|
|
Subscribe / Log in / New account

Using syzkaller, part 4: Driver fuzzing

[Posted June 26, 2020 by corbet]

Using syzkaller, part 4: Driver fuzzing

[Kernel] Posted Jun 26, 2020 15:10 UTC (Fri) by corbet

Ricardo Cañuelo Navarro describes the challenges associated with fuzzing complex device drivers with Syzkaller — and some solutions. "V4L2, however, is only supported in the sense that the involved system calls (including the myriad V4L2 ioctls) and data structures are described. This is already useful and, equipped with those descriptions, Syzkaller has been able to find many V4L2 bugs. But the fuzzing process contains a lot of randomness and, while that's a good thing in many cases when it comes to fuzzing, due to the complexity of the V4L2 API, simply randomizing the system calls and its inputs may not be enough to reach most of the code in some drivers, especially in drivers with complicated interfaces such as those based on the Request API, including stateless drivers."

Comments (2 posted)


Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds