[Qemu-devel] Internship idea: virtio-blk oss-fuzz support

From: Stefan Hajnoczi
Subject: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support
Date: Wed, 9 Jan 2019 17:34:29 +0000

Hi folks,
I'd like to start fuzzing emulated devices in QEMU.  Here is an
internship project idea I'm proposing to do this.

Any thoughts?  Want to co-mentor this in Google Summer of Code or Outreachy?


'''Summary:''' Integrate oss-fuzz into QEMU so that the virtio-blk
device can be fuzz tested.

oss-fuzz offers a fuzz testing service to open source projects.  This
means random inputs are continuously tested against the program in
order to find crashes and other bugs.  Fuzz testing complements
hand-written test suites by exploring the input space of a program and
therefore the code paths that may be taken.

The goal of this project is to integrate oss-fuzz into QEMU so that
the virtio-blk-pci device can be fuzzed at both the VIRTIO and PCI bus
level.  virtio-blk-pci is a PCI device, which means it is connected to
the virtual machine's PCI bus and has a certain set of registers that
can be programmed by the guest.  Furthermore, it is a VIRTIO device -
this is the specification the describes most of the functionality of
virtio-blk.  Bugs exist at both the PCI and VIRTIO levels, so it's
important to fuzz both of them.

Fuzzing emulated devices involves accessing their hardware registers
randomly to make the device respond.  QEMU has a device testing
interface called "qtest" that accepts read/write and other commands
over a socket and is ideal for writing device-level tests.  You may
find that oss-fuzz works better integrated directly into the QEMU
program instead of as a separate qtest program, so you can consider
adding a new command-line option to QEMU for running in oss-fuzz mode.

This project involves learning about VIRTIO and PCI devices, as well
as figuring out how to integrate oss-fuzz into QEMU so that it can
effective explore the code paths in virtio-blk device emulation code.
You will enjoy this project if you want to learn how device emulation
works and are interested in fuzzers.

* [https://github.com/google/oss-fuzz/blob/master/docs/ideal_integration.md
oss-fuzz integration overview]
libfuzzer tutorial]
* [http://docs.oasis-open.org/virtio/virtio/v1.0/cs04/virtio-v1.0-cs04.html
VIRTIO specification]
* [https://wiki.osdev.org/PCI PCI bus overview]

* Skill level: intermediate
* Language: C
* Mentor: Stefan Hajnoczi <address@hidden>

