Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel

Setting up

Install dependencies, including go-task as a task-runner:

sudo apt install build-essential clang-11 lld-11 libelf-dev qemu-system-x86 bison flex golang libssl-dev cmake debootstrap python3-pexpect socat ninja-build ccache
sudo sh -c "$(curl -ssL https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin

Initialize/update git submodules (this will take awhile the first time it's run):

task update

Building

Create an initramfs and a disk image to be used with syzkaller:

task initramfs:create
task syzkaller:create-image

Build syzkaller with Kasper support:

task syzkaller:build

Configure and build LLVM with Kasper support:

task llvm:config llvm:build

Configure and build a Kasper-instrumented Linux kernel:

task kernel:config build kernel:bzImage

Running

Test that the instrumented kernel runs correctly:

task qemu:test

Fuzz the instrumented kernel:

task syzkaller:run-nobench

Evaluation

To aggregate gadgets and run the evaluation please check out kasper-results.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
kasper-results @ 98693b7		kasper-results @ 98693b7
kdfsan-linux @ e8d7519		kdfsan-linux @ e8d7519
kdfsan-llvm-project @ ed64228		kdfsan-llvm-project @ ed64228
kdfsan-syzkaller @ 23f167e		kdfsan-syzkaller @ 23f167e
passes		passes
scripts		scripts
static		static
taskfiles		taskfiles
.gitignore		.gitignore
.gitmodules		.gitmodules
CMakeLists.txt		CMakeLists.txt
LICENSE		LICENSE
README.md		README.md
Taskfile.yml		Taskfile.yml
syzkaller.cfg.template		syzkaller.cfg.template

License

0x6b7966/kasper

Folders and files

Latest commit

History

Repository files navigation

Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel

Setting up

Building

Running

Evaluation

About

Resources

License

Stars

Watchers

Forks

Languages