[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 19/20] fuzz: add virtio-net fuzz target
From: |
Stefan Hajnoczi |
Subject: |
Re: [PATCH v4 19/20] fuzz: add virtio-net fuzz target |
Date: |
Thu, 7 Nov 2019 16:41:33 +0100 |
On Thu, Nov 7, 2019 at 2:44 PM Jason Wang <address@hidden> wrote:
> On 2019/10/30 下午10:50, Oleinik, Alexander wrote:
> > From: Alexander Oleinik <address@hidden>
> >
> > The virtio-net fuzz target feeds inputs to all three virtio-net
> > virtqueues, and uses forking to avoid leaking state between fuzz runs.
> >
> > Signed-off-by: Alexander Oleinik <address@hidden>
>
>
> Can this fuzz vhost-net or vhost-user (I only see socket backend)? If
> it's not too hard, it would be even more interesting.
Fuzzing vhost devices would be awesome but this patch series does not do that.
libfuzzer uses coverage-guided fuzzing. It needs to instrument the
code. vhost kernel modules or external vhost-user processes aren't
instrumented so the fuzzing engine has no code instrumentation
feedback.
It should be possible to solve those problems eventually. You could
also run it as-is, but the fuzzer wouldn't make intelligent decisions
about mutating input data to explore new code paths in vhost kernel
modules.
Stefan