[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] new snapshot/restore mechanism for fuzzing
From: |
Richard Liu |
Subject: |
[PATCH] new snapshot/restore mechanism for fuzzing |
Date: |
Sun, 19 Jun 2022 23:55:27 -0700 |
- create a document outlining specifications for a virtual device to
manage snapshot/restore mechanism for fuzzing
Signed-off-by: Richard Liu <richy.liu.2002@gmail.com>
---
docs/devel/snapshot.rst | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644 docs/devel/snapshot.rst
diff --git a/docs/devel/snapshot.rst b/docs/devel/snapshot.rst
new file mode 100644
index 0000000000..a333de69b6
--- /dev/null
+++ b/docs/devel/snapshot.rst
@@ -0,0 +1,26 @@
+================
+Snapshot/restore
+================
+
+The ability to rapidly snapshot and restore guest VM state is a
+crucial component of fuzzing applications with QEMU. A special virtual
+device can be used by fuzzers to interface with snapshot/restores
+commands in QEMU. The virtual device should have the following
+commands supported that can be called by the guest:
+
+- snapshot: save a copy of the guest VM memory, registers, and virtual
+ device state
+- restore: restore the saved copy of guest VM state
+- coverage_location: given a location in guest memory, specifying
+ where the coverage data is to be passed to the fuzzer
+- input_location: specify where in the guest memory the fuzzing input
+ should be stored
+- done: indicates whether or not the run succeeded and that the
+ coverage data has been populated
+
+The first version of the virtual device will only accept snapshot and
+restore commands from the guest. Coverage data will be collected by
+code on the guest with source-based coverage tracking.
+
+Further expansions could include controlling the snapshot/restore from
+host and gathering code coverage information directly from TCG.
--
2.35.1
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] new snapshot/restore mechanism for fuzzing,
Richard Liu <=