US 12,346,453 B2
Automated testing of operating system (OS) kernel helper functions accessible through extended BPF (EBPF) filters
Anthony Saieva, New York, NY (US); Frederico Araujo, Mahopac, NY (US); Sanjeev Das, White Plains, NY (US); Michael Vu Le, Danbury, CT (US); and Jiyong Jang, Chappaqua, NY (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Sep. 23, 2022, as Appl. No. 17/952,189.
Prior Publication US 2024/0104221 A1, Mar. 28, 2024
Int. Cl. G06F 21/57 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of testing an operating system (OS) kernel interface, the kernel interface having a grammar that defines the kernel interface, comprising:
receiving extended Berkeley Packet Filter (eBPF) code that has been configured to invoke and test the OS kernel interface using a fuzzing engine, wherein the OS kernel interface comprises driver code;
receiving user space code that has been configured to generate at least one kernel event that triggers the eBPF code to run, and to transform inputs from the fuzzing engine according to the grammar that defines the kernel interface;
after loading the eBPF code into the OS kernel, generating the at least one kernel event, wherein the driver code causes only spacific kernel events to trigger the eBPF based on a process ID of the driver code; and
responsive to generating the at least one kernel event, and as the fuzzing engine executes, recording arguments sent to the OS kernel through the kernel interface, wherein the arguments are passed through a data structure shared by the eBPF code and the user space code.