diff options
Diffstat (limited to 'website/content/en/status/report-2021-07-2021-09/syzkaller.adoc')
-rw-r--r-- | website/content/en/status/report-2021-07-2021-09/syzkaller.adoc | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/website/content/en/status/report-2021-07-2021-09/syzkaller.adoc b/website/content/en/status/report-2021-07-2021-09/syzkaller.adoc new file mode 100644 index 0000000000..625368d614 --- /dev/null +++ b/website/content/en/status/report-2021-07-2021-09/syzkaller.adoc @@ -0,0 +1,29 @@ +=== syzkaller on FreeBSD + +Contact: Mark Johnston <markj@FreeBSD.org> +Contact: Michael Tuexen <tuexen@FreeBSD.org> + +syzkaller is a coverage-guided operating system kernel fuzzer. +See the link:https://www.freebsd.org/status/report-2019-01-2019-03.html#Fuzzing-FreeBSD-with-syzkaller[syzkaller entry] in the 2019q1 quarterly report for an introduction to syzkaller. + +In the past quarter we made a concerted effort to shrink the backlog of reports from the public link:https://syzkaller.appspot.com/freebsd[syzbot] instance. +A number of long-standing locking bugs in the socket subsystem have been fixed, and the SCTP protocol implementation has seen many bug fixes as well. +Beyond that, link:https://github.com/freebsd/freebsd-src/search?o=desc&q=syzbot+OR+syzkaller&s=committer-date&type=commits[many bugs] in various other kernel subsystems have been fixed and the backlog has become substantially smaller over the past quarter. +As a direct result of this effort, we have been able to identify regressions more easily and fix bugs closer to the time of introduction. +Work is still ongoing to further shrink the backlog. + +KASAN (Kernel Address SANitizer) was enabled in the default kernel configuration used by syzbot, which has greatly enhanced our ability to root-cause and fix kernel bugs. +See the link:https://www.freebsd.org/status/report-2021-04-2021-06/#_kernel_sanitizers[kernel-sanitizers entry] in the 2021q2 quarterly report for an introduction to KASAN and KMSAN. +KASAN helps ensure that memory safety bugs manifest more deterministically, improving syzkaller's ability to find reproducers and simplifying debugging. + +A KMSAN (Kernel Memory SANitizer) port was committed to FreeBSD's main branch in August. +Some initial work has been done to make it usable by syzkaller (mainly, kcov(4) required several small modifications to work in a KMSAN-enabled kernel), and a number of bugs were found and fixed using private syzkaller instances. + +Goals for the next several months include: + +* Addition of a KMSAN target in syzbot. +* Further reduction in the syzbot backlog. +* Upstreaming syzkaller patches to support fuzzing of the Linuxulator. +* Fuzzing using ZFS-based VM images. + +Sponsor: The FreeBSD Foundation |