| Message ID | 20210117230924.449676-3-alxndr@bu.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | fuzz: Add 9p generic-fuzz configs | expand |
On Sunday, 2021-01-17 at 18:09:23 -05, Alexander Bulekov wrote: > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> > --- > docs/devel/fuzzing.rst | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) > > diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst > index 6096242d99..8792358854 100644 > --- a/docs/devel/fuzzing.rst > +++ b/docs/devel/fuzzing.rst > @@ -181,6 +181,32 @@ To ensure that these env variables have been configured correctly, we can use:: > > The output should contain a complete list of matched MemoryRegions. > > +OSS-Fuzz > +-------- > +QEMU is continuously fuzzed on `OSS-Fuzz` __(https://github.com/google/oss-fuzz). > +By default, the OSS-Fuzz build will try to fuzz every fuzz-target. Since the > +generic-fuzz target requires additional information provided in environment > +variables, we pre-define some generic-fuzz configs in > +``tests/qtest/fuzz/generic_fuzz_configs.h``. Each config must specify: > + * ``.name``: To identify the fuzzer config > + * ``.args`` OR ``.argfunc``: A string or pointer to a function returning a > + string. These strings are used to specify the ``QEMU_FUZZ_ARGS`` > + environment variable. ``argfunc`` is useful when the config relies on e.g. > + a dynamically created temp directory, or a free tcp/udp port. > + * ``.objects``: A string that specifies the ``QEMU_FUZZ_OBJECTS`` environment > + variable. > + > +To fuzz additional devices/device configuration on OSS-Fuzz: > + * Send patches for a new device-specific fuzzer > + * Send patches for a new generic-fuzz config > + > +Build details: > + * `The basic Dockerfile that sets up the environment for building QEMU's > + fuzzers on OSS-Fuzz > + <https://github.com/google/oss-fuzz/blob/master/projects/qemu/Dockerfile>`_ > + * The script responsible for building the fuzzers: > + ``scripts/oss-fuzz/build.sh`` > + > Implementation Details / Fuzzer Lifecycle > ----------------------------------------- > > -- > 2.28.0
diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst index 6096242d99..8792358854 100644 --- a/docs/devel/fuzzing.rst +++ b/docs/devel/fuzzing.rst @@ -181,6 +181,32 @@ To ensure that these env variables have been configured correctly, we can use:: The output should contain a complete list of matched MemoryRegions. +OSS-Fuzz +-------- +QEMU is continuously fuzzed on `OSS-Fuzz` __(https://github.com/google/oss-fuzz). +By default, the OSS-Fuzz build will try to fuzz every fuzz-target. Since the +generic-fuzz target requires additional information provided in environment +variables, we pre-define some generic-fuzz configs in +``tests/qtest/fuzz/generic_fuzz_configs.h``. Each config must specify: + * ``.name``: To identify the fuzzer config + * ``.args`` OR ``.argfunc``: A string or pointer to a function returning a + string. These strings are used to specify the ``QEMU_FUZZ_ARGS`` + environment variable. ``argfunc`` is useful when the config relies on e.g. + a dynamically created temp directory, or a free tcp/udp port. + * ``.objects``: A string that specifies the ``QEMU_FUZZ_OBJECTS`` environment + variable. + +To fuzz additional devices/device configuration on OSS-Fuzz: + * Send patches for a new device-specific fuzzer + * Send patches for a new generic-fuzz config + +Build details: + * `The basic Dockerfile that sets up the environment for building QEMU's + fuzzers on OSS-Fuzz + <https://github.com/google/oss-fuzz/blob/master/projects/qemu/Dockerfile>`_ + * The script responsible for building the fuzzers: + ``scripts/oss-fuzz/build.sh`` + Implementation Details / Fuzzer Lifecycle -----------------------------------------
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> --- docs/devel/fuzzing.rst | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)