
    
        project(ProjectName)
    
      near the top of the file, but after cmake_minimum_required().
    
      CMake is pretending there is a "project(Project)" command on the first
      line.
    This warning is for project developers.  Use -Wno-dev to suppress it.
    
    -- Found ZLIB: /usr/lib/x86_64-linux-gnu/libz.so (found version "1.2.11") 
    -- Found LibXml2: /usr/lib/x86_64-linux-gnu/libxml2.so (found version "2.9.10") 
    -- Configuring done
    -- Generating done
    -- Build files have been written to: /home/thelshell/difuze/InterfaceHandlers/MainAnalysisPasses/build_dir
    [*] Trying to make
    Scanning dependencies of target Utils
    Scanning dependencies of target RangeAnalysis
    [  6%] Building CXX object Utils/CMakeFiles/Utils.dir/src/InstructionUtils.cpp.o
    [  6%] Building CXX object Utils/CMakeFiles/Utils.dir/src/FileUtils.cpp.o
    [  9%] Building CXX object RangeAnalysis/CMakeFiles/RangeAnalysis.dir/src/vSSA.cpp.o
    [ 12%] Building CXX object Utils/CMakeFiles/Utils.dir/src/CFGUtils.cpp.o
    [ 15%] Building CXX object RangeAnalysis/CMakeFiles/RangeAnalysis.dir/src/RangeAnalysis.cpp.o
    In file included from /home/thelshell/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/src/RangeAnalysis.cpp:17:
    /home/thelshell/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/include/RangeAnalysis.h:48:10: fatal error: llvm/IR/CallSite.h: No such file or directory
       48 | #include "llvm/IR/CallSite.h"
          |          ^~~~~~~~~~~~~~~~~~~~
    compilation terminated.
    make[2]: *** [RangeAnalysis/CMakeFiles/RangeAnalysis.dir/build.make:63: RangeAnalysis/CMakeFiles/RangeAnalysis.dir/src/RangeAnalysis.cpp.o] Error 1
    make[2]: *** Waiting for unfinished jobs....
    In file included from /usr/lib/llvm-13/include/llvm/ADT/PostOrderIterator.h:20,
                     from /home/thelshell/difuze/InterfaceHandlers/MainAnalysisPasses/Utils/include/CFGUtils.h:8,
                     from /home/thelshell/difuze/InterfaceHandlers/MainAnalysisPasses/Utils/src/CFGUtils.cpp:5:
    /usr/lib/llvm-13/include/llvm/ADT/SmallPtrSet.h: In instantiation of ‘class llvm::SmallPtrSet<const llvm::BasicBlock*, 64>’:
    
    opened by docfate111 0
  • Issues with setting up difuze step 1.2 build.sh crashes

    Issues with setting up difuze step 1.2 build.sh crashes

    On Ubuntu following all the steps until ./build.sh Some errors with the C++ code?

    /home/t/tools/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/src/vSSA.cpp:123:25: error: variable or field ‘insertSigmas’ declared void
      123 | void vSSA::insertSigmas(TerminatorInst *TI, Value *V)
          |                         ^~~~~~~~~~~~~~
    /home/t/tools/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/src/vSSA.cpp:123:25: error: ‘TerminatorInst’ was not declared in this scope
    /home/t/tools/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/src/vSSA.cpp:123:41: error: ‘TI’ was not declared in this scope
      123 | void vSSA::insertSigmas(TerminatorInst *TI, Value *V)
          |                                         ^~
    /home/t/tools/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/src/vSSA.cpp:123:51: error: expected primary-expression before ‘*’ token
      123 | void vSSA::insertSigmas(TerminatorInst *TI, Value *V)
          |                                                   ^
    /home/t/tools/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/src/vSSA.cpp:123:52: error: ‘V’ was not declared in this scope
      123 | void vSSA::insertSigmas(TerminatorInst *TI, Value *V)
          |                                                    ^
    In file included from /usr/lib/llvm-10/include/llvm/Pass.h:315,
                     from /home/t/tools/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/include/vSSA.h:11,
                     from /home/t/tools/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/src/vSSA.cpp:14:
    /usr/lib/llvm-10/include/llvm/PassAnalysisSupport.h: In instantiation of ‘llvm::AnalysisUsage& llvm::AnalysisUsage::addRequired() [with PassClass = llvm::DominanceFrontier]’:
    /home/t/tools/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/src/vSSA.cpp:25:36:   required from here
    /usr/lib/llvm-10/include/llvm/PassAnalysisSupport.h:66:39: error: ‘ID’ is not a member of ‘llvm::DominanceFrontier’
       66 |     return addRequiredID(PassClass::ID);
          |                                       ^
    /usr/lib/llvm-10/include/llvm/PassAnalysisSupport.h: In instantiation of ‘AnalysisType& llvm::Pass::getAnalysis() const [with AnalysisType = llvm::DominanceFrontier]’:
    /home/t/tools/difuze/InterfaceHandlers/MainAnalysisPasses/RangeAnalysis/src/vSSA.cpp:39:40:   required from here
    /usr/lib/llvm-10/include/llvm/PassAnalysisSupport.h:222:38: error: ‘ID’ is not a member of ‘llvm::DominanceFrontier’
      222 |   return getAnalysisID<AnalysisType>(&AnalysisType::ID);
          |                                      ^~~~~~~~~~~~~~~~~
    make[2]: *** [Utils/CMakeFiles/Utils.dir/build.make:63: Utils/CMakeFiles/Utils.dir/src/CFGUtils.cpp.o] Error 1
    make[1]: *** [CMakeFiles/Makefile2:212: Utils/CMakeFiles/Utils.dir/all] Error 2
    make[1]: *** Waiting for unfinished jobs....
    make[2]: *** [RangeAnalysis/CMakeFiles/RangeAnalysis.dir/build.make:76: RangeAnalysis/CMakeFiles/RangeAnalysis.dir/src/vSSA.cpp.o] Error 1
    make[1]: *** [CMakeFiles/Makefile2:239: RangeAnalysis/CMakeFiles/RangeAnalysis.dir/all] Error 2
    make: *** [Makefile:84: all] Error 2
    
    
    opened by docfate111 0
  • post_processing do not work well in clang compiler

    post_processing do not work well in clang compiler

    While I use post_processing to generate struct, I found that some structions in preprecessed do not expend. For example,: struct xxx; struct statement in xxx.h, but it's definition is in other file zzz.c, while using struct xxx in yyy.c(#include<xxx.h>), I found in yyy.preprocessed struct xxx is not expended, it is also struct xxx; This may lead to
    <DataModel byte_size="0" name="xxx" type="struct"/>, the struction is bad. How can I to deal with the problem?

    opened by zizhiyoumu-fuzz 0
  • Failed when running run_all.py

    Failed when running run_all.py

    Host: Ubuntu 18.04 and run DIFUZE on the provided docker Android kernel: android-msm-crosshatch-4.9-pie-qpr2 (for google pixel 3/3L) /home is the directory where I mounted the repo diretory.

    1. Compile the kernel with GCC: python run_all.py -l /home/llvm_bitcode_out -a 2 -c /home/compile_commands.json -n 2 -o /home/out -k /home/private/msm-google -f /home/ioctl_finder_out

    When running run_all.py at the process of "[*] Running compilation commands in multiprocessing modea". It shows a lot of errors: In file included from ../../../../private/msm-google/drivers/thermal/tsens-mtc.c:14: In file included from /home/private/msm-google/drivers/thermal/tsens.h:16: In file included from /home/private/msm-google/include/linux/kernel.h:13: In file included from /home/private/msm-google/include/linux/printk.h:305: In file included from /home/private/msm-google/include/linux/dynamic_debug.h:5: In file included from /home/private/msm-google/include/linux/jump_label.h:107: /home/private/msm-google/arch/arm64/include/asm/jump_label.h:31:6: error: expected '(' after 'asm' asm goto("1: nop\n\t" ^ /home/private/msm-google/arch/arm64/include/asm/jump_label.h:45:6: error: expected '(' after 'asm' asm goto("1: b %l[l_yes]\n\t" ^ 2 errors generated. [+] Finished running compilation commands. [*] Writing all linker commands to /home/llvm_bitcode_out/llvm_link_cmds.sh [*] Got 0 regular linker commands. [*] Running linker commands in multiprocessing mode. [+] Finished running linker commands. [*] Got 815 recursive linker commands. [!] Failed to link following driver objects. [!] drivers/base/power/clock_ops.o [+] Component: BearLLVMBuild ran successfully. [+] Component: BearLLVMBuild passed successfully. [*] Trying to Run Component: BearGenerateIncludes [+] Setup for component: BearGenerateIncludes complete [+] Component: BearGenerateIncludes ran successfully. [+] Component: BearGenerateIncludes passed successfully. [*] Trying to Run Component: BearGeneratePreprocessed [+] Setup for component: BearGeneratePreprocessed complete [*] Writing all preprocessing commands to /home/llvm_bitcode_out/llvm_generate_preprocessed.sh [*] Got 1244 preprocessing commands. [*] Running preprocessing commands in multiprocessing modea. [+] Finished running preprocessing commands. [+] Component: BearGeneratePreprocessed ran successfully. [+] Component: BearGeneratePreprocessed passed successfully. [*] Trying to Run Component: BearParseHeaders [+] Setup for component: BearParseHeaders complete [*] Running grep to find ops and operations structure. [+] Grep ran successfully to find ops and operations structures. [*] Running c2xml to find entry point configurations. [+] Component: BearParseHeaders ran successfully. [+] Component: BearParseHeaders passed successfully. [*] Trying to Run Component: BearParseV4L2Headers [+] Setup for component: BearParseV4L2Headers complete [+] Grep ran successfully to find ops and operations structures. [*] Running c2xml to find entry point configurations. [!] Unable to find v4l2 base bitcode file:/home/llvm_bitcode_out/drivers/media/v4l2-core/v4l2-ioctl.llvm.bc [?] Component: BearParseV4L2Headers failed. [+] Component: BearParseV4L2Headers passed successfully. [*] Trying to Run Component: BearEntryPointIdentifier [+] Setup for component: BearEntryPointIdentifier complete [*] Running EntryPointIdentifier.. [+] Entry point file present:/home/llvm_bitcode_out/hdr_file_config.txt [+] Successfully generated all the possible entry points into file: /home/llvm_bitcode_out/entry_point_out.txt [+] Component: BearEntryPointIdentifier ran successfully. [+] Component: BearEntryPointIdentifier passed successfully. [*] Trying to Run Component: DevNameFinder [+] Setup for component: DevNameFinder complete [*] Invoking Dev Name finder [*] Found: 0 ioctl functions to process. [*] Processing in multiprocessing mode [*] Finished processing: 0 ioctl functions. [*] Dev name finder failed for: 0 out of: 0 Ioctl functions. [+] Component: DevNameFinder ran successfully. [+] Component: DevNameFinder passed successfully. [*] Trying to Run Component: IoctlCmdFinder [+] Setup for component: IoctlCmdFinder complete [*] Invoking Ioctl cmd finder [*] Found: 0 ioctl functions to process. [*] Processing in multiprocessing mode [*] Finished processing: 0 ioctl functions. [*] Ioctl Cmd finder failed for: 0 out of: 0 Ioctl functions. [+] Component: IoctlCmdFinder ran successfully. [+] Component: IoctlCmdFinder passed successfully. [*] Trying to Run Component: V4L2CmdFinder [!] Setup failed for component: V4L2CmdFinder , with Error: No file specified for v4l2 id -> cmdid list. [!] Component: V4L2CmdFinder failed. Exiting. [*] Component Runtime information: [*] BearGeneratePreprocessed:43.1071650982 seconds. [*] BearGenerateIncludes:10.1442651749 seconds. [*] BearParseHeaders:3.64340209961 seconds. [*] IoctlCmdFinder:0.119308948517 seconds. [*] BearEntryPointIdentifier:0.000860929489136 seconds. [*] DevNameFinder:0.10435795784 seconds. [*] BearLLVMBuild:122.601122856 seconds. [*] BearParseV4L2Headers:6.89029693604e-05 seconds.

    1. Compile the kernel with clang python run_all.py -l /home/llvm_bitcode_out -a 2 -c /home/compile_commands.json -n 2 -o /home/out -k /home/private/msm-google -f /home/ioctl_finder_out -isclang -clangp /home/prebuilts-master/clang/host/linux-x86/clang-4393122/bin/clang-5.0 -llvmlinkp /home/prebuilts-master/clang/host/linux-x86/clang-4393122/bin/llvm-link

    When compiling, there are many error info: LLVM ERROR: IO failure on output stream. And running run_all.py still failed:

    [*] Trying to Run Component: BearLLVMBuild [+] Setup for component: BearLLVMBuild complete [*] Writing all compilation commands to /home/llvm_bitcode_out/llvm_build.sh [*] Got 1244 compilation commands. [*] Running compilation commands in multiprocessing modea. [+] Finished running compilation commands. [*] Writing all linker commands to /home/llvm_bitcode_out/llvm_link_cmds.sh [*] Got 0 regular linker commands. [*] Running linker commands in multiprocessing mode. [+] Finished running linker commands. [*] Got 4 recursive linker commands. [!] Failed to link following driver objects. [!] drivers/input/touchscreen/stm/ftm5.lto.o [!] drivers/input/touchscreen/sec_ts/sec_touch.ko [!] drivers/input/touchscreen/sec_ts/sec_touch.lto.o [!] drivers/input/touchscreen/stm/ftm5.ko [+] Component: BearLLVMBuild ran successfully. [+] Component: BearLLVMBuild passed successfully. [*] Trying to Run Component: BearGenerateIncludes [+] Setup for component: BearGenerateIncludes complete [+] Component: BearGenerateIncludes ran successfully. [+] Component: BearGenerateIncludes passed successfully. [*] Trying to Run Component: BearGeneratePreprocessed [+] Setup for component: BearGeneratePreprocessed complete [*] Writing all preprocessing commands to /home/llvm_bitcode_out/llvm_generate_preprocessed.sh [*] Got 1244 preprocessing commands. [*] Running preprocessing commands in multiprocessing modea. [+] Finished running preprocessing commands. [+] Component: BearGeneratePreprocessed ran successfully. [+] Component: BearGeneratePreprocessed passed successfully. [*] Trying to Run Component: BearParseHeaders [+] Setup for component: BearParseHeaders complete [*] Running grep to find ops and operations structure. [+] Grep ran successfully to find ops and operations structures. [*] Running c2xml to find entry point configurations. [+] Component: BearParseHeaders ran successfully. [+] Component: BearParseHeaders passed successfully. [*] Trying to Run Component: BearParseV4L2Headers [+] Setup for component: BearParseV4L2Headers complete [+] Grep ran successfully to find ops and operations structures. [*] Running c2xml to find entry point configurations. [!] Unable to find v4l2 base bitcode file:/home/llvm_bitcode_out/drivers/media/v4l2-core/v4l2-ioctl.llvm.bc [?] Component: BearParseV4L2Headers failed. [+] Component: BearParseV4L2Headers passed successfully. [*] Trying to Run Component: BearEntryPointIdentifier [+] Setup for component: BearEntryPointIdentifier complete [*] Running EntryPointIdentifier.. [+] Entry point file present:/home/llvm_bitcode_out/hdr_file_config.txt [+] Successfully generated all the possible entry points into file: /home/llvm_bitcode_out/entry_point_out.txt [+] Component: BearEntryPointIdentifier ran successfully. [+] Component: BearEntryPointIdentifier passed successfully. [*] Trying to Run Component: DevNameFinder [+] Setup for component: DevNameFinder complete [*] Invoking Dev Name finder [*] Found: 0 ioctl functions to process. [*] Processing in multiprocessing mode [*] Finished processing: 0 ioctl functions. [*] Dev name finder failed for: 0 out of: 0 Ioctl functions. [+] Component: DevNameFinder ran successfully. [+] Component: DevNameFinder passed successfully. [*] Trying to Run Component: IoctlCmdFinder [+] Setup for component: IoctlCmdFinder complete [*] Invoking Ioctl cmd finder [*] Found: 0 ioctl functions to process. [*] Processing in multiprocessing mode [*] Finished processing: 0 ioctl functions. [*] Ioctl Cmd finder failed for: 0 out of: 0 Ioctl functions. [+] Component: IoctlCmdFinder ran successfully. [+] Component: IoctlCmdFinder passed successfully. [*] Trying to Run Component: V4L2CmdFinder [!] Setup failed for component: V4L2CmdFinder , with Error: No file specified for v4l2 id -> cmdid list. [!] Component: V4L2CmdFinder failed. Exiting. [*] Component Runtime information: [*] BearGeneratePreprocessed:16.6774599552 seconds. [*] BearGenerateIncludes:10.4098279476 seconds. [*] BearParseHeaders:3.70880007744 seconds. [*] IoctlCmdFinder:0.120937108994 seconds. [*] BearEntryPointIdentifier:0.00175595283508 seconds. [*] DevNameFinder:0.109388113022 seconds. [*] BearLLVMBuild:19.6144690514 seconds. [*] BearParseV4L2Headers:0.000156879425049 seconds.

    Could you please give me some advice? Thank you!!

    opened by Eacials 0
  • Interface recovery is failing

    Interface recovery is failing

    <Distributor ID: Ubuntu Description: Ubuntu 14.04.5 LTS Release: 14.04 Codename: trusty>

    run_all is failing for me at unnable to find v4l2 base bitcode file:/local/mnt2/workspace/kdev_4.14/kernel/kernel_out/llvm_bitcode_out/drivers/media/v4l2-core/v4l2-ioctl.llvm.bc

    python run_all.py -l /local/mnt2/workspace/kdev_4.14/kernel/kernel_out/llvm_bitcode_out -a 2 -m /local/mnt2/workspace/kdev_4.14/makeout.txt -g aarch64-linux-android-gcc -n 2 -o /local/mnt2/workspace/kdev_4.14/kernel/kernel_out/ -k /local/mnt2/workspace/kdev_4.14/kernel -f /local/mnt2/workspace/kdev_4.14/kernel/kernel_out/ioctl_finder_out [*] Trying to Run Component: BuildLLVM [+] Setup for component: BuildLLVM complete [*] Running LLVM Commands in multiprocessing mode. [*] Finished Building LLVM Bitcode files [+] [+] Script containing all LLVM Build Commands:/local/mnt2/workspace/kdev_4.14/kernel/kernel_out/llvm_bitcode_out/llvm_build.sh [+] Component: BuildLLVM ran successfully. [+] Component: BuildLLVM passed successfully. [*] Trying to Run Component: DrLinker [+] Setup for component: DrLinker complete [*] Running dr_linker. This might take time. Please wait. [+] Found:0 Interesting bitcode files [*] Processing bitcode files [+] Processed all bitcode files. [*] Trying to find dependency bc files [*] dr_linker finished execution. [*] Running llvm-link to generate the final linked bitcode file. [+] Component: DrLinker ran successfully. [+] Component: DrLinker passed successfully. [*] Trying to Run Component: GenerateIncludes [+] Setup for component: GenerateIncludes complete [+] Component: GenerateIncludes ran successfully. [+] Component: GenerateIncludes passed successfully. [*] Trying to Run Component: GeneratePreprocessed [+] Setup for component: GeneratePreprocessed complete [*] Running LLVM Commands in multiprocessing mode. [*] Finished Building LLVM Preprocessed files [+] [+] Script containing all LLVM Preprocess Commands:/local/mnt2/workspace/kdev_4.14/kernel/kernel_out/llvm_bitcode_out/llvm_generate_preprocessed.sh [+] Component: GeneratePreprocessed ran successfully. [+] Component: GeneratePreprocessed passed successfully. [*] Trying to Run Component: ParseHeaders [+] Setup for component: ParseHeaders complete [*] Running grep to find ops and operations structure. [+] Grep ran successfully to find ops and operations structures. [*] Running c2xml to find entry point configurations. [+] Component: ParseHeaders ran successfully. [+] Component: ParseHeaders passed successfully. [*] Trying to Run Component: ParseV4L2Headers [+] Setup for component: ParseV4L2Headers complete [+] Grep ran successfully to find ops and operations structures. [*] Running c2xml to find entry point configurations. [!] Unable to find v4l2 base bitcode file:/local/mnt2/workspace/kdev_4.14/kernel/kernel_out/llvm_bitcode_out/drivers/media/v4l2-core/v4l2-ioctl.llvm.bc [?] Component: ParseV4L2Headers failed. [+] Component: ParseV4L2Headers passed successfully. [*] Trying to Run Component: EntryPointIdentifier [+] Setup for component: EntryPointIdentifier complete [*] Running EntryPointIdentifier.. [+] Entry point file present:/local/mnt2/workspace/kdev_4.14/kernel/kernel_out/llvm_bitcode_out/hdr_file_config.txt [+] Successfully generated all the possible entry points into file: /local/mnt2/workspace/kdev_4.14/kernel/kernel_out/llvm_bitcode_out/entry_point_out.txt [+] Component: EntryPointIdentifier ran successfully. [+] Component: EntryPointIdentifier passed successfully. [*] Trying to Run Component: DevNameFinder [+] Setup for component: DevNameFinder complete [*] Invoking Dev Name finder [*] Found: 0 ioctl functions to process. [*] Processing in multiprocessing mode [*] Finished processing: 0 ioctl functions. [*] Dev name finder failed for: 0 out of: 0 Ioctl functions. [+] Component: DevNameFinder ran successfully. [+] Component: DevNameFinder passed successfully. [*] Trying to Run Component: IoctlCmdFinder [+] Setup for component: IoctlCmdFinder complete [*] Invoking Ioctl cmd finder [*] Found: 0 ioctl functions to process. [*] Processing in multiprocessing mode [*] Finished processing: 0 ioctl functions. [*] Ioctl Cmd finder failed for: 0 out of: 0 Ioctl functions. [+] Component: IoctlCmdFinder ran successfully. [+] Component: IoctlCmdFinder passed successfully. [*] Trying to Run Component: V4L2CmdFinder [!] Setup failed for component: V4L2CmdFinder , with Error: No file specified for v4l2 id -> cmdid list. [!] Component: V4L2CmdFinder failed. Exiting. [*] Component Runtime information: [*] GeneratePreprocessed:0.0103278160095 seconds. [*] EntryPointIdentifier:8.10623168945e-05 seconds. [*] IoctlCmdFinder:0.00345802307129 seconds. [*] ParseV4L2Headers:3.81469726562e-05 seconds. [*] BuildLLVM:0.0165839195251 seconds. [*] DevNameFinder:0.00437998771667 seconds. [*] ParseHeaders:29.3280119896 seconds. [*] GenerateIncludes:0.00590395927429 seconds. [*] DrLinker:0.00212693214417 seconds.

    opened by srikanth007m 13
Owner
seclab
The Computer Security Group at UC Santa Barbara
seclab
A Kernel fuzzer focusing on race bugs

Razzer: Finding kernel race bugs through fuzzing Environment setup $ source scripts/envsetup.sh scripts/envsetup.sh sets up necessary environment var

Systems and Software Security Lab at Seoul National University (SNU) 328 Dec 26, 2022
DL & CV-based indicator toolset for the vehicle drivers via live dash-cam footage.

Vehicle Indicator Toolset Deep Learning and Computer Vision based indicator toolset for vehicle drivers using live dash-cam footages. Tracking of vehi

Alex Xu 12 Dec 28, 2021
DiAne is a smart fuzzer for IoT devices

Diane Diane is a fuzzer for IoT devices. Diane works by identifying fuzzing triggers in the IoT companion apps to produce valid yet under-constrained

seclab 28 Jan 4, 2023
AFLNet: A Greybox Fuzzer for Network Protocols

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations. Unlike existing protocol fuzzers, it takes a m

null 626 Jan 6, 2023
FIRM-AFL is the first high-throughput greybox fuzzer for IoT firmware.

FIRM-AFL FIRM-AFL is the first high-throughput greybox fuzzer for IoT firmware. FIRM-AFL addresses two fundamental problems in IoT fuzzing. First, it

null 356 Dec 23, 2022
Inferred Model-based Fuzzer

IMF: Inferred Model-based Fuzzer IMF is a kernel API fuzzer that leverages an automated API model inferrence techinque proposed in our paper at CCS. I

SoftSec Lab 104 Sep 28, 2022
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

Angora Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without s

null 833 Jan 7, 2023
a grammar based feedback fuzzer

Nautilus NOTE: THIS IS AN OUTDATE REPOSITORY, THE CURRENT RELEASE IS AVAILABLE HERE. THIS REPO ONLY SERVES AS A REFERENCE FOR THE PAPER Nautilus is a

Chair for Sys­tems Se­cu­ri­ty 158 Dec 28, 2022
Code for Mesh Convolution Using a Learned Kernel Basis

Mesh Convolution This repository contains the implementation (in PyTorch) of the paper FULLY CONVOLUTIONAL MESH AUTOENCODER USING EFFICIENT SPATIALLY

Yi_Zhou 35 Jan 3, 2023
(CVPR 2021) PAConv: Position Adaptive Convolution with Dynamic Kernel Assembling on Point Clouds

PAConv: Position Adaptive Convolution with Dynamic Kernel Assembling on Point Clouds by Mutian Xu*, Runyu Ding*, Hengshuang Zhao, and Xiaojuan Qi. Int

CVMI Lab 228 Dec 25, 2022
Official PyTorch code for CVPR 2020 paper "Deep Active Learning for Biased Datasets via Fisher Kernel Self-Supervision"

Deep Active Learning for Biased Datasets via Fisher Kernel Self-Supervision https://arxiv.org/abs/2003.00393 Abstract Active learning (AL) aims to min

Denis 29 Nov 21, 2022
Exploring Image Deblurring via Blur Kernel Space (CVPR'21)

Exploring Image Deblurring via Encoded Blur Kernel Space About the project We introduce a method to encode the blur operators of an arbitrary dataset

VinAI Research 118 Dec 19, 2022
tinykernel - A minimal Python kernel so you can run Python in your Python

tinykernel - A minimal Python kernel so you can run Python in your Python

fast.ai 37 Dec 2, 2022
Official PyTorch code for Mutual Affine Network for Spatially Variant Kernel Estimation in Blind Image Super-Resolution (MANet, ICCV2021)

Mutual Affine Network for Spatially Variant Kernel Estimation in Blind Image Super-Resolution (MANet, ICCV2021) This repository is the official PyTorc

Jingyun Liang 139 Dec 29, 2022
[ICCV 2021] Official Tensorflow Implementation for "Single Image Defocus Deblurring Using Kernel-Sharing Parallel Atrous Convolutions"

KPAC: Kernel-Sharing Parallel Atrous Convolutional block This repository contains the official Tensorflow implementation of the following paper: Singl

Hyeongseok Son 50 Dec 29, 2022
The code for the NSDI'21 paper "BMC: Accelerating Memcached using Safe In-kernel Caching and Pre-stack Processing".

BMC The code for the NSDI'21 paper "BMC: Accelerating Memcached using Safe In-kernel Caching and Pre-stack Processing". BibTex entry available here. B

Orange 383 Dec 16, 2022
Fuzzing the Kernel Using Unicornafl and AFL++

Unicorefuzz Fuzzing the Kernel using UnicornAFL and AFL++. For details, skim through the WOOT paper or watch this talk at CCCamp19. Is it any good? ye

Security in Telecommunications 283 Dec 26, 2022
Skyformer: Remodel Self-Attention with Gaussian Kernel and Nystr\"om Method (NeurIPS 2021)

Skyformer This repository is the official implementation of Skyformer: Remodel Self-Attention with Gaussian Kernel and Nystr"om Method (NeurIPS 2021).

Qi Zeng 46 Sep 20, 2022
Vertical Federated Principal Component Analysis and Its Kernel Extension on Feature-wise Distributed Data based on Pytorch Framework

VFedPCA+VFedAKPCA This is the official source code for the Paper: Vertical Federated Principal Component Analysis and Its Kernel Extension on Feature-

John 9 Sep 18, 2022