Lkl hid fuzzer #515
Merged
Lkl hid fuzzer #515
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tavip
reviewed
Feb 11, 2023
0dcffd5
to
2f04aec
Compare
2f04aec
to
68d3ca5
Compare
tavip
reviewed
Feb 21, 2023
Pad '/init' string in fs_setup functio to make sure it's 8 bytes, otherwise KASan would emit an error. The kernel's strncpy implementation attempts to read 8 bytes at once and, thus, triggers KASan violation for the 6-byte string. Signed-off-by: Eugene Rodionov <[email protected]>
68d3ca5
to
fc719e7
Compare
tavip
approved these changes
Feb 27, 2023
This change adds two LKL kernel config options: * LKL_FUZZING which enables libFuzzer fuzzing instrumentation for the kernel code * LKL_LINE_COV which enables code coverage instrumentation for the fuzz targets. These kernel config options are enabled via environment variables which should be set up either in the environment or in the make files. To build LKL fuzzers run (currently there are no fuzzers checked in yet): make -C tools/lkl LKL_FUZZING=1 fuzzers Signed-off-by: Xuan Xing <[email protected]> Signed-off-by: Eugene Rodionov <[email protected]>
Incremental linking in lld doesn't work well with the group sections (GRP_COMDAT) present in the input files -- in this case the linker semantics is unclear and not defined. This causes problems for building LKL fuzzers with libFuzzer instrumentation (-fsanitize=fuzzer) which generates object files with group sections due to the SanitizerCoverage instrumentation. This CL implements a workaround for this issue by introducing another post-link vmlinux pass. 1) First, vmlinux is linked with an empty linker script to avoid merging input sections 2) Then, .group sections (GRP_COMDAT) are stripped from the vmlinux image with `objcopy --remove-section=.group`. 3) Finally, we relink the vmlinux with the original linker scrip (using incremental linking). Signed-off-by: Eugene Rodionov <[email protected]>
As LKL fuzzers might be built with different kernel config options than the ones provided in the defconfig this change introduces an additional fuzzing_defconfig file. It is assumed that all LKL fuzzers are built using the same kernel config. Signed-off-by: Xuan Xing <[email protected]> Signed-off-by: Eugene Rodionov <[email protected]>
This fuzzer fuzzes Linux kernel HID subsystem via /dev/uhid device. To build the fuzzer: make -C tools/lkl LKL_FUZZING=1 fuzzers Signed-off-by: Xuan Xing <[email protected]>
Add a new target to build LKL-based fuzzers using clang/lld toolchain. Signed-off-by: Eugene Rodionov <[email protected]>
fc719e7
to
cc563a4
Compare
|
Many thanks, @tavip! The checkpatch warning have been fixed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change adds @HclX's HID fuzzer.