From patchwork Sun Feb 5 04:29:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128966 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 61ACEC64EC6 for ; Sun, 5 Feb 2023 04:31:24 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWfS-0007AJ-3t; Sat, 04 Feb 2023 23:30:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfN-00079r-DT for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:14 -0500 Received: from esa6.hc2706-39.iphmx.com ([216.71.137.79]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfK-00069J-Gc for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:13 -0500 X-IronPort-RemoteIP: 209.85.160.198 X-IronPort-MID: 260003470 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:8Q6yc66u6h8sFaKvoejR2wxRtIbFchMFZxGqfqrLsTDasY5as4F+v jZNCGjVOaqDZDfxeIslPInk/UsPu8TSzYAwSVZrqSlnEysa+MHIO4+lIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BCpC48T8nk/nNHuCnYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFtMpvlDs15K6p4GlA4gRlDRx2lAS2e0c9Xcp3yZ6ZciOQrrl8RoaSW +vFxbelyWLVlz9F5gSNy+uTnuUiG9Y+DCDX4pZkc/HKbitq/0Te5p0G2M80Mi+7vdkoc+dZk 72hvbToIesg0zaldO41CnG0GAknVUFKFSOuzdFSfqV/wmWfG0YAzcmCA2kvDZNF4dhKUVh31 t0+LQk2MRGjpeOflefTpulE3qzPLeHuNYIb/2h8lHTXVKd2B5/ERKrO6JlT2zJYasJmR66PI ZpEL2MxNFKZMk0n1lQ/UfrSmM+hgmn5fydwok/TqKYqi4TW5FYviOC1a4aKIrRmQ+1/oHaBp 37i31ikOUAlEYKbkgCD6EKj07qncSTTHdh6+KeD3udnhUDWymENBRk+U1y9rv+kzEmkVLpix 1c8/yMvqe0r6BXuQICsD1u3p3mLuhNaUN1VewEn1DywJmPvy17xLgA5ovRpMbTKaOdeqeQW6 2K0 IronPort-HdrOrdr: A9a23:fKsSWqjBd9Ly29XcEsbv23LNXXBQXgwji2hC6mlwRA09TyVXrb HLoB19726JtN91YhsdcL+7Sc+9qB/nhPxICMwqTMyftWrdyRaVxf9ZnPLfKlTbckWUh41gPO VbAtJD4bXLbWSS5vyKhzVQfexQpeWvweSDqd2b4U1QbTxHXYld0iYRMHflLqS0fmV77FgCea Z0KvAom9PZQwVuUi1zPBZlY9T+ Received: from mail-qt1-f198.google.com ([209.85.160.198]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:05 -0500 Received: by mail-qt1-f198.google.com with SMTP id j26-20020ac84c9a000000b003b9b7c60108so4743681qtv.16 for ; Sat, 04 Feb 2023 20:30:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Phruv42ZKb1BU23VxmFonsl7gM9IzscXi8foTIsObgU=; b=MdcKjUtf60G5KJp/fXO5GsQHDqKViTdAZB87QqX/qrPcI1YcAgKGm29Yt8JAmdKA5z Ex4kKxi3AYdyMUxIKq0fp4lBuSBZkj/c4YqkiMTFFX4JYs6+BTfdJcqNERa573icB4nS HI+DcKkMB3NnzKrIlP43yaT+oIdwsHmMMRBSQSotj1Cm0qLt9P1iZV7fV2g8rOMFnZ9N 4zFqysG+Q5GYd0XRDvvOS4slhcYX2AQh9rUjnWzwwEiakBpAGef3REzXleI/Asbx0s72 SDeszPwpL39Bi7cR3DNvtRziSwQSq30q4EDDc8PqdN1fdKHJ5DO1HqIUaczqPyCjYhrL 97hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Phruv42ZKb1BU23VxmFonsl7gM9IzscXi8foTIsObgU=; b=dkeBlB/6Xs++wNaPKdnzw12p8hImzeRakRozYBOBT2rya9UShbZdHtEVMPsFC5Vmww rsSL6aglvMtpm9eJ5YA5ln9sIJ+tgXlpS4FlV3dhM+LIEHwFJwXQlk2hI/DGchd18zYO g89xgE5li1snF4oivze1nM3ArmdJjSsNJpuHpvF9Em8AtKZoLKdw7bwn9VoaDFd1cArM ivUeUbSojVLi91QTkAeXWCmrMETlhJHBMyoL8Wa+Lt20ck+8Dt9Sln6/Es+Kw2NKBPiK 3WCbeK/xM/h2mZMLCMmwF9LeS9CbERZpxhItReIxXPhEBlMrWEsVWT5ls4DcNAXYUalr 2pkw== X-Gm-Message-State: AO0yUKVqK3wk3cVFQdI1R8mr2w0di9I1AqnuX2Q3R4AAx/thnEi2gqYS 9ppdjrVy//hWipDacHCOReQfQKGOxAnxsMM4x+WIJMZHQjXGMrxYpxpKhfkHTWjgckHviTsx01i 3lChU9H5ZcVVZr2SOzvDk7s+maomdeQ== X-Received: by 2002:ac8:5f52:0:b0:3b9:bdb0:7aa1 with SMTP id y18-20020ac85f52000000b003b9bdb07aa1mr28072530qta.41.1675571404808; Sat, 04 Feb 2023 20:30:04 -0800 (PST) X-Google-Smtp-Source: AK7set8ywUuA2A/LIjn4OJAPaGx4Xwk54qZ8CSWlQ92v3JmokmwwpjVzoZamTBzPt2AlV86ToTJLTA== X-Received: by 2002:ac8:5f52:0:b0:3b9:bdb0:7aa1 with SMTP id y18-20020ac85f52000000b003b9bdb07aa1mr28072509qta.41.1675571404542; Sat, 04 Feb 2023 20:30:04 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id x8-20020ae9e908000000b0072526a43ef7sm4845104qkf.120.2023.02.04.20.30.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:04 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , Thomas Huth , Qiuhao Li Subject: [PATCH 01/10] hw/sparse-mem: clear memory on reset Date: Sat, 4 Feb 2023 23:29:42 -0500 Message-Id: <20230205042951.3570008-2-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.79; envelope-from=alxndr@bu.edu; helo=esa6.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org We use sparse-mem for fuzzing. For long-running fuzzing processes, we eventually end up with many allocated sparse-mem pages. To avoid this, clear the allocated pages on system-reset. Signed-off-by: Alexander Bulekov Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Darren Kenny --- hw/mem/sparse-mem.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hw/mem/sparse-mem.c b/hw/mem/sparse-mem.c index e6640eb8e7..72f038d47d 100644 --- a/hw/mem/sparse-mem.c +++ b/hw/mem/sparse-mem.c @@ -77,6 +77,13 @@ static void sparse_mem_write(void *opaque, hwaddr addr, uint64_t v, } +static void sparse_mem_enter_reset(Object *obj, ResetType type) +{ + SparseMemState *s = SPARSE_MEM(obj); + g_hash_table_remove_all(s->mapped); + return; +} + static const MemoryRegionOps sparse_mem_ops = { .read = sparse_mem_read, .write = sparse_mem_write, @@ -123,7 +130,8 @@ static void sparse_mem_realize(DeviceState *dev, Error **errp) assert(s->baseaddr + s->length > s->baseaddr); - s->mapped = g_hash_table_new(NULL, NULL); + s->mapped = g_hash_table_new_full(NULL, NULL, NULL, + (GDestroyNotify)g_free); memory_region_init_io(&s->mmio, OBJECT(s), &sparse_mem_ops, s, "sparse-mem", s->length); sysbus_init_mmio(sbd, &s->mmio); @@ -131,12 +139,15 @@ static void sparse_mem_realize(DeviceState *dev, Error **errp) static void sparse_mem_class_init(ObjectClass *klass, void *data) { + ResettableClass *rc = RESETTABLE_CLASS(klass); DeviceClass *dc = DEVICE_CLASS(klass); device_class_set_props(dc, sparse_mem_properties); dc->desc = "Sparse Memory Device"; dc->realize = sparse_mem_realize; + + rc->phases.enter = sparse_mem_enter_reset; } static const TypeInfo sparse_mem_types[] = { From patchwork Sun Feb 5 04:29:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128962 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3F772C64EC5 for ; Sun, 5 Feb 2023 04:31:24 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWfW-0007EB-Qf; Sat, 04 Feb 2023 23:30:22 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfU-0007Cz-El for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:20 -0500 Received: from esa10.hc2706-39.iphmx.com ([216.71.140.198]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfM-00069e-3M for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:20 -0500 X-IronPort-RemoteIP: 209.85.160.198 X-IronPort-MID: 258034569 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:6GXu4qOPxhEne87vrR0blcFynXyQoLVcMsEvi/4bfWQNrUp23zEFx mJOXjyCb62MMWGmKNAkbIqw8B5S7JGHy9JnHQZtpSBmQkwRlceUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vraf656CEmjslkf5KkYMbcICd9WAR4fykojBNnioYRj5VhxNO0GGthg /uryyHkEALjimEc3l48sfrZ80s15Kiq41v0g3RlDRx1lA6G/5UqJM9HTU2BByOQapVZGOe8W 9HCwNmRlo8O105wYj8Nuu+TnnwiG9Y+DyDX4pZlc/HKbix5m8AH+v1T2MzwyKtgo27hc9hZk L2hvHErIOsjFvSkdO81CnG0H8ziVEHvFXCuzXWX6KSuI0P6n3TE2q5eFkEbHNwkof90Rj5k8 tUWMWkRR0XW7w626OrTpuhEg80iKIzyINpatCgxnXfWCvEpRZ2FSKLPjTNa9G1o14YeQLCHO ZJfMGs/BPjDS0Qn1lM/AZYumuuyrnPiNTBUtTp5oIJtvjiLl1AsjumF3Nz9VIeyZ5xyolyig 3P68SPhBAkWF8TFxm/Qmp6rrqqV9c/hY6oLGbils/JnnlCX7moUDhIQSB28u/bRt6Klc9dWK khR4zZ36KZrpRztQd76UBm15nWDu3bwRuZtLgHz0ynVooK83upTLjFsouJpADD+iPILeA== IronPort-HdrOrdr: A9a23:F3ZrWKoS1QjAQ0XK3tG61HkaV5r9eYIsimQD101hICG9vPbo8/ xG+85rqSMc7Qx6ZJhOo6HnBEDtewK/yXcx2/hrAV7AZniahILXFvAa0WKK+VSJcFycygce79 YbT0EXMr3N5DNB/KHHCWeDYrMd6ejC2oyTwcnl81dRYTdDV5xAhj0JdTpz0XcbeOCFP/cE/V aniPav3wDQAUj/p/7VZ0U4Yw== Received: from mail-qt1-f198.google.com ([209.85.160.198]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:08 -0500 Received: by mail-qt1-f198.google.com with SMTP id a24-20020ac84d98000000b003b9a4958f0cso4722498qtw.3 for ; Sat, 04 Feb 2023 20:30:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=J3QG4w7aUkJz/VVM7yxbH+XnZ4jL4LSh847zDwYOaRU=; b=nvYSB9AO+88pWlxVEVCWy6GeIPcmjq2xu2vRx9a6r3agpHbXkMTH7kwm3tnTDUfwpU HFWzcKK/d+F69LCVoory/YZunx+hB5cS9tIs5U88DJnojRV/n3k2POJ6j/lkmIxez58r yYCeYPTzolYak/k+uG9cbHo0d1bPqlFcZdus4nWwB0BabFaVy4kJJ2dK+cC4Ah2XliT1 lorsGGSGryjkHqitMVY1NyK2cJN4iIOtd7+y73Dp5Vt1Nn/KNFBJOHwjN82UHPb38XMy /XJ9rwtlQPQ+moJTlWduRR++7Ju8ain+dwWJeDSNmJeGhMZlgzNk2VdUAn1CM+3lIyhm Q06g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J3QG4w7aUkJz/VVM7yxbH+XnZ4jL4LSh847zDwYOaRU=; b=csd+3ZBxBNLX5ICjYTYE90tXWA6L/3a/k7XmFbHANc7YCx+xu1sIxbGLkOItKfHMtK UuHvuRYDxWjaX79eSqPOsKg67dr6CKsBdgn4EgahgwjJtSJa+6Ap5iahdexR/3ywSNyV 8/4J28bMZ6YnvgosZtEs1398QtcI9bLOk4OAd1fpybsEqX6PieimgqFMmokew/ySkZFr llYPR6cYzyjkjxNKsF7kGwid28R0v2cbNfS412zkKZR7i4zAcD9Qtx+Z4SLQRZJBeIi2 gVY6mVtQX7734ORSNbHgIbM7+sZLHcWYZYu92FRXUe5V396sf/Ur0rGSFk+CS8nx/USQ KWJg== X-Gm-Message-State: AO0yUKV3BEo7khXbJt4a5RU9OmipwjXluEHOcSZnwp/Jf3GA3o2Gnyqf iVxNjFzGh9laGKXJ8m/5YiMGP7Rk9GVOmRMVbO37BwixECKnM+UWqw6gQ447I3Df01Z/u41zp/d /QEIf2LSlcFMJ+/8rgO45UgLK0On8Qg== X-Received: by 2002:ac8:5f0f:0:b0:3b8:6ae9:b10c with SMTP id x15-20020ac85f0f000000b003b86ae9b10cmr29051792qta.3.1675571407894; Sat, 04 Feb 2023 20:30:07 -0800 (PST) X-Google-Smtp-Source: AK7set9ZpaOQQIumsjj849uo4qFU1aJDzMekHDDyLHN4WTe+HyZH0N56kFyI5CyM4995maseKB+N2Q== X-Received: by 2002:ac8:5f0f:0:b0:3b8:6ae9:b10c with SMTP id x15-20020ac85f0f000000b003b86ae9b10cmr29051774qta.3.1675571407616; Sat, 04 Feb 2023 20:30:07 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id y25-20020ac83e99000000b003b86b5a07b3sm4581529qtf.90.2023.02.04.20.30.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:07 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PATCH 02/10] fuzz: add fuzz_reboot API Date: Sat, 4 Feb 2023 23:29:43 -0500 Message-Id: <20230205042951.3570008-3-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.140.198; envelope-from=alxndr@bu.edu; helo=esa10.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org As we are converting most fuzzers to rely on reboots to reset state, introduce an API to make sure reboots are invoked in a consistent manner. Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/fuzz.c | 6 ++++++ tests/qtest/fuzz/fuzz.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index eb7520544b..c2d07a4c7e 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -51,6 +51,12 @@ void flush_events(QTestState *s) } } +void fuzz_reboot(QTestState *s) +{ + qemu_system_reset(SHUTDOWN_CAUSE_GUEST_RESET); + main_loop_wait(true); +} + static QTestState *qtest_setup(void) { qtest_server_set_send_handler(&qtest_client_inproc_recv, &fuzz_qts); diff --git a/tests/qtest/fuzz/fuzz.h b/tests/qtest/fuzz/fuzz.h index 327c1c5a55..69e2b3877f 100644 --- a/tests/qtest/fuzz/fuzz.h +++ b/tests/qtest/fuzz/fuzz.h @@ -103,7 +103,7 @@ typedef struct FuzzTarget { } FuzzTarget; void flush_events(QTestState *); -void reboot(QTestState *); +void fuzz_reboot(QTestState *); /* Use the QTest ASCII protocol or call address_space API directly?*/ void fuzz_qtest_set_serialize(bool option); From patchwork Sun Feb 5 04:29:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128969 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6DFA3C63797 for ; Sun, 5 Feb 2023 04:31:41 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWfS-0007Ae-Mc; Sat, 04 Feb 2023 23:30:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfP-0007AB-SV for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:16 -0500 Received: from esa16.hc2706-39.iphmx.com ([216.71.140.205]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfN-0006AD-Qx for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:15 -0500 X-IronPort-RemoteIP: 209.85.222.200 X-IronPort-MID: 254597924 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:bCAJl6ghnRTMM6437Y+Po7HVX1613hIKZh0ujC45NGQN5FlHY01je htvDD2GO6mIYzanfIp/bNiyoE0Au5DQzocyTARrri49F34W8JqUDtmndXv9bniYRiHhoOOLz Cm8hv3odp1coqr0/0/1WlTZhSAgk/rOHv+kUrWs1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpJrfPcwP9TlK6q4mhA5ARiPasjUGL2zBH5MrpOfcldEFOlGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiM+t5qK23CulQRrukoPD8fwXG8M49m/c3Gd/ /0W3XC4YV9B0qQhA43xWTEBe811FfQuFLMqvRFTGCFcpqHLWyKE/hlgMK05FakjquE0OW5uz /0JGjUJVA2mqdzm/63uH4GAhux7RCXqFIYWu3Ul1DKASPh8GciFTKLN6ttVmjw3g6iiH96EP 5tfOWcpNk6aJUcXYj/7C7pn9AusrnD7YztUsnqfuOw673W7IAlZiuWxbYuKK4bWLSlTthig+ k/G8FnlOBclb+SA0xq9/3PrjeCayEsXX6pXTtVU7MVCmVCW2ykfBQMbUXO9pv+2jFP4XMhQQ 3H44QIrpKk2sVWoF5zzBUXg5nGDuREYVpxbFOhSBByx95c4Kj2xXgAsJgOtovR83CPqbVTGD mO0ou4= IronPort-HdrOrdr: A9a23:gTHsK6wxFNTrijTU/99JKrPwH71zdoMgy1knxilNoSQ/SL39qy nOpoV46faQsl16ZJhOo7290da7MArhHPJOjbX5Xo3SPzUO2lHIEGgK1+KL/9SHIULDH4VmtZ uIHZIRNDXWZmIK6PoT22KDYrEdKODtytHPuQ7W9QYUcT1X Received: from mail-qk1-f200.google.com ([209.85.222.200]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:11 -0500 Received: by mail-qk1-f200.google.com with SMTP id x14-20020a05620a14ae00b0072f7f0f356bso3129186qkj.1 for ; Sat, 04 Feb 2023 20:30:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=diRwlVaNECrZ3ogUCDIfbNPgA3QWNyNv4puQy3QkAqQ=; b=Nk/+rLzrRKl4yPusZ8XGlJtATtnLyFGSDY0eKPsLcgrnnRkDtWXPaTXmsACOPQLiSA WDoUjs7B2ZXH4iMGsxz3X1nUUawx+8/rUySd/KgBW/xoZAoeJGqkshuhjndKZmQ1oGUQ RIJJFMa3zedj+n21SntfrXnIe6O2pkIMf39ubKSAmAsrc9Ektchk60GXk32ChMsrthGW GccH9eYmObxbDbIO5dkADxHnoCxP5gAubAtH/BxVwHvP2Ch6uNx2W92HmqNs47z89IZN yCp5WYq2uRzehnvVvgofr8Ngpz6lFZHkFCTQVxGI4ZpblYNe4fccTo+Q9vSGteDIvypk BdTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=diRwlVaNECrZ3ogUCDIfbNPgA3QWNyNv4puQy3QkAqQ=; b=W5qS8FBU5ZfPJ7lTzBbTKpU6iaEUEy4bXS8PqsQ53uNS25+mNwDHgGgWHql/qUxn2V hPcAM2rKfLABy3xAMSE64srvGCMP+ScWuWSLwblozyvujbR4swUoEWmva/6W/2U3OCgh XQ8iYmsoCEzYFs1ksaDQ2apAtmKI9/OJdSqVbsEkdQfii3vknCKLs8r06dbhhYfIEpG+ q12hyKseiCNU7IEB89L6zMVXc+QSAhFaWvcFmmCKcvfwJJVw43z5suv/hQTShR3Wf791 AEpc0LBCOPSGTuC23SbLMBhEDoX9GpM9t217fxqwIiyBMy6j3LvTbFgqwOMshJnpVsZG qzrQ== X-Gm-Message-State: AO0yUKULjnApF3GJAKJ9Lvl6cG3WOYDcr8Ei4lEEo+mL8HV0huKvfahf p3WKbc3kPaxMruB1E7SngPECK2O6a96ftXDmQ51tR/72ztYNVfIUzoOfo8ofFIZzhb/sYiQc0Oa SQ+TW5kLP8OT9Q9kzbAckjYtvm6v3XA== X-Received: by 2002:a05:622a:84:b0:3b9:bf43:fccd with SMTP id o4-20020a05622a008400b003b9bf43fccdmr26390542qtw.10.1675571410844; Sat, 04 Feb 2023 20:30:10 -0800 (PST) X-Google-Smtp-Source: AK7set/9Rokrn7zhVygko/bnIMnIb3Pb1dKyvo7/nXMFrcLxv/VILYHdhAJ3/78bqSsQkFHjqHKkjQ== X-Received: by 2002:a05:622a:84:b0:3b9:bf43:fccd with SMTP id o4-20020a05622a008400b003b9bf43fccdmr26390517qtw.10.1675571410531; Sat, 04 Feb 2023 20:30:10 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id y4-20020a37af04000000b0072ddf70791fsm4922943qke.122.2023.02.04.20.30.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:10 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PATCH 03/10] fuzz/generic-fuzz: use reboots instead of forks to reset state Date: Sat, 4 Feb 2023 23:29:44 -0500 Message-Id: <20230205042951.3570008-4-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.140.205; envelope-from=alxndr@bu.edu; helo=esa16.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/generic_fuzz.c | 106 +++++++------------------------- 1 file changed, 23 insertions(+), 83 deletions(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index 7326f6840b..c2e5642150 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -18,7 +18,6 @@ #include "tests/qtest/libqtest.h" #include "tests/qtest/libqos/pci-pc.h" #include "fuzz.h" -#include "fork_fuzz.h" #include "string.h" #include "exec/memory.h" #include "exec/ramblock.h" @@ -29,6 +28,8 @@ #include "generic_fuzz_configs.h" #include "hw/mem/sparse-mem.h" +static void pci_enum(gpointer pcidev, gpointer bus); + /* * SEPARATOR is used to separate "operations" in the fuzz input */ @@ -589,30 +590,6 @@ static void op_disable_pci(QTestState *s, const unsigned char *data, size_t len) pci_disabled = true; } -static void handle_timeout(int sig) -{ - if (qtest_log_enabled) { - fprintf(stderr, "[Timeout]\n"); - fflush(stderr); - } - - /* - * If there is a crash, libfuzzer/ASAN forks a child to run an - * "llvm-symbolizer" process for printing out a pretty stacktrace. It - * communicates with this child using a pipe. If we timeout+Exit, while - * libfuzzer is still communicating with the llvm-symbolizer child, we will - * be left with an orphan llvm-symbolizer process. Sometimes, this appears - * to lead to a deadlock in the forkserver. Use waitpid to check if there - * are any waitable children. If so, exit out of the signal-handler, and - * let libfuzzer finish communicating with the child, and exit, on its own. - */ - if (waitpid(-1, NULL, WNOHANG) == 0) { - return; - } - - _Exit(0); -} - /* * Here, we interpret random bytes from the fuzzer, as a sequence of commands. * Some commands can be variable-width, so we use a separator, SEPARATOR, to @@ -669,64 +646,34 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size) size_t cmd_len; uint8_t op; - if (fork() == 0) { - struct sigaction sact; - struct itimerval timer; - sigset_t set; - /* - * Sometimes the fuzzer will find inputs that take quite a long time to - * process. Often times, these inputs do not result in new coverage. - * Even if these inputs might be interesting, they can slow down the - * fuzzer, overall. Set a timeout for each command to avoid hurting - * performance, too much - */ - if (timeout) { - - sigemptyset(&sact.sa_mask); - sact.sa_flags = SA_NODEFER; - sact.sa_handler = handle_timeout; - sigaction(SIGALRM, &sact, NULL); - - sigemptyset(&set); - sigaddset(&set, SIGALRM); - pthread_sigmask(SIG_UNBLOCK, &set, NULL); - - memset(&timer, 0, sizeof(timer)); - timer.it_value.tv_sec = timeout / USEC_IN_SEC; - timer.it_value.tv_usec = timeout % USEC_IN_SEC; - } + op_clear_dma_patterns(s, NULL, 0); + pci_disabled = false; - op_clear_dma_patterns(s, NULL, 0); - pci_disabled = false; + QPCIBus *pcibus = qpci_new_pc(s, NULL); + g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus); + qpci_free_pc(pcibus); - while (cmd && Size) { - /* Reset the timeout, each time we run a new command */ - if (timeout) { - setitimer(ITIMER_REAL, &timer, NULL); - } + while (cmd && Size) { + /* Reset the timeout, each time we run a new command */ - /* Get the length until the next command or end of input */ - nextcmd = memmem(cmd, Size, SEPARATOR, strlen(SEPARATOR)); - cmd_len = nextcmd ? nextcmd - cmd : Size; + /* Get the length until the next command or end of input */ + nextcmd = memmem(cmd, Size, SEPARATOR, strlen(SEPARATOR)); + cmd_len = nextcmd ? nextcmd - cmd : Size; - if (cmd_len > 0) { - /* Interpret the first byte of the command as an opcode */ - op = *cmd % (sizeof(ops) / sizeof((ops)[0])); - ops[op](s, cmd + 1, cmd_len - 1); + if (cmd_len > 0) { + /* Interpret the first byte of the command as an opcode */ + op = *cmd % (sizeof(ops) / sizeof((ops)[0])); + ops[op](s, cmd + 1, cmd_len - 1); - /* Run the main loop */ - flush_events(s); - } - /* Advance to the next command */ - cmd = nextcmd ? nextcmd + sizeof(SEPARATOR) - 1 : nextcmd; - Size = Size - (cmd_len + sizeof(SEPARATOR) - 1); - g_array_set_size(dma_regions, 0); + /* Run the main loop */ + flush_events(s); } - _Exit(0); - } else { - flush_events(s); - wait(0); + /* Advance to the next command */ + cmd = nextcmd ? nextcmd + sizeof(SEPARATOR) - 1 : nextcmd; + Size = Size - (cmd_len + sizeof(SEPARATOR) - 1); + g_array_set_size(dma_regions, 0); } + fuzz_reboot(s); } static void usage(void) @@ -825,7 +772,6 @@ static void generic_pre_fuzz(QTestState *s) { GHashTableIter iter; MemoryRegion *mr; - QPCIBus *pcibus; char **result; GString *name_pattern; @@ -883,12 +829,6 @@ static void generic_pre_fuzz(QTestState *s) printf("No fuzzable memory regions found...\n"); exit(1); } - - pcibus = qpci_new_pc(s, NULL); - g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus); - qpci_free_pc(pcibus); - - counter_shm_init(); } /* From patchwork Sun Feb 5 04:29:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128963 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4C363C64EC4 for ; Sun, 5 Feb 2023 04:31:24 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWfU-0007D2-HU; Sat, 04 Feb 2023 23:30:20 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfT-0007B2-3y for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:19 -0500 Received: from esa4.hc2706-39.iphmx.com ([216.71.146.118]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfR-0006Ad-45 for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:18 -0500 X-IronPort-RemoteIP: 209.85.222.197 X-IronPort-MID: 255542405 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:ok+XNqNxtVglTIbvrR0blcFynXyQoLVcMsEvi/4bfWQNrUpw02FWm zQcDzyCOfvbMWamet4gao6290gCuJLVzNZhHgZtpSBmQkwRlceUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vraf656CEmjslkf5KkYMbcICd9WAR4fykojBNnioYRj5VhxNO0GGthg /uryyHkEALjimEc3l48sfrZ80s15Kiq41v0g3RlDRx1lA6G/5UqJM9HTU2BByOQapVZGOe8W 9HCwNmRlo8O105wYj8Nuu+TnnwiG9Y+DyDX4pZlc/HKbix5m8AH+v1T2MzwyKtgo27hc9hZk L2hvHErIOsjFvSkdO81CnG0H8ziVEHvFXCuzXWX6KSuI0P6n3TEkrJNMhhoNtEk281+PGxk9 f85dBYBR0XW7w626OrTpuhEg80iKIzyP9patCgxknfWCvEpRZ2FSKLPjTNa9G1o14YeQLCEP ZBfMGswBPjDS0Qn1lM/AZYumuuyrnPiNTBUtTp5oIJtvjWOkFYtiOWF3Nz9ddeaYvVIoG+ki k3d+0riD0ggboOv1m/Qmp6rrqqV9c/hY6oLGbils/JnnlCX7moUDhIQSB28u/bRt6Klc9dWK khR4yl36KZrpRPtQd76UBm15nWDu3bwRuZtLgHz0ynVooK83upTLjFsouJpADD+iPILeA== IronPort-HdrOrdr: A9a23:ZNt+F6yRA+zg3aj8x7ePKrPw+r1zdoMgy1knxilNoNJuA6ilfq eV7YgmPHrP4gr5N0tQ/+xoVJPwI080sKQFmrX5Xo3SITUOxlHYVb2KhLGKq1aQeBEWtNQtr5 uIG5IfNDSaNykcsS+V2njcL/8QhPOqyuSHv9v/8ltaZT1WSshbnnhE48WgfnGehjMqOXP0Lv ShD7J81kKdkL0sAaWGOkU= Received: from mail-qk1-f197.google.com ([209.85.222.197]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:15 -0500 Received: by mail-qk1-f197.google.com with SMTP id h13-20020a05620a244d00b006fb713618b8so5946639qkn.0 for ; Sat, 04 Feb 2023 20:30:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=w+MVkEQ89PjxMWt3cPZo6y49kuSGlJ3CjWP9R/tF0z4=; b=KdH9C6FQI4J4Btng0il0O4ODdg9KZj93uG2EsNc5ndQ/sfJuP1SxIisgO7qLnMEaM0 U/w/jHMb8/pjBHv4w4uEtfVIxyggbEo4u5TP82UoIh+5yif6GuWx6MDGE7W6vNiiypPv zG6WK8otw0Bouh+Wf5ANhBnovSYTmNI278bhOlN4qUT7/lXoi5rq0/PkYqbjazXng7Ha laFnWxryoLNCsrOSCvBpt24JTz8AUonUOuAgFzHJgHdFIaQp5mBmpR62ENQVOsLnfLnm iuAxpswoCo9kpfsDqjZ+RYkVT0loKur/8UlNjezNZ+oUWWoHNCdJS4WQy2wMD38FwKKB X4PQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w+MVkEQ89PjxMWt3cPZo6y49kuSGlJ3CjWP9R/tF0z4=; b=jDviS5W4aZxAk3pvBaXbCi1Putjc5XfFfazvE+GuicdaMw4yU9mJF7cBQg5RnKm5P/ c+PGP7uR18WZDLgf0L0dvUOGxSf+HErx9D3u6yoI/eEw4xEy+CHvxySuaT2/ajjun1ww Jy7pN3RUn5hFVBFZ8njW/GFOmT6XHW2f3n8N/zQ2b5ZEhyXEqe/H5bVYsP2AjNJ2DWaY yw1OFb8eQr+TLBwuXJmeJhIV0WewvRA6V2FopJ0+mpJDj6iFdY+HVraRW9A4zcF4T+lw sTauzuTpE43+uFiGUzjSHPBNcvuiQNsChDdaykaWNRJaxzsxcgfQUe5wv76XfQ5IlvXg /ksQ== X-Gm-Message-State: AO0yUKWOm70H6O42aVqDrDfKmXGBB45ptz9hIa8D0c+EiSw/k/20anpP DVyEBX9MF48XKRPrOTCLA138U8gnn+8SJfv8jMYFNKA7z9dYRxcWfaJfNYEB6K6eWA+7/sRQjpo VJ4vDubQ2He4FMkAm+McwqyMVZWe5lg== X-Received: by 2002:a05:622a:50d:b0:3b8:4fb1:c82a with SMTP id l13-20020a05622a050d00b003b84fb1c82amr27827878qtx.21.1675571413799; Sat, 04 Feb 2023 20:30:13 -0800 (PST) X-Google-Smtp-Source: AK7set9eKH9ejeBGIX3PVWH5cUs70vK5KBnszMPvgeOglMB60D++AxXu5fsAwOM0to6KUADm47LCnQ== X-Received: by 2002:a05:622a:50d:b0:3b8:4fb1:c82a with SMTP id l13-20020a05622a050d00b003b84fb1c82amr27827854qtx.21.1675571413542; Sat, 04 Feb 2023 20:30:13 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id o6-20020ac85546000000b003b2ea9b76d0sm4665369qtr.34.2023.02.04.20.30.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:13 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PATCH 04/10] fuzz/generic-fuzz: add a limit on DMA bytes written Date: Sat, 4 Feb 2023 23:29:45 -0500 Message-Id: <20230205042951.3570008-5-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.146.118; envelope-from=alxndr@bu.edu; helo=esa4.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org As we have repplaced fork-based fuzzing, with reboots - we can no longer use a timeout+exit() to avoid slow inputs. Libfuzzer has its own timer that it uses to catch slow inputs, however these timeouts are usually seconds-minutes long: more than enough to bog-down the fuzzing process. However, I found that slow inputs often attempt to fill overly large DMA requests. Thus, we can mitigate most timeouts by setting a cap on the total number of DMA bytes written by an input. Signed-off-by: Alexander Bulekov Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Darren Kenny --- tests/qtest/fuzz/generic_fuzz.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index c2e5642150..eab92cbc23 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -52,6 +52,7 @@ enum cmds { #define USEC_IN_SEC 1000000000 #define MAX_DMA_FILL_SIZE 0x10000 +#define MAX_TOTAL_DMA_SIZE 0x10000000 #define PCI_HOST_BRIDGE_CFG 0xcf8 #define PCI_HOST_BRIDGE_DATA 0xcfc @@ -64,6 +65,7 @@ typedef struct { static useconds_t timeout = DEFAULT_TIMEOUT_US; static bool qtest_log_enabled; +size_t dma_bytes_written; MemoryRegion *sparse_mem_mr; @@ -197,6 +199,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr) */ if (dma_patterns->len == 0 || len == 0 + || dma_bytes_written > MAX_TOTAL_DMA_SIZE || (mr != current_machine->ram && mr != sparse_mem_mr)) { return; } @@ -269,6 +272,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr) fflush(stderr); } qtest_memwrite(qts_global, addr, buf, l); + dma_bytes_written += l; } len -= l; buf += l; @@ -648,6 +652,7 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size) op_clear_dma_patterns(s, NULL, 0); pci_disabled = false; + dma_bytes_written = 0; QPCIBus *pcibus = qpci_new_pc(s, NULL); g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus); From patchwork Sun Feb 5 04:29:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 34885C63797 for ; Sun, 5 Feb 2023 04:31:47 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWfX-0007Dr-5o; Sat, 04 Feb 2023 23:30:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfU-0007Cy-CB for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:20 -0500 Received: from esa7.hc2706-39.iphmx.com ([216.71.137.80]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfS-0006B8-Nk for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:20 -0500 X-IronPort-RemoteIP: 209.85.160.199 X-IronPort-MID: 257704565 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:nd1zU647b2dtmuq5NBTQyAxRtIbFchMFZxGqfqrLsTDasY5as4F+v jNJXzzVaPeOMzOjeNhzPNux8BsHv5XcxoRiSQVlqn1hEysa+MHIO4+lIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BCpC48T8nk/nNHuCnYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFtMpvlDs15K6p4GlA4gRlDRx2lAS2e0c9Xcp3yZ6ZciOQrrl8RoaSW +vFxbelyWLVlz9F5gSNy+uTnuUiG9Y+DCDX4pZkc/HKbitq/0Te5p0G2M80Mi+7vdkoc+dZk 72hvbToIesg0zaldO41CnG0GAknVUFKFSOuzdFSfqV/wmWfG0YAzcmCA2kRM9wIo/1SH11c5 PYfGR8mLSyKn+2plefTpulE3qzPLeHuNYIb/2h8lHTXVKd3B5/ERKrO6JlT2zJYasJmR66PI ZpEL2MxNFKZMkwn1lQ/UfrSmM+hgmn5fydwok/TqKYqi4TW5FYsj+e1bIeLJ7RmQ+0SxH+b/ kHZ/V/4KQ4fbtaR9Ban/Vaj07qncSTTHdh6+KeD3udnhUDWymENBRk+U1y9rv+kzEmkVLpix 1c8/yMvqe0r6BXuQICsDlu3p3mLuhNaUN1VewEn1DywJmPvy17xLgA5ovRpMbTKaOdeqeQW6 2K0 IronPort-HdrOrdr: A9a23:d76xpKloiXYae1HJ9lBox3ZwHRHpDfL63DAbv31ZSRFFG/FwWf re+MjzsiWE9Ar5PUtLpTnuAtjnfZqxz+8W3WBVB8bYYOCEghrUEGgd1/qa/9SIIUSXnZ8/6U 4jSdkFNDSZNzhHZK3BkW6F+rgbsby62ZHtr8vli1lWcSFWR5dJ0zpZYzzrbXGehzMrOXP6Lv ehDwZ8yQZIAU5nFvhTz0NrPtT+mw== Received: from mail-qt1-f199.google.com ([209.85.160.199]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:17 -0500 Received: by mail-qt1-f199.google.com with SMTP id bs11-20020ac86f0b000000b003b9b4ec27c4so4732086qtb.19 for ; Sat, 04 Feb 2023 20:30:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iOOCbqIFWI5B1mqP3vuloqlMjg+VQAzQG7EsDxkjfAk=; b=GDKRXAi/vdryaRt8mx+cA3D4wuEZLVkYgGDljozHfvUY1B5VODiBsGChOYGT4mn1aC hzf1qu3PnyzAaa5xsx7pM7fyI6CQ2mfLPn+l+ZNkVdJT7Zi1sD4x7/q5NUzm0o1VGg/w lsgwmeG/2+rzjkqL9gDRS8AT9g+oM+du/QgFX45q+J3N9x9dzn1jpHSZfdWrrJXQCDqj c7OcrJlTI/ntorjBj6YFuODhMy8yCmi8VKphYBy9dO7Y4p7d5EsyxWrkHuzZbfpJK1IV 9TJAztijdUSjbcUGVhKvj/jk1T2eSfoWiOZWKEHRf6BiwPlfwbX+xeXwjMlryPijVDJQ PNpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iOOCbqIFWI5B1mqP3vuloqlMjg+VQAzQG7EsDxkjfAk=; b=hSZM61qVAhj4Xs+5cDTFgaDxFy0ddzjss+1/lsxlp7TMLnkHJKk3l1gtShOrXkIX36 sQ6HnA0ZHtiIoJ5+9RVFJrZ4fu7RTE83Eh1q/t30VO5fis+0/Vv2Vhby+3fDSa0M7H0k /cjICQKnmytXKLcSNlCjFI1gttBLt0DVpJPRcVyKModIVxhNE8nN8abUKeP665f7Q9gC cLU1iC5VILwANOiPMMk2AJbtLypqVjcjIPkxRp/nX3BoQvk4l7GXd/z6D/30dl5pY+h2 wA9rP9tNZr7h1qV6peO+xQeIFZBOvSVqEnbHMYxY4m27aLjtR0VTw/wfb+tsW8U6iKMG hvIQ== X-Gm-Message-State: AO0yUKVQ5EXZ3F3/RyB6BDRM4DfC1V3vRyv+A2V47AXMUwDqyilqaeTr ERNG1vd5e0lSp9MmkalXsjvC4lWyJDhyptQtcL8KRh/YDv0fw505fXKqk3nUsxG2mtcjXOz2KUH p5ODYADIZ9pRXZXNrtm3ow36pThGy2w== X-Received: by 2002:a05:6214:5011:b0:567:fe96:85a5 with SMTP id jo17-20020a056214501100b00567fe9685a5mr16155937qvb.22.1675571416668; Sat, 04 Feb 2023 20:30:16 -0800 (PST) X-Google-Smtp-Source: AK7set9H9sPr03GriLEmXaJrNvr/4mXJTkxYE9g3rkX5HdFYmW90VemaVlUE78sQQtbxsi8JdpJWYQ== X-Received: by 2002:a05:6214:5011:b0:567:fe96:85a5 with SMTP id jo17-20020a056214501100b00567fe9685a5mr16155918qvb.22.1675571416413; Sat, 04 Feb 2023 20:30:16 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id dw28-20020a05620a601c00b00728bbe45888sm4959084qkb.10.2023.02.04.20.30.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:16 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PATCH 05/10] fuzz/virtio-scsi: remove fork-based fuzzer Date: Sat, 4 Feb 2023 23:29:46 -0500 Message-Id: <20230205042951.3570008-6-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.80; envelope-from=alxndr@bu.edu; helo=esa7.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/virtio_scsi_fuzz.c | 51 ++++------------------------- 1 file changed, 7 insertions(+), 44 deletions(-) diff --git a/tests/qtest/fuzz/virtio_scsi_fuzz.c b/tests/qtest/fuzz/virtio_scsi_fuzz.c index b3220ef6cb..8b26e951ae 100644 --- a/tests/qtest/fuzz/virtio_scsi_fuzz.c +++ b/tests/qtest/fuzz/virtio_scsi_fuzz.c @@ -20,7 +20,6 @@ #include "standard-headers/linux/virtio_pci.h" #include "standard-headers/linux/virtio_scsi.h" #include "fuzz.h" -#include "fork_fuzz.h" #include "qos_fuzz.h" #define PCI_SLOT 0x02 @@ -132,48 +131,24 @@ static void virtio_scsi_fuzz(QTestState *s, QVirtioSCSIQueues* queues, } } -static void virtio_scsi_fork_fuzz(QTestState *s, - const unsigned char *Data, size_t Size) -{ - QVirtioSCSI *scsi = fuzz_qos_obj; - static QVirtioSCSIQueues *queues; - if (!queues) { - queues = qvirtio_scsi_init(scsi->vdev, 0); - } - if (fork() == 0) { - virtio_scsi_fuzz(s, queues, Data, Size); - flush_events(s); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } -} - static void virtio_scsi_with_flag_fuzz(QTestState *s, const unsigned char *Data, size_t Size) { QVirtioSCSI *scsi = fuzz_qos_obj; static QVirtioSCSIQueues *queues; - if (fork() == 0) { - if (Size >= sizeof(uint64_t)) { - queues = qvirtio_scsi_init(scsi->vdev, *(uint64_t *)Data); - virtio_scsi_fuzz(s, queues, - Data + sizeof(uint64_t), Size - sizeof(uint64_t)); - flush_events(s); - } - _Exit(0); - } else { + if (Size >= sizeof(uint64_t)) { + queues = qvirtio_scsi_init(scsi->vdev, *(uint64_t *)Data); + virtio_scsi_fuzz(s, queues, + Data + sizeof(uint64_t), Size - sizeof(uint64_t)); flush_events(s); - wait(NULL); } + fuzz_reboot(s); } static void virtio_scsi_pre_fuzz(QTestState *s) { qos_init_path(s); - counter_shm_init(); } static void *virtio_scsi_test_setup(GString *cmd_line, void *arg) @@ -189,22 +164,10 @@ static void *virtio_scsi_test_setup(GString *cmd_line, void *arg) static void register_virtio_scsi_fuzz_targets(void) { - fuzz_add_qos_target(&(FuzzTarget){ - .name = "virtio-scsi-fuzz", - .description = "Fuzz the virtio-scsi virtual queues, forking " - "for each fuzz run", - .pre_vm_init = &counter_shm_init, - .pre_fuzz = &virtio_scsi_pre_fuzz, - .fuzz = virtio_scsi_fork_fuzz,}, - "virtio-scsi", - &(QOSGraphTestOptions){.before = virtio_scsi_test_setup} - ); - fuzz_add_qos_target(&(FuzzTarget){ .name = "virtio-scsi-flags-fuzz", - .description = "Fuzz the virtio-scsi virtual queues, forking " - "for each fuzz run (also fuzzes the virtio flags)", - .pre_vm_init = &counter_shm_init, + .description = "Fuzz the virtio-scsi virtual queues. " + "Also fuzzes the virtio flags", .pre_fuzz = &virtio_scsi_pre_fuzz, .fuzz = virtio_scsi_with_flag_fuzz,}, "virtio-scsi", From patchwork Sun Feb 5 04:29:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128961 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3D483C636CD for ; Sun, 5 Feb 2023 04:31:24 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWfb-0007Ej-Ej; Sat, 04 Feb 2023 23:30:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfZ-0007EJ-IJ for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:25 -0500 Received: from esa12.hc2706-39.iphmx.com ([216.71.137.82]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfX-0006Bn-Su for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:25 -0500 X-IronPort-RemoteIP: 209.85.219.69 X-IronPort-MID: 256594485 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:k0didatMXL7ICD8npAgMHsZMYefnVOtcMUV32f8akzHdYApBsoF/q tZmKWHUb6nYNGf0f4t0aNizoEMAvJ7Xzt4xQAo/pXpnQSMR9ZOVVN+UEBzMMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliefTAOK5ULSfUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS93uDgNyo4GlD5gZmOagQ1LPjvyJ94Kw3dPnZw0TQH9E88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IPM0SQqkEqSh8ai87XAMEhhXJ/0F1lqTzQJ OJl7vRcQS9xVkHFdX90vxNwSkmSNoUfkFPLzOTWXWV+ACQqflO1q8iCAn3aMqVCxMcsE2d38 MBJdmlVVR6ClfDn5JiSH7wEasQLdKEHPasas3BkiCjHVLMoH8GFTKLN6ttVmjw3g6iiH96EP 5tfOWcpNk2RJUMeUrsUIMtWcOOAj33vdTFCgFiI46c7/gA/ySQrjeawYYaJKoHiqcN9vUW8/ 33M+1nCIAg2KeKwimqX0zGur7qa9c/8cMdIfFGizdZzjViOg2AeFhASfV28p/a/lwi5Qd03F qAP0i8nrKx37VLyC9ejDlu3p3mLuhNaUN1VewEn1DywJmPvy17xLgA5ovRpMbTKaOdeqeQW6 2K0 IronPort-HdrOrdr: A9a23:vrgQwKPJ6EptT8BcThejsMiBIKoaSvp037Dk7TEUdfUzSL3lqy nKpp4mPHDP+VAssR0b6LK90ey7MAjhHP1OkPQs1MmZLXDbUQKTRekInOjfKn/balfDH4ZmtZ uIGJIOb+EYY2IK6PrS0U2TP+xl7uO60J2Fs8/j8lYFd3AUV0ii1WtE48Sgf3GeiDMpOXNALu vl2iOPnVXARUgq Received: from mail-qv1-f69.google.com ([209.85.219.69]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:20 -0500 Received: by mail-qv1-f69.google.com with SMTP id ib5-20020a0562141c8500b0053c23b938a0so4514340qvb.17 for ; Sat, 04 Feb 2023 20:30:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CHDhBXIdMrv1WJ0/+De0O/L/lQBwtTrFTHETIFhRcNE=; b=Hfwkq+0jPjM8fu2lNb29PbRIxJYak7S8otxTQULgVcMoJq1tos4Kywm5iyHNU3VCqx i9x16ZLStECwPDWQmaFXjqndAILTM8QtcTAaBDeQdIP+6NZSV9ulSCa3ZWs5c2s+aNXJ lntHCaHS8QzgZ9/vrG/Kt2PmzbuYnve66ahkSa1L0jjKoJMiPntbdsB5FqMzeLSbxFlz jsqYfjcGn4T9q5xjsWt9ByeSNpKnGj12lLALAMtPOmxZGIE3xrcK4kRcrCOgspS3XjAp +56cwTRM589f9fUIGth5lUq8JdPVdHb1UXn1NxeQGBQE4qzXwKmABo/9nby5/yPnxXfq swug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CHDhBXIdMrv1WJ0/+De0O/L/lQBwtTrFTHETIFhRcNE=; b=l23Je0aYoNCUlcQaYLnsw1PnoZ/Mnj+KZTFzoBH2OAZqj2eDD5KEwWVNLGTbp/o1CW bChDafVE3Tc5IohyHiLDeKBQuIIetC/YjaWOMfWK2yLypbKGIRn7b2cVNkja2Uf6cvJp QYilQ6XyeUREq1XG/d4pI5XIu+99ckJqGQ83fDbEYleBJZ3h5z5C2cMcZngdz8LVgFpJ yDDJmMiNKIBFrt4LNrEIYnywcwEjJDlMQUF0cCQZCoIdfrCQP5taC7pwdZ2XF4B/JT4m wLZwhYGLMOxOPzL8oV9h6FFB22AyII9Ru2by0Y1MVTRb/W6VAm0bNxlJut7n/4077Uue gA6Q== X-Gm-Message-State: AO0yUKVDvdIOXfuTABMyJplHgVYXQna16ouNK//baQcTlLXyapTNCV8Z WRd1Y51B/tPzqH6E6lXri7HzwuhVIq0u14KcvFKq4NUGJby0bcAbaQBOxWblwWUXZ14ZZq35XSP 6fu+LWZ78OK+p0d0vF88fQHlTv/bg3A== X-Received: by 2002:ac8:5a48:0:b0:3b9:d1c1:6da6 with SMTP id o8-20020ac85a48000000b003b9d1c16da6mr20511850qta.7.1675571419594; Sat, 04 Feb 2023 20:30:19 -0800 (PST) X-Google-Smtp-Source: AK7set+vI0R0b4+vg2oEfKTNV3ynxdQgHwgCXjFySYeDcawNHdD/0LmpHqQZvccXBZqg6TU0pe8GCQ== X-Received: by 2002:ac8:5a48:0:b0:3b9:d1c1:6da6 with SMTP id o8-20020ac85a48000000b003b9d1c16da6mr20511827qta.7.1675571419338; Sat, 04 Feb 2023 20:30:19 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id g7-20020ac87d07000000b003b9a50c8fa1sm4775368qtb.87.2023.02.04.20.30.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:19 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PATCH 06/10] fuzz/virtio-net: remove fork-based fuzzer Date: Sat, 4 Feb 2023 23:29:47 -0500 Message-Id: <20230205042951.3570008-7-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.82; envelope-from=alxndr@bu.edu; helo=esa12.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/virtio_net_fuzz.c | 54 +++--------------------------- 1 file changed, 5 insertions(+), 49 deletions(-) diff --git a/tests/qtest/fuzz/virtio_net_fuzz.c b/tests/qtest/fuzz/virtio_net_fuzz.c index c2c15f07f0..d245ee66a1 100644 --- a/tests/qtest/fuzz/virtio_net_fuzz.c +++ b/tests/qtest/fuzz/virtio_net_fuzz.c @@ -16,7 +16,6 @@ #include "tests/qtest/libqtest.h" #include "tests/qtest/libqos/virtio-net.h" #include "fuzz.h" -#include "fork_fuzz.h" #include "qos_fuzz.h" @@ -115,36 +114,18 @@ static void virtio_net_fuzz_multi(QTestState *s, } } -static void virtio_net_fork_fuzz(QTestState *s, - const unsigned char *Data, size_t Size) -{ - if (fork() == 0) { - virtio_net_fuzz_multi(s, Data, Size, false); - flush_events(s); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } -} -static void virtio_net_fork_fuzz_check_used(QTestState *s, +static void virtio_net_fuzz_check_used(QTestState *s, const unsigned char *Data, size_t Size) { - if (fork() == 0) { - virtio_net_fuzz_multi(s, Data, Size, true); - flush_events(s); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } + virtio_net_fuzz_multi(s, Data, Size, true); + flush_events(s); + fuzz_reboot(s); } static void virtio_net_pre_fuzz(QTestState *s) { qos_init_path(s); - counter_shm_init(); } static void *virtio_net_test_setup_socket(GString *cmd_line, void *arg) @@ -158,23 +139,8 @@ static void *virtio_net_test_setup_socket(GString *cmd_line, void *arg) return arg; } -static void *virtio_net_test_setup_user(GString *cmd_line, void *arg) -{ - g_string_append_printf(cmd_line, " -netdev user,id=hs0 "); - return arg; -} - static void register_virtio_net_fuzz_targets(void) { - fuzz_add_qos_target(&(FuzzTarget){ - .name = "virtio-net-socket", - .description = "Fuzz the virtio-net virtual queues. Fuzz incoming " - "traffic using the socket backend", - .pre_fuzz = &virtio_net_pre_fuzz, - .fuzz = virtio_net_fork_fuzz,}, - "virtio-net", - &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket} - ); fuzz_add_qos_target(&(FuzzTarget){ .name = "virtio-net-socket-check-used", @@ -182,20 +148,10 @@ static void register_virtio_net_fuzz_targets(void) "descriptors to be used. Timeout may indicate improperly handled " "input", .pre_fuzz = &virtio_net_pre_fuzz, - .fuzz = virtio_net_fork_fuzz_check_used,}, + .fuzz = virtio_net_fuzz_check_used,}, "virtio-net", &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket} ); - fuzz_add_qos_target(&(FuzzTarget){ - .name = "virtio-net-slirp", - .description = "Fuzz the virtio-net virtual queues with the slirp " - " backend. Warning: May result in network traffic emitted from the " - " process. Run in an isolated network environment.", - .pre_fuzz = &virtio_net_pre_fuzz, - .fuzz = virtio_net_fork_fuzz,}, - "virtio-net", - &(QOSGraphTestOptions){.before = virtio_net_test_setup_user} - ); } fuzz_target_init(register_virtio_net_fuzz_targets); From patchwork Sun Feb 5 04:29:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128964 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 530F3C64EC7 for ; Sun, 5 Feb 2023 04:31:24 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWfd-0007FV-Ng; Sat, 04 Feb 2023 23:30:29 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfb-0007Ek-HR for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:27 -0500 Received: from esa2.hc2706-39.iphmx.com ([216.71.152.49]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfZ-0006C1-Gk for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:27 -0500 X-IronPort-RemoteIP: 209.85.219.72 X-IronPort-MID: 256644721 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:z2cv/qNWr38r44XvrR0YlcFynXyQoLVcMsEvi/4bfWQNrUpz1mFSz WVOUGjTMv/ZYDfxLoonao7l9kNQupGGyIdiGQZtpSBmQkwRlceUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vraf656CEmjslkf5KkYMbcICd9WAR4fykojBNnioYRj5VhxNO0GGthg /uryyHkEALjimEc3l48sfrZ80s15Kiq41v0g3RlDRx1lA6G/5UqJM9HTU2BByOQapVZGOe8W 9HCwNmRlo8O105wYj8Nuu+TnnwiG9Y+DyDX4pZlc/HKbix5m8AH+v1T2MzwyKtgo27hc9hZk L2hvHErIOsjFvSkdO81CnG0H8ziVEHvFXCuzXWX6KSuI0P6n3TE5chXJxo8ZM4h3O9NOmdHq eIWFDA/YUXW7w626OrTpuhEg80iKIzyItpatC46iz7eCvkiTNbIRKCiCd1whm9hwJATW6yHN oxGM1KDbzyZC/FLEl4TGJQyhs+imz/yfyAwRFe9//dpvTSPk1YouFTrGILTItO6ecwMpX6J+ 0Wc3UP6WT9Gd9PKnFJp9Vrp3IcjhxjTQY8XCfi0++BnhHWVwWocDgBQUkG0ycRVkWa7UtNbb lUKo28g8vJ0+0usQd3wGRa/pRZooyIhZjaZKMVigCnl90Yey13x6rQsJtKZVOEbiQ== IronPort-HdrOrdr: A9a23:PAkZiqhFNAb9o5o76FFrsTUK+3BQXgwji2hC6mlwRA09TyVXrb HLoB19726JtN91YhsdcL+7Sc+9qB/nhPxICMwqTMyftWrdyRaVxf9ZnPLfKlTbckWUh41gPO VbAtJD4bXLbWSS5vyKhzVQfexQpeWvweSDqd2b4U1QbTxHXYld0iYRMHflLqS0fmV77FgCea Z0KvAom9PZQwVuUi1zPBZlY9T+ Received: from mail-qv1-f72.google.com ([209.85.219.72]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:24 -0500 Received: by mail-qv1-f72.google.com with SMTP id jo26-20020a056214501a00b0053aa15f61d4so4501206qvb.7 for ; Sat, 04 Feb 2023 20:30:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pFLxMEp2r8yiWAlvNWwqHg1ftE8mrJVRMTGKTtgibDE=; b=offjED22wZtTH6tSL9JqNt45FGxJXvHPXNT7LKZAIwZfMWjmHu7ySAc3Cs3UYMndCj FJ+5VklAfwnWMxXMWsUKXCDWfnacrjzaq+zdHOSu0Hka1lhx6QeP/Q1o/w+WOWEIHbLS /nRqWQ230ZVM5ZllheLr1fg7JrssM7qEPT0RcrZ5EOP7MmH6V/zp0dJgQlHvi6drMemY efhvVj4MJ08P+irigj+bJ8HRtCk6eM1eQaPmOdxz22f9YVw5hz+VzKchagxlkH5WmyaP r8xcXb0P3i4TLIZufpLnG5ubRqDoBaiSc4PIw4ACOarLh0JDjQ+2HOFR/vFlk0753/LH WP+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pFLxMEp2r8yiWAlvNWwqHg1ftE8mrJVRMTGKTtgibDE=; b=g7Hs6SdcVlWRA3JPE4mMpLj20wo6DlX1uQM6nDX/0FI4snKlc/EUN/GfW2uPelibsa HkguX655NbuJq1D5U2cxI5gTXC8/EbIGLwjs8rMytvRM7GSScPcvV+7ZFbw7FGPbmaL7 /PGCJBm0tRciuSOFhA7+9OLpy0tRherpahajJpmbdTPvh9QdiBwY1TI/lEXjiwjxPNs0 zlteG9gFmokWTUxzb4meCrEGMDcxRlQZxy0OnFAYFgutfxvW2xi3+ght2Wy7UUI9JhZ5 cPX25dYAz7XBBPC7orCPHyiF1vsjali9i9PTjqFtmttJYNuxQI5H2858S+IGMZvF0jUK RESA== X-Gm-Message-State: AO0yUKXCeURzi8ci3xv3zsQBLYT1CJm7d34habwqtnzKkPBx1ylRGFMp M8XdGsH0YWeQnTzM7K3fZmnqGbLuzwGfrLSroQQNZIjeMx5U12fOs4tAb2WsqYTKGH/QlzjOzb2 gfeqvcKDd3Y+pwuWNa1FxiCyQ40Ttgg== X-Received: by 2002:a05:622a:4b:b0:3b8:6cf0:da83 with SMTP id y11-20020a05622a004b00b003b86cf0da83mr29312790qtw.42.1675571422435; Sat, 04 Feb 2023 20:30:22 -0800 (PST) X-Google-Smtp-Source: AK7set8Pf9HMqSXFCkePQRTQspYgPDgZji/VhlStjpktGMRsu2uRrIdOoh+0DTwaynrzcO0uFPV/eQ== X-Received: by 2002:a05:622a:4b:b0:3b8:6cf0:da83 with SMTP id y11-20020a05622a004b00b003b86cf0da83mr29312780qtw.42.1675571422085; Sat, 04 Feb 2023 20:30:22 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id 63-20020a370a42000000b00719d9f823c4sm4891482qkk.34.2023.02.04.20.30.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:21 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PATCH 07/10] fuzz/virtio-blk: remove fork-based fuzzer Date: Sat, 4 Feb 2023 23:29:48 -0500 Message-Id: <20230205042951.3570008-8-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.152.49; envelope-from=alxndr@bu.edu; helo=esa2.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/virtio_blk_fuzz.c | 51 ++++-------------------------- 1 file changed, 7 insertions(+), 44 deletions(-) diff --git a/tests/qtest/fuzz/virtio_blk_fuzz.c b/tests/qtest/fuzz/virtio_blk_fuzz.c index a9fb9ecf6c..82575a11d9 100644 --- a/tests/qtest/fuzz/virtio_blk_fuzz.c +++ b/tests/qtest/fuzz/virtio_blk_fuzz.c @@ -19,7 +19,6 @@ #include "standard-headers/linux/virtio_pci.h" #include "standard-headers/linux/virtio_blk.h" #include "fuzz.h" -#include "fork_fuzz.h" #include "qos_fuzz.h" #define TEST_IMAGE_SIZE (64 * 1024 * 1024) @@ -128,48 +127,24 @@ static void virtio_blk_fuzz(QTestState *s, QVirtioBlkQueues* queues, } } -static void virtio_blk_fork_fuzz(QTestState *s, - const unsigned char *Data, size_t Size) -{ - QVirtioBlk *blk = fuzz_qos_obj; - static QVirtioBlkQueues *queues; - if (!queues) { - queues = qvirtio_blk_init(blk->vdev, 0); - } - if (fork() == 0) { - virtio_blk_fuzz(s, queues, Data, Size); - flush_events(s); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } -} - static void virtio_blk_with_flag_fuzz(QTestState *s, const unsigned char *Data, size_t Size) { QVirtioBlk *blk = fuzz_qos_obj; static QVirtioBlkQueues *queues; - if (fork() == 0) { - if (Size >= sizeof(uint64_t)) { - queues = qvirtio_blk_init(blk->vdev, *(uint64_t *)Data); - virtio_blk_fuzz(s, queues, - Data + sizeof(uint64_t), Size - sizeof(uint64_t)); - flush_events(s); - } - _Exit(0); - } else { + if (Size >= sizeof(uint64_t)) { + queues = qvirtio_blk_init(blk->vdev, *(uint64_t *)Data); + virtio_blk_fuzz(s, queues, + Data + sizeof(uint64_t), Size - sizeof(uint64_t)); flush_events(s); - wait(NULL); } + fuzz_reboot(s); } static void virtio_blk_pre_fuzz(QTestState *s) { qos_init_path(s); - counter_shm_init(); } static void drive_destroy(void *path) @@ -208,22 +183,10 @@ static void *virtio_blk_test_setup(GString *cmd_line, void *arg) static void register_virtio_blk_fuzz_targets(void) { - fuzz_add_qos_target(&(FuzzTarget){ - .name = "virtio-blk-fuzz", - .description = "Fuzz the virtio-blk virtual queues, forking " - "for each fuzz run", - .pre_vm_init = &counter_shm_init, - .pre_fuzz = &virtio_blk_pre_fuzz, - .fuzz = virtio_blk_fork_fuzz,}, - "virtio-blk", - &(QOSGraphTestOptions){.before = virtio_blk_test_setup} - ); - fuzz_add_qos_target(&(FuzzTarget){ .name = "virtio-blk-flags-fuzz", - .description = "Fuzz the virtio-blk virtual queues, forking " - "for each fuzz run (also fuzzes the virtio flags)", - .pre_vm_init = &counter_shm_init, + .description = "Fuzz the virtio-blk virtual queues. " + "Also fuzzes the virtio flags)", .pre_fuzz = &virtio_blk_pre_fuzz, .fuzz = virtio_blk_with_flag_fuzz,}, "virtio-blk", From patchwork Sun Feb 5 04:29:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128968 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 73EF2C636CD for ; Sun, 5 Feb 2023 04:31:38 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWgC-0007Fi-J4; Sat, 04 Feb 2023 23:31:04 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfd-0007F7-5F for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:29 -0500 Received: from esa12.hc2706-39.iphmx.com ([216.71.137.82]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfb-0006Bn-6P for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:28 -0500 X-IronPort-RemoteIP: 209.85.160.199 X-IronPort-MID: 256594492 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:AQ8/0q3JxKCQAGB1BPbD5W1zkn2cJEfYwER7XKvMYLTBsI5bpzQHy 2AfUTzUPP3YambxKI1/OY/k8EIPvJTXzIVkQAQ+qSg9HnlHl5H5CIXCJC8cHc8zwu4v7q5Dx 59DAjUVBJlsFhcwnj/0bv666yE5jfvTLlbFILasEjhrQgN5QzsWhxtmmuoo6qZlmtH8CA6W0 T/Ii5S31GSNhnglbQr414rZ8Ek05K6q5GtD1rADTasjUGH2xiF94K03ePnZw0vQGuF8AuO8T uDf+7C1lkuxE8AFU47Nfh7TKyXmc5aLVeS8oiM+t5uK23CukhcPPpMTb5LwX6v2ZwKhxLidw P0V3XC5pJxA0qfkwYzxWDEBe81y0DEvFBYq7hFTvOTKp3AqfUcAzN02XUgEEK46+t1XCEVe2 acgMxcrZD6c0rfeLLKTEoGAh+wmJcjveZoD4zRulGCIS/khRp/HTuPB4towMDUY3JgfW6aDI ZNHMXw2PUWojx5nYz/7DLo3mPeuimPXeSAepV6IzUYyyzKOklEgjOS8arI5fPShAsFzuwWVj 1v02EDTEAAROcy16AWspyfEaujn2HmTtJgpPKS18+MvjFCNy2g7DhoQWl2m5/6jhSaDt8l3L kUV/m83sfF3+hX6H5/yWBq3pHPCtRkZMzZNL9AHBMi24vK8y26k6qIsF1attPROWBcKeAEX IronPort-HdrOrdr: A9a23:rHqEuq9H+48KIhMmURJuk+E2db1zdoMgy1knxilNoHxuH/Bws/ re+8jzsiWE7gr5OUtQ4OxoV5PwO080maQFnbX5Xo3SJDUO2lHYSL2KhLGKq1aLdEOeh40tt9 YET0VnMrHN5D5B/LnHCWGDYqYdKbK8gd2VbInlvglQpWIDUdAV0+8dYjzrZ3GecDM2d6bQS/ Knhvav6gDQM0g/X4CePD0oTuLDr9rEmNbPZgMHPQcu7E2jnC6l87nzFjmfx1M7XylUybkv3G DZm0ihj5/T/82T+1v57Sv+/p5WkNzuxp9qA9GNsNEcLnHBmxulf4NoXpyFpXQQrPu04Fgnvd HQq1MLPth16VnWYmapyCGdljXI4XIL0TvP2FWYiXzsrYjSXzQhEfdMgopfb1/w91cglMsU6t MP40up875sST/QliX04NbFEztwkFCvnHYkmekPy1RCTIolbqNLp4B3xjIWLH45JlO/1GkbKp gvMCic3ocWTbqiVQGWgoC7+q3uYp18JGbAfqE4gL3d79FnpgEP86Im/r1oop55zuNHd3Bl3Z WNDk06rsAEcia9V9MPOA5Ge7r5NkX9BSjHNnmfZXHqC60DUki92qLK3A== Received: from mail-qt1-f199.google.com ([209.85.160.199]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:26 -0500 Received: by mail-qt1-f199.google.com with SMTP id bz17-20020a05622a1e9100b003b9c1013018so4739954qtb.18 for ; Sat, 04 Feb 2023 20:30:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=azWDX557QsD/UuRYVwT2M3/baGp+kYjabcZ5fZ1uEaE=; b=jd4CdsS6ObFRKGHDoHGq3gjbapk92Qazs8nOhHZQJBY//6pUD/jMdh/nqAaLGg3sc5 1S8tTS6ZqqzHHuJ2rcNHOJJRseDPIcsfW3e8MyXC3IG6r1KDxkkbEoSR42UGlvWXAQlI tV07QJKpEC+5y7bacs3eq3N+wfTchp/I/ehjj1tHW3dxcKfjhsYIJxU5wRGw4ZyXMoIt 0yn1n3IrMRbK+AOcISNLQA8UnJHlOdHD5rFmndIi2uAdCz7uq/Pnvf83nNAO/Xgc7lbj 1il7EgvzjeenS74ZeK/Bps/btrFJ2CZ/I1rS4kiPnUQgIxZyppai3RkwiGJSr7/TgR60 5a+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=azWDX557QsD/UuRYVwT2M3/baGp+kYjabcZ5fZ1uEaE=; b=5gBzKKklk4YqwYsepXyR5syY/zUp2MMc2HmsgpIsBIOVd3LER75cl64+Oz8wXkfhfW +DGg0j4m77VPencJPxUL+AZWacb5Nl1AYUlJycJQklndftYwiMDVVfGX69nzy45+pisi 2Q5dzH0WJjA0yF+47Cb/txn41m3T9rzwm8lZlAEWeImdvu7zsknmmU6bN9LZa/froow6 muWcV963awAh7a0UlsdSrboi32pMIqv6dQtToMZA6Tc9QJVcDU4oxxFeZe8rMmnJ37Zo jmA2ClHXE68Lm/uokeP0Ol6vm86nqfAe6XtYvv8DwTMpYFZMvlinc7LlLzgKtlyIOSOT hQ4w== X-Gm-Message-State: AO0yUKWHZhimNezqn3voq8pWWZW5f7OF2QXgQ7owL/bUM6oc3xgVBrjy jek3lBoMy9Wxh1CY8ffHglS7B459KugGf8zjxJK49k3trHQQjTJd2VObXggx9lhdkQ41nMIVb1B IP3vAsHs+92l4Xkd5n+E+5Ef2da5i6A== X-Received: by 2002:ac8:7fc6:0:b0:3b9:a589:e7f4 with SMTP id b6-20020ac87fc6000000b003b9a589e7f4mr29809003qtk.64.1675571425248; Sat, 04 Feb 2023 20:30:25 -0800 (PST) X-Google-Smtp-Source: AK7set+o6sP5mzmfrVuyzUxYKYdJ7SPJgFR6hnRQC/XQ38Gvd8MD9YYx4Y7RDWX91X7hQsDqaVe99Q== X-Received: by 2002:ac8:7fc6:0:b0:3b9:a589:e7f4 with SMTP id b6-20020ac87fc6000000b003b9a589e7f4mr29808987qtk.64.1675571424985; Sat, 04 Feb 2023 20:30:24 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id i9-20020a05620a0a0900b0071d0f1d01easm4827875qka.57.2023.02.04.20.30.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:24 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PATCH 08/10] fuzz/i440fx: remove fork-based fuzzer Date: Sat, 4 Feb 2023 23:29:49 -0500 Message-Id: <20230205042951.3570008-9-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.82; envelope-from=alxndr@bu.edu; helo=esa12.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/i440fx_fuzz.c | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c index b17fc725df..5d6a703481 100644 --- a/tests/qtest/fuzz/i440fx_fuzz.c +++ b/tests/qtest/fuzz/i440fx_fuzz.c @@ -18,7 +18,6 @@ #include "tests/qtest/libqos/pci-pc.h" #include "fuzz.h" #include "qos_fuzz.h" -#include "fork_fuzz.h" #define I440FX_PCI_HOST_BRIDGE_CFG 0xcf8 @@ -89,6 +88,7 @@ static void i440fx_fuzz_qtest(QTestState *s, size_t Size) { ioport_fuzz_qtest(s, Data, Size); + fuzz_reboot(s); } static void pciconfig_fuzz_qos(QTestState *s, QPCIBus *bus, @@ -145,17 +145,6 @@ static void i440fx_fuzz_qos(QTestState *s, pciconfig_fuzz_qos(s, bus, Data, Size); } -static void i440fx_fuzz_qos_fork(QTestState *s, - const unsigned char *Data, size_t Size) { - if (fork() == 0) { - i440fx_fuzz_qos(s, Data, Size); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } -} - static const char *i440fx_qtest_argv = TARGET_NAME " -machine accel=qtest" " -m 0 -display none"; static GString *i440fx_argv(FuzzTarget *t) @@ -163,10 +152,6 @@ static GString *i440fx_argv(FuzzTarget *t) return g_string_new(i440fx_qtest_argv); } -static void fork_init(void) -{ - counter_shm_init(); -} static void register_pci_fuzz_targets(void) { @@ -178,16 +163,6 @@ static void register_pci_fuzz_targets(void) .get_init_cmdline = i440fx_argv, .fuzz = i440fx_fuzz_qtest}); - /* Uses libqos and forks to prevent state leakage */ - fuzz_add_qos_target(&(FuzzTarget){ - .name = "i440fx-qos-fork-fuzz", - .description = "Fuzz the i440fx using raw qtest commands and " - "rebooting after each run", - .pre_vm_init = &fork_init, - .fuzz = i440fx_fuzz_qos_fork,}, - "i440FX-pcihost", - &(QOSGraphTestOptions){} - ); /* * Uses libqos. Doesn't do anything to reset state. Note that if we were to From patchwork Sun Feb 5 04:29:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128965 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 543C3C64ED6 for ; Sun, 5 Feb 2023 04:31:24 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWgG-0007pA-26; Sat, 04 Feb 2023 23:31:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfh-0007Ft-BH for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:59 -0500 Received: from esa10.hc2706-39.iphmx.com ([216.71.140.198]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWff-0006Cv-AU for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:33 -0500 X-IronPort-RemoteIP: 209.85.160.197 X-IronPort-MID: 258034602 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:G+B8DaqTnZYO5pv3YOOuOP+jCwleBmKmZxIvgKrLsJaIsI4StFCzt garIBmOMvuIajf3eNgiPdy+o0wC75DRn9ZjSwdq+SwxRi8U9ZacVYWSI3mrAy7DdceroGCLT ik9hnssCOhuExcwcz/0auCJQUFUjP3OHfykTbaeYUidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+UwHUMja4mtC5QRkPawT5zcyqlFOZH4hDfDpR5fHatQMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+AsBOsDAbzsAB+v9T2M4nVKtio27hc+ada Tl6ncfYpQ8BZsUgkQmGOvVSO3gW0aZuodcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw3cxdAjhJ8 9UjGRsCUjenuf+rxuznc7w57igjBJGD0II3v3hhyXTAEa9jT8mSHOPF4thX2Dp2jcdLdRrcT 5BBOHw/MVKZPUUJYwZIYH49tL7Aan3XejlIrl6PjaAqpWXf0WSd1ZC3bYqNIYDUHZ89ckCwo FDH1VroLSgmEPOE0ibV2E68l97sgnauMG4VPPjinhJwu3WKy2kOTREbS1a/if++jEG4RpRYM UN8x8Y1ha079UjuV8WkGhPh8SHCsRkbVN5dVeY97Wlh15bp3upQPUBcJhYpVTDsnJVeqeACv rNRo+7UOA== IronPort-HdrOrdr: A9a23:rfkfdKiNE4n5ecdjXqw67W2KfHBQXgwji2hC6mlwRA09TyVXrb HLoB19726JtN91YhsdcL+7Sc+9qB/nhPxICMwqTMyftWrdyRaVxf9ZnPLfKlTbckWUh41gPO VbAtJD4bXLbWSS5vyKhzVQfexQpeWvweSDqd2b4U1QbTxHXYld0iYRMHflLqS0fmV77FgCea Z0KvAom9PZQwVuUi1zPBZlY9T+ Received: from mail-qt1-f197.google.com ([209.85.160.197]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:29 -0500 Received: by mail-qt1-f197.google.com with SMTP id x16-20020ac87ed0000000b003b82d873b38so4783733qtj.13 for ; Sat, 04 Feb 2023 20:30:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ewj7M9sqjTCbTF0bz2zaf1ICIcV0jsSfSPuK/XQxJmU=; b=SXHoXWEH7VjqTCSIzG/E/VZjTW8tg8QaZiTv5hEgHkhE0+cq7/aey6IpuyFr+6uqSs WXdqVeZnIP/tZHqDpglJwcUkbOsjbPIUjU7IRAneS4Aquj7hWzHfp8kpcNSXfIdO9voH f8SOB3ATEeX5uLbHZdB3rX6hT+9byFJkAMv8wsZAV9XeYqkHC1G1FUYavAQTyNl3e54b uPGeKj90YdSgAu7j5xern1uqBs3Kw+GYMdtFGwtPvSYanRKPTp8+FXqnlT3ouh+PPJz6 Bgc4XbRaT/creop1Bxv61cC5F7FUdv4BGaZL/dJrg+qyOLpjwc7bc0K4JT8BslNCabdE lXRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ewj7M9sqjTCbTF0bz2zaf1ICIcV0jsSfSPuK/XQxJmU=; b=uaBJof9S54Xc6xt5z7fs+X52ATWMxVMGEF+Pdrkx56IwS/iBE3f3KyJX+SROnia2kr EdXwYvp9TzlwdgI+PjL09UfdkT3gJNDIVfNcBxMTMSb0CREILGMAm6kKjkrtsgLrwAWP FCgZorOWldIIUURdDYPMtKWfRr5qq4z8pM11EK7RQxyvvaq4iOzEitGD2mgVfAxEI+Zp uC9l2PsoEa4ihxqx8yDtTPjG/aC7pSJN8c/XDYYRceelNlelOTZRaoyh5qC9IF8afnST fOCtwXknezaN2U4BesxEKw8KVw4Ll25PQbJrxFs23k3gqJg2ozKVHkleWAwQ1ipBa6De 5Q1Q== X-Gm-Message-State: AO0yUKWaEIruzxcOB1QXowh8wpDCZV9Y60OmKTQrV4p+qRKCUndmgUk3 0SbHU8/GuNFYwTs1BVV4hmM47Q9fHgimD3dmqezxMuwJWzaOMdUMlhr3gDNXe5AdmB/dAaX0xY4 Tx3Pfn7mTsfdEnJECwd4A+ijyTAygSA== X-Received: by 2002:a05:622a:cc:b0:3b8:2c34:b9f2 with SMTP id p12-20020a05622a00cc00b003b82c34b9f2mr24493526qtw.63.1675571428803; Sat, 04 Feb 2023 20:30:28 -0800 (PST) X-Google-Smtp-Source: AK7set9OIIBUSYxSpcQd5yoBOp4cxj8jV/R9QqNAG7vWS6JqhzNwPiE1z9YJ6AwNb2cuMefaCYTH0g== X-Received: by 2002:a05:622a:cc:b0:3b8:2c34:b9f2 with SMTP id p12-20020a05622a00cc00b003b82c34b9f2mr24493497qtw.63.1675571428493; Sat, 04 Feb 2023 20:30:28 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id d23-20020ac800d7000000b003b8238114d9sm4686096qtg.12.2023.02.04.20.30.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:28 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Thomas Huth , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Qiuhao Li , Laurent Vivier Subject: [PATCH 09/10] fuzz: remove fork-fuzzing scaffolding Date: Sat, 4 Feb 2023 23:29:50 -0500 Message-Id: <20230205042951.3570008-10-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.140.198; envelope-from=alxndr@bu.edu; helo=esa10.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Fork-fuzzing provides a few pros, but our implementation prevents us from using fuzzers other than libFuzzer, and may be causing issues such as coverage-failure builds on OSS-Fuzz. It is not a great long-term solution as it depends on internal implementation details of libFuzzer (which is no longer in active development). Remove it in favor of other methods of resetting state between inputs. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- meson.build | 4 --- tests/qtest/fuzz/fork_fuzz.c | 41 ------------------------- tests/qtest/fuzz/fork_fuzz.h | 23 -------------- tests/qtest/fuzz/fork_fuzz.ld | 56 ----------------------------------- tests/qtest/fuzz/meson.build | 6 ++-- 5 files changed, 3 insertions(+), 127 deletions(-) delete mode 100644 tests/qtest/fuzz/fork_fuzz.c delete mode 100644 tests/qtest/fuzz/fork_fuzz.h delete mode 100644 tests/qtest/fuzz/fork_fuzz.ld diff --git a/meson.build b/meson.build index 6d3b665629..8be27c2408 100644 --- a/meson.build +++ b/meson.build @@ -215,10 +215,6 @@ endif # Specify linker-script with add_project_link_arguments so that it is not placed # within a linker --start-group/--end-group pair if get_option('fuzzing') - add_project_link_arguments(['-Wl,-T,', - (meson.current_source_dir() / 'tests/qtest/fuzz/fork_fuzz.ld')], - native: false, language: all_languages) - # Specify a filter to only instrument code that is directly related to # virtual-devices. configure_file(output: 'instrumentation-filter', diff --git a/tests/qtest/fuzz/fork_fuzz.c b/tests/qtest/fuzz/fork_fuzz.c deleted file mode 100644 index 6ffb2a7937..0000000000 --- a/tests/qtest/fuzz/fork_fuzz.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Fork-based fuzzing helpers - * - * Copyright Red Hat Inc., 2019 - * - * Authors: - * Alexander Bulekov - * - * This work is licensed under the terms of the GNU GPL, version 2 or later. - * See the COPYING file in the top-level directory. - * - */ - -#include "qemu/osdep.h" -#include "fork_fuzz.h" - - -void counter_shm_init(void) -{ - /* Copy what's in the counter region to a temporary buffer.. */ - void *copy = malloc(&__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START); - memcpy(copy, - &__FUZZ_COUNTERS_START, - &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START); - - /* Map a shared region over the counter region */ - if (mmap(&__FUZZ_COUNTERS_START, - &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START, - PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED | MAP_ANONYMOUS, - 0, 0) == MAP_FAILED) { - perror("Error: "); - exit(1); - } - - /* Copy the original data back to the counter-region */ - memcpy(&__FUZZ_COUNTERS_START, copy, - &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START); - free(copy); -} - - diff --git a/tests/qtest/fuzz/fork_fuzz.h b/tests/qtest/fuzz/fork_fuzz.h deleted file mode 100644 index 9ecb8b58ef..0000000000 --- a/tests/qtest/fuzz/fork_fuzz.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Fork-based fuzzing helpers - * - * Copyright Red Hat Inc., 2019 - * - * Authors: - * Alexander Bulekov - * - * This work is licensed under the terms of the GNU GPL, version 2 or later. - * See the COPYING file in the top-level directory. - * - */ - -#ifndef FORK_FUZZ_H -#define FORK_FUZZ_H - -extern uint8_t __FUZZ_COUNTERS_START; -extern uint8_t __FUZZ_COUNTERS_END; - -void counter_shm_init(void); - -#endif - diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld deleted file mode 100644 index cfb88b7fdb..0000000000 --- a/tests/qtest/fuzz/fork_fuzz.ld +++ /dev/null @@ -1,56 +0,0 @@ -/* - * We adjust linker script modification to place all of the stuff that needs to - * persist across fuzzing runs into a contiguous section of memory. Then, it is - * easy to re-map the counter-related memory as shared. - */ - -SECTIONS -{ - .data.fuzz_start : ALIGN(4K) - { - __FUZZ_COUNTERS_START = .; - __start___sancov_cntrs = .; - *(_*sancov_cntrs); - __stop___sancov_cntrs = .; - - /* Lowest stack counter */ - *(__sancov_lowest_stack); - } -} -INSERT AFTER .data; - -SECTIONS -{ - .data.fuzz_ordered : - { - /* - * Coverage counters. They're not necessary for fuzzing, but are useful - * for analyzing the fuzzing performance - */ - __start___llvm_prf_cnts = .; - *(*llvm_prf_cnts); - __stop___llvm_prf_cnts = .; - - /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */ - FuzzerTracePC*(.bss*); - /* - * In case the above line fails, explicitly specify the (mangled) name of - * the object we care about - */ - *(.bss._ZN6fuzzer3TPCE); - } -} -INSERT AFTER .data.fuzz_start; - -SECTIONS -{ - .data.fuzz_end : ALIGN(4K) - { - __FUZZ_COUNTERS_END = .; - } -} -/* - * Don't overwrite the SECTIONS in the default linker script. Instead insert the - * above into the default script - */ -INSERT AFTER .data.fuzz_ordered; diff --git a/tests/qtest/fuzz/meson.build b/tests/qtest/fuzz/meson.build index 189901d4a2..4d10b47b8f 100644 --- a/tests/qtest/fuzz/meson.build +++ b/tests/qtest/fuzz/meson.build @@ -2,7 +2,7 @@ if not get_option('fuzzing') subdir_done() endif -specific_fuzz_ss.add(files('fuzz.c', 'fork_fuzz.c', 'qos_fuzz.c', +specific_fuzz_ss.add(files('fuzz.c', 'qos_fuzz.c', 'qtest_wrappers.c'), qos) # Targets @@ -12,7 +12,7 @@ specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_SCSI', if_true: files('virtio_scsi_fuz specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_BLK', if_true: files('virtio_blk_fuzz.c')) specific_fuzz_ss.add(files('generic_fuzz.c')) -fork_fuzz = declare_dependency( +fuzz_ld = declare_dependency( link_args: fuzz_exe_ldflags + ['-Wl,-wrap,qtest_inb', '-Wl,-wrap,qtest_inw', @@ -35,4 +35,4 @@ fork_fuzz = declare_dependency( '-Wl,-wrap,qtest_memset'] ) -specific_fuzz_ss.add(fork_fuzz) +specific_fuzz_ss.add(fuzz_ld) From patchwork Sun Feb 5 04:29:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13128971 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 38160C636CC for ; Sun, 5 Feb 2023 04:31:56 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pOWgE-0007YE-2a; Sat, 04 Feb 2023 23:31:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfl-0007G3-JD for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:59 -0500 Received: from esa4.hc2706-39.iphmx.com ([216.71.146.118]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pOWfj-0006DL-DU for qemu-devel@nongnu.org; Sat, 04 Feb 2023 23:30:36 -0500 X-IronPort-RemoteIP: 209.85.222.197 X-IronPort-MID: 255542418 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:mi13jKkBZVx9EhtzBnCQVVbo5gw/JERdPkR7XQ2eYbSJt1+Wr1Gzt xIXDzrQOPmDamTyc40jaYy29UhT65SEz4VgQFM/rnw0Fy4T+ZvOCOrCEkqhZCn6wu8v7a5EA 2fyTvGacajYm1eF/k/F3oDJ9CU6jufQA+KmU4YoAwgpLSd8UiAtlBl/rOAwh49skLCRDhiE/ Nj/uKUzAnf8s9JPGj9Suv3rRC9H5qyo42tC5gBmPpingXeF/5UrJMNHTU2OByagKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0xK6aYD76vRxjnVaPpIACRYpQRw/ZwNlPjxG4 I4lWZSYEW/FN0BX8QgXe0Aw/ypWZMWq9FJbSJQWXAP6I0DuKhPRL/tS4E4eDNZC++0vLUB13 t82KylcahKNt+Ok3+fuIgVsrpxLwMjDOYoevjR5zmicA693HtbMRKLF4dIe1zA17ixMNayGN oxJNHw1Nk6GOkwQUrsUIMtWcOOAj33vdTFCgFiI46c7/gA/ySQrjeWwbICJI4ziqcN9xl/fv 2bfwkfCKy4eKdyjzzO63DXzibqa9c/8cMdIfFGizdZzjViOg2AeFhASfV28p/a/lwi5Qd03F qAP0i8nrKx37U/yC9ekDkL+r3mDsRoRHdFXFoXW9T2w90Yd2C7BbkBsc9KLQIVOWBMeLdDy6 mK0og== IronPort-HdrOrdr: A9a23:x5QQBKog9kcIv7NnJkJN1hQaV5r9eYIsimQD101hICG9vPbo8/ xG+85rqSMc7Qx6ZJhOo6HnBEDtewK/yXcx2/hrAV7AZniahILXFvAa0WKK+VSJcFycygce79 YbT0EXMr3N5DNB/KHHCWeDYrMd6ejC2oyTwcnl81dRYTdDV5xAhj0JdTpz0XcbeOCFP/cE/V aniPav3wDQAUj/p/7VZ0U4Yw== Received: from mail-qk1-f197.google.com ([209.85.222.197]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 04 Feb 2023 23:30:33 -0500 Received: by mail-qk1-f197.google.com with SMTP id h13-20020a05620a244d00b006fb713618b8so5947000qkn.0 for ; Sat, 04 Feb 2023 20:30:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JPLwRp0eM/LFolqH3GE0hF96aOq+D5Pu3Y0AZre9qhI=; b=LUiC6esaIUqXC/Cl8vei0QbmEDvR+9LIPJU0o3eNR2SJVtpEDjJbBhFp0MHW2xrbny MKcBWwSWE1rEXR+Nw99RdpdxuIQr+gEqQHT1CosaCcZFp85wDE/8KFBz5LXM/R09yEq0 t/aLh90dpjIvNmmlWdRyIcXzmcfslZWvViVmifMzHtJcS7WkuYnI1qC4opnVcyojMI/J qQxkw9NKGNKgghClSQ5vlz4Od71dMgLk7HC5klJk2cDUIS+/NIdISUD85CP4zJTFtIyj kE8ydcQbQsdk5z7gjCczABPHv1wDdmxInmr8F1IgdeMGw13O0R0IGfohRcp8Jevy+J94 uuLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JPLwRp0eM/LFolqH3GE0hF96aOq+D5Pu3Y0AZre9qhI=; b=Ni24iyOBYB8TtjUyW7r396Y7GadY31SqZDaDTPO+MnM0ew8ff0mtdlc3Fs6mx6YdhE AefPVG23xSYIdnzQn4OZbLad/SXLtnPwbtFgMh+MA+V8+wUX82oTqjX8aN2MhY2SIP+i Wjti8OHUuiPMNdi8DwPhoFyJncIYMvVfcTRkZpHrMjgB+twNB0gnf0jdGwoWRBJub0C5 jGpJgfmBlil4W6Q2L2M9qrk4go30yLuHH6Zn8KE6NL3RvlG4wuAKoZZWJOTlmKItyQf3 2nCvpWldwvxyG9U6aASg6isJTcyN34ROp54cvif8kGJ5uJ28D3Sly9Twu2uxMGftZ7o2 /tHg== X-Gm-Message-State: AO0yUKXkZ3DlSUQsVqt+03zi0+vldiiKMHAM2nADfmjYm/tq1W/wi3IF +Vf8oTmbo33wS+vaUsBNi0VU4Y7zvGU8fq9/O5TGAXoAnc2UTd5wID5SgUVgsL4TjOb7ZqlHEBv zRlvluUKAgx7FF/iuszNkU7EvNwf9EA== X-Received: by 2002:a05:622a:413:b0:3b8:6ae9:b10d with SMTP id n19-20020a05622a041300b003b86ae9b10dmr28973503qtx.2.1675571432030; Sat, 04 Feb 2023 20:30:32 -0800 (PST) X-Google-Smtp-Source: AK7set8kVWTqmQ1LV8Yi++F9p4rthtuvQFKMeS33YnlSIenbeuojMDRbMDMvJed2KNuOGnt4Ko53IQ== X-Received: by 2002:a05:622a:413:b0:3b8:6ae9:b10d with SMTP id n19-20020a05622a041300b003b86ae9b10dmr28973483qtx.2.1675571431754; Sat, 04 Feb 2023 20:30:31 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id y21-20020a05622a005500b003b9bb59543fsm4757218qtw.61.2023.02.04.20.30.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Feb 2023 20:30:31 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: Alexander Bulekov , Stefan Hajnoczi , Bandan Das , Darren Kenny , Paolo Bonzini , Thomas Huth , Qiuhao Li Subject: [PATCH 10/10] docs/fuzz: remove mentions of fork-based fuzzing Date: Sat, 4 Feb 2023 23:29:51 -0500 Message-Id: <20230205042951.3570008-11-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230205042951.3570008-1-alxndr@bu.edu> References: <20230205042951.3570008-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.146.118; envelope-from=alxndr@bu.edu; helo=esa4.hc2706-39.iphmx.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- docs/devel/fuzzing.rst | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst index 715330c856..3bfcb33fc4 100644 --- a/docs/devel/fuzzing.rst +++ b/docs/devel/fuzzing.rst @@ -19,11 +19,6 @@ responsibility to ensure that state is reset between fuzzing-runs. Building the fuzzers -------------------- -*NOTE*: If possible, build a 32-bit binary. When forking, the 32-bit fuzzer is -much faster, since the page-map has a smaller size. This is due to the fact that -AddressSanitizer maps ~20TB of memory, as part of its detection. This results -in a large page-map, and a much slower ``fork()``. - To build the fuzzers, install a recent version of clang: Configure with (substitute the clang binaries with the version you installed). Here, enable-sanitizers, is optional but it allows us to reliably detect bugs @@ -296,10 +291,9 @@ input. It is also responsible for manually calling ``main_loop_wait`` to ensure that bottom halves are executed and any cleanup required before the next input. Since the same process is reused for many fuzzing runs, QEMU state needs to -be reset at the end of each run. There are currently two implemented -options for resetting state: +be reset at the end of each run. For example, this can be done by rebooting the +VM, after each run. -- Reboot the guest between runs. - *Pros*: Straightforward and fast for simple fuzz targets. - *Cons*: Depending on the device, does not reset all device state. If the @@ -308,15 +302,3 @@ options for resetting state: reboot. - *Example target*: ``i440fx-qtest-reboot-fuzz`` - -- Run each test case in a separate forked process and copy the coverage - information back to the parent. This is fairly similar to AFL's "deferred" - fork-server mode [3] - - - *Pros*: Relatively fast. Devices only need to be initialized once. No need to - do slow reboots or vmloads. - - - *Cons*: Not officially supported by libfuzzer. Does not work well for - devices that rely on dedicated threads. - - - *Example target*: ``virtio-net-fork-fuzz``