lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 28 Apr 2012 04:39:04 +0300
From:	Sami Liedes <sami.liedes@....fi>
To:	linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Announcing the Berserker toolkit for (semi-)automated fs fuzz testing

This is an announcement of the first release of the Berserker toolkit
for (semi-)automated fuzz testing and testcase minimization of Linux
kernel filesystem implementations.

The toolkit consists of the following components and their
documentation:

* Debian sid (unstable) based root filesystem image with scripts
  inside and set to run automatically that will test filesystems based
  on kernel commandline parameters, intended to be run inside a
  virtual machine (KVM); a 32-bit x86 system

* berserker-testfs.py, a script to automate running fuzz tests inside
  KVM on a filesystem image (simply give as parameters the filesystem
  type, a working filesystem image and a kernel bzImage - see --help).
  This script takes care of running KVM and interpreting the output.
  Its return values make it suitable for using in "git bisect run". By
  default the VM will fuzz and run until it has produced a crash.

* berserker-minimize.sh (and fuzz-minimize used by it), a program to
  derive a crash-inducing test case with minimal differences to a
  pristine filesystem image by repeatedly automatically running
  berserker-testfs.py on different images. Takes as input the kernel
  image to use, a pristine filesystem image and a fuzzed filesystem
  image that causes the kernel to crash.

To get the source:

   git clone http://www.niksula.hut.fi/~sliedes/berserker/berserker.git

The repository contains a script (download-binaries.sh) that downloads
some files (*at least until my university gets unhappy with the
bandwidth used):

* the root filesystem (hda.autotest; 112 MiB compressed, 501 MiB
  uncompressed); and for quick start

* a vanilla 3.3.4 bzImage for amd64 suitable for use with the system
  (config file included in the git repository)

* testimg.ext4, a 10 MiB ext4 filesystem with the required layout
  (described in more detail in the README file)

The actual fuzzer used is zzuf (Debian package zzuf) by Sam Hocevar. I
believe it is similar in spirit to fsfuzzer which appears to be more
familiar to the kernel community; zzuf was chosen because I was more
familiar with it and because it was packaged for Debian.

Two examples of (what appears to be) ext4 bugs found with this
toolkit, both reproducible with a 1-bit difference to a pristine
filesystem:

  http://www.spinics.net/lists/linux-ext4/msg31850.html
     (sorry, by mistake the subject doesn't quite reflect the bug...)

  http://www.spinics.net/lists/linux-ext4/msg31853.html

See the included README file for a very quick introduction and some
more detailed documentation.

	Sami Liedes

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists