Re: [Qemu-devel] Fuzzing

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Fuzzing

From:	Alex Bennée
Subject:	Re: [Qemu-devel] Fuzzing
Date:	Wed, 26 Sep 2018 16:48:00 +0100
User-agent:	mu4e 1.1.0; emacs 26.1.50

Catena cyber <address@hidden> writes:

> Hi Alex,
>
> I am not asking for any specific action.
> I just wanted to let you know about this fuzzing work of mine, in case that 
> proves helpful to qemu.
> Have you been fuzzing qemu ? And more specifically the code for the
> different architectures arm, sparc, etc…

I can't speak for all the architectures but we certainly have done a
fair amount of random instruction testing against the ARM architectures
(using RISU). This caught a bunch of errors during the AArch64
development and the SVE extension. The failure you found in arm looks
like something that had already been picked up but our arm testing
hasn't been as comprehensive.

Of course the RISU testing still follows patterns - so I guess totally
random inputs might throw up a few more edge cases.

>
> Take care,
> Philippe
>
>
>> Le 25 sept. 2018 à 22:12, Alex Bennée <address@hidden> a écrit :
>>
>>
>> Catena cyber <address@hidden> writes:
>>
>>> Hi qemu people,
>>>
>>> My name is Philippe Antoine.
>>> I am writing here after Stefan has asked me to.
>>>
>>> I have been integrating some projects with oss-fuzz.
>>> And The latest is unicorn-engine, which is based on some version of the 
>>> code from qemu.
>>>
>>> You can take a look at https://github.com/unicorn-engine/unicorn/pull/1007 
>>> <https://github.com/unicorn-engine/unicorn/pull/1007>
>>> Unicorn is not up to date with qemu 3.0 as you can see in this bug found by 
>>> oss-fuzz  (off by one in arm registers)
>>> https://github.com/unicorn-engine/unicorn/pull/1021#issuecomment-423956136 
>>> <https://github.com/unicorn-engine/unicorn/pull/1021#issuecomment-423956136>
>>> (This is just one amongst many and more are still coming)
>>>
>>> Is that of interest to you ?
>>
>> These at first glance seem to be changes to unicorn specific bits of the
>> forked version of QEMU. The later reference pulls in some re-factor work
>> from the upstream. I'm not sure what you are asking w.r.t action for
>> the QEMU project to take?
>>
>>>
>>> All the best,
>>> Philippe
>>
>>
>> --
>> Alex Bennée


--
Alex Bennée

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Fuzzing, Catena cyber, 2018/09/25
- Re: [Qemu-devel] Fuzzing, Alex Bennée, 2018/09/25
  - Re: [Qemu-devel] Fuzzing, Catena cyber, 2018/09/26
    - Re: [Qemu-devel] Fuzzing, Alex Bennée <=

Prev by Date: [Qemu-devel] Converting PCIDevice to VirtIODevice
Next by Date: Re: [Qemu-devel] [PATCH v10 2/2] target/arm: Add support for VCPU event states
Previous by thread: Re: [Qemu-devel] Fuzzing
Next by thread: [Qemu-devel] [PULL v2 0/5] Linux user for 3.1 patches
Index(es):
- Date
- Thread