lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 6 Jul 2016 11:09:13 +0200
From:	Dmitry Vyukov <dvyukov@...gle.com>
To:	"Zhangjian (Bamvor)" <bamvor.zhangjian@...wei.com>
Cc:	syzkaller <syzkaller@...glegroups.com>,
	LKML <linux-kernel@...r.kernel.org>, linux-arch@...r.kernel.org,
	libc-alpha@...rceware.org, trinity@...r.kernel.org,
	aponomarenko@...alab.ru, Jess Hertz <jesse.hertz@...group.trust>,
	Tim Newsham <tim.newsham@...group.trust>,
	Arnd Bergmann <arnd@...db.de>,
	Catalin Marinas <catalin.marinas@....com>,
	Mark Brown <broonie@...nel.org>, joseph@...esourcery.com,
	maxim.kuvyrkov@...aro.org, Yury Norov <ynorov@...iumnetworks.com>,
	pinskia@...il.com, schwab@...e.de, agraf@...e.de,
	marcus.shawcroft@....com, Ding Tianhong <dingtianhong@...wei.com>,
	guohanjun@...wei.com, cuibixuan@...wei.com, lijinyue@...wei.com,
	Zefan Li <lizefan@...wei.com>
Subject: Re: [RFD] Efficient unit test and fuzz tools for kernel/libc porting

On Wed, Jul 6, 2016 at 10:24 AM, Zhangjian (Bamvor)
<bamvor.zhangjian@...wei.com> wrote:
> Hi, Dmitry
>
>
>> Hi Bamvor,
>>
>> Nice work!
>>
>> Coverage should be easy to do with CONFIG_KCOV, but do you need
>> fuzzing/coverage? It seems that testing a predefined set of special
>> values for each arg should be enough for your use case. Namely special
>> values that can detect endianess/truncation/sign extension/etc issues.
>
> Yes. We are trying to cover endianess/truncation/sign extension at this
> moment.
> For coverage, there are some code path in syscall wrapper in both glibc
> and kernel. E.g. overflow check in glibc. I am thinking if coverage
> could help on this.

Ah, you mean user-space coverage. You may try AFL in binary
instrumentation mode for this.


>> I think there is also a number of glibc functions that don't directly
>> map to syscalls. Most notably wrappers around various ioctl's (e.g.
>> ptsname). Do you test them?
>
> No. Currently, our tools only focus on the syscall function in glibc. In
> these syscall level, we could compare the parameter and return value
> directly. As you said, there are only several type of issues. It is easy
> to handle by tools.
>
> I do not know how to test these complex cases. E.g. the ptsname may call
> ioctl, *stat* syscall. Compare the original parameter is meaningless. But
> it seems a good type of testcase to show how the user use the syscalls.
> Do you have some ideas?

I don't have any ideas for automated testing. One could write a model,
of course....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ