filesystem fuzzing
A couple of months ago I set out to fuzz some of the filesystems that linux supports (and it supports way too many filesystems !).
Basicly, what I did was look for a filesystems that have userland utils that allowed me to make an empty partion in a file instead of a device. I think I ended up fuzzing ext2/3, reiserfs, xfs,jfs and fat12.
Then used mangle.c in a loop with the loopback device and sat back till something happened:
EVERYTHING BLEW UP WITHIN SECONDS !!!
when I say blow up, I mean full kernel panic or atleast very scary oopses.
The only exception is fat12. It didn’t break. not at all, nothing, I couldn’t even get it to printk() some debug crap. My guess is this is because a) fat12 is a really trivial fs and b) floppies are so unreliable that whatever corruption you can ever have with fat12 already happened at some point in the past and has been dealt with.
I remember emailing Hans Reiser about some of this stuff, but never got a reply. Several months later there was an interesting thread on lkml:
http://lkml.org/lkml/2006/2/19/138
Tags: ilja