[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v6 16/21] fuzz: add support for fork-based fuzzing.
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [PATCH v6 16/21] fuzz: add support for fork-based fuzzing. |
|
Date: |
Fri, 3 Jan 2020 11:27:26 +0000 |
On Fri, Nov 29, 2019 at 09:34:50PM +0000, Oleinik, Alexander wrote:
> fork() is a simple way to ensure that state does not leak in between
> fuzzing runs. Unfortunately, the fuzzer mutation engine relies on
> bitmaps which contain coverage information for each fuzzing run, and
> these bitmaps should be copied from the child to the parent(where the
> mutation occurs). These bitmaps are created through compile-time
> instrumentation and they are not shared with fork()-ed processes, by
> default. To address this, we create a shared memory region, adjust its
> size and map it _over_ the counter region. Furthermore, libfuzzer
> doesn't generally expose the globals that specify the location of the
> counters/coverage bitmap. As a workaround, we rely on a custom linker
> script which forces all of the bitmaps we care about to be placed in a
> contiguous region, which is easy to locate and mmap over.
>
> Signed-off-by: Alexander Bulekov <address@hidden>
> ---
> exec.c | 12 ++++++--
> tests/fuzz/Makefile.include | 3 ++
> tests/fuzz/fork_fuzz.c | 55 +++++++++++++++++++++++++++++++++++++
> tests/fuzz/fork_fuzz.h | 23 ++++++++++++++++
> tests/fuzz/fork_fuzz.ld | 37 +++++++++++++++++++++++++
> tests/fuzz/fuzz.c | 2 +-
> 6 files changed, 129 insertions(+), 3 deletions(-)
> create mode 100644 tests/fuzz/fork_fuzz.c
> create mode 100644 tests/fuzz/fork_fuzz.h
> create mode 100644 tests/fuzz/fork_fuzz.ld
Reviewed-by: Stefan Hajnoczi <address@hidden>
signature.asc
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH v6 16/21] fuzz: add support for fork-based fuzzing.,
Stefan Hajnoczi <=