harbian-qa icon indicating copy to clipboard operation
harbian-qa copied to clipboard

Published 20 hours ago verified publisher icon hardenedlinux

Any progress about "Syzkaller + Kernel function fail-injection"

Open mudongliang opened this issue 6 years ago • 3 comments

I found one good article - Syzkaller + Kernel function fail-injection(https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syz_kfun_finject.md).

As I know, the kernel fault-injection framework provides one option - fail-function which could modify the return value of specific functions.

Why do not we use this option? This could also achieve the goal somehow.

If I misunderstand something, please let me know.

mudongliang avatar Apr 18 '19 00:04 mudongliang

We want to check if an individual function can handle any arbitrary input.

Bins94 avatar Apr 18 '19 03:04 Bins94

You mean, apart from return value of specific function(implemented in CONFIG_FAIL_FUNCTION), this solution still double-checks the arguments of specific function, right?

mudongliang avatar Apr 18 '19 04:04 mudongliang

My meaning is this module can generate arbitrary input for a specific function. Even the input can be hardly generated by normal syscalls. We still check it.

Bins94 avatar Apr 18 '19 05:04 Bins94