[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120428013904.GE20648@sli.dy.fi>
Date: Sat, 28 Apr 2012 04:39:04 +0300
From: Sami Liedes <sami.liedes@....fi>
To: linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Announcing the Berserker toolkit for (semi-)automated fs fuzz testing
This is an announcement of the first release of the Berserker toolkit
for (semi-)automated fuzz testing and testcase minimization of Linux
kernel filesystem implementations.
The toolkit consists of the following components and their
documentation:
* Debian sid (unstable) based root filesystem image with scripts
inside and set to run automatically that will test filesystems based
on kernel commandline parameters, intended to be run inside a
virtual machine (KVM); a 32-bit x86 system
* berserker-testfs.py, a script to automate running fuzz tests inside
KVM on a filesystem image (simply give as parameters the filesystem
type, a working filesystem image and a kernel bzImage - see --help).
This script takes care of running KVM and interpreting the output.
Its return values make it suitable for using in "git bisect run". By
default the VM will fuzz and run until it has produced a crash.
* berserker-minimize.sh (and fuzz-minimize used by it), a program to
derive a crash-inducing test case with minimal differences to a
pristine filesystem image by repeatedly automatically running
berserker-testfs.py on different images. Takes as input the kernel
image to use, a pristine filesystem image and a fuzzed filesystem
image that causes the kernel to crash.
To get the source:
git clone http://www.niksula.hut.fi/~sliedes/berserker/berserker.git
The repository contains a script (download-binaries.sh) that downloads
some files (*at least until my university gets unhappy with the
bandwidth used):
* the root filesystem (hda.autotest; 112 MiB compressed, 501 MiB
uncompressed); and for quick start
* a vanilla 3.3.4 bzImage for amd64 suitable for use with the system
(config file included in the git repository)
* testimg.ext4, a 10 MiB ext4 filesystem with the required layout
(described in more detail in the README file)
The actual fuzzer used is zzuf (Debian package zzuf) by Sam Hocevar. I
believe it is similar in spirit to fsfuzzer which appears to be more
familiar to the kernel community; zzuf was chosen because I was more
familiar with it and because it was packaged for Debian.
Two examples of (what appears to be) ext4 bugs found with this
toolkit, both reproducible with a 1-bit difference to a pristine
filesystem:
http://www.spinics.net/lists/linux-ext4/msg31850.html
(sorry, by mistake the subject doesn't quite reflect the bug...)
http://www.spinics.net/lists/linux-ext4/msg31853.html
See the included README file for a very quick introduction and some
more detailed documentation.
Sami Liedes
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists