From 67952b9f484b69e0324290b59e4939a4b6d10cfa Mon Sep 17 00:00:00 2001
From: Space Meyer <spm@google.com>
Date: Tue, 11 Apr 2023 13:16:53 +0200
Subject: docs: add GREBE reference

Tl;Dr They try to identify the data structure involved in a crash,
e.g. by parsing the WARN_ON condition. They modify the compiler
instrumentation to overwrite some of the upper bits in the program
counters, for program counters that modify the data structure. Then
they guide coverage by these magic PCs. They do this to find other
failure modes of buggy code found by syzkaller.
---
 docs/research.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/research.md b/docs/research.md
index df7d004c6..be3eca851 100644
--- a/docs/research.md
+++ b/docs/research.md
@@ -1,6 +1,7 @@
 # Research work based on syzkaller
 
 _newer first_
+* [GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs](https://zplin.me/papers/GREBE.pdf)
 * [Precise Detection of Kernel Data Races with Probabilistic Lockset Analysis](https://www.cs.columbia.edu/~gabe/files/oakland2023_pla.pdf)
 * [Linux Kernel Enriched Corpus](https://github.com/cmu-pasta/linux-kernel-enriched-corpus) : [corpus.db](https://github.com/cmu-pasta/linux-kernel-enriched-corpus/raw/main/corpus.db)
 * [HotBPF - An On-demand and On-the-fly Memory Protection](https://www.youtube.com/watch?v=1KSLTsgxaSU)
-- 
cgit mrf-deployment