OSDev.org

The Place to Start for Operating System Developers
It is currently Tue Mar 19, 2024 12:34 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 18 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Question about a design of syscalls for microkernels
PostPosted: Sun Jun 27, 2021 12:30 pm 
Offline
Member
Member

Joined: Sun Jun 23, 2019 5:36 pm
Posts: 618
Location: North Dakota, United States
So I just fuzzed serde via postcard (serde itself can't serialize or deserialize anything). My code was as follows:
Code:
#![no_main]
use libfuzzer_sys::fuzz_target;
use postcard::from_bytes;
use serde::{Deserialize, Serialize};

#[repr(C)]
#[derive(
    Clone, Copy, Debug, Default, Eq, PartialEq, Ord, PartialOrd, Hash, Serialize, Deserialize,
)]
struct ReadRequest {
    pub fd: u64,
    pub buf_addr: u64,
    pub size: usize,
}

fuzz_target!(|data: &[u8]| {
    match from_bytes::<ReadRequest>(data) {
        Ok(mut req) => {
            req.fd = 0;
            req.buf_addr = 0;
            req.size = 0;
        }
        Err(_) => {}
    }
});

It didn't crash at all during my fuzzing. I didn't run it for long -- it got up to about #134 million -- but my fuzzing might've not been exhaustive/adequate enough. (I know that humans are naturally unpredictable so fuzzing isn't a complete guarantee, but as far as I know its as close as you can get.)


Top
 Profile  
 
 Post subject: Re: Question about a design of syscalls for microkernels
PostPosted: Mon Jun 28, 2021 11:50 am 
Offline
Member
Member

Joined: Thu May 17, 2007 1:27 pm
Posts: 999
That doesn't fuzz against concurrent modification though (which you cannot really represent in Rust because it'd involve data races / two mut refs to the same array).

_________________
managarm: Microkernel-based OS capable of running a Wayland desktop (Discord: https://discord.gg/7WB6Ur3). My OS-dev projects: [mlibc: Portable C library for managarm, qword, Linux, Sigma, ...] [LAI: AML interpreter] [xbstrap: Build system for OS distributions].


Top
 Profile  
 
 Post subject: Re: Question about a design of syscalls for microkernels
PostPosted: Mon Jun 28, 2021 2:30 pm 
Offline
Member
Member

Joined: Sun Jun 23, 2019 5:36 pm
Posts: 618
Location: North Dakota, United States
Korona wrote:
That doesn't fuzz against concurrent modification though (which you cannot really represent in Rust because it'd involve data races / two mut refs to the same array).

This can be fuzzed via static mut. The problem is simulating the threads. The input isn't static; its a macro (fuzz_target!), though perhaps fuzz_mutator! may help. I've submitted a forum on rust-users asking how to do that.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 18 posts ]  Go to page Previous  1, 2

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group