Announcement

Collapse
No announcement yet.

Syzbot: Google Continuously Fuzzing The Linux Kernel

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Syzbot: Google Continuously Fuzzing The Linux Kernel

    Phoronix: Syzbot: Google Continuously Fuzzing The Linux Kernel

    On the Linux kernel mailing list over the past week has been a discussion about Syzbot, an effort by Google for continuously fuzzing the mainline Linux kernel and its branches with automatic bug reporting...

    Syzbot: Google Continuously Fuzzing The Linux Kernel - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=Syzbot-Linux-Kernel-Fuzzing
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Glad to see Google giving back to the community somewhat. It has been cashing on Linux/Android through mobile ads.

    Comment

    • #3
      Originally posted by gabe View Post
      Glad to see Google giving back to the community somewhat. It has been cashing on Linux/Android through mobile ads.
      because they are not developing coreboot. or have never ever put any kind of commit to the linux kernel before this, including arm plus other works.
      • Likes 5

      Comment

      • #4
        Would be great if some devs (on big distro's payroll ? Redhat ? Suse ?) could adapt the pipe line for the other pieces beside the kernel which are critical for GNU/Linux but that Google is unlikely to fuzz-test themselves due them being not relevant in Android.

        (e.g.: core libraries like Glibc, important libraries like openSSL or even stuff like systemd)

        Comment

        • #5
          Originally posted by DrYak View Post
          Would be great if some devs (on big distro's payroll ? Redhat ? Suse ?) could adapt the pipe line for the other pieces beside the kernel which are critical for GNU/Linux but that Google is unlikely to fuzz-test themselves due them being not relevant in Android.

          (e.g.: core libraries like Glibc, important libraries like openSSL or even stuff like systemd)
          Like https://github.com/google/oss-fuzz?

          The problem is more if there are enough resources to run the fuzzers on, rather than developing the pipeline (which already exists). Hosting companies like Amazon, DigitalOcean, Linode et al are in a better position to contribute in that area (assuming they have spare capacity) than Redhat and Suse.

          Comment

          • #6
            So let me get this straight, this fuzzer tool will automatically call home when it detects bugs?

            Comment

            • #7
              Originally posted by r08z View Post
              So let me get this straight, this fuzzer tool will automatically call home when it detects bugs?
              Pretty much yeah. But there's a twist to it since the whole idea is to automate the find bug-report-fix-verify cycle. From my first look it seems that it tries to group errors that have the same cause and reports them. After a fix is deployed to any tree the fuzzer is watching it will verify the fix and close the bug report. All errors that look like those already fixed will reopen issues.

              The more stuff like this that's developed in the open and helps to make the base levels of our software stack more secure is always welcome.
              • Likes 1

              Comment

              • #8
                Originally posted by r08z View Post
                So let me get this straight, this fuzzer tool will automatically call home when it detects bugs?
                I'm holding out for version 2 of this tool, when it automatically posts a patch to the mailing list as well


                • Likes 1

                Comment

                • #9
                  Originally posted by gabe View Post
                  Glad to see Google giving back to the community somewhat. It has been cashing on Linux/Android through mobile ads.
                  Wasn't it google who who solved the last few pieces of the puzzle to implement deep learning, and then gave us all a bunch of libraries?

                  Comment

                  Previous template Next
                  Working...
                  X