syzkaller for freebsd again

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

syzkaller for freebsd again

freebsd-hackers mailing list
Hi Ed,

I see that you are using syzkaller and I've seen syzkaller mentioned
in some frebsd announce.
Do you mind sharing how extensively you are using it and how many bugs
you have found?

I wanted to point out that freebsd support in syzkaller is still far
from being complete. We still need better descriptions of system calls
and kernel code coverage, report parsing need improvements as well.
For linux we are now finding 100+ bugs per months in a completely
automated fashion using syzbot system:
https://groups.google.com/forum/#!forum/syzkaller-bugs
https://github.com/google/syzkaller/blob/master/docs/syzbot.md
which does continuous building, fuzzing, automatic aggregation,
reporting and status tracking.
We could setup a similar thing for freebsd, but for that we need
support for building freebsd kernel and GCE-compatible images. For
linux that code lives here:
https://github.com/google/syzkaller/blob/master/pkg/kernel/kernel.go
https://github.com/google/syzkaller/blob/master/pkg/kernel/generated.go

I don't know how size of freebsd kernel compares to linux, but if you
don't measure bugs in hundreds, no, syzkaller is not yet working :)
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: syzkaller for freebsd again

Ed Maste-2
On 21 December 2017 at 04:26, Dmitry Vyukov <[hidden email]> wrote:
>
> I wanted to point out that freebsd support in syzkaller is still far
> from being complete. We still need better descriptions of system calls
> and kernel code coverage, report parsing need improvements as well.
> For linux we are now finding 100+ bugs per months in a completely

Hi Dmitry,

Yes, I had one of my co-op students work on automation for setting up
and running Syzkaller (in this case, on Packet.net's infrastructure).
It's certainly still quite early for us; we hadn't yet done work on
Syzkaller itself for FreeBSD.

I think the most important change for us to make effective use of
Syzkaller is going to be having kernel coverage support. I have two
new Waterloo co-op students for this Jan-Apr work term and one of them
is getting close to having a working kcov implementation; once this is
ready we'll pick up the execution again.

> We could setup a similar thing for freebsd, but for that we need
> support for building freebsd kernel and GCE-compatible images. For
> linux that code lives here:
> https://github.com/google/syzkaller/blob/master/pkg/kernel/kernel.go
> https://github.com/google/syzkaller/blob/master/pkg/kernel/generated.go

Thanks, we'll take a look at this too. The FreeBSD release engineering
team produces GCE images so much of the infrastructure exists already.
Right now it's only straightforward to build FreeBSD from FreeBSD, so
it might take some work to integrate this with the setup you describe
here.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: syzkaller for freebsd again

freebsd-hackers mailing list
On Wed, Feb 28, 2018 at 3:38 AM, Ed Maste <[hidden email]> wrote:

> On 21 December 2017 at 04:26, Dmitry Vyukov <[hidden email]> wrote:
>>
>> I wanted to point out that freebsd support in syzkaller is still far
>> from being complete. We still need better descriptions of system calls
>> and kernel code coverage, report parsing need improvements as well.
>> For linux we are now finding 100+ bugs per months in a completely
>
> Hi Dmitry,
>
> Yes, I had one of my co-op students work on automation for setting up
> and running Syzkaller (in this case, on Packet.net's infrastructure).
> It's certainly still quite early for us; we hadn't yet done work on
> Syzkaller itself for FreeBSD.
>
> I think the most important change for us to make effective use of
> Syzkaller is going to be having kernel coverage support. I have two
> new Waterloo co-op students for this Jan-Apr work term and one of them
> is getting close to having a working kcov implementation; once this is
> ready we'll pick up the execution again.

Hi Ed,

Yes, coverage would be great.
Assuming that the kernel interface is not radically different from
linux, changes on syzkaller side should be trivial. Ready to merge
that when you are ready.

>> We could setup a similar thing for freebsd, but for that we need
>> support for building freebsd kernel and GCE-compatible images. For
>> linux that code lives here:
>> https://github.com/google/syzkaller/blob/master/pkg/kernel/kernel.go
>> https://github.com/google/syzkaller/blob/master/pkg/kernel/generated.go
>
> Thanks, we'll take a look at this too. The FreeBSD release engineering
> team produces GCE images so much of the infrastructure exists already.
> Right now it's only straightforward to build FreeBSD from FreeBSD, so
> it might take some work to integrate this with the setup you describe
> here.


We could create another master VM with freebsd. Should not be a
problem. Since all code is Go porting should be almost zero effort
too.
The syz-ci thing (which continuously builds kernels and images) can
also run locally (using, say, qemu VMs for actual testing). So you
could make it work locally first (which will be a useful thing in
itself), and once that works, we can start looking at setting up real
continuous testing.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"