examples: zephyr: Revive Zephyr's sample

zephyr_x86_32/.dockerignore

@@ -0,0 +1 @@
+zephyr/

zephyr_x86_32/CMakeLists.txt

@@ -2,14 +2,18 @@
 
 cmake_minimum_required(VERSION 3.13.1)
 
-include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
 
-project(kafl_agent)
-target_sources(app PRIVATE src/main.c)
+project(kafl_agent LANGUAGES C)
 set_property(TARGET app PROPERTY C_STANDARD 99)
 
+target_sources(app PRIVATE src/main.c)
+# add root kafl.targets directory to include path to find nyx_api.h header
+target_include_directories(app PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/..)
+# add /usr/local/include in case we are in the Docker container
+target_include_directories(app PRIVATE /usr/local/include)
+
 # Select a fuzzing target at a time, e.g. ``cmake ../ -D KAFL_TEST=y''
 target_sources_ifdef(KAFL_TEST  app PRIVATE src/target_test.c)
 target_sources_ifdef(KAFL_FS    app PRIVATE src/target_fs.c)
 target_sources_ifdef(KAFL_JSON  app PRIVATE src/target_json.c)
-

zephyr_x86_32/Dockerfile

@@ -0,0 +1,11 @@
+FROM zephyrprojectrtos/zephyr-build
+
+ARG ZEPHYR_VER=v3.4.0
+ENV ZEPHYR_BASE=/opt/zephyr
+ENV ZEPHYR_SDK_INSTALL_DIR=/opt/toolchains/zephyr-sdk-0.16.3-rc1
+USER root
+
+# setup Zephyr
+RUN west init --mr ${ZEPHYR_VER} $(dirname ${ZEPHYR_BASE})
+WORKDIR /workdir
+RUN west update

zephyr_x86_32/prj.conf

@@ -36,3 +36,4 @@ CONFIG_DISK_ACCESS=y
 CONFIG_FILE_SYSTEM=y
 CONFIG_FAT_FILESYSTEM_ELM=y
 
+CONFIG_QEMU_ICOUNT=n

zephyr_x86_32/run.sh

@@ -11,74 +11,13 @@ SCRIPT_ROOT="$(dirname "$(realpath "$0")")"
 
 KAFL_OPTS="-p $(nproc) --grimoire --redqueen -t 1 -ts 0.05"
 
-# recent Zephyr uses qemu -icount and fails to boot with -enable-kvm
-#ZEPHYR_VERSION="v2.4.0"
-ZEPHYR_VERSION="v2.3.0"
-
-# default toolchain setup
-SDK_URL="https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v0.11.3/zephyr-sdk-0.11.3-setup.run"
-export ZEPHYR_TOOLCHAIN_VARIANT=zephyr
-export ZEPHYR_SDK_INSTALL_DIR=$HOME/zephyr-sdk/
-export ZEPHYR_ROOT=$WORKSPACE/zephyrproject
-
 function fail {
 	echo
 	echo -e "$1"
 	echo
 	exit 1
 }
 
-function fetch_zephyr() {
-	if test -d "$ZEPHYR_BASE"; then
-	   echo "ZEPHYR_BASE is already set. Skipping install."
-	   return
-	fi
-
-	echo -e "\nAttempting to fetch Zephyr and dependencies using sudo apt, west and pip3.\n\n\tHit Enter to continue or ctrl-c to abort."
-	read
-	echo "[*] Fetching dependencies.. (sudo apt)"
-	# https://docs.zephyrproject.org/latest/getting_started/installation_linux.html
-	sudo apt-get update
-	sudo apt-get upgrade
-	sudo apt-get install --no-install-recommends \
-		git cmake ninja-build gperf ccache dfu-util \
-		device-tree-compiler wget python3-pip python3-setuptools \
-		python3-wheel python3-yaml xz-utils file make gcc gcc-multilib
-
-	# missing deps on Ubuntu?
-	sudo apt-get install python3-pyelftools
-
-	echo "[-] Fetching Zephyr components to $ZEPHYR_ROOT"
-	pip3 install west
-	which west || fail "Error: ~/.local/bin not in \$PATH?"
-	pushd $(dirname $ZEPHYR_ROOT)
-	west init --mr $ZEPHYR_VERSION $(basename $ZEPHYR_ROOT)
-	cd zephyrproject
-	west update
-	pip3 install -r zephyr/scripts/requirements.txt
-	popd
-}
-
-function fetch_sdk() {
-	if test -d "$ZEPHYR_SDK_INSTALL_DIR"; then
-		echo "ZEPHYR_SDK_INSTALL_DIR is already set. Skipping install."
-		return
-	fi
-
-	# Download Zephyr SDK. Not pretty.
-	INSTALLER=$ZEPHYR_ROOT/$(basename $SDK_URL)
-
-	echo -e "\nAttempting to fetch and execute Zephyr SDK installer from\n$SDK_URL\n\n\tHit Enter to continue or ctrl-c to abort."
-	read
-	wget -c -O $INSTALLER $SDK_URL
-	bash $INSTALLER
-}
-
-function source_env() {
-	# source if available, complain only if needed
-	test -f "$ZEPHYR_ROOT/zephyr/zephyr-env.sh" && source $ZEPHYR_ROOT/zephyr/zephyr-env.sh
-}
-
 function check_deps() {
 	test -d "$ZEPHYR_BASE" || fail "Could not find Zephyr install. Exit."
 	test -d "$ZEPHYR_SDK_INSTALL_DIR"  || fail "Could not find Zephyr SDK. Exit."
@@ -100,14 +39,7 @@ function build_app() {
 	# select target app / variant
 	APP=$1; shift
 
-	pushd $SCRIPT_ROOT
-	test -d build && rm -rf build
-   	mkdir build || fail "Could not create build/ directory. Exit."
-	cd build
-	#cmake -GNinja -DBOARD=qemu_x86_64 -DKAFL_${APP}=y ..
-	cmake -GNinja -DBOARD=qemu_x86 -DKAFL_${APP}=y ..
-	ninja
-	popd
+	west build -p -b qemu_x86 $SCRIPT_ROOT -d ${SCRIPT_ROOT}/build -- -DKAFL_${APP}=y
 }
 
 function fuzz() {
@@ -218,7 +150,6 @@ function usage() {
 	echo "Usage: $0 <cmd> <args>"
 	echo
 	echo Available commands:
-	echo -e "\tzephyr                - install Zephyr SDK, or display detected setup"
 	echo -e "\tbuild <TEST|JSON|FS>  - build the test, json or fs fuzzing sample"
 	echo -e "\tfuzz [args]           - fuzz the currently build sample with optional kAFL args"
 	echo -e "\tnoise <input>         - execute input many times and monitor coverage"
@@ -228,17 +159,9 @@ function usage() {
 	exit
 }
 
-
 CMD=$1; shift || usage
 
-source_env
-
 case $CMD in
-	"zephyr")
-		fetch_zephyr
-		fetch_sdk
-		check_deps
-		;;
 	"fuzz")
 		fuzz $*
 		;;

zephyr_x86_32/src/main.c

@@ -4,18 +4,17 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-#include <zephyr.h>
-#include <kernel.h>
-#include <fatal.h>
-#include <sys/check.h>
+#include <zephyr/kernel.h>
+#include <zephyr/fatal.h>
+#include <zephyr/sys/check.h>
 
 #include <stdlib.h>
 #include <stdint.h>
 #include <stdbool.h>
 #include <string.h>
 
 #define _GNU_SOURCE
-#include "../../nyx_api.h"
+#include <nyx_api.h>
 #include "target.h"
 
 #define PAYLOAD_MAX_SIZE (128*1024)

zephyr_x86_32/src/target_fs.c

@@ -10,9 +10,9 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-#include <zephyr.h>
-#include <kernel.h>
-#include <fs/fs.h>
+#include <zephyr/zephyr.h>
+#include <zephyr/kernel.h>
+#include <zephyr/fs/fs.h>
 #include <ff.h>
 
 #include <string.h>

zephyr_x86_32/src/target_json.c

@@ -8,9 +8,8 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-#include <zephyr.h>
-#include <kernel.h>
-#include <data/json.h>
+#include <zephyr/kernel.h>
+#include <zephyr/data/json.h>
 
 #include <string.h>
 #include <sys/types.h>

zephyr_x86_32/src/target_test.c

@@ -9,8 +9,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-#include <zephyr.h>
-#include <kernel.h>
+#include <zephyr/kernel.h>
 
 #include <string.h>
 #include <sys/types.h>