├── README.md
├── create-image.sh
├── gdb.sh
├── run.sh
├── run_kmod.sh
├── run_mitigated.sh
├── run_python.sh
└── ssh.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # kernel-scripts
 2 | A curated collection of scripts for kernel-related devops.
 3 | 
 4 | ### Workflow
 5 | Typical usage starts out with running `create-image.sh` to create an image, then running it using `run.sh`. Once the kernel is live, one can use the other scripts like `ssh.sh` and `gdb.sh` to interact. 
 6 | 
 7 | 
 8 | ### Scripts
 9 | | Name | Description | 
10 | |-|-|
11 | | [`create-image.sh`](create-image.sh) | Creates an qemu disk image for debugging purposes, using [Syzkaller's script](https://github.com/google/syzkaller/blob/master/tools/create-image.sh): `./create-image.sh` |
12 | | [`gdb.sh`](gdb.sh) | Sets up an GDB session for the debugged kernel: `./gdb.sh <kernel_dir>`. |
13 | | [`run_kmod.sh`](run_kmod.sh) | Starts a kernel module through ssh: `./run_kmod.sh <kmod_name> <kmod_path>`. |
14 | | [`run_python.sh`](run_python.sh) | Runs a python script (with stdout) through ssh: `./run_python.sh <file_path>` |
15 | | [`run.sh`](run.sh) | Runs a kernel in QEMU with GDB server (port: 1234) and SSH (port: 10021): `./run.sh <kernel_dir>` |
16 | | [`ssh.sh`](ssh.sh) | Starts an SSH session, with possible command: `./ssh.sh [command]` |
17 | 


--------------------------------------------------------------------------------
/create-image.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env sh
 2 | 
 3 | export IMAGE="./image"
 4 | 
 5 | mkdir "$IMAGE"
 6 | cd "$IMAGE/"
 7 | wget https://raw.githubusercontent.com/google/syzkaller/master/tools/create-image.sh -O create-image.sh
 8 | chmod +x create-image.sh
 9 | ./create-image.sh
10 | 


--------------------------------------------------------------------------------
/gdb.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 | 
3 | gdb "$1/vmlinux"
4 | 
5 | 


--------------------------------------------------------------------------------
/run.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env sh
 2 | 
 3 | export IMAGE="./image"
 4 | export IMAGE_DISK="$IMAGE/bullseye.img"
 5 | export IMAGE_MNT="$IMAGE/mnt"
 6 | 
 7 | qemu-system-x86_64 \
 8 | 	-m 10G \
 9 | 	-kernel "$1/arch/x86/boot/bzImage" \
10 | 	-append "console=ttyS0 root=/dev/sda earlyprintk=serial net.ifnames=0 kasan_multi_shot=1 nokaslr nosmep nosmap nokpti" \
11 | 	-drive "file=$IMAGE_DISK,format=raw" \
12 | 	-netdev user,id=net0,net=192.168.76.0/24,hostfwd=tcp::10021-:22,hostfwd=tcp::8008-:8008 \
13 | 	-device virtio-net-pci,netdev=net0 \
14 | 	-enable-kvm \
15 | 	-smp 2 \
16 | 	-nographic \
17 | 	-pidfile vm.pid \
18 | 	-gdb tcp::1234 \
19 | 	-virtfs "local,path=$IMAGE_MNT,mount_tag=host0,security_model=passthrough,id=host0" \
20 | 	-virtfs "local,path=/mnt,mount_tag=host1,security_model=passthrough,id=host1" \
21 | 	2>&1 | tee vm.log
22 | 


--------------------------------------------------------------------------------
/run_kmod.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 | 
3 | export IMAGE="./image"
4 | export IMAGE_PRIVKEY="$IMAGE/bullseye.id_rsa"
5 | 
6 | scp -i "$IMAGE_PRIVKEY" -P 10021 -o "StrictHostKeyChecking no" "$1" root@localhost:/tmp/mod.ko && \
7 | ssh -i "$IMAGE_PRIVKEY" -p 10021 -o "StrictHostKeyChecking no" root@localhost "rmmod $2; insmod /tmp/mod.ko"
8 | 
9 | 


--------------------------------------------------------------------------------
/run_mitigated.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env sh
 2 | 
 3 | export IMAGE="./image"
 4 | export IMAGE_DISK="$IMAGE/bullseye.img"
 5 | export IMAGE_MNT="$IMAGE/mnt"
 6 | 
 7 | qemu-system-x86_64 \
 8 | 	-m 1024M \
 9 | 	-kernel "$1/arch/x86/boot/bzImage" \
10 | 	-append "console=ttyS0 root=/dev/sda earlyprintk=serial net.ifnames=0 kasan_multi_shot=1" \
11 | 	-drive "file=$IMAGE_DISK,format=raw" \
12 | 	-netdev user,id=net0,net=192.168.76.0/24,hostfwd=tcp::10021-:22,hostfwd=tcp::8008-:8008 \
13 | 	-device virtio-net-pci,netdev=net0 \
14 | 	-device virtio-serial \
15 | 	-nographic \
16 | 	-enable-kvm \
17 | 	-smp 2 \
18 | 	-pidfile vm.pid \
19 | 	-gdb tcp::1234 \
20 | 	-virtfs "local,path=$IMAGE_MNT,mount_tag=host0,security_model=passthrough,id=host0" \
21 | 	-virtfs "local,path=/mnt,mount_tag=host1,security_model=passthrough,id=host1" \
22 | #	2>&1 | tee vm.log
23 | 


--------------------------------------------------------------------------------
/run_python.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env sh
 2 | 
 3 | export IMAGE="./image"
 4 | export IMAGE_PRIVKEY="$IMAGE/bullseye.id_rsa"
 5 | 
 6 | scp -i "$IMAGE_PRIVKEY" -P 10021 -o "StrictHostKeyChecking no" "$1" root@localhost:/tmp/script
 7 | ssh -i "$IMAGE_PRIVKEY" -p 10021 -o "StrictHostKeyChecking no" root@localhost "
 8 | if ! command -v python3 &>/dev/null; then
 9 |     apt update -y && apt install python3 -y
10 | fi
11 | 
12 | cd /tmp && chmod +x ./script && TERM=$TERM ./script $2 $3 $4 $5"
13 | 


--------------------------------------------------------------------------------
/ssh.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 | 
3 | export IMAGE="./image"
4 | export IMAGE_PRIVKEY="$IMAGE/bullseye.id_rsa"
5 | 
6 | ssh -i "$IMAGE_PRIVKEY" -o "StrictHostKeyChecking no" -p 10021 root@127.0.0.1 $1
7 | 


--------------------------------------------------------------------------------