Project: MKDGAKernel drivers were once good. A few years ago (circa 2008), Security issues in the Linux kernel were mostly in the non-driver components. Most of us thought Linux kernel is getting better w.r.t security.In the year 2010, Android came into popularity. Hundreds of vendors started quickly producing android compliant devices. Competition between the vendors became fierce and time to the market became an important factor to capture the growing market.Android uses Linux kernel as its core.
Android Kernel Fuzzing
Free Download Linux Drivers
Vendors write drivers to support their Hardware. However, because of Factor 1, These drivers were not properly vetted, resulting in drivers becoming the bug-prone components of the Android kernel 1. If you take a look at the CVEs 2 most of these bugs are embarrassing, it is incredible that such code even exists.I want to solve this problem and make Linux kernel drivers great again.My grand plan:1) Develop a precise static analysis technique that can find easy bugs.Before actually developing yet another static bug finding tool, I wanted to check, how the existing tools perform on the android kernel drivers. The results are not good, a huge number of warnings and few times even the code as simple as below snippet raises multiple warnings. Char buf100;strcpy(buf, 'Hello');Although, I understand that I should never use strcpy, but still the above code is fine.We need a tool that can spot easy bugs with low false positives (.