This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, March 12 • 9:00am - 9:50am
Filesystem Fuzzing Simplified - Sasha Levin, Oracle

Sign up or log in to save this to your schedule and see who's attending!

Filesystem testing has been mostly focused around using "standard" testcase based tools. While they provide good coverage and are good for testing for known regressions, they miss quite a lot.

I'd like to present an approach which allows fuzz testing a filesystem by loading the target filesystem into a disposable harness built around the kvm tool and trinity with the ability to use the traditional test tools in parallel.

This approach, when targeted at specific subsystems has produced interesting results:
- CVE-2014-8086 (EXT4 DoS)
- CVE-2014-8559 (FS remote DoS)
- CVE-2014-4171 (shmem DoS)
- CVE-2014-3940 (procfs DoS)
- CVE-2013-7348 (AIO memory corruption)

And quite a few more issues that are just plain bugs.


Sasha Levin

Verizon Labs
Sasha is the maintainer of the 3.18 and 4.1 stable trees. He is also the maintainer of the linux-stable-security project which provides critical security updates to projects that use stable-like trees.nnSasha is currently employed by Oracle, working in the Ksplice group. We provide rebootless security updates to the Linux kernel without requiring a reboot. Previously he worked in Host Dynamics which provided the ability to dynamically shape the... Read More →

Thursday March 12, 2015 9:00am - 9:50am
Carver 1