Skip to content

KFuzzTest: All progress so far #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
ethangraham2001 wants to merge 32 commits into
base: master
Choose a base branch
from
Draft

KFuzzTest: All progress so far #6

ethangraham2001 wants to merge 32 commits into from

Conversation

@ethangraham2001
Copy link
Owner

@ethangraham2001 ethangraham2001 commented Jul 25, 2025
edited
Loading

Includes all kernel code for the KFuzzTest module. Does not include any fuzz targets.

Ethan Graham added 28 commits June 18, 2025 10:02
Add simple configuration for kftf module that is built with kernel
1e0587e 
into a .ko file.
kftf: Add init and exit functions to module
43dc893
kftf: simple sysfs that accepts a struct for a single function and the
42d6acc 
binary representation down. Correctly causes a KASAN repot when passing a
buggy input to it.
kftf: allow tests with macro definitions in .kftf section of binary.
4a35a64 
Added support for this for x86 arch, but it is probably fragile because
we aren't guarding with a #ifdef yet
kftf: fixx sizeof check so that it checks against the provided type.
e8992cb
kftf: add metadata file per fuzzed function - this contains the name of
d7adb90 
the argument type that the function takes so that the user can use tools
like pahole to generate a syzkaller definition of the argument and thus
fuzz the function more easily.
move int_sqrt test out of kftf_tests file and into the math source
ca5ba48 
files. It works, and the function is exposed correctly!
kftf: address PR comments and make the FUZZ_TEST interface a lot more
96ae8d5 
user friendly.
kftf: update include block so that the relative include (kftf_tests.h)
ece3042 
has a line separator between it and the common linux includes, as per
https://elixir.bootlin.com/linux/v6.12.5/source/mm/kfence/core.c
delete unused file kftf_simple_fuzzer
07bfafa
kftf: per test-case input buffer with mutex
0c5cd7e
kftf: update kftf_fuzzable test
a4bb002
kftf: add some comments to module main file and kftf header file
0bddc3f
kftf: replace static test cases buffer with kmalloc'd one.
5971467
kftf: replace input buffers for callback with dynamically allocated
d799f5c 
pointer to function argument type. This should remove the need for a
mutex guarding a shared buffer entirely, and ultimately will likely
perform better.
kftf: replace heap allocated input buffer with function-local stack
aae72ff 
variable, and extract common input reading functionality into a separate
function.
kftf: fix bug in input reading logic.
72e3dec
kftf: work in progress on domain constraints. Need to see about exposing
6673d6f 
these via sysfs, and how they can be parsed from the vmlinux binary as
well.
kftf: allow for range constraints by expanding constraint struct.
95a0a01
kftf: move some stuff around and enforce 64 byte alignment of KFuzzTest
581f240 
constraints to avoid weird errors occurring during parsing.
kftf: add annotations macros to express field types (for example
a83dee7 
strings) and a field being the length of another.
kfuzztest: add array annotation
8e1f787 
There was not any mechanism in place in the KFuzzTest for distinguishing
between value pointers and array pointers in fuzz test inputs. This
information is difficult to parse without additional semantic
information on the context.

We introduce a new KFTF_ANNOTATE_ARRAY macro that annotates a field in a
KFuzzTest input struct as an array, removing this ambiguity.
kftf: remove int_sqrt test which is no longer really needed, added
c74d33a 
relocation parsing code.
kftf: remove some prints from write_input_callback, update test case to
6b03486 
remove copying from userspace
kftf: introduce new buffer for payload that provides alignment
ba24eb3 
guarantees for encoded structures.
kftf: harden binary input parsing
799cdcd
kfuzztest: update naming from "kftf" to "kfuzztest"
51cadf2
kfuzztest: cleanup code and update documentation
e328953
Ethan Graham added 3 commits July 25, 2025 09:49
kfuzztest: update header comment in kfuzztest_main.c
aeeb29f
kfuzztest: update macros to fix naming
57fddce
kfuzztest: align targets to 32-byte boundary
4ebed5f 
Iterating through a section where structures aren't aligned to a power-of-2
boundary leads to incorrect memory accesses.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ethangraham2001