Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758870AbbKSPiL (ORCPT ); Thu, 19 Nov 2015 10:38:11 -0500 Received: from mail-io0-f181.google.com ([209.85.223.181]:34515 "EHLO mail-io0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757815AbbKSPiJ (ORCPT ); Thu, 19 Nov 2015 10:38:09 -0500 Subject: Re: [RFC] In-kernel fuzz testing for apps To: Andrey Utkin , linux-kernel@vger.kernel.org, Anton References: <564D0C30.8010009@gmail.com> From: Austin S Hemmelgarn Message-ID: <564DECAB.6050602@gmail.com> Date: Thu, 19 Nov 2015 10:37:15 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <564D0C30.8010009@gmail.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms050006090807030105020107" X-Antivirus: avast! (VPS 151119-0, 2015-11-19), Outbound message X-Antivirus-Status: Clean Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 7546 Lines: 133 This is a cryptographically signed message in MIME format. --------------ms050006090807030105020107 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable On 2015-11-18 18:39, Andrey Utkin wrote: > Me and my friend have once talked about careful application development= , > which includes awareness about all possible error conditions. > So we have collected ideas about making kernel (or, in some cases, libc= ) > "hostile" to careless application, and we present it so that the idea > doesn't get lost, and maybe even gets real if somebody wants some > features from the list. This is an excellent idea for security testing, however, see below for=20 more thoughts. > > - (libc) crash instantly if memcpy detects regions overlapping; I believe there are actually systems out there that do this, but they=20 are ancient by now. > - return EINTR as much as possible; > - send/recv/etc. returns EAGAIN on non-blocking sockets as much as poss= ible; > - send/recv tend to result in short writes/reads, e.g. 1 byte at a time= , > to break assumption about sending/receiving some "not-so-big" thing at = once; These three are tricky to do from userspace, but the first two could be=20 done with ptrace with some effort (not sure about the third). > - let write return ENOSPC sometimes; Ironically, this can be done without much effort using BTRFS (although=20 that will hopefully change in the future). > - scheduler behaves differently from common case (e.g. let it tend to > stop a thread at some syscalls); I don't see this one being very useful for any program that isn't=20 running realtime or accessing hardware directly. > - return allocation failures; I'm pretty certain there is some library out there that you can preload=20 to do this. > - make OOM killer manic! This isn't hard to do in a VM, either randomly adjust the memory=20 balloon, or randomly enter the scan-code for Ctrl-Alt-SysRq-F on the=20 console. > - make clocks which are not monotonic to go backward frequently; Same as above, but for different reasons. > - pretend the time is 2038 year or later; Same as above, also look up a program called 'datefudge'. > - (arguable) close syscall returns non-zero first time, or randomly; I'm actually genuinely curious about this one. What real-world=20 circumstances could cause close() to fail? > - (arguable) special arch having NULL not all zero-bits. Actually I > don't believe it is feasible to make a lot of modern software to run in= > such situation. This one is a functional guarantee for almost anything that uses virtual = memory. In theory, it might be possible to get a lot of things working=20 with NULL =3D 0xFFFFFFFF (or the equivalent on 64-bit arches), but I don'= t=20 see that being particularly useful (anything that does anything with=20 NULL other than check against it and use it as a dummy initializer is=20 probably broken in other ways). --------------ms050006090807030105020107 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC Brgwgga0MIIEnKADAgECAgMRLfgwDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN MTUwOTIxMTEzNTEzWhcNMTYwMzE5MTEzNTEzWjBjMRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz ZXIxIzAhBgkqhkiG9w0BCQEWFGFoZmVycm9pbjdAZ21haWwuY29tMSIwIAYJKoZIhvcNAQkB FhNhaGVtbWVsZ0BvaGlvZ3QuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA nQ/81tq0QBQi5w316VsVNfjg6kVVIMx760TuwA1MUaNQgQ3NyUl+UyFtjhpkNwwChjgAqfGd LIMTHAdObcwGfzO5uI2o1a8MHVQna8FRsU3QGouysIOGQlX8jFYXMKPEdnlt0GoQcd+BtESr pivbGWUEkPs1CwM6WOrs+09bAJP3qzKIr0VxervFrzrC5Dg9Rf18r9WXHElBuWHg4GYHNJ2V Ab8iKc10h44FnqxZK8RDN8ts/xX93i9bIBmHnFfyNRfiOUtNVeynJbf6kVtdHP+CRBkXCNRZ qyQT7gbTGD24P92PS2UTmDfplSBcWcTn65o3xWfesbf02jF6PL3BCrVnDRI4RgYxG3zFBJuG qvMoEODLhHKSXPAyQhwZINigZNdw5G1NqjXqUw+lIqdQvoPijK9J3eijiakh9u2bjWOMaleI SMRR6XsdM2O5qun1dqOrCgRkM0XSNtBQ2JjY7CycIx+qifJWsRaYWZz0aQU4ZrtAI7gVhO9h pyNaAGjvm7PdjEBiXq57e4QcgpwzvNlv8pG1c/hnt0msfDWNJtl3b6elhQ2Pz4w/QnWifZ8E BrFEmjeeJa2dqjE3giPVWrsH+lOvQQONsYJOuVb8b0zao4vrWeGmW2q2e3pdv0Axzm/60cJQ haZUv8+JdX9ZzqxOm5w5eUQSclt84u+D+hsCAwEAAaOCAVkwggFVMAwGA1UdEwEB/wQCMAAw VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBABgNV HSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy dC5vcmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5j cmwwNAYDVR0RBC0wK4EUYWhmZXJyb2luN0BnbWFpbC5jb22BE2FoZW1tZWxnQG9oaW9ndC5j b20wDQYJKoZIhvcNAQENBQADggIBADMnxtSLiIunh/TQcjnRdf63yf2D8jMtYUm4yDoCF++J jCXbPQBGrpCEHztlNSGIkF3PH7ohKZvlqF4XePWxpY9dkr/pNyCF1PRkwxUURqvuHXbu8Lwn 8D3U2HeOEU3KmrfEo65DcbanJCMTTW7+mU9lZICPP7ZA9/zB+L0Gm1UNFZ6AU50N/86vjQfY WgkCd6dZD4rQ5y8L+d/lRbJW7ZGEQw1bSFVTRpkxxDTOwXH4/GpQfnfqTAtQuJ1CsKT12e+H NSD/RUWGTr289dA3P4nunBlz7qfvKamxPymHeBEUcuICKkL9/OZrnuYnGROFwcdvfjGE5iLB kjp/ttrY4aaVW5EsLASNgiRmA6mbgEAMlw3RwVx0sVelbiIAJg9Twzk4Ct6U9uBKiJ8S0sS2 8RCSyTmCRhJs0vvva5W9QUFGmp5kyFQEoSfBRJlbZfGX2ehI2Hi3U2/PMUm2ONuQG1E+a0AP u7I0NJc/Xil7rqR0gdbfkbWp0a+8dAvaM6J00aIcNo+HkcQkUgtfrw+C2Oyl3q8IjivGXZqT 5UdGUb2KujLjqjG91Dun3/RJ/qgQlotH7WkVBs7YJVTCxfkdN36rToPcnMYOI30FWa0Q06gn F6gUv9/mo6riv3A5bem/BdbgaJoPnWQD9D8wSyci9G4LKC+HQAMdLmGoeZfpJzKHMYIE0TCC BM0CAQEwgYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNl cnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcN AQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DANBglghkgBZQMEAgMFAKCCAiEwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUxMTE5MTUzNzE1WjBPBgkq hkiG9w0BCQQxQgRAYFL6g5aQpctwHK1WgFvunAMFRtW9cr6+v1ia5rSwK580Pmz1Gopm21pN UV0TVgKqu7UqUN1+xPUwyJTZjjDF2TBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGRBgkrBgEEAYI3EAQxgYMwgYAweTEQMA4GA1UE ChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlD QSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmcCAxEt+DCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxEt+DAN BgkqhkiG9w0BAQEFAASCAgCVDh3VHJ5cYRmQKAl7MBL0GzpqV9X+dgJGJnV6wunbhhD72VoI wG/l/zjnHuk8+iZSj+7sdGpt8w+0ZursZDH3MCLxo4bnQCtNn0xQzLYrKx2bWYiIBFxzqKuo Em9c/IDOfBnV4MwtA2WzCqOfxOjk6dFkTGH7JoAhN7B54NFhHGv40U1Ok+LMRV3W6dwYHtVT EKOOxbPpidg+czmYMTp5E416SHrtiNHESJcve+cGUgzWKG0GFcWnHvCnJfUi1yGsHbptLJzf caHQV/dNO+ccFqbboM/f1yU3I46U4MJhWQtxRnGE3pHBHEDi9lRH7g/CzqbJ1fmebwm8d5nK zgMpYBb3gg7AGS+hhpwOCzMKe3cbWppx0tzuVkW5MSj+xPQrNZIWlMuCpGKMA5bVITLP2k0x VX2sIpUoA91ignYj5sSRi3AYCAYd1Xbl32HE5HJisY9+Pd9bMKcomU/Ow/XxHubBoKHz8WLv 80sYuFDy5ckPjTTfvZpp+qpeCFeUAk9Aw5NlGae2rKKzkUSp0cHRP6Z6+Zr4YdTjFAmCXXx7 /0IIVSCHQrJSbJA1ydOWn3G4GPpnZ6HXJ+UYeOH3Bxtev+sOTmtJJYK/oX5mx6oZno/+95hS x5LX3BJf6G/QicgmKO74k+L4ZnPa5G44d5UBH4QRM1war9WYT06Z3o+gSQAAAAAAAA== --------------ms050006090807030105020107-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/