[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/2] fuzz: skip QTest serialization
From: |
Alexander Bulekov |
Subject: |
Re: [PATCH v2 1/2] fuzz: skip QTest serialization |
Date: |
Fri, 29 May 2020 18:04:47 -0400 |
User-agent: |
NeoMutt/20180716 |
This is missing the actual wrapper functions... Sending v3
On 200529 1402, Alexander Bulekov wrote:
> The QTest server usually parses ASCII commands from clients. Since we
> fuzz within the QEMU process, skip the QTest serialization and server
> for most QTest commands. Leave the option to use the ASCII protocol, to
> generate readable traces for crash reproducers.
>
> Inspired-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
> tests/qtest/fuzz/Makefile.include | 21 +++++++++++++++++++++
> tests/qtest/fuzz/fuzz.c | 14 +++++++++++++-
> tests/qtest/fuzz/fuzz.h | 3 +++
> 3 files changed, 37 insertions(+), 1 deletion(-)
>
> diff --git a/tests/qtest/fuzz/Makefile.include
> b/tests/qtest/fuzz/Makefile.include
> index f259d866c9..5bde793bf2 100644
> --- a/tests/qtest/fuzz/Makefile.include
> +++ b/tests/qtest/fuzz/Makefile.include
> @@ -5,6 +5,7 @@ fuzz-obj-y += $(libqos-obj-y)
> fuzz-obj-y += tests/qtest/fuzz/fuzz.o # Fuzzer skeleton
> fuzz-obj-y += tests/qtest/fuzz/fork_fuzz.o
> fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o
> +fuzz-obj-y += tests/qtest/fuzz/qtest_wrappers.o
>
> # Targets
> fuzz-obj-$(CONFIG_PCI_I440FX) += tests/qtest/fuzz/i440fx_fuzz.o
> @@ -16,3 +17,23 @@ FUZZ_CFLAGS += -I$(SRC_PATH)/tests
> -I$(SRC_PATH)/tests/qtest
> # Linker Script to force coverage-counters into known regions which we can
> mark
> # shared
> FUZZ_LDFLAGS += -Xlinker -T$(SRC_PATH)/tests/qtest/fuzz/fork_fuzz.ld
> +
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_inb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_inw
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_inl
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_outb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_outw
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_outl
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readw
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readl
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readq
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writew
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writel
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeq
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_memread
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufread
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_memwrite
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufwrite
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_memset
> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> index f5c923852e..cf76a6636f 100644
> --- a/tests/qtest/fuzz/fuzz.c
> +++ b/tests/qtest/fuzz/fuzz.c
> @@ -91,7 +91,10 @@ static void usage(char *path)
> printf(" * %s : %s\n", tmp->target->name,
> tmp->target->description);
> }
> - printf("Alternatively, add -target-FUZZ_TARGET to the executable
> name\n");
> + printf("Alternatively, add -target-FUZZ_TARGET to the executable
> name\n\n"
> + "Set the environment variable FUZZ_SERIALIZE_QTEST=1 to
> serialize\n"
> + "QTest commands into an ASCII protocol. Useful for building
> crash\n"
> + "reproducers, but slows down execution.\n");
> exit(0);
> }
>
> @@ -137,6 +140,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char
> ***envp)
> {
>
> char *target_name;
> + char *dir;
> + bool serialize = false;
>
> /* Initialize qgraph and modules */
> qos_graph_init();
> @@ -157,6 +162,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char
> ***envp)
> usage(**argv);
> }
>
> + /* Should we always serialize qtest commands? */
> + if (getenv("FUZZ_SERIALIZE_QTEST")) {
> + serialize = true;
> + }
> +
> + fuzz_qtest_set_serialize(serialize);
> +
> /* Identify the fuzz target */
> fuzz_target = fuzz_get_target(target_name);
> if (!fuzz_target) {
> diff --git a/tests/qtest/fuzz/fuzz.h b/tests/qtest/fuzz/fuzz.h
> index 03901d414e..72d5710f6c 100644
> --- a/tests/qtest/fuzz/fuzz.h
> +++ b/tests/qtest/fuzz/fuzz.h
> @@ -82,6 +82,9 @@ typedef struct FuzzTarget {
> void flush_events(QTestState *);
> void reboot(QTestState *);
>
> +/* Use the QTest ASCII protocol or call address_space API directly?*/
> +void fuzz_qtest_set_serialize(bool option);
> +
> /*
> * makes a copy of *target and adds it to the target-list.
> * i.e. fine to set up target on the caller's stack
> --
> 2.26.2
>