On Fri, Dec 7, 2018 at 8:22 PM Helen Koike <helen.koike@xxxxxxxxxxxxx> wrote: > >>> You also mentioned that one of the devices requires some complex setup > >>> via configfs. Is this interface described somewhere? Do you think it's > >>> more profitable to pre-setup some fixed configuration for each test > >>> process? Or just give the setup interface to fuzzer and let it do > >>> random setup? Or both? > >> > >> That's the vimc driver, but the configfs code isn't in yet. > > > > I'll try to submit it later this week (with documentation) :) > > I submitted the first version at: > https://www.spinics.net/lists/linux-media/msg144244.html > As soon as it is updated we can add it to fuzzer. I believe some > pre-setup/fixed configuration would work. > > I don't know much about fuzzer's code, if you could give me some > pointers I can help with that. Hi Helen, Great! It may be easier to think about this on 2 levels: The first is _what_ we want to do. For this, imagine you are writing a stress test for the subsystem as a C program that does some fixed setup and then executes random syscalls related to the subsystem and acting on the devices using rand() to select syscalls and arguments. What setup would you do for this? What syscalls would you issue? The second is then how to fit this into syzkaller. The setup part in syzkaller is also just custom C code. E.g. this setups network devices for test process: https://github.com/google/syzkaller/blob/master/executor/common_linux.h#L154-L301 There is a little bit of trickery because this code is also used to generate C reproducers for crashes, and it also needs to preferably support multiple independent test processes (namely this code has procid=0..N variable and needs to setup e.g. /dev/loopN device corresponding to current procid). E.g. for vivid we use "vivid.n_devs=16 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2". But overall it's just C code. For the main stress/fuzzing we have these declarative descriptions, which are hopefully mostly self-explanatory: https://github.com/google/syzkaller/blob/master/sys/linux/video4linux.txt If there is something missing, we need to add missing parts. And maybe even give fuzzer the configfs interface too to mess with (it can open specified files and do, say, writes with complex inputs, both binary and text based). Also, will we gain something by enabling the following ones inside of a VM: # CONFIG_V4L_PLATFORM_DRIVERS is not set # CONFIG_V4L_MEM2MEM_DRIVERS is not set ? Or, it's just physical hardware drivers? FTR, here are configs that syzbot uses: https://github.com/google/syzkaller/blob/master/dashboard/config/upstream-kasan.config https://github.com/google/syzkaller/blob/master/dashboard/config/upstream-selinux.cmdline https://github.com/google/syzkaller/blob/master/dashboard/config/upstream.sysctl Thanks