Message ID | 20201021210922.572955-17-alxndr@bu.edu (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Add a Generic Virtual Device Fuzzer | expand |
Hi Alex, On Wednesday, 2020-10-21 at 17:09:22 -04, Alexander Bulekov wrote: > generic-fuzz is not a standalone fuzzer - it requires some env variables > to be set. On oss-fuzz, we set these with some predefined > generic-fuzz-{...} targets, that are thin wrappers around generic-fuzz. > Remove generic-fuzz from the oss-fuzz build, so oss-fuzz does not treat > it as a standalone fuzzer. > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > --- > scripts/oss-fuzz/build.sh | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/scripts/oss-fuzz/build.sh b/scripts/oss-fuzz/build.sh > index 0c3ca9e06f..37cd7f9e25 100755 > --- a/scripts/oss-fuzz/build.sh > +++ b/scripts/oss-fuzz/build.sh > @@ -97,5 +97,11 @@ do I'm presuming that the target that you're removing is being created by this line, maybe we should just specifically skip it here instead? The comment below on the removal probably would still apply though. > cp qemu-fuzz-i386 "$DEST_DIR/qemu-fuzz-i386-target-$target" Also, did you look into using hard-links, or even sym-links - they would require less duplication of the binaries, which may be important, or may not, and quicker creation too, e.g. ln qemu-fuzz-i386 "$DEST_DIR/qemu-fuzz-i386-target-$target" It's something that has been done for years, for example if you do: ls -il /sbin/{e2fsck,fsck.ext*} you will see they share the same inode. Similarly for vi and ex, they use symlinks (hardlinks on some OSes, but seems not Linux): ls -il /bin/{vi,ex} The main point is that argv[0] will be the name of link itself, not the thing pointed to. Thanks, Darren. > done > > +# Remove the generic-fuzz target, as it requires some environment variables to > +# be configured. We have some generic-fuzz-{pc-q35, floppy, ...} targets that > +# are thin wrappers around this target that set the required environment > +# variables according to predefined configs. > +rm "$DEST_DIR/qemu-fuzz-i386-target-generic-fuzz" > + > echo "Done. The fuzzers are located in $DEST_DIR" > exit 0 > -- > 2.28.0
On 201022 1032, Darren Kenny wrote: > Hi Alex, > > On Wednesday, 2020-10-21 at 17:09:22 -04, Alexander Bulekov wrote: > > generic-fuzz is not a standalone fuzzer - it requires some env variables > > to be set. On oss-fuzz, we set these with some predefined > > generic-fuzz-{...} targets, that are thin wrappers around generic-fuzz. > > Remove generic-fuzz from the oss-fuzz build, so oss-fuzz does not treat > > it as a standalone fuzzer. > > > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > > --- > > scripts/oss-fuzz/build.sh | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/scripts/oss-fuzz/build.sh b/scripts/oss-fuzz/build.sh > > index 0c3ca9e06f..37cd7f9e25 100755 > > --- a/scripts/oss-fuzz/build.sh > > +++ b/scripts/oss-fuzz/build.sh > > @@ -97,5 +97,11 @@ do > Hi Darren, > I'm presuming that the target that you're removing is being created by > this line, maybe we should just specifically skip it here instead? Sounds good. > The comment below on the removal probably would still apply though. > > > cp qemu-fuzz-i386 "$DEST_DIR/qemu-fuzz-i386-target-$target" > > Also, did you look into using hard-links, or even sym-links - they would > require less duplication of the binaries, which may be important, or may > not, and quicker creation too, e.g. > > ln qemu-fuzz-i386 "$DEST_DIR/qemu-fuzz-i386-target-$target" This is what I tried, when I was putting together the patch-series, and it raised an error when I was testing it in the oss-fuzz docker-containers. I blamed it on Docker, originally, but I just took a closer look, and the problem was that "qemu-fuzz-i386" isn't on the same file-system as $DEST_DIR in the oss-fuzz Docker. If I copy qemu-fuzz-i386 to $DEST_DIR/lib, and do ln "$DEST_DIR/lib/qemu-fuzz-i386" \ "$DEST_DIR/qemu-fuzz-i386-target-$target" everything works :) Thanks -Alex > > It's something that has been done for years, for example if you do: > > ls -il /sbin/{e2fsck,fsck.ext*} > > you will see they share the same inode. Similarly for vi and ex, they > use symlinks (hardlinks on some OSes, but seems not Linux): > > ls -il /bin/{vi,ex} > > The main point is that argv[0] will be the name of link itself, not the > thing pointed to. > > Thanks, > > Darren. > > > done > > > > +# Remove the generic-fuzz target, as it requires some environment variables to > > +# be configured. We have some generic-fuzz-{pc-q35, floppy, ...} targets that > > +# are thin wrappers around this target that set the required environment > > +# variables according to predefined configs. > > +rm "$DEST_DIR/qemu-fuzz-i386-target-generic-fuzz" > > + > > echo "Done. The fuzzers are located in $DEST_DIR" > > exit 0 > > -- > > 2.28.0
On Thursday, 2020-10-22 at 09:01:23 -04, Alexander Bulekov wrote: > On 201022 1032, Darren Kenny wrote: >> Hi Alex, >> >> On Wednesday, 2020-10-21 at 17:09:22 -04, Alexander Bulekov wrote: >> > generic-fuzz is not a standalone fuzzer - it requires some env variables >> > to be set. On oss-fuzz, we set these with some predefined >> > generic-fuzz-{...} targets, that are thin wrappers around generic-fuzz. >> > Remove generic-fuzz from the oss-fuzz build, so oss-fuzz does not treat >> > it as a standalone fuzzer. >> > >> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> >> > --- >> > scripts/oss-fuzz/build.sh | 6 ++++++ >> > 1 file changed, 6 insertions(+) >> > >> > diff --git a/scripts/oss-fuzz/build.sh b/scripts/oss-fuzz/build.sh >> > index 0c3ca9e06f..37cd7f9e25 100755 >> > --- a/scripts/oss-fuzz/build.sh >> > +++ b/scripts/oss-fuzz/build.sh >> > @@ -97,5 +97,11 @@ do >> > > Hi Darren, > >> I'm presuming that the target that you're removing is being created by >> this line, maybe we should just specifically skip it here instead? > > Sounds good. > >> The comment below on the removal probably would still apply though. >> >> > cp qemu-fuzz-i386 "$DEST_DIR/qemu-fuzz-i386-target-$target" >> >> Also, did you look into using hard-links, or even sym-links - they would >> require less duplication of the binaries, which may be important, or may >> not, and quicker creation too, e.g. >> >> ln qemu-fuzz-i386 "$DEST_DIR/qemu-fuzz-i386-target-$target" > > This is what I tried, when I was putting together the patch-series, and > it raised an error when I was testing it in the oss-fuzz > docker-containers. I blamed it on Docker, originally, but I just took a > closer look, and the problem was that "qemu-fuzz-i386" isn't on the same > file-system as $DEST_DIR in the oss-fuzz Docker. If I copy > qemu-fuzz-i386 to $DEST_DIR/lib, and do > ln "$DEST_DIR/lib/qemu-fuzz-i386" \ > "$DEST_DIR/qemu-fuzz-i386-target-$target" > everything works :) Fair enough then! Thanks, Darren. > Thanks > -Alex > >> >> It's something that has been done for years, for example if you do: >> >> ls -il /sbin/{e2fsck,fsck.ext*} >> >> you will see they share the same inode. Similarly for vi and ex, they >> use symlinks (hardlinks on some OSes, but seems not Linux): >> >> ls -il /bin/{vi,ex} >> >> The main point is that argv[0] will be the name of link itself, not the >> thing pointed to. >> >> Thanks, >> >> Darren. >> >> > done >> > >> > +# Remove the generic-fuzz target, as it requires some environment variables to >> > +# be configured. We have some generic-fuzz-{pc-q35, floppy, ...} targets that >> > +# are thin wrappers around this target that set the required environment >> > +# variables according to predefined configs. >> > +rm "$DEST_DIR/qemu-fuzz-i386-target-generic-fuzz" >> > + >> > echo "Done. The fuzzers are located in $DEST_DIR" >> > exit 0 >> > -- >> > 2.28.0
diff --git a/scripts/oss-fuzz/build.sh b/scripts/oss-fuzz/build.sh index 0c3ca9e06f..37cd7f9e25 100755 --- a/scripts/oss-fuzz/build.sh +++ b/scripts/oss-fuzz/build.sh @@ -97,5 +97,11 @@ do cp qemu-fuzz-i386 "$DEST_DIR/qemu-fuzz-i386-target-$target" done +# Remove the generic-fuzz target, as it requires some environment variables to +# be configured. We have some generic-fuzz-{pc-q35, floppy, ...} targets that +# are thin wrappers around this target that set the required environment +# variables according to predefined configs. +rm "$DEST_DIR/qemu-fuzz-i386-target-generic-fuzz" + echo "Done. The fuzzers are located in $DEST_DIR" exit 0
generic-fuzz is not a standalone fuzzer - it requires some env variables to be set. On oss-fuzz, we set these with some predefined generic-fuzz-{...} targets, that are thin wrappers around generic-fuzz. Remove generic-fuzz from the oss-fuzz build, so oss-fuzz does not treat it as a standalone fuzzer. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> --- scripts/oss-fuzz/build.sh | 6 ++++++ 1 file changed, 6 insertions(+)