[0/2] libx86: Fuzzing harness

Message ID	1559677885-10731-1-git-send-email-andrew.cooper3@citrix.com (mailing list archive)
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=23.29.105.83; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa1.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 23.29.105.83 as permitted sender) identity=mailfrom; client-ip=23.29.105.83; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:23.29.105.83 ip4:162.221.156.50 ~all" Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=23.29.105.83; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: TZHocZaHXNdUlZmHfG2EITJgW70sNL8FFZ1B1V1l5TzkM98lXU/OxGmZhum8YtgytWT4lhJB0W udZQAaNVTP8vi8mdU7ivgMjxrzBjy3waN7BMFudH/NS3NLwCIdjLDZ6FsWYfLWFCQChCI/fIXr U4oFCMzCCaiBzPB8NcELHy1ydHW3MULazLJGURPgTHMfbH53t9maK/4Lp9wzvunaAymJeCN4b3 RvP1PvBdrWFSReU2LNBGkrvAgq49ozlMXbtpuGPD8WEDtLswAdxiwZJfGvU4xThUbzXFj4Dn5X Jkc= From: Andrew Cooper <andrew.cooper3@citrix.com> To: Xen-devel <xen-devel@lists.xenproject.org> Date: Tue, 4 Jun 2019 20:51:23 +0100 Message-ID: <1559677885-10731-1-git-send-email-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH 0/2] libx86: Fuzzing harness Precedence: list Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Sergey Dyasli <sergey.dyasli@citrix.com>, Wei Liu <wl@xen.org>, Jan Beulich <JBeulich@suse.com>, =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Series	libx86: Fuzzing harness \| expand [0/2] libx86: Fuzzing harness [1/2] libx86: Helper for clearing out-of-range CPUID leaves [2/2] tools/fuzz: Add a cpu-policy fuzzing harness

Message ID

1559677885-10731-1-git-send-email-andrew.cooper3@citrix.com (mailing list archive)

Headers

Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 andrew.cooper3@citrix.com) identity=pra;
 client-ip=23.29.105.83; receiver=esa1.hc3370-68.iphmx.com;
 envelope-from="Andrew.Cooper3@citrix.com";
 x-sender="andrew.cooper3@citrix.com";
 x-conformance=sidf_compatible
Received-SPF: Pass (esa1.hc3370-68.iphmx.com: domain of
 Andrew.Cooper3@citrix.com designates 23.29.105.83 as
 permitted sender) identity=mailfrom; client-ip=23.29.105.83;
 receiver=esa1.hc3370-68.iphmx.com;
 envelope-from="Andrew.Cooper3@citrix.com";
 x-sender="Andrew.Cooper3@citrix.com";
 x-conformance=sidf_compatible; x-record-type="v=spf1";
 x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133
 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4
 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88
 ip4:216.52.6.188 ip4:23.29.105.83 ip4:162.221.156.50 ~all"
Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 postmaster@mail.citrix.com) identity=helo;
 client-ip=23.29.105.83; receiver=esa1.hc3370-68.iphmx.com;
 envelope-from="Andrew.Cooper3@citrix.com";
 x-sender="postmaster@mail.citrix.com";
 x-conformance=sidf_compatible
IronPort-SDR: 
 TZHocZaHXNdUlZmHfG2EITJgW70sNL8FFZ1B1V1l5TzkM98lXU/OxGmZhum8YtgytWT4lhJB0W
 udZQAaNVTP8vi8mdU7ivgMjxrzBjy3waN7BMFudH/NS3NLwCIdjLDZ6FsWYfLWFCQChCI/fIXr
 U4oFCMzCCaiBzPB8NcELHy1ydHW3MULazLJGURPgTHMfbH53t9maK/4Lp9wzvunaAymJeCN4b3
 RvP1PvBdrWFSReU2LNBGkrvAgq49ozlMXbtpuGPD8WEDtLswAdxiwZJfGvU4xThUbzXFj4Dn5X
 Jkc=
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Date: Tue, 4 Jun 2019 20:51:23 +0100
Message-ID: <1559677885-10731-1-git-send-email-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Subject: [Xen-devel] [PATCH 0/2] libx86: Fuzzing harness
Precedence: list
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
 Sergey Dyasli <sergey.dyasli@citrix.com>, Wei Liu <wl@xen.org>,
 Jan Beulich <JBeulich@suse.com>,
 =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Series

libx86: Fuzzing harness | expand

Message

Andrew Cooper June 4, 2019, 7:51 p.m. UTC

These are the final pieces to getting the fuzzing harness working correctly.

I accidentally left AFL running for a week while I was travelling, so this
certified "8d 15h crash-free".

Andrew Cooper (2):
  libx86: Helper for clearing out-of-range CPUID leaves
  tools/fuzz: Add a cpu-policy fuzzing harness

 tools/fuzz/cpu-policy/.gitignore          |   1 +
 tools/fuzz/cpu-policy/Makefile            |  28 +++++
 tools/fuzz/cpu-policy/afl-policy-fuzzer.c | 187 ++++++++++++++++++++++++++++++
 tools/tests/cpu-policy/test-cpu-policy.c  | 161 ++++++++++++++++++++++++-
 xen/include/xen/lib/x86/cpuid.h           |  16 +++
 xen/lib/x86/cpuid.c                       |  66 ++++++++++-
 xen/lib/x86/private.h                     |   1 +
 7 files changed, 454 insertions(+), 6 deletions(-)
 create mode 100644 tools/fuzz/cpu-policy/.gitignore
 create mode 100644 tools/fuzz/cpu-policy/Makefile
 create mode 100644 tools/fuzz/cpu-policy/afl-policy-fuzzer.c

Comments

Jan Beulich June 5, 2019, 9:54 a.m. UTC | #1

>>> On 04.06.19 at 21:51, <andrew.cooper3@citrix.com> wrote:
> These are the final pieces to getting the fuzzing harness working correctly.

I'm mildly confused by this statement, as it seems to imply there was
something not working correctly, when in fact there was nothing at
all - patch 2 only adds a new harness.

Jan

Andrew Cooper June 5, 2019, 9:58 a.m. UTC | #2

On 05/06/2019 10:54, Jan Beulich wrote:
>>>> On 04.06.19 at 21:51, <andrew.cooper3@citrix.com> wrote:
>> These are the final pieces to getting the fuzzing harness working correctly.
> I'm mildly confused by this statement, as it seems to imply there was
> something not working correctly, when in fact there was nothing at
> all - patch 2 only adds a new harness.

If you recall, the fuzzing harness was posted previously (during the
lead-up to L1TF) in the same patch as the unit tests, with a note saying
"sometimes AFL finds assertion failures".

In the end I dropped the fuzzing harness until I'd got it into a state
where it functioned correctly, and this is the final piece which isn't
yet committed upstream.

As to your question in patch 1 - all of the new library functionality is
strictly relevant to making DOMCTL_set_cpu_policy function correctly.

~Andrew