From: Alexander Potapenko <glider@google.com>
To: Ethan Graham <ethan.w.s.graham@gmail.com>
Cc: ethangraham@google.com, andreyknvl@gmail.com, andy@kernel.org,
brauner@kernel.org, brendan.higgins@linux.dev,
davem@davemloft.net, davidgow@google.com, dhowells@redhat.com,
dvyukov@google.com, elver@google.com,
herbert@gondor.apana.org.au, ignat@cloudflare.com, jack@suse.cz,
jannh@google.com, johannes@sipsolutions.net,
kasan-dev@googlegroups.com, kees@kernel.org,
kunit-dev@googlegroups.com, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
lukas@wunner.de, rmoar@google.com, shuah@kernel.org,
tarasmadan@google.com
Subject: Re: [PATCH v1 03/10] kfuzztest: implement core module and input processing
Date: Tue, 16 Sep 2025 12:21:31 +0200 [thread overview]
Message-ID: <CAG_fn=U0dOBumngmQQ1cna=SZvbDXjJ8NrVUZyCHY5dzJV4rVg@mail.gmail.com> (raw)
In-Reply-To: <20250916090109.91132-4-ethan.w.s.graham@gmail.com>
On Tue, Sep 16, 2025 at 11:01 AM Ethan Graham
<ethan.w.s.graham@gmail.com> wrote:
>
> From: Ethan Graham <ethangraham@google.com>
>
> Add the core runtime implementation for KFuzzTest. This includes the
> module initialization, and the logic for receiving and processing
> user-provided inputs through debugfs.
>
> On module load, the framework discovers all test targets by iterating
> over the .kfuzztest_target section, creating a corresponding debugfs
> directory with a write-only 'input' file for each of them.
>
> Writing to an 'input' file triggers the main fuzzing sequence:
> 1. The serialized input is copied from userspace into a kernel buffer.
> 2. The buffer is parsed to validate the region array and relocation
> table.
> 3. Pointers are patched based on the relocation entries, and in KASAN
> builds the inter-region padding is poisoned.
> 4. The resulting struct is passed to the user-defined test logic.
>
> Signed-off-by: Ethan Graham <ethangraham@google.com>
>
> ---
> v3:
Nit: these are RFC version numbers, and they will start clashing with
the non-RFC numbers next time you update this series.
I suggest changing them to "RFC v3" and "RFC v2" respectively.
> +
> +/**
> + * kfuzztest_init - initializes the debug filesystem for KFuzzTest
> + *
> + * Each registered target in the ".kfuzztest_targets" section gets its own
> + * subdirectory under "/sys/kernel/debug/kfuzztest/<test-name>" containing one
> + * write-only "input" file used for receiving inputs from userspace.
> + * Furthermore, a directory "/sys/kernel/debug/kfuzztest/_config" is created,
> + * containing two read-only files "minalign" and "num_targets", that return
> + * the minimum required region alignment and number of targets respectively.
This comment (and some below) is out of sync with the implementation.
As we've discussed offline, there's probably little value in having
"/sys/kernel/debug/kfuzztest/_config/num_targets", because that number
is equal to the number of files in "/sys/kernel/debug/kfuzztest/"
minus one.
It just came to my mind that "num_invocations" could be moved to some
"kfuzztest/_stat" directory, but it can also stay here as long as you
fix the doc comments.
next prev parent reply other threads:[~2025-09-16 10:22 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-16 9:00 [PATCH v1 0/10] KFuzzTest: a new kernel fuzzing framework Ethan Graham
2025-09-16 9:01 ` [PATCH v1 01/10] mm/kasan: implement kasan_poison_range Ethan Graham
2025-09-16 9:34 ` Alexander Potapenko
2025-09-16 9:01 ` [PATCH v1 02/10] kfuzztest: add user-facing API and data structures Ethan Graham
2025-09-16 9:58 ` Alexander Potapenko
2025-09-16 9:01 ` [PATCH v1 03/10] kfuzztest: implement core module and input processing Ethan Graham
2025-09-16 10:21 ` Alexander Potapenko [this message]
2025-09-17 3:59 ` kernel test robot
2025-09-18 1:21 ` kernel test robot
2025-09-16 9:01 ` [PATCH v1 04/10] tools: add kfuzztest-bridge utility Ethan Graham
2025-09-16 13:42 ` Alexander Potapenko
2025-09-17 13:26 ` SeongJae Park
2025-09-16 9:01 ` [PATCH v1 05/10] kfuzztest: add ReST documentation Ethan Graham
2025-09-16 9:01 ` [PATCH v1 06/10] kfuzztest: add KFuzzTest sample fuzz targets Ethan Graham
2025-09-18 3:17 ` kernel test robot
2025-09-16 9:01 ` [PATCH v1 07/10] crypto: implement KFuzzTest targets for PKCS7 and RSA parsing Ethan Graham
2025-09-16 10:28 ` Ignat Korchagin
2025-09-17 23:37 ` kernel test robot
2025-09-18 6:52 ` kernel test robot
2025-09-18 14:15 ` Alexander Potapenko
2025-09-16 9:01 ` [PATCH v1 08/10] drivers/auxdisplay: add a KFuzzTest for parse_xy() Ethan Graham
2025-09-16 9:01 ` [PATCH v1 09/10] fs/binfmt_script: add KFuzzTest target for load_script Ethan Graham
2025-09-17 5:04 ` kernel test robot
2025-09-16 9:01 ` [PATCH v1 10/10] MAINTAINERS: add maintainer information for KFuzzTest Ethan Graham
2025-09-16 9:38 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG_fn=U0dOBumngmQQ1cna=SZvbDXjJ8NrVUZyCHY5dzJV4rVg@mail.gmail.com' \
--to=glider@google.com \
--cc=andreyknvl@gmail.com \
--cc=andy@kernel.org \
--cc=brauner@kernel.org \
--cc=brendan.higgins@linux.dev \
--cc=davem@davemloft.net \
--cc=davidgow@google.com \
--cc=dhowells@redhat.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=ethan.w.s.graham@gmail.com \
--cc=ethangraham@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=jack@suse.cz \
--cc=jannh@google.com \
--cc=johannes@sipsolutions.net \
--cc=kasan-dev@googlegroups.com \
--cc=kees@kernel.org \
--cc=kunit-dev@googlegroups.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lukas@wunner.de \
--cc=rmoar@google.com \
--cc=shuah@kernel.org \
--cc=tarasmadan@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox