SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for... - Yu Hao
ฝัง
- เผยแพร่เมื่อ 28 พ.ย. 2024
- SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers - Yu Hao, University of California, Riverside
Syzkaller has managed to find thousands of bugs in the Linux kernel. One necessary component of Syzkaller is a collection of syscall descriptions often provided by human experts. However, current syscall descriptions are largely written manually, which is both time-consuming and error-prone. It is especially challenging considering that there are many kernel drivers (for new hardware devices and beyond) that are continuously being developed and evolving over time. This talk presents a principled solution for generating syscall descriptions for Linux kernel drivers and the tool called SyzDescribe that has been tested for over hundreds of kernel drivers. The syscall descriptions produced by SyzDescribe are competitive to Syzkaller syscall descriptions, and much better than prior work (i.e., DIFUZE and KSG) in accuracy, fuzzing coverage and the number of crashes. SysDescribe finds 78 “bugs” in Syzkaller syscall descriptions. All the “bugs” have been reported to Syzkaller and all of them have been merged into Syzkaller‘s code. Besides, SyzDescribe recovers 154 syscall handlers for Pixel 6 kernel drivers and finds 18 crashes. - วิทยาศาสตร์และเทคโนโลยี
