File systems are too big to be bug free. While hand-written testsuites have been widely used to stress file systems, the growth of thetest pool can hardly keep up with the rapid increase in file systemsize and complexity, leading to new bugs being introduced and reportedregularly. Moreover, file system bugs come in various flavors,ranging from simple buffer overflows to sophisticated semantic bugs.Although bug-specific checkers exist, they generally lack a way toexplore file system states thoroughly. More importantly, there lacksa turnkey solution that unifies the checking effort of various aspectsof a file system in one umbrella.

In this talk, we will show the potential of applying fuzzing to findnot just memory errors, but in theory, any type of file system bugswith an extensible fuzzing framework: Hydra. Hydra provides buildingblocks for file system fuzzing, including input mutators, feedbackengines, a libOS-based executor, and a bug reproducer with test caseminimization. As a result, developers only need to focus on buildingthe core logic for finding bugs of their own interests. We showcasethe effectiveness of Hydra with four checkers that hunt crashinconsistency, POSIX violations, logic assertion failures and memoryerrors, respectively. So far, Hydra has discovered 95 new bugs inLinux file systems, including one in a verified file system (FSCQ).

Ref:
- Fuzzing File Systems via Two-Dimensional Input Space Exploration, S&P'19
- Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework (in submission)

Taesoo Kim is an associate professor in the School Computer Science at GeorgiaTech. He also serves as the director of the Georgia Tech Systems Software andSecurity Center (GTS3). He is genuinely interested in building a system thathas underline principles for why it should be secure. Those principles includethe design of the system, analysis of its implementation, ellimination ofcertain classes of vulnerabilities, and clear separation of its trustedcomponents. He holds a SM (2011) and a PhD (2014) from MIT EECS.