[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support
From: |
Max Moroz |
Subject: |
Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support |
Date: |
Fri, 11 Jan 2019 07:41:22 -0800 |
On Fri, Jan 11, 2019 at 7:34 AM Paolo Bonzini <address@hidden> wrote:
> On 11/01/19 16:04, Max Moroz wrote:
> > We usually have a single fuzzing process, it starts with a fuzzing
> > engine's main function and is calling LLVMFuzzerTestOneInput with
> > various inputs and keep mutating them based on the coverage feedback.
> > Running a second process which you don't care too much about might be
> > fine, but the fuzzing process should be "replacing" or should I say
> > "imitating" the process whose coverage you're interested in.
>
> What do you mean by replacing or imitating?
>
To give you an example, when we fuzz ffmpeg, we do not run ffmpeg's main
function. We write LLVMFuzzerTestOneInput that would do the necessary
initialization, reset the state, etc, and then would pass (data, size)
provided by a fuzzing engine to the API(s) we're trying to fuzz. So, in
your case, there should not be a regular QEMU process, and instead the fuzz
target (i.e. LLVMFuzzerTestOneInput) should be doing certain initialization
(which is usually done by the QEMU process) and then call the API you want
to fuzz.
>
> Avoiding fork would probably be hard. I'm mostly afraid that some state
> guest state is not resetted properly across runs, and this would result
> in non-reproducible crashes.
>
> It seems to me that the task can be approached with AFL and a test case
> postprocessor to generate the qtest input; however, my knowledge of
> libFuzzer is very very limited.
>
> Paolo
>
- [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Stefan Hajnoczi, 2019/01/09
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Bandan Das, 2019/01/10
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Dmitry Vyukov, 2019/01/10
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Max Moroz, 2019/01/10
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/10
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Stefan Hajnoczi, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Max Moroz, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support,
Max Moroz <=
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Jonathan Metzman, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Jonathan Metzman, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Stefan Hajnoczi, 2019/01/14
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Bandan Das, 2019/01/18
Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Dmitry Vyukov, 2019/01/10