rCore OS
Replies: 20 comments 24 replies
-
|
目前研究了starry的代码,与郑友捷做了初步交流,得到了如下信息和计划: |
Beta Was this translation helpful? Give feedback.
-
|
@xushanpu123 https://cicvedu.com/course/101 中的“课堂回放”可以看到arceos组件OS的三次课的视频,请在这个周末学完吧,最好把练习也完成了。 |
Beta Was this translation helpful? Give feedback.
-
|
你的学习路线,好像对syzkaller没有啥关系。你定的这六点需要花多少时间?syzkaller有哪些应用组成?这些应用需要哪些syscall?在starry上还缺什么才能跑起来这些应用?你的学习路线都没有涉及。你在下周二能做得到啥?下周五能做到啥?我没看到。 |
Beta Was this translation helpful? Give feedback.
-
|
https://jborza.com/post/2021-05-11-riscv-linux-syscalls/ 先看这个页面,根据上面的脚本能否把riscv的 Linux 6.1 的内核整理一个syscall列表。 |
Beta Was this translation helpful? Give feedback.
-
|
收到! |
Beta Was this translation helpful? Give feedback.
-
|
已经使用该脚本获取了linux的450个系统调用,接下来将修改脚本将结果导出到excel |
Beta Was this translation helpful? Give feedback.
-
|
已经整理成了excel |
Beta Was this translation helpful? Give feedback.
-
|
工作链接: |
Beta Was this translation helpful? Give feedback.
-
|
我把 https://gitee.com/xushanpu/xsp-daily-work/tree/master/syscalls_analysis/res.xlsx 导入到腾讯共享文档里, 【腾讯文档】riscv-linux-syscalls |
Beta Was this translation helpful? Give feedback.
-
|
参考 这个项目里面的系统调用,整理第一步要实现的syscall列表。 |
Beta Was this translation helpful? Give feedback.
-
|
先把 这个 syscall.rs里面的 系统调用 更新到 https://gitee.com/xushanpu/xsp-daily-work/tree/master/syscalls_analysis 里面的execl文件里,做上实现优先级。 |
Beta Was this translation helpful? Give feedback.
-
|
用 excel 表格的 INDEX,MATCH,ISNUMBER,SEARCH 函数组合,实现了一个模糊匹配查找,可以对照 riscv linux syscalls 里的 syscall 函数名,找到在 umi 里实现的名称 @asmcos 是不是要这个效果? 
【腾讯文档】riscv-linux-syscalls |
Beta Was this translation helpful? Give feedback.
-
|
umi是西安交大同学做的。https://github.com/Azure-stars/Starry/ 是清华同学做的,基于arceos,目前刚通过了cyclictest https://github.com/Azure-stars/Starry/tree/feat/cyclictest。将来 @xushanpu123 也是基于 Starry做。 @asmcos @limingth |
Beta Was this translation helpful? Give feedback.
-
|
@limingth 就是这个效果。 |
Beta Was this translation helpful? Give feedback.
-
|
那现在第一阶段目标任务就是基于Starry,把busybox的 系统调用实现了。让busybox在Starry上运行起来 @xushanpu123 |
Beta Was this translation helpful? Give feedback.
-
|
这个很不错!每一列是什么含义,我还不清楚。最好还能进行各种查询【腾讯文档】riscv-linux-syscalls |
Beta Was this translation helpful? Give feedback.
-
|
已经给两个表都加上了 header 一栏做了解释,主要是从两张表的函数名,通过模糊匹配找出可能的关联关系,并统计总的数量。 |
Beta Was this translation helpful? Give feedback.
-
|
starry跑了一部分busybox指令。 |
Beta Was this translation helpful? Give feedback.
-
|
|
Beta Was this translation helpful? Give feedback.
-
|
已经完成了Starry系统调用的初步统计,在umi实现的102个syscalls中,starry实现了其中74个接口(具体是哪些接口已经在李明老师的表格中标记了),还有28个接口没有实现,下一步的目标是先实现这28个系统调用接口。 |
Beta Was this translation helpful? Give feedback.
-
|
好的,接下来就是挨个在Starry上去实现这28个syscall。 |
Beta Was this translation helpful? Give feedback.
-
|
37,_linkat,linkat,".map(READLINKAT, fd::readlinkat)",1 , |
Beta Was this translation helpful? Give feedback.
-
|
9.6工作总结: |
Beta Was this translation helpful? Give feedback.
-
|
今日工作: |
Beta Was this translation helpful? Give feedback.
-
|
9.7日 |
Beta Was this translation helpful? Give feedback.
-
|
利用接口open_at为切入点,做了个简单的代码分析,大概分析了一下starry和arceos的文件系统接口,分析到了node层次,目前应该够用了,分析链接: |
Beta Was this translation helpful? Give feedback.
-
|
今日工作: |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
https://kiprey.github.io/2021/11/syzkaller_1/ 一个看起来很不错的文档 |
Beta Was this translation helpful? Give feedback.
-
|
(前段时间有点事下线了一段时间)总之今天把syzkaller跑起来了 |
Beta Was this translation helpful? Give feedback.
-
|
跑是跑起来了,不过一晚上过去了,也没挖出什么洞(意料之中 |
Beta Was this translation helpful? Give feedback.
-
不过因为我按照用户文档的指示,运行的是一个稳定版本的linux,所以跑一晚上也没有什么漏洞也是正常的。
分3个部分。 syz-manager会启动好几个VMinstance(一般翻译成实例?),然后在VM中启动syz-fuzzer进程。 syz-fuzzer进程管fuzz的一系列流程。它跑在等待被测试的不稳定的VM里面。(也就是说syz-fuzzer(看起来是一个用户态进程)会用到什么系统调用,那就是被测试的内核需要支持的功能)然后它就会去引导fuzz的那一套流程。通过RPC和syz-manager通信。它生成的输入似乎就是一系列的系统调用。(好神奇 每个syz-executor会执行一次用户输入(用户输入就是一系列的系统调用),它接收syz-fuzzer给出的用户输入,然后执行,然后将结果返回。通过共享内存和fuzzer通信。 |
Beta Was this translation helpful? Give feedback.
-
不过因为我按照用户文档的指示,运行的是一个稳定版本的linux,所以跑一晚上也没有什么漏洞也是正常的。
分3个部分。 syz-manager会启动好几个VMinstance(一般翻译成实例?),然后在VM中启动syz-fuzzer进程。 syz-fuzzer进程管fuzz的一系列流程。它跑在等待被测试的不稳定的VM里面。(也就是说syz-fuzzer(看起来是一个用户态进程)会用到什么系统调用,那就是被测试的内核需要支持的功能)然后它就会去引导fuzz的那一套流程。通过RPC和syz-manager通信。它生成的输入似乎就是一系列的系统调用。(好神奇 每个syz-executor会执行一次用户输入(用户输入就是一系列的系统调用),它接收syz-fuzzer给出的用户输入,然后执行,然后将结果返回。通过共享内存和fuzzer通信。 |
Beta Was this translation helpful? Give feedback.
-
|
总之我觉得,既然syz-fuzzer是跑在带测试的VM里面的,那么syz-fuzzer会用到什么内核功能,就是移植到新的内核上要写的东西。 总之把syz-fuzzer的代码看了一遍。(虽然不知道有什么用··· 一些关键问题:
此外关于syzkaller的源码分析: syz如何描述自己要测试的系统调用?以及在Linux上增加一个新的系统调用后如何用syzkaller进行测试,见: 这些系统调用模板通过syz-extract和syz-sysgen翻译成syzkaller使用的代码 |
Beta Was this translation helpful? Give feedback.
-
|
哦,对这个流程恍然大悟(大雾 |
Beta Was this translation helpful? Give feedback.
-
|
既然如此,我觉得可以先开始写点东西,比如说先支持sshd for rt-thread。(怎么做啊QAQ |
Beta Was this translation helpful? Give feedback.
-
|
所以为什么要做这个?统计它有啥用啊QAQ |
Beta Was this translation helpful? Give feedback.
-
|
还是先看下这个吧。https://www.rt-thread.io/document/site/programming-manual/basic/basic/ |
Beta Was this translation helpful? Give feedback.
-
|
The thread scheduler of RT-Thread is preemptive and its main job is to find the highest priority thread from the list of ready threads so as to ensure that the highest priority thread can be run. Once the highest priority task is ready, it can always get the CPU usage right. https://www.rt-thread.io/document/site/programming-manual/thread/thread/ dinamic thread and static thread 线程管理感觉跟普通OS好像没什么明显区别(?不确定再看看 clockIn RT-Thread, the length of clock tick can be adjusted according to the value of RT_TICK_PER_SECOND, which is equal to 1/RT_TICK_PER_SECOND second. Software timer是rt-tick的整数倍 可以创建并且激活很多个timer,然后他们通过一个叫做rt_timer_list的东西按照顺序组织起来。还有一个Timer Skip List Algorithm让插入timer的复杂度是O(logn)。 后面讲了很多timer的用法。 Inter-thread Synchronization(srds这样干看好没意思啊=,=而且好像对写代码没什么帮助 |
Beta Was this translation helpful? Give feedback.
-
|
啊啊啊为什么rt-thread的env工具只有Windows能用··· |
Beta Was this translation helpful? Give feedback.
-
|
其实是要测试下fuzzer需要什么系统调用。那么能不能想个办法单独跑一下syz-fuzzer?比如说我觉得我应该在某个Linux机器上单独跑一下这个syz-fuzzer,然后测试系统调用。 |
Beta Was this translation helpful? Give feedback.
-
目标:(学术研究类)移植skyzaller kernel fuzzing工具到Rust-base OS上
目前全国大学生操作系统比赛内核赛道的很多参赛队实现的OS能够支持Linux应用,所以需要在参赛队自己写的内核上支持运行syzkaller for linux这个内核fuzzing测试工具。
具体步骤
参考syzkaller内核fuzzing测试工具的工作流程列出如下内核功能需支持的要求。硬件环境是qemu for riscv64。总分100分。
参考
linux syscall相关信息
注:偏学术研究类
如有兴趣一起来探索,请联系我 yuchen AT tsinghua.edu.cn OR 微信 id chyyuu
Beta Was this translation helpful? Give feedback.
All reactions