perf_fuzzer perf_event syscall fuzzer
The perf_fuzzer tool automatically tests the
perf_event_open() system call and attempts to find mostly-valid
inputs that potentially crash (or worse) the Linux kernel.
The code has already found numerous denial of service bugs and at
least one local root exploit.
I'm currently working on a paper describing how things work in more
detail. I will post that when it is ready.
The perf_fuzzer is available as part of the
perf_event_test test suite.
Currently development is done via git at
https://github.com/deater/perf_event_tests
; you can check out a version
of the development tree via:
git clone git://github.com/deater/perf_event_tests
Read the README
See here for a list of bugs found.
Back to unofficial perf_events page