mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-11 01:31:37 +00:00
fff7f1c558
* Pure Python (3.6) port of benchmark.sh as benchmark.py, no other changes * Test standard and persistent modes separately * Add support for multi-core benchmarking * Save the results to a json file * Allow config of all experiment params, average across runs * Add start_time_of_run and total_execs_per_sec, cleanup for PR * benchmark: cleanup, add results, add a data exploration notebook * benchmark: add a README, lower default runs from 5 to 3 * benchmark: notebook wording tweaks * copy 'detect_leaks=0' from ASAN to LSAN fix for issue #1733, set "detect_leaks=0" when ASAN_OPTIONS contains it and LSAN_OPTIONS are not set. * fix of fix: make sure ASAN_OPTIONS and LSAN_OPTIONS agree on leak detection * fix lsan fix * clang-format 16->17 * Add missing initialisation for havoc_queued during the custom mutator's stage. * fix dictionary and cmin * Use direct call to write to OpenBSD The linker on OpenBSD emits a warning when linking this file: warning: syscall() may go away, please rewrite code to use direct calls * Fix possible doc inconsistency for custom mutator's queue_get function. * update todos * benchmark: Add support for COMPARISON file * benchmark: show the number of cores used in COMPARISON * benchmark: lower minimum Python version to 3.8 * benchmark: use afl's execs/s; increase CPU model width * benchmark: disallow duplicate entries for the same CPU in COMPARISON * Update benchmark.py * fix inf in stats * Fix benchmark.py * missing closing parenthesis * Update benchmark.py * benchmark: remove self-calculation of execs/sec * benchmark: update COMPARISON * benchmark: Update Jupyter notebook and results file. * benchmark: rename afl_execs_per_sec to execs_per_sec * benchmark: update README * update * add benchmark * nits * add benchmarks * Update unicornafl ref * Pass correct Nyx ID when creating a Nyx runner * Fix typo in docker pull command, add exampe to mount current dir as volume (#1914) * mini fix * add custom_post_run.c * update afl-fuzz-run * update python module * format code * update * merge function * changes * code format * improve cmplog * nit * nit * fix * fix * Stop hardcoding the path /usr/local/lib/afl in afl-ld-lto.c and respect the configured PREFIX. * Add benchmark for Raspberry Pi 5 * ryzen 5950 benchmark * add missing raspery5 * comparison -> comparison.md * removing options "-Wl,-rpath" "LLVM_LIBDIR" when using gcc * fixing -Wl,-rpath=<LLVM_LIBDIR> * nits * fix * afl-cc fixes * nit * add n_fuzz to ignore_timeouts * fix * Fix #1927 * in-depth blog post * add AFL_FUZZER_LOOPCOUNT * AFL_FUZZER_LOOPCOUNT * fix 2 mutation bugs * v4.09c release * v4.10a init * switch to explore powerschedule as default * fix MUT_INSERTASCIINUM * fix MUT_STRATEGY_ARRAY_SIZE * fix bad fix for MUT_STRATEGY_ARRAY_SIZE * remove afl-network-client on uninstall * update nyx * Improve binary-only related docs * llvm 18 build fixes. * code format * Fix custom_send link Add a leading '/' to walk in the repo root instead of current dir. * Use ../ instead * initial simple injection detection support * inject docs * fix for issue #1916, iLLVM crash in split-floatingpoint-compares * LLVM 17 bug workaround * finish injection implementation * remove tmp todo * update changelog * forgot to add the injection pass * Output afl-clang-fast stuffs only if necessary (#1912) * afl-cc header * afl-cc common declarations - Add afl-cc-state.c - Strip includes, find_object, debug/be_quiet/have_*/callname setting from afl-cc.c - Use debugf_args in main - Modify execvp stuffs to fit new aflcc struct * afl-cc show usage * afl-cc mode selecting 1. compiler_mode by callname in argv[0] 2. compiler_mode by env "AFL_CC_COMPILER" 3. compiler_mode/instrument_mode by command line options "--afl-..." 4. instrument_mode/compiler_mode by various env vars including "AFL_LLVM_INSTRUMENT" 5. final checking steps 6. print "... - mode: %s-%s\n" 7. determine real argv[0] according to compiler_mode * afl-cc macro defs * afl-cc linking behaviors * afl-cc fsanitize behaviors * afl-cc misc * afl-cc body update * afl-cc all-in-one formated with custom-format.py * nits --------- Co-authored-by: vanhauser-thc <vh@thc.org> * changelog * update grammar mutator * lto llvm 12+ * docs(custom_mutators): fix missing ':' (#1953) * Fix broken LTO mode and response file support (#1948) * Strip `-Wl,-no-undefined` during compilation (#1952) Make the compiler wrapper stripping `-Wl,-no-undefined` in addition to `-Wl,--no-undefined`. Both versions of the flag are accepted by clang and, therefore, used by building systems in the wild (e.g., samba will not build without this fix). * Remove dead code in write_to_testcase (#1955) The custom_mutators_count check in if case is duplicate with if condition. The else case is custom_mutators_count == 0, neither custom_mutator_list iteration nor sent check needed. Signed-off-by: Xeonacid <h.dwwwwww@gmail.com> * update qemuafl * WIP: Add ability to generate drcov trace using QEMU backend (#1956) * Document new drcov QEMU plugin * Add link to lightkeeper for QEMU drcov file loading --------- Co-authored-by: Jean-Romain Garnier <jean-romain.garnier@airbus.com> * code format * changelog * sleep on uid != 0 afl-system-config * fix segv about skip_next, warn on unsupported cases of linking options (#1958) * todos * ensure afl-cc only allows available compiler modes * update grammar mutator * disable aslr on apple * fix for arm64 * help selective instrumentation * typos * macos * add compiler test script * apple fixes --------- Signed-off-by: Xeonacid <h.dwwwwww@gmail.com> Co-authored-by: Chris Ball <chris@printf.net> Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com> Co-authored-by: hexcoder- <heiko@hexco.de> Co-authored-by: Manuel Carrasco <m.carrasco@imperial.ac.uk> Co-authored-by: Jasper Lievisse Adriaanse <j@jasper.la> Co-authored-by: ifyGecko <26214995+ifyGecko@users.noreply.github.com> Co-authored-by: Dominik Maier <domenukk@gmail.com> Co-authored-by: Christian Holler (:decoder) <choller@mozilla.com> Co-authored-by: Carlo Maragno <ste.maragno@gmail.com> Co-authored-by: yangzao <yangzaocn@outlook.com> Co-authored-by: Romain Geissler <romain.geissler@amadeus.com> Co-authored-by: Jakob Lell <jakob@jakoblell.com> Co-authored-by: vincenzo MEZZELA <vincenzo.mezzela@amadeus.com> Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com> Co-authored-by: Bet4 <0xbet4@gmail.com> Co-authored-by: David Carlier <devnexen@gmail.com> Co-authored-by: Xeonacid <h.dwwwwww@gmail.com> Co-authored-by: Sonic <50692172+SonicStark@users.noreply.github.com> Co-authored-by: Nils Bars <nils.bars@rub.de> Co-authored-by: Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com> Co-authored-by: Jean-Romain Garnier <jean-romain.garnier@airbus.com>
144 lines
5.9 KiB
Bash
Executable File
144 lines
5.9 KiB
Bash
Executable File
#!/bin/sh
|
|
test "$1" = "-h" -o "$1" = "-hh" -o "$1" = "--help" && {
|
|
echo 'afl-system-config by Marc Heuse <mh@mh-sec.de>'
|
|
echo
|
|
echo $0
|
|
echo
|
|
echo afl-system-config has no command line options
|
|
echo
|
|
echo afl-system-config reconfigures the system to a high performance fuzzing state.
|
|
echo "WARNING: this reduces the security of the system!"
|
|
echo
|
|
echo Note that there is also afl-persistent-config which sets additional permanent
|
|
echo configuration options.
|
|
exit 0
|
|
}
|
|
if [ $# -ne 0 ]; then
|
|
echo "ERROR: Unknown option(s): $@"
|
|
exit 1
|
|
fi
|
|
|
|
DONE=
|
|
PLATFORM=`uname -s`
|
|
echo This reconfigures the system to have a better fuzzing performance.
|
|
echo "WARNING: this reduces the security of the system!"
|
|
echo
|
|
if [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then
|
|
echo "Warning: you need to be root to run this!"
|
|
sleep 1
|
|
# we do not exit as other mechanisms exist that allows to do this than
|
|
# being root. let the errors speak for themselves.
|
|
fi
|
|
sleep 1
|
|
if [ "$PLATFORM" = "Linux" ] ; then
|
|
{
|
|
sysctl -w kernel.core_uses_pid=0
|
|
# Arch Linux requires core_pattern to be empty :(
|
|
test -e /etc/arch-release && sysctl -w kernel.core_pattern=
|
|
test -e /etc/arch-release || sysctl -w kernel.core_pattern=core
|
|
sysctl -w kernel.randomize_va_space=0
|
|
sysctl -w kernel.sched_child_runs_first=1
|
|
sysctl -w kernel.sched_autogroup_enabled=1
|
|
sysctl -w kernel.sched_migration_cost_ns=50000000 2>/dev/null
|
|
sysctl -w kernel.sched_latency_ns=250000000 2>/dev/null
|
|
echo never > /sys/kernel/mm/transparent_hugepage/enabled
|
|
test -e /sys/devices/system/cpu/cpufreq/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/scaling_governor
|
|
test -e /sys/devices/system/cpu/cpufreq/policy0/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/policy*/scaling_governor
|
|
test -e /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
|
|
test -e /sys/devices/system/cpu/intel_pstate/no_turbo && echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
|
|
test -e /sys/devices/system/cpu/cpufreq/boost && echo 1 > /sys/devices/system/cpu/cpufreq/boost
|
|
test -e /sys/devices/system/cpu/intel_pstate/max_perf_pct && echo 100 > /sys/devices/system/cpu/intel_pstate/max_perf_pct
|
|
test -n "$(which auditctl)" && auditctl -a never,task >/dev/null 2>&1
|
|
} > /dev/null
|
|
echo Settings applied.
|
|
echo
|
|
dmesg | grep -E -q 'noibrs pcid nopti' || {
|
|
echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this:
|
|
echo ' /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs pcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=on pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"'
|
|
echo
|
|
}
|
|
echo If you run fuzzing instances in docker, run them with \"--security-opt seccomp=unconfined\" for more speed.
|
|
echo
|
|
DONE=1
|
|
fi
|
|
if [ "$PLATFORM" = "FreeBSD" ] ; then
|
|
{
|
|
sysctl kern.elf32.aslr.enable=0
|
|
sysctl kern.elf64.aslr.enable=0
|
|
} > /dev/null
|
|
echo Settings applied.
|
|
echo
|
|
cat <<EOF
|
|
In order to suppress core file generation during fuzzing it is recommended to set
|
|
me:\\
|
|
:coredumpsize=0:
|
|
in the ~/.login_conf file for the user used for fuzzing.
|
|
EOF
|
|
echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this:
|
|
echo ' sysctl hw.ibrs_disable=1'
|
|
echo 'Setting kern.pmap.pg_ps_enabled=0 into /boot/loader.conf might be helpful too.'
|
|
echo
|
|
DONE=1
|
|
fi
|
|
if [ "$PLATFORM" = "OpenBSD" ] ; then
|
|
doas sysctl vm.malloc_conf=
|
|
echo 'Freecheck on allocation in particular can be detrimental to performance.'
|
|
echo 'Also we might not want necessarily to abort at any allocation failure.'
|
|
echo 'System security features cannot be disabled on OpenBSD.'
|
|
echo
|
|
DONE=1
|
|
fi
|
|
if [ "$PLATFORM" = "DragonFly" ] ; then
|
|
#/sbin/sysctl kern.corefile=/dev/null
|
|
#echo Settings applied.
|
|
cat <<EOF
|
|
In order to suppress core file generation during fuzzing it is recommended to set
|
|
me:\\
|
|
:coredumpsize=0:
|
|
in the ~/.login_conf file for the user used for fuzzing.
|
|
EOF
|
|
echo
|
|
DONE=1
|
|
fi
|
|
if [ "$PLATFORM" = "NetBSD" ] ; then
|
|
{
|
|
/sbin/sysctl -w security.models.extensions.user_set_cpu_affinity=1
|
|
} > /dev/null
|
|
echo Settings applied.
|
|
echo
|
|
DONE=1
|
|
fi
|
|
if [ "$PLATFORM" = "Darwin" ] ; then
|
|
sysctl kern.sysv.shmmax=524288000
|
|
sysctl kern.sysv.shmmin=1
|
|
sysctl kern.sysv.shmseg=48
|
|
sysctl kern.sysv.shmall=131072000
|
|
echo Settings applied.
|
|
echo
|
|
if $(launchctl list 2>/dev/null | grep -q '\.ReportCrash\>') ; then
|
|
echo
|
|
echo Unloading the default crash reporter
|
|
SL=/System/Library; PL=com.apple.ReportCrash
|
|
sudo -u "$SUDO_USER" launchctl unload -w ${SL}/LaunchAgents/${PL}.plist
|
|
launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist
|
|
echo
|
|
fi
|
|
echo It is recommended to disable System Integrity Protection for increased performance.
|
|
echo See: https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection
|
|
echo
|
|
DONE=1
|
|
fi
|
|
if [ "$PLATFORM" = "Haiku" ] ; then
|
|
DEBUG_SERVER_DIR=~/config/settings/system/debug_server
|
|
[ ! -d ${DEBUG_SERVER_DIR} ] && mkdir -p ${DEBUG_SERVER_DIR}
|
|
SETTINGS=${DEBUG_SERVER_DIR}/settings
|
|
[ -r ${SETTINGS} ] && grep -qE "default_action\s+kill" ${SETTINGS} && { echo "Nothing to do"; } || { \
|
|
echo We change the debug_server default_action from user to silently kill; \
|
|
[ ! -r ${SETTINGS} ] && echo "default_action kill" >${SETTINGS} || { mv ${SETTINGS} s.tmp; sed -e "s/default_action\s\s*user/default_action kill/" s.tmp > ${SETTINGS}; rm s.tmp; }; \
|
|
echo Settings applied.; echo; \
|
|
}
|
|
DONE=1
|
|
fi
|
|
test -z "$DONE" && echo Error: Unknown platform: $PLATFORM
|
|
exit 0
|