Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

S2E kprobe support + alternative image generation #50

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

S2E kprobe support + alternative image generation #50

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
93dc603
Introduced generic image description for all the debootstrap-based
m4mbr3 Nov 28, 2024
aa15d75
Added generic config file that work for each major version of the ker…
m4mbr3 Nov 28, 2024
f985457
Added s2e kprobe-based kernel module
m4mbr3 Dec 2, 2024
286f62d
Alternative script to generate the s2e images
m4mbr3 Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions Linux/s2e-kprobe/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Copyright (c) 2024 IBM Corporation
#
# Author: Andrea Mambretti <[email protected]>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

CONFIG_MODULE_SIG=n
KASAN_SANITIZE := n


# if KERNELRELEASE is defined, we've been invoked from the kernel build system and can use its language.
ifneq (${KERNELRELEASE},)
obj-m := s2e-kprobe.o
EXTRA_CFLAGS :="-I$(PWD)/include"
# Otherwise we were called directly from the command line.
# Invoke the kernel build system.
else
PWD := $(shell pwd)

default:
$(CFLAGS) $(MAKE) -C $(KERNELPATH) src=$(PWD) M=$(PWD)/s2e-$(KERNELFULL) modules
clean:
$(MAKE) -C $(KERNELPATH) src=$(PWD) M=$(PWD)/s2e-$(KERNELFULL) clean
install:
sudo insmod s2e-kprobe.ko
rm:
sudo rmmod s2e-kprobe
endif

216 changes: 216 additions & 0 deletions Linux/s2e-kprobe/include/s2e/decree/commands.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,216 @@
/// S2E Selective Symbolic Execution Platform
///
/// Copyright (c) 2015-2017, Cyberhaven
/// Copyright (c) 2017, Dependable Systems Laboratory, EPFL
///
/// Permission is hereby granted, free of charge, to any person obtaining a copy
/// of this software and associated documentation files (the "Software"), to
/// deal in the Software without restriction, including without limitation the rights
/// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
/// copies of the Software, and to permit persons to whom the Software is
/// furnished to do so, subject to the following conditions:
///
/// The above copyright notice and this permission notice shall be included in
/// all copies or substantial portions of the Software.
///
/// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
/// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
/// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
/// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
/// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
/// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
/// THE SOFTWARE.

#ifndef S2E_DECREE_COMMANDS_H
#define S2E_DECREE_COMMANDS_H

#ifdef __KERNEL__
#include <linux/types.h>
#else
#include <inttypes.h>
#endif

#include <s2e/linux/commands.h>

#ifdef __cplusplus
extern "C" {
#endif

#define S2E_DECREEMON_COMMAND_VERSION 0x202301082207ULL // date +%Y%m%d%H%M

enum S2E_DECREEMON_COMMANDS {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would make sense to move s2e-kprobe to https://github.com/S2E/s2e/tree/master/guest.
This way, you should be able to re-use existing header files from here: https://github.com/S2E/s2e/tree/master/guest/common/include/s2e/monitors/commands

Copy link
Member

@vitalych vitalych Dec 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, I removed DecreeMonitor support rom the kernel. You don't need to use any of its types / functions.

DECREE_SEGFAULT,
DECREE_PROCESS_LOAD,
DECREE_READ_DATA,
DECREE_WRITE_DATA,
DECREE_FD_WAIT,
DECREE_RANDOM,
DECREE_READ_DATA_POST,
DECREE_CONCOLIC_ON,
DECREE_CONCOLIC_OFF,
DECREE_GET_CFG_BOOL,
DECREE_HANDLE_SYMBOLIC_ALLOCATE_SIZE,
DECREE_HANDLE_SYMBOLIC_TRANSMIT_BUFFER,
DECREE_HANDLE_SYMBOLIC_RECEIVE_BUFFER,
DECREE_HANDLE_SYMBOLIC_RANDOM_BUFFER,
DECREE_COPY_TO_USER,
DECREE_UPDATE_MEMORY_MAP,
DECREE_SET_CB_PARAMS,
DECREE_INIT,
DECREE_KERNEL_PANIC,
DECREE_MODULE_LOAD,
DECREE_TASK_SWITCH
};

struct S2E_DECREEMON_COMMAND_READ_DATA {
uint64_t fd;
uint64_t buffer;
uint64_t buffer_size;
uint64_t size_expr_addr;
uint64_t result_addr;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_READ_DATA_POST {
uint64_t fd;
uint64_t buffer;
uint64_t buffer_size;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_WRITE_DATA {
uint64_t fd;
uint64_t buffer;
uint64_t buffer_size_addr;
uint64_t size_expr_addr;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_FD_WAIT {
uint64_t tv_sec;
uint64_t tv_nsec;
uint64_t has_timeout;
uint64_t nfds;
uint64_t invoke_orig;
int64_t result;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_SEG_FAULT {
uint64_t pc;
uint64_t address;
uint64_t fault;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_RANDOM {
uint64_t buffer;
uint64_t buffer_size;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_GET_CFG_BOOL {
uint64_t key_addr;
uint64_t value;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_HANDLE_SYMBOLIC_SIZE {
uint64_t size_addr;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_HANDLE_SYMBOLIC_BUFFER {
uint64_t ptr_addr;
uint64_t size_addr;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_COPY_TO_USER {
uint64_t user_addr;
uint64_t addr;
uint64_t count;
uint64_t done;
uint64_t ret;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_UPDATE_MEMORY_MAP {
uint64_t count;
uint64_t buffer;
} __attribute__((packed));

#define S2E_DECREEMON_MAX_SEED_SIZE 64
#define S2E_DECREEMON_DECREE_SEED_SIZE 48

struct S2E_DECREEMON_COMMAND_SET_CB_PARAMS {
int64_t cgc_max_transmit;
int64_t cgc_max_receive;
int64_t skip_rng_count;

/// \brief Guest pointer to the full seed.
///
/// This pointer is null in case no seed has been
/// passed to the CB as a command line argument.
/// Plugin code should not write to this pointer,
/// and instead use cgc_seed if it wants to modify
/// the existing seed or create a new one.
uint64_t cgc_seed_ptr;

/// \brief In/out length of the seed
///
/// The guest sets this value to the size of the existing
/// seed. Plugin code may overwrite it with the size of
/// the new seed, or set it to zero in case the existing
/// seed should be used.
int64_t cgc_seed_len;

/// \brief Output buffer that stores a new rng seed.
///
/// Plugin code may write a new seed to this buffer, up to
/// 64 bytes in size.
uint8_t cgc_seed[S2E_DECREEMON_MAX_SEED_SIZE];

} __attribute__((packed));

#define S2E_DECREEMON_VM_READ (1u << 0)
#define S2E_DECREEMON_VM_WRITE (1u << 1)
#define S2E_DECREEMON_VM_EXEC (1u << 2)

struct S2E_DECREEMON_VMA {
uint64_t start;
uint64_t end;
uint64_t flags;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_INIT {
uint64_t page_offset;
uint64_t start_kernel;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND_KERNEL_PANIC {
uint64_t message;
uint64_t message_size;
} __attribute__((packed));

struct S2E_DECREEMON_COMMAND {
uint64_t version;
enum S2E_DECREEMON_COMMANDS Command;
struct S2E_LINUXMON_TASK CurrentTask;
union {
struct S2E_LINUXMON_COMMAND_PROCESS_LOAD ProcessLoad;
struct S2E_LINUXMON_COMMAND_MODULE_LOAD ModuleLoad;
struct S2E_DECREEMON_COMMAND_READ_DATA Data;
struct S2E_DECREEMON_COMMAND_WRITE_DATA WriteData;
struct S2E_DECREEMON_COMMAND_FD_WAIT FDWait;
struct S2E_DECREEMON_COMMAND_SEG_FAULT SegFault;
struct S2E_DECREEMON_COMMAND_RANDOM Random;
struct S2E_DECREEMON_COMMAND_READ_DATA_POST DataPost;
struct S2E_DECREEMON_COMMAND_GET_CFG_BOOL GetCfgBool;
struct S2E_DECREEMON_COMMAND_HANDLE_SYMBOLIC_SIZE SymbolicSize;
struct S2E_DECREEMON_COMMAND_HANDLE_SYMBOLIC_BUFFER SymbolicBuffer;
struct S2E_DECREEMON_COMMAND_COPY_TO_USER CopyToUser;
struct S2E_DECREEMON_COMMAND_UPDATE_MEMORY_MAP UpdateMemoryMap;
struct S2E_DECREEMON_COMMAND_SET_CB_PARAMS CbParams;
struct S2E_DECREEMON_COMMAND_INIT Init;
struct S2E_DECREEMON_COMMAND_KERNEL_PANIC Panic;
struct S2E_LINUXMON_COMMAND_TASK_SWITCH TaskSwitch;
};
char currentName[32]; // not NULL terminated
} __attribute__((packed));

#ifdef __cplusplus
}
#endif

#endif
Loading