perf_fuzzer perf_event syscall fuzzer
The perf_fuzzer tool automatically tests the
perf_event_open() system call and attempts to find mostly-valid
inputs that potentially crash (or worse) the Linux kernel.
Please send me an e-mail if you use perf_fuzzer and find bugs!
It's a struggle trying to get publications/funding for this work, which
is one of the reasons why development has slowed. If you've used
perf_fuzzer to get a CVE or bug bounty, please let me know so I can use
the info in my reports to show how important fuzzing can be.
The code has already found numerous denial of service bugs and various
local root exploits.
See here for a list of current/fixed mainline
Linux kernel bugs found.
- CVE-2015-0805, CVE-2015-0819 (major Qualcomm Android root exploits
found by Wish Wu quite possibly by perf_fuzzer though that's unclear,
here and here)
- CVE-2013-2094 (found by trinity using perf_event code I contributed)
An article on the perf_fuzzer appeared on LWN.net:
Fuzzing perf_events (5 August 2015)
A Tech Report describing the design of the fuzzer can be found here:
2015_perf_fuzzer_tr.pdf (12 May 2015).
The perf_fuzzer is available as part of the
perf_event_test test suite.
Currently development is done via git at
; you can check out a version
of the development tree via:
git clone git://github.com/deater/perf_event_tests
Read the README
Back to unofficial perf_events page