lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 6 Jul 2016 18:38:11 +0800
From:	"Zhangjian (Bamvor)" <bamvor.zhangjian@...wei.com>
To:	Dmitry Vyukov <dvyukov@...gle.com>
CC:	syzkaller <syzkaller@...glegroups.com>,
	LKML <linux-kernel@...r.kernel.org>,
	<linux-arch@...r.kernel.org>, <libc-alpha@...rceware.org>,
	<trinity@...r.kernel.org>, <aponomarenko@...alab.ru>,
	Jess Hertz <jesse.hertz@...group.trust>,
	"Tim Newsham" <tim.newsham@...group.trust>,
	Arnd Bergmann <arnd@...db.de>,
	"Catalin Marinas" <catalin.marinas@....com>,
	Mark Brown <broonie@...nel.org>, <joseph@...esourcery.com>,
	<maxim.kuvyrkov@...aro.org>,
	Yury Norov <ynorov@...iumnetworks.com>, <pinskia@...il.com>,
	<schwab@...e.de>, <agraf@...e.de>, <marcus.shawcroft@....com>,
	Ding Tianhong <dingtianhong@...wei.com>,
	<guohanjun@...wei.com>, <cuibixuan@...wei.com>,
	<lijinyue@...wei.com>, Zefan Li <lizefan@...wei.com>
Subject: Re: [RFD] Efficient unit test and fuzz tools for kernel/libc porting

Hi, Dmitry

On 2016/7/6 17:09, Dmitry Vyukov wrote:
> On Wed, Jul 6, 2016 at 10:24 AM, Zhangjian (Bamvor)
> <bamvor.zhangjian@...wei.com> wrote:
>> Hi, Dmitry
>>
>>
>>> Hi Bamvor,
>>>
>>> Nice work!
>>>
>>> Coverage should be easy to do with CONFIG_KCOV, but do you need
>>> fuzzing/coverage? It seems that testing a predefined set of special
>>> values for each arg should be enough for your use case. Namely special
>>> values that can detect endianess/truncation/sign extension/etc issues.
>>
>> Yes. We are trying to cover endianess/truncation/sign extension at this
>> moment.
>> For coverage, there are some code path in syscall wrapper in both glibc
>> and kernel. E.g. overflow check in glibc. I am thinking if coverage
>> could help on this.
>
> Ah, you mean user-space coverage. You may try AFL in binary
> instrumentation mode for this.
Good idea. AFL seems a wonderful tools. I saw some discussion about use AFL
to do kernel fuzz(triforce). If AFL support arm64, I could try it my
aarch64 ILP32 works.

Regards

Bamvor
>
>
>>> I think there is also a number of glibc functions that don't directly
>>> map to syscalls. Most notably wrappers around various ioctl's (e.g.
>>> ptsname). Do you test them?
>>
>> No. Currently, our tools only focus on the syscall function in glibc. In
>> these syscall level, we could compare the parameter and return value
>> directly. As you said, there are only several type of issues. It is easy
>> to handle by tools.
>>
>> I do not know how to test these complex cases. E.g. the ptsname may call
>> ioctl, *stat* syscall. Compare the original parameter is meaningless. But
>> it seems a good type of testcase to show how the user use the syscalls.
>> Do you have some ideas?
>
> I don't have any ideas for automated testing. One could write a model,
> of course....
> --
> To unsubscribe from this list: send the line "unsubscribe linux-arch" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ