docs: add GREBE reference

Tl;Dr They try to identify the data structure involved in a crash, e.g. by parsing the WARN_ON condition. They modify the compiler instrumentation to overwrite some of the upper bits in the program counters, for program counters that modify the data structure. Then they guide coverage by these magic PCs. They do this to find other failure modes of buggy code found by syzkaller.
author: Space Meyer <spm@google.com> 2023-04-11 13:16:53 +0200
committer: Aleksandr Nogikh <wp32pw@gmail.com> 2023-04-17 11:37:26 +0200
commit: 67952b9f484b69e0324290b59e4939a4b6d10cfa (patch)
tree: 8e5ad59e8c3e6892dfbc8cc01042c366de540ec0
parent: c6ec708375e0f0f670f8ae7c11c94f09ce03f673 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/docs/research.md b/docs/research.md
index df7d004c6..be3eca851 100644
--- a/docs/research.md
+++ b/docs/research.md
@@ -1,6 +1,7 @@
 # Research work based on syzkaller
 
 _newer first_
+* [GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs](https://zplin.me/papers/GREBE.pdf)
 * [Precise Detection of Kernel Data Races with Probabilistic Lockset Analysis](https://www.cs.columbia.edu/~gabe/files/oakland2023_pla.pdf)
 * [Linux Kernel Enriched Corpus](https://github.com/cmu-pasta/linux-kernel-enriched-corpus) : [corpus.db](https://github.com/cmu-pasta/linux-kernel-enriched-corpus/raw/main/corpus.db)
 * [HotBPF - An On-demand and On-the-fly Memory Protection](https://www.youtube.com/watch?v=1KSLTsgxaSU)
author	Space Meyer <spm@google.com>	2023-04-11 13:16:53 +0200
committer	Aleksandr Nogikh <wp32pw@gmail.com>	2023-04-17 11:37:26 +0200
commit	67952b9f484b69e0324290b59e4939a4b6d10cfa (patch)
tree	8e5ad59e8c3e6892dfbc8cc01042c366de540ec0
parent	c6ec708375e0f0f670f8ae7c11c94f09ce03f673 (diff)