lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAG_fn=XTcPrsgxg+MpFqnj9t2OoYa=SF1ts8odHFaMqD+YpZ_w@mail.gmail.com>
Date: Sat, 20 Sep 2025 14:08:01 +0200
From: Alexander Potapenko <glider@...gle.com>
To: Andy Shevchenko <andy.shevchenko@...il.com>
Cc: Ethan Graham <ethan.w.s.graham@...il.com>, ethangraham@...gle.com, 
	andreyknvl@...il.com, andy@...nel.org, brauner@...nel.org, 
	brendan.higgins@...ux.dev, davem@...emloft.net, davidgow@...gle.com, 
	dhowells@...hat.com, dvyukov@...gle.com, elver@...gle.com, 
	herbert@...dor.apana.org.au, ignat@...udflare.com, jack@...e.cz, 
	jannh@...gle.com, johannes@...solutions.net, kasan-dev@...glegroups.com, 
	kees@...nel.org, kunit-dev@...glegroups.com, linux-crypto@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-mm@...ck.org, lukas@...ner.de, 
	rmoar@...gle.com, shuah@...nel.org, sj@...nel.org, tarasmadan@...gle.com
Subject: Re: [PATCH v2 08/10] drivers/auxdisplay: add a KFuzzTest for parse_xy()

On Sat, Sep 20, 2025 at 12:54 PM Andy Shevchenko
<andy.shevchenko@...il.com> wrote:
>
> On Fri, Sep 19, 2025 at 5:58 PM Ethan Graham <ethan.w.s.graham@...il.com> wrote:
> >
> > From: Ethan Graham <ethangraham@...gle.com>
> >
> > Add a KFuzzTest fuzzer for the parse_xy() function, located in a new
> > file under /drivers/auxdisplay/tests.
> >
> > To validate the correctness and effectiveness of this KFuzzTest target,
> > a bug was injected into parse_xy() like so:
> >
> > drivers/auxdisplay/charlcd.c:179
> > - s = p;
> > + s = p + 1;
> >
> > Although a simple off-by-one bug, it requires a specific input sequence
> > in order to trigger it, thus demonstrating the power of pairing
> > KFuzzTest with a coverage-guided fuzzer like syzkaller.
>
> ...
>
> > --- a/drivers/auxdisplay/charlcd.c
> > +++ b/drivers/auxdisplay/charlcd.c
> > @@ -682,3 +682,11 @@ EXPORT_SYMBOL_GPL(charlcd_unregister);
> >
> >  MODULE_DESCRIPTION("Character LCD core support");
> >  MODULE_LICENSE("GPL");
> > +
> > +/*
> > + * When CONFIG_KFUZZTEST is enabled, we include this _kfuzz.c file to ensure
> > + * that KFuzzTest targets are built.
> > + */
> > +#ifdef CONFIG_KFUZZTEST
> > +#include "tests/charlcd_kfuzz.c"
> > +#endif /* CONFIG_KFUZZTEST */
>
> No, NAK. We don't want to see these in each and every module. Please,
> make sure that nothing, except maybe Kconfig, is modified in this
> folder (yet, you may add a _separate_ test module, as you already have
> done in this patch).

This is one of the cases in which we can't go without changing the
original code, because parse_xy() is a static function.
Including the test into the source is not the only option, we could as
well make the function visible unconditionally, or introduce a macro
similar to VISIBLE_IF_KUNIT.
Do you prefer any of those?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ