News: 0000824598

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Using syzkaller, part 4: Driver fuzzing

([Kernel] Jun 26, 2020 15:10 UTC (Fri) (corbet))


Ricardo Cañuelo Navarro [1]describes the challenges associated with fuzzing complex device drivers with Syzkaller — and some solutions. " V4L2, however, is only supported in the sense that the involved system calls (including the myriad V4L2 ioctls) and data structures are described. This is already useful and, equipped with those descriptions, Syzkaller has been able to find many V4L2 bugs. But the fuzzing process contains a lot of randomness and, while that's a good thing in many cases when it comes to fuzzing, due to the complexity of the V4L2 API, simply randomizing the system calls and its inputs may not be enough to reach most of the code in some drivers, especially in drivers with complicated interfaces such as those based on the Request API, including stateless drivers. "



[1] https://www.collabora.com/news-and-blog/blog/2020/06/26/using-syzkaller-part-4-driver-fuzzing/

Mmmmmm-MMMMMM!! A plate of STEAMING PIECES of a PIG mixed with the
shreds of SEVERAL CHICKENS!! ... Oh BOY!! I'm about to swallow a
TORN-OFF section of a COW'S LEFT LEG soaked in COTTONSEED OIL and
SUGAR!! ... Let's see ... Next, I'll have the GROUND-UP flesh of CUTE,
BABY LAMBS fried in the MELTED, FATTY TISSUES from a warm-blooded
animal someone once PETTED!! ... YUM!! That was GOOD!! For DESSERT,
I'll have a TOFU BURGER with BEAN SPROUTS on a stone-ground, WHOLE
WHEAT BUN!!