Skip to content

bpfchecker/BpfCheckerSource

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
bpf_ir
bpf_ir
 
 
evaluation
evaluation
 
 
rbpf_runner
rbpf_runner
 
 
ubpf_runner
ubpf_runner
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
run.sh
run.sh
 
 

Repository files navigation

BpfChecker

Toss a Fault to BpfChecker: Revealing Implementation Flaws for eBPF runtimes with Differential Fuzzing

Module Structure

  • bpf_ir: lightweight eBPF IR
  • rbpf_runner: instrumented rBPF
  • ubpf_runner: instrumented Windows eBPF core VM

Requirements

The following toolchains are required to be installed in advanced:

  • clang
  • rust toolchain

Usage

See README in bpf_ir for details about how to generate IR eBPF program, and how to mutate, fix the IR program.

For differential fuzzing of the rbpf and Windows eBPF, please see rbpf_runner for detail.

Demo Usage

Note that the script is aimed at running on the Ubuntu host.

To build the IR generator and the runner, run build.sh.

After building the necessary, run fuzzer by run.sh. You can change the necessary path in the script.

When correctly running the fuzzer, the output would be:

[-] Fuzzing iteration 0 completed in 0.369602 seconds.
[-] Fuzzing iteration 1 completed in 0.461553 seconds.
[-] Fuzzing iteration 2 completed in 0.37018 seconds.
[-] Fuzzing iteration 3 completed in 0.370709 seconds.
[-] Fuzzing iteration 4 completed in 0.387481 seconds.

Trophy

Details of the found bugs and the fix commits are listed in https://gist.github.com/bpfchecker/34a31c23a2da08564577df1bc8d8fce8

TODO

Further cleanup and the instructions for the runner.

About

source code of the BpfChecker

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages