Deploy Distro Image

SyzBridge provides automated scripts for building Ubuntu, Debian, Fedora, and Suse images. These scripts should work for most versions, but sometimes they might encounter several corner issues (e.g., source 404). We have documented most of these corner issues in case you encountered any.

If anything goes wrong, please refer to the automation scripts for more details.

Ubuntu

1. Download the appropriate Ubuntu ISO

To test the latest Ubuntu release, download the image at Ubuntu official site. You will find historical releases here.

Using the server version instead of the desktop version for a better headless access experience.

2. Install kernel in the qemu image

If you plan to build the image on a headless machine, please make sure your terminal supports X11 forwarding.

qemu-img create -f qcow2 ubuntu-22.04.img 70G

qemu-system-x86_64 -hda ubuntu-22.04.img -boot d -cdrom ubuntu-22.04-server.iso -m 4G -enable-kvm

Follow the instruction to install Ubuntu in the qemu image. Once finish, close the graphic window.

Next, boot the kernel by running the following commands

qemu-system-x86_64 -m 8G -smp 4 \
    -net nic,model=e1000 \
    -net user,host=10.0.2.10,hostfwd=tcp::3777-:22 \
    -no-reboot -enable-kvm -cpu host,migratable=off \
    -drive file=./ubuntu-22.04.img

Login in and setup your SSH key for both root and normal user. These keys will be used by SyzBridge later.

3. Prepare testing kernel

The stock kernel is not ideal for bug hunting. KASAN and most other debug features are disabled. Thus, we need to prepare a special kernel for bug hunting purposes. Luckily, SyzBridge provides unsupervised scripts to build the kernels automatically.

All you need to do is providing a git commit, which can be found at Ubuntu git repo: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/{code_name}

For Ubuntu 22.04, the git repo is located at https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy

In this example, I'm using Ubuntu-5.15.0-60.66 (4ea144ffa6fea2fadcea50b53f41f041a38b1e1a) as the target testing kernel.

First, create a snapshot image from the main Ubuntu image, in case you need to build multiple versions from a single distro.

mkdir kernel-test-22.04
cd kernel-test-22.04
qemu-img create -f qcow2 -b ../ubuntu-22.04.img ./ubuntu-snapshot.img

Then, go back to SyzBridge directory, build the image by the following commands

python3 syzbridge image \
    --distro ubuntu \
    --image vendors/ubuntu/kernel-test-for-ndss/ubuntu-snapshot.img \
    --build-dir /vendors/ubuntu/kernel-test-for-ndss/ \
    --ssh-port 3777 --ssh-key ~/.ssh/syzbridge --ssh-user root \
    --enable-kasan --enable-fault-injection --enable-debug-feature \
    --cpu 32 --mem 16G \
    --get 4ea144ffa6fea2fadcea50b53f41f041a38b1e1a

Debian

1. Download the appropriate Debian ISO

The latest Debian ISO can be found at https://www.debian.org/

For older releases, you can find info at https://www.debian.org/releases/

2. Install kernel in the qemu image

This step is the same as Ubuntu, refer to previous notes for detailed instructions.

3. Prepare testing kernel

Instead of maintaining a universal kernel source repo, debian relies on a tool call dget to distribute its source code.

This snapshot archived all past debian kernel versions and their corresponding .dsc file. You will need a .dsc file to specify the kernel version.

For example, http://snapshot.debian.org/archive/debian/20190620T031045Z/pool/main/l/linux/linux_4.19.37-5.dsc links to Linux kernel 4.19.37, if you want to compile such kernel, use the following command

python3 syzbridge image --distro debian \
    --build-dir /vendor/debian/kernel-buster-10.0_Jul_6_2019 \
    --image /vendor/debian/kernel-buster-10.0_Jul_6_2019/debian-snapshot.img \
    --enable-kasan --enable-fault-injection --enable-debug-feature \
    --ssh-port 3777 --ssh-user root --ssh-key ~/.ssh/syzbridge \
    --get http://snapshot.debian.org/archive/debian/20190620T031045Z/pool/main/l/linux/linux_4.19.37-5.dsc \
    --mem 16G --cpu 32

Fedora

1. Download the appropriate Debian ISO

The latest Fedora ISO can be found at https://fedoraproject.org/

For older releases, you can find info at here

2. Install kernel in the qemu image

This step is the same as Ubuntu, refer to previous notes for detailed instructions.

Fedora uses xfs filesystem. To resize the logical volume, use xfs_growfs instead of resize2fs

3. Prepare testing kernel

Fedora git repo can be found at https://src.fedoraproject.org/rpms/kernel

A convenient way to find the commit of a specific kernel version is by searching through the git log.

git log --oneline | grep "Linux v4\.11"

Once you have the commit, pass it to the script

python3 syzbridge image --distro fedora \
    --build-dir /vendor/fedora/kernel-30-May_7_2019 \
    --image /vendor/fedora/kernel-30-May_7_2019/fedora-snapshot.img \
    --ssh-port 3777 --ssh-key ~/.ssh/syzbridge --ssh-user root \
    --enable-debug-feature --enable-kasan --enable-fault-injection \
    --cpu 40 --mem 32G --get a0e7ac16902bd76bf39b44561af559aed2b475ed

Suse

Unfortunately, we didn't build an automated script for compiling Suse image. Here we give a detailed tutorial of how to correctly deploy the Suse image.

1. Download the appropriate Suse ISO

The latest Suse ISO can be found at https://www.suse.com/download/sles/

2. Install kernel in the qemu image

This step is the same as Ubuntu, refer to previous notes for detailed instructions.

3. Install essential packages

After the kernel is booted, we need to install the following packages.

zypper install openssh
sudo systemctl enable sshd
sudo systemctl start sshd
sudo firewall-cmd --permanent --zone=public --add-port=22/tcp

sudo zypper install rpm-build rpmdevtools libelf-devel hmaccalc pesign-obs-integration git bc flex bison openssl-devel ncurses-devel zlib-devel

4. Clone the kernel source

git clone https://github.com/openSUSE/kernel.git
git clone https://github.com/openSUSE/kernel-source.git

5. Print log to the console

Make the following changes to the /etc/default/grub file

GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity loglevel=6"
GRUB_CMDLINE_LINUX="console=ttyS0 earlyprintk=serial"

And update the grub by grub2-mkconfig -o /boot/grub2/grub.cfg

6. Compile kernel

cd kernel-source
scripts/install-git-hooks
scripts/sequence-patch.sh
export LINUX_GIT=/root/kernel
scripts/tar-up.sh
rpmdev-setuptree
cd ~
mv kernel-source/* rpmbuild/SOURCES/

#change CONFIG_MODULE_SIG_KEY to CONFIG_MODULE_SIG_KEY=""

cd rpmbuild/SOURCES
mv kernel-source/* ./
rpmbuild -bb kernel-default.spec

7. Finish up

zypper install trace-cmd psmisc fakeroot libncurses5 gawk flex bison openssl libopenssl-devel dkms pciutils-devel libudev-devel libpci3 autoconf glibc-devel-32bit glibc-32bit gcc-32bit
grubby2 --set-default /boot/path/to/vmlinux
grub2-mkconfig -o /boot/grub2/grub.cfg