From: Dave Chinner <david@fromorbit.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric Sandeen <sandeen@sandeen.net>,
"Darrick J. Wong" <darrick.wong@oracle.com>,
syzbot <syzbot+84a67953651a971809ba@syzkaller.appspotmail.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-xfs@vger.kernel.org,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
Theodore Ts'o <tytso@mit.edu>,
syzkaller <syzkaller@googlegroups.com>
Subject: Re: WARNING: bad unlock balance in xfs_iunlock
Date: Thu, 10 May 2018 09:22:54 +1000 [thread overview]
Message-ID: <20180509232254.GQ10363@dastard> (raw)
In-Reply-To: <CACT4Y+Ya0cSP7eKjzcbfxQHYLJeR8Qnp_f4MwcM_QU91unnD5w@mail.gmail.com>
On Wed, May 09, 2018 at 10:43:05AM +0200, Dmitry Vyukov wrote:
> Does "xfstests fuzzing infrastructure" use coverage-guidance?
It's guided manually to fuzz a substantial proportion of the fields
in the on-disk format that are susceptible to fuzzing bqased
attacks. It's not complete coverage yet, but it's getting better and
better, and we're finding more problems from it that random bit
based fuzzing has ever uncovered.
Also, the xfstests fuzzing defeats the CRC protection now built into
the metadata, which means it can exercise all the new filesystem
features that random bit fuzzers cannot exercise. That's the problem
with fuzzers like syzbot - they can only usefully fuzz the legacy
filesystem format which doesn't have CRC validation, nor many of the
other protections that the current filesystem format has to detect
corruption. This will also allow us to test things like online
repair of fuzzed structures....
Random bit perturbation filesystem image fuzzing was state of the
art ~10 years ago. They were made redundant by filesystems like
XFS and ext4 adding metadata CRC checking ~5 years ago. The legacy
filesystem formats are essentially unfixable, and it's largely a
waste of time to be trying to make them robust against random bit
fuzzing because such random bit corruptions (like the syzbot images)
do not occur in the real world.
IOWs, we've had to advance the "state of the art" ourselves because
nobody else in the fuzzing world responded to the fact we've
essentially defeated random bit image fuzzing. Not only that, we
have our own infrastructure that produces repeatable, understandable
and debuggable failures, and this is something that many 3rd party
fuzzing efforts do not provide us with.
> If not, it would be useful to add. Among some solutions there are
> LibFuzzer (https://llvm.org/docs/LibFuzzer.html), AFL >
> (http://lcamtuf.coredump.cx/afl/), kernel-fuzzing
> (https://github.com/oracle/kernel-fuzzing). I don't know how
> xfstests fuzzing works, so I can't say what would be more suitable
> there.
I think only AFL would be a usable infrastructure, but it would
require being taught about the ondisk format so it could perturb the
image in ways that are useful to modern filesystem formats. Lots(!)
of work, and it's not clear it would do any better than what we
already have.
Given the results we're getting from our own fuzzers, I don't see
much point in (XFS developers) investing huge amounts of effort to
make some other fuzzer equivalent to what we already have. If
someone else starts fuzzing the current format (v5) XFS filesystems
and finding problems we haven't, then I'm going to be interested in
their fuzzing tools. But (guided) random bit perturbation fuzzing
of legacy filesystem formats is really not that useful or
interesting to us right now.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2018-05-09 23:22 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-03 2:01 WARNING: bad unlock balance in xfs_iunlock syzbot
2018-04-03 4:38 ` Dave Chinner
2018-04-05 18:54 ` Dmitry Vyukov
2018-04-05 21:38 ` Dave Chinner
2018-04-06 16:10 ` Darrick J. Wong
2018-04-13 10:03 ` Dmitry Vyukov
2018-04-16 19:22 ` Eric Sandeen
2018-04-30 13:23 ` Dmitry Vyukov
2018-04-30 13:49 ` Eric Sandeen
2018-04-30 14:02 ` Dmitry Vyukov
2018-04-30 15:14 ` Eric Sandeen
2018-05-02 9:54 ` Jan Tulak
2018-05-08 7:52 ` Dmitry Vyukov
2018-05-09 2:48 ` Eric Sandeen
2018-05-09 8:43 ` Dmitry Vyukov
2018-05-09 23:22 ` Dave Chinner [this message]
2018-05-11 8:59 ` Dmitry Vyukov
2018-05-12 1:16 ` Dave Chinner
2018-05-08 7:54 ` Dmitry Vyukov
2018-04-30 13:24 ` Dmitry Vyukov
2018-05-01 22:51 ` Dave Chinner
2018-05-08 7:56 ` Dmitry Vyukov
2018-05-09 0:50 ` Dave Chinner
2018-05-09 2:37 ` Eric Biggers
2018-05-09 3:32 ` Eric Sandeen
2018-05-09 13:55 ` Theodore Y. Ts'o
2018-05-09 14:13 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180509232254.GQ10363@dastard \
--to=david@fromorbit.com \
--cc=darrick.wong@oracle.com \
--cc=dvyukov@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@sandeen.net \
--cc=syzbot+84a67953651a971809ba@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=syzkaller@googlegroups.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).