Re: VIVID/VIMC and media fuzzing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 7, 2018 at 8:22 PM Helen Koike <helen.koike@xxxxxxxxxxxxx> wrote:
> >>> You also mentioned that one of the devices requires some complex setup
> >>> via configfs. Is this interface described somewhere? Do you think it's
> >>> more profitable to pre-setup some fixed configuration for each test
> >>> process? Or just give the setup interface to fuzzer and let it do
> >>> random setup? Or both?
> >>
> >> That's the vimc driver, but the configfs code isn't in yet.
> >
> > I'll try to submit it later this week (with documentation) :)
>
> I submitted the first version at:
> https://www.spinics.net/lists/linux-media/msg144244.html
> As soon as it is updated we can add it to fuzzer. I believe some
> pre-setup/fixed configuration would work.
>
> I don't know much about fuzzer's code, if you could give me some
> pointers I can help with that.

Hi Helen,

Great!

It may be easier to think about this on 2 levels:
The first is _what_ we want to do. For this, imagine you are writing a
stress test for the subsystem as a C program that does some fixed
setup and then executes random syscalls related to the subsystem and
acting on the devices using rand() to select syscalls and arguments.
What setup would you do for this? What syscalls would you issue?

The second is then how to fit this into syzkaller.
The setup part in syzkaller is also just custom C code. E.g. this
setups network devices for test process:
https://github.com/google/syzkaller/blob/master/executor/common_linux.h#L154-L301
There is a little bit of trickery because this code is also used to
generate C reproducers for crashes, and it also needs to preferably
support multiple independent test processes (namely this code has
procid=0..N variable and needs to setup e.g. /dev/loopN device
corresponding to current procid). E.g. for vivid we use
"vivid.n_devs=16 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2".
But overall it's just C code.

For the main stress/fuzzing we have these declarative descriptions,
which are hopefully mostly self-explanatory:
https://github.com/google/syzkaller/blob/master/sys/linux/video4linux.txt
If there is something missing, we need to add missing parts. And maybe
even give fuzzer the configfs interface too to mess with (it can open
specified files and do, say, writes with complex inputs, both binary
and text based).

Also, will we gain something by enabling the following ones inside of a VM:
# CONFIG_V4L_PLATFORM_DRIVERS is not set
# CONFIG_V4L_MEM2MEM_DRIVERS is not set
? Or, it's just physical hardware drivers?
FTR, here are configs that syzbot uses:
https://github.com/google/syzkaller/blob/master/dashboard/config/upstream-kasan.config
https://github.com/google/syzkaller/blob/master/dashboard/config/upstream-selinux.cmdline
https://github.com/google/syzkaller/blob/master/dashboard/config/upstream.sysctl

Thanks



[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux