Coverage-guided kernel fuzzing with syzkaller
Coverage-guided kernel fuzzing with syzkaller
Posted Mar 2, 2016 23:16 UTC (Wed) by PaXTeam (guest, #24616)Parent article: Coverage-guided kernel fuzzing with syzkaller
> To start with, the compiler option to generate the needed coverage data has only recently been added to GCC
> (as -fsanitize-coverage=trace-pc), so the kernel needs to be built with a fresh-from-tip version of GCC.
> (as -fsanitize-coverage=trace-pc), so the kernel needs to be built with a fresh-from-tip version of GCC.
the gcc-side instrumentation is very simple and could be done from a plugin, thus extending support all the way back to gcc 4.5.