| Message ID | 20190918231846.22538-1-alxndr@bu.edu (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add virtual device fuzzing support | expand |
On Wed, Sep 18, 2019 at 11:19:27PM +0000, Oleinik, Alexander wrote: > create mode 100644 docs/devel/fuzzing.txt > create mode 100644 main.c > create mode 100644 tests/fuzz/Makefile.include > create mode 100644 tests/fuzz/fork_fuzz.c > create mode 100644 tests/fuzz/fork_fuzz.h > create mode 100644 tests/fuzz/fork_fuzz.ld > create mode 100644 tests/fuzz/fuzz.c > create mode 100644 tests/fuzz/fuzz.h > create mode 100644 tests/fuzz/i440fx_fuzz.c > create mode 100644 tests/fuzz/qos_fuzz.c > create mode 100644 tests/fuzz/qos_fuzz.h > create mode 100644 tests/fuzz/virtio_net_fuzz.c > create mode 100644 tests/libqos/qos_external.c > create mode 100644 tests/libqos/qos_external.h Please ensure that all new files have copyright/license headers. When code was moved from an old file, use the old file's copyright/license.
On Wed, Sep 18, 2019 at 11:19:27PM +0000, Oleinik, Alexander wrote: > This series adds a framework for coverage-guided fuzzing of > virtual-devices. Fuzzing targets are based on qtest and can make use of > the libqos abstractions. > > Build instructions in docs/devel/fuzzing.txt > > V3: > * Rebased onto v4.1.0+ > * Add the fuzzer as a new build-target type in the build-system > * Add indirection to qtest client/server communication functions > * Remove ramfile and snapshot-based fuzzing support > * Add i440fx fuzz-target as a reference for developers. > * Add linker-script to assist with fork-based fuzzer I have done an initial review, mostly skipping Makefile changes. Thanks! Stefan
Patchew URL: https://patchew.org/QEMU/20190918231846.22538-1-alxndr@bu.edu/
Hi,
This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
#!/bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===
clang -iquote /tmp/qemu-test/build/tests -iquote tests -iquote /tmp/qemu-test/src/tcg -iquote /tmp/qemu-test/src/tcg/i386 -I/tmp/qemu-test/src/linux-headers -I/tmp/qemu-test/build/linux-headers -iquote . -iquote /tmp/qemu-test/src -iquote /tmp/qemu-test/src/accel/tcg -iquote /tmp/qemu-test/src/include -I/usr/include/pixman-1 -I/tmp/qemu-test/src/dtc/libfdt -Werror -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wno-string-plus-int -Wno-typedef-redefinition -Wno-initializer-overrides -Wexpansion-to-defined -Wendif-labels -Wno-shift-negative-value -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-definition -Wtype-limits -fstack-protector-strong -I/usr/include/p11-kit-1 -I/usr/include/libpng16 -I/usr/include/spice-1 -I/usr/include/spice-server -I/usr/include/cacard -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss3 -I/usr/include/nspr4 -pthread -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/uuid -I/usr/include/pixman-1 -I/tmp/qemu-test/src/tests -MMD -MP -MT tests/test-authz-simple.o -MF tests/test-authz-simple.d -fsanitize=undefined -fsanitize=address -g -c -o tests/test-authz-simple.o /tmp/qemu-test/src/tests/test-authz-simple.c
clang -iquote /tmp/qemu-test/build/tests -iquote tests -iquote /tmp/qemu-test/src/tcg -iquote /tmp/qemu-test/src/tcg/i386 -I/tmp/qemu-test/src/linux-headers -I/tmp/qemu-test/build/linux-headers -iquote . -iquote /tmp/qemu-test/src -iquote /tmp/qemu-test/src/accel/tcg -iquote /tmp/qemu-test/src/include -I/usr/include/pixman-1 -I/tmp/qemu-test/src/dtc/libfdt -Werror -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wno-string-plus-int -Wno-typedef-redefinition -Wno-initializer-overrides -Wexpansion-to-defined -Wendif-labels -Wno-shift-negative-value -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-definition -Wtype-limits -fstack-protector-strong -I/usr/include/p11-kit-1 -I/usr/include/libpng16 -I/usr/include/spice-1 -I/usr/include/spice-server -I/usr/include/cacard -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss3 -I/usr/include/nspr4 -pthread -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/uuid -I/usr/include/pixman-1 -I/tmp/qemu-test/src/tests -MMD -MP -MT tests/test-authz-list.o -MF tests/test-authz-list.d -fsanitize=undefined -fsanitize=address -g -c -o tests/test-authz-list.o /tmp/qemu-test/src/tests/test-authz-list.c
clang -iquote /tmp/qemu-test/build/tests -iquote tests -iquote /tmp/qemu-test/src/tcg -iquote /tmp/qemu-test/src/tcg/i386 -I/tmp/qemu-test/src/linux-headers -I/tmp/qemu-test/build/linux-headers -iquote . -iquote /tmp/qemu-test/src -iquote /tmp/qemu-test/src/accel/tcg -iquote /tmp/qemu-test/src/include -I/usr/include/pixman-1 -I/tmp/qemu-test/src/dtc/libfdt -Werror -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wno-string-plus-int -Wno-typedef-redefinition -Wno-initializer-overrides -Wexpansion-to-defined -Wendif-labels -Wno-shift-negative-value -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-definition -Wtype-limits -fstack-protector-strong -I/usr/include/p11-kit-1 -I/usr/include/libpng16 -I/usr/include/spice-1 -I/usr/include/spice-server -I/usr/include/cacard -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss3 -I/usr/include/nspr4 -pthread -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/uuid -I/usr/include/pixman-1 -I/tmp/qemu-test/src/tests -MMD -MP -MT tests/test-authz-listfile.o -MF tests/test-authz-listfile.d -fsanitize=undefined -fsanitize=address -g -c -o tests/test-authz-listfile.o /tmp/qemu-test/src/tests/test-authz-listfile.c
/tmp/qemu-test/src/tests/test-char.c:31:13: error: static declaration of 'main_loop' follows non-static declaration
static void main_loop(void)
^
/tmp/qemu-test/src/include/sysemu/sysemu.h:117:6: note: previous declaration is here
The full log is available at
http://patchew.org/logs/20190918231846.22538-1-alxndr@bu.edu/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
Patchew URL: https://patchew.org/QEMU/20190918231846.22538-1-alxndr@bu.edu/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Message-id: 20190918231846.22538-1-alxndr@bu.edu
Subject: [Qemu-devel] [PATCH v3 00/22] Add virtual device fuzzing support
Type: series
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
Switched to a new branch 'test'
5ad94a8 fuzz: add documentation to docs/devel/
042e172 fuzz: add virtio-net fuzz target
621539a fuzz: add i440fx fuzz targets
dae5ad1 fuzz: add support for qos-assisted fuzz targets
ab8dc3a fuzz: expose fuzz target name
79fdc72 fuzz: add support for fork-based fuzzing.
4b1ba3f fuzz: add fuzzer skeleton
fe16e71 fuzz: Add target/fuzz makefile rules
f95cc25 libqtest: add in-process qtest.c tx/rx handlers
6d9d7dc libqtest: make qtest_bufwrite send "atomic"
918fbde libqos: move useful qos-test funcs to qos_external
fd767d6 libqos: split qos-test and libqos makefile vars
5b787c6 tests: provide test variables to other targets
ddcaa47 qtest: add in-process incoming command handler
8eef87c module: check module wasn't already initialized
3d76929 fuzz: Add target/fuzz makefile rules
72f81a2 fuzz: add configure flag --enable-fuzzing
c8a9bd8 libqtest: Add a layer of abstraciton to send/recv
ccb41d8 qtest: add qtest_server_send abstraction
b556f51 fuzz: Add FUZZ_TARGET module type
4644c02 libqos: Rename i2c_send and i2c_recv
63655ea softmmu: split off vl.c:main() into main.c
=== OUTPUT BEGIN ===
1/22 Checking commit 63655ea72e20 (softmmu: split off vl.c:main() into main.c)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#59:
new file mode 100644
WARNING: architecture specific defines should be avoided
#68: FILE: main.c:5:
+#if defined(__APPLE__) || defined(main)
ERROR: externs should be avoided in .c files
#70: FILE: main.c:7:
+int qemu_main(int argc, char **argv, char **envp);
total: 1 errors, 2 warnings, 114 lines checked
Patch 1/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/22 Checking commit 4644c02486b6 (libqos: Rename i2c_send and i2c_recv)
3/22 Checking commit b556f5132021 (fuzz: Add FUZZ_TARGET module type)
4/22 Checking commit ccb41d8c3bd1 (qtest: add qtest_server_send abstraction)
WARNING: line over 80 characters
#71: FILE: qtest.c:795:
+void qtest_server_set_tx_handler(void (*send)(void*, const char*, size_t), void *opaque)
total: 0 errors, 1 warnings, 49 lines checked
Patch 4/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/22 Checking commit c8a9bd8d9dd9 (libqtest: Add a layer of abstraciton to send/recv)
6/22 Checking commit 72f81a2600dc (fuzz: add configure flag --enable-fuzzing)
7/22 Checking commit 3d769292ca2e (fuzz: Add target/fuzz makefile rules)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#85:
new file mode 100644
total: 0 errors, 1 warnings, 65 lines checked
Patch 7/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/22 Checking commit 8eef87cc2d23 (module: check module wasn't already initialized)
9/22 Checking commit ddcaa4751604 (qtest: add in-process incoming command handler)
10/22 Checking commit 5b787c6a0543 (tests: provide test variables to other targets)
11/22 Checking commit fd767d613cc4 (libqos: split qos-test and libqos makefile vars)
12/22 Checking commit 918fbde8252a (libqos: move useful qos-test funcs to qos_external)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#27:
new file mode 100644
total: 0 errors, 1 warnings, 343 lines checked
Patch 12/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
13/22 Checking commit 6d9d7dc7f758 (libqtest: make qtest_bufwrite send "atomic")
14/22 Checking commit f95cc251da3e (libqtest: add in-process qtest.c tx/rx handlers)
15/22 Checking commit fe16e710bff0 (fuzz: Add target/fuzz makefile rules)
16/22 Checking commit 4b1ba3f2594e (fuzz: add fuzzer skeleton)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#29:
new file mode 100644
WARNING: Block comments use a leading /* on a separate line
#155: FILE: tests/fuzz/fuzz.c:122:
+ /* --trace is useful for outputting a log of qtest commands that trigger
WARNING: Block comments use a trailing */ on a separate line
#156: FILE: tests/fuzz/fuzz.c:123:
+ * a crash. The log can can then be replayed with a simple qtest script. */
total: 0 errors, 3 warnings, 215 lines checked
Patch 16/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
17/22 Checking commit 79fdc7221b97 (fuzz: add support for fork-based fuzzing.)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#49:
new file mode 100644
total: 0 errors, 1 warnings, 100 lines checked
Patch 17/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
18/22 Checking commit ab8dc3a2c256 (fuzz: expose fuzz target name)
19/22 Checking commit dae5ad183400 (fuzz: add support for qos-assisted fuzz targets)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#11:
new file mode 100644
WARNING: line over 80 characters
#121: FILE: tests/fuzz/qos_fuzz.c:106:
+ /* etype set to QEDGE_CONSUMED_BY so that machine can add to the command line */
total: 0 errors, 2 warnings, 231 lines checked
Patch 19/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
20/22 Checking commit 621539aa3b08 (fuzz: add i440fx fuzz targets)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#29:
new file mode 100644
WARNING: line over 80 characters
#152: FILE: tests/fuzz/i440fx_fuzz.c:119:
+static const char *i440fx_qtest_argv[] = {"qemu_system_i386", "-machine", "accel=qtest"};
WARNING: Block comments use a leading /* on a separate line
#178: FILE: tests/fuzz/i440fx_fuzz.c:145:
+ /* Uses libqos. Doesn't do anything to reset state. Note that if we were to
WARNING: Block comments use * on subsequent lines
#179: FILE: tests/fuzz/i440fx_fuzz.c:146:
+ /* Uses libqos. Doesn't do anything to reset state. Note that if we were to
+ reboot after each run, we would also have to redo the qos-related
WARNING: Block comments use a trailing */ on a separate line
#180: FILE: tests/fuzz/i440fx_fuzz.c:147:
+ initialization (qos_init_path) */
total: 0 errors, 5 warnings, 166 lines checked
Patch 20/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
21/22 Checking commit 042e172ef433 (fuzz: add virtio-net fuzz target)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#25:
new file mode 100644
total: 0 errors, 1 warnings, 126 lines checked
Patch 21/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
22/22 Checking commit 5ad94a85737a (fuzz: add documentation to docs/devel/)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#11:
new file mode 100644
total: 0 errors, 1 warnings, 114 lines checked
Patch 22/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===
Test command exited with code: 1
The full log is available at
http://patchew.org/logs/20190918231846.22538-1-alxndr@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
Patchew URL: https://patchew.org/QEMU/20190918231846.22538-1-alxndr@bu.edu/
Hi,
This series failed the docker-quick@centos7 build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===
default devices yes
fuzzing support no
warning: Python 2 support is deprecated
warning: Python 3 will be required for building future versions of QEMU
cross containers no
NOTE: guest cross-compilers enabled: cc
---
CC backends/hostmem-ram.o
CC backends/hostmem-file.o
/tmp/qemu-test/src/vl.c: In function 'qemu_cleanup':
/tmp/qemu-test/src/vl.c:4479:6: error: old-style function definition [-Werror=old-style-definition]
void qemu_cleanup()
^
cc1: all warnings being treated as errors
The full log is available at
http://patchew.org/logs/20190918231846.22538-1-alxndr@bu.edu/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
Patchew URL: https://patchew.org/QEMU/20190918231846.22538-1-alxndr@bu.edu/
Hi,
This series failed the docker-mingw@fedora build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===
CC hw/acpi/cpu_hotplug.o
CC hw/acpi/memory_hotplug.o
/tmp/qemu-test/src/vl.c: In function 'qemu_cleanup':
/tmp/qemu-test/src/vl.c:4479:6: error: old-style function definition [-Werror=old-style-definition]
void qemu_cleanup()
^~~~~~~~~~~~
cc1: all warnings being treated as errors
The full log is available at
http://patchew.org/logs/20190918231846.22538-1-alxndr@bu.edu/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com