[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] fuzz: Add more i386 configurations for fuzzing
|
From: |
Alexander Bulekov |
|
Subject: |
[PATCH] fuzz: Add more i386 configurations for fuzzing |
|
Date: |
Mon, 23 Nov 2020 13:43:52 -0500 |
This adds configurations for fuzzing the following devices on oss-fuzz:
* vmxnet3
CC: Dmitry Fleytman <dmitry.fleytman@gmail.com>
* ne2k
* pcnet
* rtl8139
CC: Jason Wang <jasowang@redhat.com>
* eepro100
CC: Stefan Weil <sw@weilnetz.de>
* sdhci
CC: Philippe Mathieu-Daudé <f4bug@amsat.org>
* ehci
* ohci
* ac97
* cs4231a
* es1370
* sb16
CC: Gerd Hoffmann <kraxel@redhat.com>
* megasas
CC: Hannes Reinecke <hare@suse.com>
* parallel
CC: Michael S. Tsirkin <mst@redhat.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
---
Hello,
If you are CC-ed on this email, this patch will likely enable continuous
fuzzing for a device that you are listed under in MAINTAINERS. If this is
accepted, these devices will be continuously fuzzed over their PCI, PIO,
MMIO and DMA interfaces. The fuzzer will start qemu with the arguments
specified by ".args" and we will use the globs specified under
".objects" to match the Object/MemoryRegion names that we should fuzz.
The fuzzer will find and report issues such as memory-corruptions and
aborts. For now, I am manually reproducing each issue and opening a
bug-report with a qtest-based reproducer, so the process is still quite
flexible.
The current code-coverage achieved by fuzzing using the
existing-configurations is available here:
https://storage.googleapis.com/oss-fuzz-coverage/qemu/reports/20201122/linux/src/qemu/hw/report.html
I am slowly trying to fill in the blanks.
I have little context for how useful these configurations are for
fuzzing. I appreciate if you can Ack/Nack them or provide feedback if
the devices should be configured differently. Of course, if you think
we should be fuzzing some additional device configurations, you can also
submit a patch adding the necessary lines to this generic_fuzz_configs.h
file.
Thanks
-Alex
tests/qtest/fuzz/generic_fuzz_configs.h | 80 +++++++++++++++++++++++++
1 file changed, 80 insertions(+)
diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h
b/tests/qtest/fuzz/generic_fuzz_configs.h
index c4d925f9e6..0b1fe0f836 100644
--- a/tests/qtest/fuzz/generic_fuzz_configs.h
+++ b/tests/qtest/fuzz/generic_fuzz_configs.h
@@ -115,6 +115,86 @@ const generic_fuzz_config predefined_configs[] = {
.name = "pc-q35",
.args = "-machine q35",
.objects = "*",
+ },{
+ .name = "vmxnet3",
+ .args = "-machine q35 -nodefaults "
+ "-device vmxnet3,netdev=net0 -netdev user,id=net0",
+ .objects = "vmxnet3"
+ },{
+ .name = "ne2k_pci",
+ .args = "-machine q35 -nodefaults "
+ "-device ne2k_pci,netdev=net0 -netdev user,id=net0",
+ .objects = "ne2k*"
+ },{
+ .name = "pcnet",
+ .args = "-machine q35 -nodefaults "
+ "-device pcnet,netdev=net0 -netdev user,id=net0",
+ .objects = "pcnet"
+ },{
+ .name = "rtl8139",
+ .args = "-machine q35 -nodefaults "
+ "-device rtl8139,netdev=net0 -netdev user,id=net0",
+ .objects = "rtl8139"
+ },{
+ .name = "i82550",
+ .args = "-machine q35 -nodefaults "
+ "-device i82550,netdev=net0 -netdev user,id=net0",
+ .objects = "eepro*"
+ },{
+ .name = "sdhci-v3",
+ .args = "-nodefaults -device sdhci-pci,sd-spec-version=3 "
+ "-device sd-card,drive=mydrive "
+ "-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive
-nographic",
+ .objects = "sd*"
+ },{
+ .name = "ehci",
+ .args = "-machine q35 -nodefaults "
+ "-device ich9-usb-ehci1,bus=pcie.0,addr=1d.7,"
+ "multifunction=on,id=ich9-ehci-1 "
+ "-device ich9-usb-uhci1,bus=pcie.0,addr=1d.0,"
+ "multifunction=on,masterbus=ich9-ehci-1.0,firstport=0 "
+ "-device ich9-usb-uhci2,bus=pcie.0,addr=1d.1,"
+ "multifunction=on,masterbus=ich9-ehci-1.0,firstport=2 "
+ "-device ich9-usb-uhci3,bus=pcie.0,addr=1d.2,"
+ "multifunction=on,masterbus=ich9-ehci-1.0,firstport=4 "
+ "-drive if=none,id=usbcdrom,media=cdrom "
+ "-device usb-tablet,bus=ich9-ehci-1.0,port=1,usb_version=1 "
+ "-device usb-storage,bus=ich9-ehci-1.0,port=2,drive=usbcdrom",
+ .objects = "*usb* *hci*",
+ },{
+ .name = "ohci",
+ .args = "-machine q35 -nodefaults -device pci-ohci -device usb-kbd",
+ .objects = "*usb* *ohci*",
+ },{
+ .name = "megaraid",
+ .args = "-machine q35 -nodefaults -device megasas -device
scsi-cd,drive=null0 "
+ "-blockdev driver=null-co,read-zeroes=on,node-name=null0",
+ .objects = "megasas*",
+ },{
+ .name = "ac97",
+ .args = "-machine q35 -nodefaults "
+ "-device ac97,audiodev=snd0 -audiodev none,id=snd0 -nodefaults",
+ .objects = "ac97*",
+ },{
+ .name = "cs4231a",
+ .args = "-machine q35 -nodefaults "
+ "-device cs4231a,audiodev=snd0 -audiodev none,id=snd0 -nodefaults",
+ .objects = "cs4231a* i8257*",
+ },{
+ .name = "es1370",
+ .args = "-machine q35 -nodefaults "
+ "-device es1370,audiodev=snd0 -audiodev none,id=snd0 -nodefaults",
+ .objects = "es1370*",
+ },{
+ .name = "sb16",
+ .args = "-machine q35 -nodefaults "
+ "-device sb16,audiodev=snd0 -audiodev none,id=snd0 -nodefaults",
+ .objects = "sb16* i8257*",
+ },{
+ .name = "parallel",
+ .args = "-machine q35 -nodefaults "
+ "-parallel file:/dev/null",
+ .objects = "parallel*",
}
};
--
2.28.0
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] fuzz: Add more i386 configurations for fuzzing,
Alexander Bulekov <=