3.9-rc Trinity fallout.

As Linus alluded to in his 3.9-rc2 announcement, I had some ‘fun’ last week with Trinity.
It started when I noticed that there was a bug that iknowthis kept hitting that Trinity wasn’t, so I did some testing to figure out why. The difference was that iknowthis occasionally mangles the pathnames it passes to syscalls, exercising -ENOENT paths etc.
The code change to make trinity do the same thing was pretty trivial. What I wasn’t expecting however was the fallout.
Instead of just reproducing that one bug, Trinity found a whole bunch. (Yet again proving the utility of having two different tools doing the same thing). Some of them were the same root cause, but there were at least 4-5 kernel patches needed in total. Most of these issues are fixed in rc2, there’s still some sysfs issue that hasn’t been nailed down, and the pipe bug needs more diagnosis apparently.

A few other ‘fun’ changes landed in Trinity.git last week

  • Tommi added the beginnings of his rework of ioctl fuzzing, and has been seeing results from that already.

  • Just for kicks, last week I got intrigued by the possibilities of unicode fuzzing. So now occasionally, trinity generates a buffer of mangled unicode.
    The kernel shouldn’t really ever care about this, because it just treats it as a byte-stream, never parsing it. But it might do some fun things when we pass that buffer to for eg, execve as an argv parameter.
spacer Author davejPosted on Categories Fuzzing, TrinityTags kernel, bugs, fuzzing, trinity