Fuzzing the Linux kernel (x86) entry code (Oracle)
The Oracle blog is putting up a series by Vegard Nossum on fuzzing the
kernel's entry code; part 1
and part 2
are available now. "
While these fuzzers effectively test the system calls themselves (and the code reachable through system calls), one thing they don't test very well is what happens at the actual transition point between userspace and the kernel. There is more to this boundary than meets the eye; it is written in assembly code and there is a lot of architectural state (CPU state) that must be verified or sanitized before the kernel can safely start executing its C code. This blog post explores how one might go about writing a fuzzer targeting the Linux kernel entry code on x86."