[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-discuss] Test device driver of new machine in qemu by syzkalle
Re: [Qemu-discuss] Test device driver of new machine in qemu by syzkaller
Thu, 12 Jan 2017 10:50:59 +0000
On 12 January 2017 at 05:50, 韩雨哲 <address@hidden> wrote:
> Thanks for your reply!
> I have found that qemu uses tcg to translate target code.
> Now my problem is that I only want to fuzz test the syscalls to cover logic
> and process in the driver code, but I don't care what the device returns or
> even if the device exists. And then with qemu I can run the tests
> distributed in a server cluster or cloud.
> Can I run into the driver without emulate the device strictly? What can I do
> to emulate the devices as simple as possible?
If the device doesn't exist then the device driver will refuse
to start, so you won't be able to do anything useful with
fuzzing it. If the device exists but is not accurately
emulated then the driver will not behave as it ought to
(for instance it might just hang, or it might fail every
request), and fuzzing will not be very useful. You would
do better to run this fuzzing on real ARM64 hardware, which
will also be much faster than using QEMU's emulation.