PrIntFuzz is an efficient and universal fuzzing framework that can test the Linux driver code, include the PRobing code and INTerrupt handlers.

The following instructions guide you to set up the fuzzing environment and perform multi-dimension fuzzing on various device drivers.

Tested on Ubuntu 20.04.1.

Please install the following python package:

pip3 install kconfiglib==14.1.0
pip3 install GitPython

python3 /path/to/PrIntFuzz/scripts/python/setup.py

1. Build the LLVM

   python3 /path/to/PrIntFuzz/scripts/python/setup.py --build_llvm

2. Build the Linux kernel with allmodconfig

   python3 /path/to/PrIntFuzz/scripts/python/setup.py --build_linux_all

3. Build the static analyzer

   python3 /path/to/PrIntFuzz/scripts/python/setup.py --build_analyzer

4. Perform static analysis

   python3 /path/to/PrIntFuzz/scripts/python/setup.py --analyze

5. Build the syzkaller

   python3 /path/to/PrIntFuzz/scripts/python/setup.py --build_syz

6. Build the Linux kernel for fuzzing

   python3 /path/to/PrIntFuzz/scripts/python/setup.py --build_linux_fuzz

7. Build the disk image for fuzzing

   python3 /path/to/PrIntFuzz/scripts/python/setup.py --build_image

8. Build the Linux kernel for fault injection

   python3 /path/to/PrIntFuzz/scripts/python/setup.py --build_linux_fault

9. Build the qemu with fake devices

   python3 /path/to/PrIntFuzz/scripts/python/setup.py --build_qemu

10. Build the docker image for fuzzing

    python3 /path/to/PrIntFuzz/scripts/python/setup.py --create_docker

1. Get the source code of the current kernel

   sudo apt-get source linux-image-unsigned-$(uname -r)

2. Patch the kernel’s KVM module

   sudo patch -p1 < /path/to/PrIntFuzz/patch/linux_host.patch (for Linux 5.13)

3. Build and install the kernel

   make olddefconfig
   make
   make INSTALL_MOD_STRIP=1 modules_install
   make install

4. Change the default kernel to boot, then reboot and ensure that the kernel is new.

   [WARNING]: This operation will change your default kernel, please back up your data first!

1. Boot the virtual machine with a virtual device (-e)

   python3 /path/to/PrIntFuzz/scripts/python/qemu.py -m fuzz -e drivers_atm_he

2. Check whether the driver is loaded

   lspci -k

   The result shows that

   00:05.0 Unassigned class [ffff]: FORE Systems Inc ForeRunnerHE ATM Adapter
           Kernel driver in use: he

   This indicates that the virtual device is matched with the he driver successfully.

python3 /path/to/PrIntFuzz/scripts/python/evaluation/probe.py -t PCI

Drivers that match successfully are in the /path/to/PrIntFuzz/out/probe/success/pci, drivers that fail to match are in the /path/to/PrIntFuzz/out/probe/fail/pci directory, and drivers that cause system crashes are in the /path/to/PrIntFuzz/out/probe/crash directory.

Each driver has a separate folder where the relevant logs are stored, and we can check the logs to determine if the driver is crashing the kernel.

python3 /path/to/PrIntFuzz/scripts/python/evaluation/fuzz.py

optional arguments:
  -h, --help       show this help message and exit
  -i, --interrupt  Use this option to enable the interrupt syscall
  -s, --syscall    Use this option to enable other syscalls
  -t, --test       Use this option to add "test" to the output dir
  -d, --debug      Use this option to debug the setting of experiment
  -f, --fake       Use this option to enable fake devices

@inproceedings{ma2022printfuzz,
  title={PrIntFuzz: fuzzing Linux drivers via automated virtual device simulation},
  author={Ma, Zheyu and Zhao, Bodong and Ren, Letu and Li, Zheming and Ma, Siqi and Luo, Xiapu and Zhang, Chao},
  booktitle={Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis},
  pages={404--416},
  year={2022}
}