[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments
From: |
Alexander Bulekov |
Subject: |
Re: pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU) |
Date: |
Mon, 18 Jan 2021 08:54:58 -0500 |
On 210118 1030, Thomas Huth wrote:
> On 18/01/2021 09.43, Paolo Bonzini wrote:
> > On 17/01/21 21:10, Alexander Bulekov wrote:
> > > This is useful for building reproducers. Instead checking the code or
> > > the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log.
> > >
> > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> > > ---
> > > tests/qtest/fuzz/fuzz.c | 11 ++++++++++-
> > > 1 file changed, 10 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> > > index 238866a037..496d11a231 100644
> > > --- a/tests/qtest/fuzz/fuzz.c
> > > +++ b/tests/qtest/fuzz/fuzz.c
> > > @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char
> > > ***argv, char ***envp)
> > > char *target_name;
> > > const char *bindir;
> > > char *datadir;
> > > + GString *cmd_line;
> > > + gchar *pretty_cmd_line;
> > > bool serialize = false;
> > > /* Initialize qgraph and modules */
> > > @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char
> > > ***argv, char ***envp)
> > > }
> > > /* Run QEMU's softmmu main with the fuzz-target dependent arguments
> > > */
> > > - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target);
> > > + cmd_line = fuzz_target->get_init_cmdline(fuzz_target);
> > > g_string_append_printf(cmd_line, " %s -qtest /dev/null ",
> > > getenv("QTEST_LOG") ? "" : "-qtest-log
> > > none");
> > > @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char
> > > ***argv, char ***envp)
> > > wordexp(cmd_line->str, &result, 0);
> > > g_string_free(cmd_line, true);
> > > + if (getenv("QTEST_LOG")) {
> > > + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1);
> > > + printf("Starting %s with Arguments: %s\n",
> > > + result.we_wordv[0], pretty_cmd_line);
> > > + g_free(pretty_cmd_line);
> > > + }
> > > +
> > > qemu_init(result.we_wordc, result.we_wordv, NULL);
> > > /* re-enable the rcu atfork, which was previously disabled in
> > > qemu_init */
> > >
> >
> > Hi Alexander, can you send _me_ a pull request for all the pending
> > fuzzing patches? I haven't paid much attention, but I have seen
> > external contributions and I have the feeling that they aren't being
> > applied/reviewed promptly.
>
> I'm normally taking the fuzzing patches through the qtest tree (and also
> merged some contributions last week, see 22ec0c696fd28e and the following
> commits) ... which patch series that got missed did you have in mind?
>
> Anyway, the amount of fuzzer patches seems to have increased during the last
> weeks, and I'm not very familiar with the fuzzing stuff and also sometimes I
> do not get CC:-ed on fuzzing patches, so it might make sense indeed that
> Alexander now gathers the fuzzing patches and starts sending pull requests
> for these. Alexander, do you want to have a try now?
>
Sure - I'll wait for both remaining series to be fully reviewed. Then
I'll follow this: https://wiki.qemu.org/Contribute/SubmitAPullRequest
-Alex
> Thomas
>