Coverage-guided kernel fuzzing with syzkaller
Coverage-guided kernel fuzzing with syzkaller
[Kernel] Posted Mar 2, 2016 0:02 UTC (Wed) by drysdale
If your software deals with untrusted user input, it's a good idea to run a fuzzer against the program. For the Linux kernel, the most effective fuzzer of recent years has been Dave Jones's Trinity system call tester. But there's a new system call fuzzer in town, Dmitry Vyukov's syzkaller, and early results from it look promising — over 150 bugs uncovered in the mainline kernel (plus several dozen in Google's internal kernels) in a few months of operation.
Click below (subscribers only) for the full article by David Drysdale.