Re: [PATCH v2 1/2] fuzz: skip QTest serialization

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/2] fuzz: skip QTest serialization

From:	Alexander Bulekov
Subject:	Re: [PATCH v2 1/2] fuzz: skip QTest serialization
Date:	Fri, 29 May 2020 18:04:47 -0400
User-agent:	NeoMutt/20180716

This is missing the actual wrapper functions... Sending v3

On 200529 1402, Alexander Bulekov wrote:
> The QTest server usually parses ASCII commands from clients. Since we
> fuzz within the QEMU process, skip the QTest serialization and server
> for most QTest commands. Leave the option to use the ASCII protocol, to
> generate readable traces for crash reproducers.
> 
> Inspired-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
>  tests/qtest/fuzz/Makefile.include | 21 +++++++++++++++++++++
>  tests/qtest/fuzz/fuzz.c           | 14 +++++++++++++-
>  tests/qtest/fuzz/fuzz.h           |  3 +++
>  3 files changed, 37 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/qtest/fuzz/Makefile.include 
> b/tests/qtest/fuzz/Makefile.include
> index f259d866c9..5bde793bf2 100644
> --- a/tests/qtest/fuzz/Makefile.include
> +++ b/tests/qtest/fuzz/Makefile.include
> @@ -5,6 +5,7 @@ fuzz-obj-y += $(libqos-obj-y)
>  fuzz-obj-y += tests/qtest/fuzz/fuzz.o # Fuzzer skeleton
>  fuzz-obj-y += tests/qtest/fuzz/fork_fuzz.o
>  fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o
> +fuzz-obj-y += tests/qtest/fuzz/qtest_wrappers.o
>  
>  # Targets
>  fuzz-obj-$(CONFIG_PCI_I440FX) += tests/qtest/fuzz/i440fx_fuzz.o
> @@ -16,3 +17,23 @@ FUZZ_CFLAGS += -I$(SRC_PATH)/tests 
> -I$(SRC_PATH)/tests/qtest
>  # Linker Script to force coverage-counters into known regions which we can 
> mark
>  # shared
>  FUZZ_LDFLAGS += -Xlinker -T$(SRC_PATH)/tests/qtest/fuzz/fork_fuzz.ld
> +
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_inb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_inw
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_inl
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_outb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_outw
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_outl
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readw
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readl
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readq
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writew
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writel
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeq
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_memread
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufread
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_memwrite
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufwrite
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_memset
> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> index f5c923852e..cf76a6636f 100644
> --- a/tests/qtest/fuzz/fuzz.c
> +++ b/tests/qtest/fuzz/fuzz.c
> @@ -91,7 +91,10 @@ static void usage(char *path)
>          printf(" * %s  : %s\n", tmp->target->name,
>                  tmp->target->description);
>      }
> -    printf("Alternatively, add -target-FUZZ_TARGET to the executable 
> name\n");
> +    printf("Alternatively, add -target-FUZZ_TARGET to the executable 
> name\n\n"
> +           "Set the environment variable FUZZ_SERIALIZE_QTEST=1 to 
> serialize\n"
> +           "QTest commands into an ASCII protocol. Useful for building 
> crash\n"
> +           "reproducers, but slows down execution.\n");
>      exit(0);
>  }
>  
> @@ -137,6 +140,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
> ***envp)
>  {
>  
>      char *target_name;
> +    char *dir;
> +    bool serialize = false;
>  
>      /* Initialize qgraph and modules */
>      qos_graph_init();
> @@ -157,6 +162,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
> ***envp)
>          usage(**argv);
>      }
>  
> +    /* Should we always serialize qtest commands? */
> +    if (getenv("FUZZ_SERIALIZE_QTEST")) {
> +        serialize = true;
> +    }
> +
> +    fuzz_qtest_set_serialize(serialize);
> +
>      /* Identify the fuzz target */
>      fuzz_target = fuzz_get_target(target_name);
>      if (!fuzz_target) {
> diff --git a/tests/qtest/fuzz/fuzz.h b/tests/qtest/fuzz/fuzz.h
> index 03901d414e..72d5710f6c 100644
> --- a/tests/qtest/fuzz/fuzz.h
> +++ b/tests/qtest/fuzz/fuzz.h
> @@ -82,6 +82,9 @@ typedef struct FuzzTarget {
>  void flush_events(QTestState *);
>  void reboot(QTestState *);
>  
> +/* Use the QTest ASCII protocol or call address_space API directly?*/
> +void fuzz_qtest_set_serialize(bool option);
> +
>  /*
>   * makes a copy of *target and adds it to the target-list.
>   * i.e. fine to set up target on the caller's stack
> -- 
> 2.26.2
>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 0/2] fuzz: Skip QTest serialization, Alexander Bulekov, 2020/05/29
- [PATCH v2 1/2] fuzz: skip QTest serialization, Alexander Bulekov, 2020/05/29
  - Re: [PATCH v2 1/2] fuzz: skip QTest serialization, Alexander Bulekov <=
- [PATCH v2 2/2] fuzz: Add support for logging QTest commands, Alexander Bulekov, 2020/05/29

Prev by Date: Re: [PATCH v8 49/62] target/riscv: vector widening floating-point reduction instructions
Next by Date: [PATCH v3 0/2] fuzz: Skip QTest serialization
Previous by thread: [PATCH v2 1/2] fuzz: skip QTest serialization
Next by thread: [PATCH v2 2/2] fuzz: Add support for logging QTest commands
Index(es):
- Date
- Thread