From patchwork Fri Feb 17 04:08:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144302 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 182E8C05027 for ; Fri, 17 Feb 2023 04:10:33 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs3x-0000g9-8U; Thu, 16 Feb 2023 23:09:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs3w-0000fj-Is for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:32 -0500 Received: from esa12.hc2706-39.iphmx.com ([216.71.137.82]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs3t-00017Y-Hl for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:32 -0500 X-IronPort-RemoteIP: 209.85.222.198 X-IronPort-MID: 259423657 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:V3VmUKuw/gRi3GKWDK06MIr7KefnVOhcMUV32f8akzHdYApBsoF/q tZmKT+AbPqOZjOkedF+Ydi39hhXsMDUnIdrHAVqqn01ES0a9ZOVVN+UEBzMMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliefTAOK6ULWeUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS93uDgNyo4GlD5gZnO6gQ1LPjvyJ94Kw3dPnZw0TQH9E88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IPM0SQqkEqSh8ai87XAMEhhXJ/0F1lqTzQJ OJl7vRcQS9xVkHFdX90vxNwSkmSNoUfkFPLzOTWXWV+ACQqflO1q8iCAn3aMqUD1cJuA1NC9 cVCCxUJdyuIqMa/3+uSH7wEasQLdKEHPasas3BkiCjaVLMoGMGTBarN4tBc0XE7gcUm8fT2P ZJIL2oyKk6aOVsWawd/5JEWxY9EglH2dy1epEi9r7dx7mTOpOB0+OKwYYaPIYLXGq25mG6lt lKZp1nBKChALZuW5wDZ+Em3q7XmyHaTtIU6UefQGuRRqESew3FWBBAIWF+Tp/6/hUijHdVFJ CQpFjEGqKEz8AmyTYC4UUTp8DiLuRkTX9cWGOo/gO2Q9pfpD8+iLjBsZlZ8hBYO7afamRRCO oe1ou7U IronPort-HdrOrdr: A9a23:RgKHFK6cHmKpZdsc8gPXwFbXdLJyesId70hD6qkRc3Nom6mj/f xG88526faZskd3ZJhYo6H5BEDiex3hHPxOkO0sFI64UAjrsGalN+hZjLcKqgeIcxEWkNQtt5 uIGJIOceEYY2IWse/KpCm+HtotzZ2s9aClgvqb5251JDsaDZ1I3kNYDQuWHkAzbg9AGJY/Cd 6g9tNKzgDQHEg/X4CaAXQIU+WGiPbv/aiHXTc2Qz4h5QWDgHeUytfBYmOlN0clOA9n0PMp+W zdmwz24eGivpiAu3zh61M= Received: from mail-qk1-f198.google.com ([209.85.222.198]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:26 -0500 Received: by mail-qk1-f198.google.com with SMTP id c9-20020a05620a11a900b0072a014ecc4aso2428032qkk.18 for ; Thu, 16 Feb 2023 20:09:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fIzRevXJLYfs+SfsjeJmqdfmNwjNEhZx1/WXfBx6Mlc=; b=I0U5o3HKbbjsjvfT4UBApVnRkJeP7sVmZZcn1A8Qa8tKWmJlVdNYVfjIww+S2yn1oc VZg49nAqeSSBxkweW7xmUXm42HbH2X79paI3dykKPb1KEoboVcwWOEdl8FhK/RdRiPTk eX3bKzPjcEgu0MaB4cdLu1Hwwge0l/ZR72cIyNV01vt3sho5sVFfHH2IfNp3OHsl9U2I /8/Via3ILb5qs/OXtckxA5vakt97o4EyZQpKgagQ2orMMTTqsLiy2b4xbKheZgQauq7U 1jbzPxImakY2QR6cz3q0UagwJqJyjaQgqH2OXme6oE/4V/7vtkOL+QIYJb+0AUZRdIVt NTeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fIzRevXJLYfs+SfsjeJmqdfmNwjNEhZx1/WXfBx6Mlc=; b=pPM5o9ltW5sNQ7/joCwtKlarukIkf37/SdZtHLkuv9C23WazrJT3X962lDihHDYiwx hbLS89Jrkr3o1CnjeL+RfQq6qJ9YSGCfhxbWlj1bEpeVWLwB9daAwjksePrZvJ+VmpYW dSiu/eeJ9h7A9sDw3loz5o+Uyiq7PDaQwHo9Zj/wllKKJndSocUYfAseYSfKwsdf0dxC bieOIIMIpHQoQo57iGF5l2QpjwuLO84kGymmU2T2hID+zvoGt5ipkp8LBsIJ9G1s1W4G 5ZAneUHKuakvDcX098mWLya5BZ7KpMR4Jb2XAXc0lHB/EyWAQQquxn6X0OlPIRQGV8Ae r/Aw== X-Gm-Message-State: AO0yUKUGYHHmdLGqH2XLzjdLuG/ySiUDzTe/NhVkzafgQl7JLx723sgh zFEQg5TEJvegrIAhsflJY+6FOAQa+rPEpl52Pc4GbXibXV4B9r+3iG1XCsj7YvZtzwHu1ofjh4X ETa7LiNs9L4FFI5+Sonmu4+K9DVRrnbPmWM6spA== X-Received: by 2002:ac8:4e84:0:b0:3bd:adc:66cc with SMTP id 4-20020ac84e84000000b003bd0adc66ccmr6678926qtp.66.1676606965809; Thu, 16 Feb 2023 20:09:25 -0800 (PST) X-Google-Smtp-Source: AK7set9xyiJ95wI73mdwIROG8Lz++9rKKhX8kGPDenael4K2Su1/KtEezMm53LCfkHyMxtbwKzhOFQ== X-Received: by 2002:ac8:4e84:0:b0:3bd:adc:66cc with SMTP id 4-20020ac84e84000000b003bd0adc66ccmr6678907qtp.66.1676606965542; Thu, 16 Feb 2023 20:09:25 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id q7-20020ae9dc07000000b0071f40a59fe5sm2468047qkf.127.2023.02.16.20.09.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:25 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , Darren Kenny , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Paolo Bonzini , Bandan Das , Stefan Hajnoczi , Thomas Huth , Qiuhao Li Subject: [PULL 01/10] hw/sparse-mem: clear memory on reset Date: Thu, 16 Feb 2023 23:08:46 -0500 Message-Id: <20230217040855.16873-2-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.82; envelope-from=alxndr@bu.edu; helo=esa12.hc2706-39.iphmx.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org We use sparse-mem for fuzzing. For long-running fuzzing processes, we eventually end up with many allocated sparse-mem pages. To avoid this, clear the allocated pages on system-reset. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Reviewed-by: Philippe Mathieu-Daudé --- hw/mem/sparse-mem.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hw/mem/sparse-mem.c b/hw/mem/sparse-mem.c index e6640eb8e7..72f038d47d 100644 --- a/hw/mem/sparse-mem.c +++ b/hw/mem/sparse-mem.c @@ -77,6 +77,13 @@ static void sparse_mem_write(void *opaque, hwaddr addr, uint64_t v, } +static void sparse_mem_enter_reset(Object *obj, ResetType type) +{ + SparseMemState *s = SPARSE_MEM(obj); + g_hash_table_remove_all(s->mapped); + return; +} + static const MemoryRegionOps sparse_mem_ops = { .read = sparse_mem_read, .write = sparse_mem_write, @@ -123,7 +130,8 @@ static void sparse_mem_realize(DeviceState *dev, Error **errp) assert(s->baseaddr + s->length > s->baseaddr); - s->mapped = g_hash_table_new(NULL, NULL); + s->mapped = g_hash_table_new_full(NULL, NULL, NULL, + (GDestroyNotify)g_free); memory_region_init_io(&s->mmio, OBJECT(s), &sparse_mem_ops, s, "sparse-mem", s->length); sysbus_init_mmio(sbd, &s->mmio); @@ -131,12 +139,15 @@ static void sparse_mem_realize(DeviceState *dev, Error **errp) static void sparse_mem_class_init(ObjectClass *klass, void *data) { + ResettableClass *rc = RESETTABLE_CLASS(klass); DeviceClass *dc = DEVICE_CLASS(klass); device_class_set_props(dc, sparse_mem_properties); dc->desc = "Sparse Memory Device"; dc->realize = sparse_mem_realize; + + rc->phases.enter = sparse_mem_enter_reset; } static const TypeInfo sparse_mem_types[] = { From patchwork Fri Feb 17 04:08:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144300 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id ED1EFC636D4 for ; Fri, 17 Feb 2023 04:10:29 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs40-0000h3-7n; Thu, 16 Feb 2023 23:09:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs3z-0000gt-1d for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:35 -0500 Received: from esa3.hc2706-39.iphmx.com ([68.232.154.118]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs3x-00018A-BS for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:34 -0500 X-IronPort-RemoteIP: 209.85.222.197 X-IronPort-MID: 259143700 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:mmhE16PsNIiaqnzvrR0blcFynXyQoLVcMsEvi/4bfWQNrUpw0GEGz mQaCDzSa/mJMGf1LoxwbYXkpxkA75bTnNFnSQZtpSBmQkwRlceUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vraf656yEnj8lkf5KkYMbcICd9WAR4fykojBNnioYRj5VhxNO0GGthg /uryyHkEALjimEc3l48sfrZ80s15aqq41v0g3RlDRx1lA6G/5UqJM9HTU2BByOQapVZGOe8W 9HCwNmRlo8O105wYj8Nuu+TnnwiG9Y+DyDX4pZlc/HKbix5m8AH+v1T2MzwyKtgo27hc9hZk L2hvHErIOsjFvSkdO81CnG0H8ziVEHvFXCuzXWX6KSuI0P6n3TE7+gxNx01H6Qi2udHJV5Wz fEZIwsjR0XW7w626OrTpuhEg80iKIzyP9patCgxknfWCvEpRZ2FSKLPjTNa9G1o14YeQLCEP ZBfMGswBPjDS0Qn1lM/AZYumuuyrnPiNTBUtTp5oIJtvjmKkFcuiOCF3Nz9c/mzXJtso3Shl FnqxXS6HDcXM+6Exm/Qmp6rrqqV9c/hY6oLGbils/JnnlCX7moUDhIQSB28u/bRt6Klc9dWK khR4yl36KZrpRPtQd76UBm15nWDu3bwRuZtLgHz0ynVooK83upTLjFsouJpADD+iPILeA== IronPort-HdrOrdr: A9a23:VnU3h60bCT15fKQ9KqbnHwqjBIQkLtp133Aq2lEZdPUzSKClfq GV88jzsCWetN9/Yh8dcLy7WZVoOEm9yXct2/hzAV7BZniDhILYFvAB0WKK+VSJcUDDH4VmpM JdmsZFeaTNJGk/ocHm4BSpV/YMqeP3iJxAXN2uqEuFmzsaDZ1d0w== Received: from mail-qk1-f197.google.com ([209.85.222.197]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:29 -0500 Received: by mail-qk1-f197.google.com with SMTP id x17-20020a05620a449100b00731b7a45b7fso2444889qkp.2 for ; Thu, 16 Feb 2023 20:09:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=u0m8IRd5HUAsJwALkkiImpFwlZOeqx0IrYfsdq7gRSE=; b=VP+hspw8te09TndjPqUDcJqdgGgMZ8vn0lYyEHqDV+QAKA0QQ5MXOcmJ4xswg49cIj NKoklJHtaaSh4fb3MmaiYBkf1i0+fFHFpc0tCg54WYow8FTKu9ymUVXqIh2PSl9p/vxS pphJm3O967jpQ0+fQcdnVSI7395km+FoM2pLQ2aPmZgPClV4WONYCDLjRCWUH5zWSMJx wFzuF0a0M19yhREtivm2oPUTvB1FPibq/Yu+qkTGkzv/N+Yu8RL0QtsX9YtFnGva9eTC qypccNSGo6a6QrZIWkUoAhtDMLhLZaSQ2paBUtzie5ANB/YrePnEIlTAR+jdpyfIdDPi qR9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=u0m8IRd5HUAsJwALkkiImpFwlZOeqx0IrYfsdq7gRSE=; b=39pKZT5DtpUpN56CDAt2gAPTGpFLvrp+j0LZpodKztP6djqfs/8MX9rkELCVS+zLvP RVqcp354Ae1mDHUiUtIlkQG6gJb1BG9sMFnbOARJonlCYh3TrNApzmQMFPzuIPDucRmy PSl5tuDiyJFSqu19BUZzpkuMqMTJ/kKW3aMsUOrHtU1zYRfGDScDyTMeypmRgZVB8MkX WadA9eVtTz76DF5676yVjwz3bGKgVyUt1yJawNmSP7wFOxMMa99hqbozosvCaQs/IXOO 97xMHeyu7IyOPHky80qyy/F4GGPRksCzJBRPMxnt8x62jNf6YLgtD7kQqnxBm32WTHfk XoGw== X-Gm-Message-State: AO0yUKV8Ieym1S3NcMWNei95HEWH9WJfXTFT/XLNrbwSt1wP38PkqwX7 +zVI3b2Wkp9FZGFqylp/rG5efbFKe0BXrHdKHFdUXeH90Qk92c1itp1DZoczVGB4fF7LSK9yQCY E01P/3+NnTy+HaCz1HHisS+5vf95M55iIOIw+Qw== X-Received: by 2002:a05:622a:5c9:b0:3bc:d0de:6adf with SMTP id d9-20020a05622a05c900b003bcd0de6adfmr13811770qtb.31.1676606969490; Thu, 16 Feb 2023 20:09:29 -0800 (PST) X-Google-Smtp-Source: AK7set8s9zEmT7Z44abaDKf0Yyv0eTlxoPp1zPvhw6D5ElUs21dNRLrQQ4/VW2p3Rx0tXhPKWPUHXA== X-Received: by 2002:a05:622a:5c9:b0:3bc:d0de:6adf with SMTP id d9-20020a05622a05c900b003bcd0de6adfmr13811755qtb.31.1676606969225; Thu, 16 Feb 2023 20:09:29 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id d64-20020a37b443000000b0073b69922cfesm2530525qkf.85.2023.02.16.20.09.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:28 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , Paolo Bonzini , Bandan Das , Stefan Hajnoczi , Thomas Huth , Darren Kenny , Qiuhao Li , Laurent Vivier Subject: [PULL 02/10] fuzz: add fuzz_reset API Date: Thu, 16 Feb 2023 23:08:47 -0500 Message-Id: <20230217040855.16873-3-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=68.232.154.118; envelope-from=alxndr@bu.edu; helo=esa3.hc2706-39.iphmx.com X-Spam_score_int: -37 X-Spam_score: -3.8 X-Spam_bar: --- X-Spam_report: (-3.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org As we are converting most fuzzers to rely on reboots to reset state, introduce an API to make sure reboots are invoked in a consistent manner. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/fuzz.c | 6 ++++++ tests/qtest/fuzz/fuzz.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index eb7520544b..3bedb81b32 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -51,6 +51,12 @@ void flush_events(QTestState *s) } } +void fuzz_reset(QTestState *s) +{ + qemu_system_reset(SHUTDOWN_CAUSE_GUEST_RESET); + main_loop_wait(true); +} + static QTestState *qtest_setup(void) { qtest_server_set_send_handler(&qtest_client_inproc_recv, &fuzz_qts); diff --git a/tests/qtest/fuzz/fuzz.h b/tests/qtest/fuzz/fuzz.h index 327c1c5a55..21d1362d65 100644 --- a/tests/qtest/fuzz/fuzz.h +++ b/tests/qtest/fuzz/fuzz.h @@ -103,7 +103,7 @@ typedef struct FuzzTarget { } FuzzTarget; void flush_events(QTestState *); -void reboot(QTestState *); +void fuzz_reset(QTestState *); /* Use the QTest ASCII protocol or call address_space API directly?*/ void fuzz_qtest_set_serialize(bool option); From patchwork Fri Feb 17 04:08:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144308 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CD577C05027 for ; Fri, 17 Feb 2023 04:11:13 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs47-0000i5-9t; Thu, 16 Feb 2023 23:09:43 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs46-0000he-9B for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:42 -0500 Received: from esa6.hc2706-39.iphmx.com ([216.71.137.79]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs40-00018s-Qp for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:42 -0500 X-IronPort-RemoteIP: 209.85.222.198 X-IronPort-MID: 262966609 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:qTHG9q+prI+bCsK41/SfDrUDPnyTJUtcMsCJ2f8bNWPcYEJGY0x3n TEXDW+COqyCYjeheYgkYYy3/EkOvJbWxoRqSgo/rioxFiIbosf7XuiUfxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuVGuG96yI6jefQHeCU5NfsYkhZXRVjRDoqlSVtkus4hp8AqdWiCkaGt MiaT/f3YTdJ4BYpdDNLg06/gEk35q+q4mpG5gdWic1j5zcyqVFEVPrzGonsdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVHmZkh+AsBOsTAbzsAG6ZvXAdJHAathZ5RlqPgqo DlFncTYpQ7EpcQgksxEO/VTO3gW0aGrZNYriJVw2CCe5xSuTpfi/xlhJFE5etU01c99PUVl9 9goGTAidQGnhsvjldpXSsE07igiBMziPYdao3I5iD+AXKZgTpfETKHHo9Rf2V/chOgURaeYN 5dfM2A1Kk2RM3WjOX9OYH46tO6sln/zaRVStRSYqbdfD237llIrgeazboKEEjCMbZVRpBjAh SHNxW78AxAAMtCF+wKO933504cjmgu+Aur+DoaQ7/NvnRify3IeDDUQUl20p+T/jVSxM++zM GQR8ysq6LExrQmlF4itGRK/p3GAs1gXXN84//AG1TxhA5H8u26xblXohBYbADD6nKfanQAX6 2I= IronPort-HdrOrdr: A9a23:RBC6xqhhCFxJsexz/C0ovUb+RHBQXgwji2hC6mlwRA09TyVXrb HLoB19726JtN91YhsdcL+7Sc+9qB/nhPxICMwqTMyftWrdyRaVxf9ZnPLfKlTbckWUh41gPO VbAtJD4bXLbWSS5vyKhzVQfexQpeWvweSDqd2b4U1QbTxHXYld0iYRMHflLqS0fmV77FgCea Z0KvAom9PZQwVuUi1zPBZlY9T+ Received: from mail-qk1-f198.google.com ([209.85.222.198]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:34 -0500 Received: by mail-qk1-f198.google.com with SMTP id s7-20020a05620a0bc700b006e08208eb31so2437862qki.3 for ; Thu, 16 Feb 2023 20:09:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AJf59aTRwaYQyNp2JJrZnCn+KTG3sP5V/gP1PZsBjOU=; b=avHOetoyB8+ryA853ecNy4YWkDPwOz1PEo1cWH0a/CGndztIdcGFbIlPiRGiZ4iiRu xs8hqaVya1mEvCwtiWH8gUYUfTb8ZNs17+p5bZzVwFCBFB1XccCgF4KhSaP6dN5adH98 KxilhiQp3Z+uCuFGTLUb+3HMHIN+Zs5srh4jxH/xSOnq3XkAyDnIBe+S8CEdF3Pub0G5 4jKseAMaOlO8pWsutGub+grWtyxdhhLRxYfCS6WCnMnLYLphBLncVurJPs+8gGhhVZ1c g4PKrAgcOZlxGGzqtpf8KQWm0NExX2AtLnSN29+yJ+newXIr8d59WotqzZsNTA/4AVy/ IXAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AJf59aTRwaYQyNp2JJrZnCn+KTG3sP5V/gP1PZsBjOU=; b=eXO6Q141Va7cQTuR1VwL0COC9XHs+bmwGa1/ovd6/Y0+0xLTVirJQX3CcX41fGOGbh FxV0J4R04XrQjNkjRsiGOXwQC/ZSiyPhVPoTsOuVA+7U70pBo7kMAnTACvoSyH3fMUGe OzBA+ZLqxAN0EVOsELL1d2JOxI8K1sV6yDfstWsSuMjEPRHK8mb5IWLtyXNiPSiqX9uc OceTnxUretW4IG9/c9iu5gqHPgW21n8rt/mWILlZM34l5+2WnOXo6Kjf9pA794t3qLkp Hb45vgNU0lW0KRIbCl7Dnm2voSLnj471NrRfCwwktbRche2rbEr6gmY332PCBarMhQ9k pr6Q== X-Gm-Message-State: AO0yUKWB/L6RdLIDIMv5zQd03WWdiQWJadedy2F1Lgrtzr5QoqsjXovY 2A5fG3G1/J8pwWJVEuxsO7NshfBLtN5d97eHH7H9YzPtzu9/shuIJ3/HpiKL9xpKjqQudoZV+zv RzOsz384zzfzMTUbEfQc/HRrp8atoQAcGVNXhdg== X-Received: by 2002:ac8:5b86:0:b0:3b8:4144:fe72 with SMTP id a6-20020ac85b86000000b003b84144fe72mr14621897qta.9.1676606973455; Thu, 16 Feb 2023 20:09:33 -0800 (PST) X-Google-Smtp-Source: AK7set+syyyF+H7sW+/pZjrDIGgRCelF6QKyudOA2LdItno0YE7bqLp/cZe0DASMyFC52OEI6+MQ+w== X-Received: by 2002:ac8:5b86:0:b0:3b8:4144:fe72 with SMTP id a6-20020ac85b86000000b003b84144fe72mr14621866qta.9.1676606973116; Thu, 16 Feb 2023 20:09:33 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id r17-20020ac85211000000b003a5c6ad428asm2418067qtn.92.2023.02.16.20.09.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:32 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , Darren Kenny , Paolo Bonzini , Bandan Das , Stefan Hajnoczi , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PULL 03/10] fuzz/generic-fuzz: use reboots instead of forks to reset state Date: Thu, 16 Feb 2023 23:08:48 -0500 Message-Id: <20230217040855.16873-4-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.79; envelope-from=alxndr@bu.edu; helo=esa6.hc2706-39.iphmx.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/generic_fuzz.c | 114 ++++++-------------------------- 1 file changed, 22 insertions(+), 92 deletions(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index 7326f6840b..f4acfa45cc 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -18,7 +18,6 @@ #include "tests/qtest/libqtest.h" #include "tests/qtest/libqos/pci-pc.h" #include "fuzz.h" -#include "fork_fuzz.h" #include "string.h" #include "exec/memory.h" #include "exec/ramblock.h" @@ -29,6 +28,8 @@ #include "generic_fuzz_configs.h" #include "hw/mem/sparse-mem.h" +static void pci_enum(gpointer pcidev, gpointer bus); + /* * SEPARATOR is used to separate "operations" in the fuzz input */ @@ -47,7 +48,6 @@ enum cmds { OP_CLOCK_STEP, }; -#define DEFAULT_TIMEOUT_US 100000 #define USEC_IN_SEC 1000000000 #define MAX_DMA_FILL_SIZE 0x10000 @@ -60,8 +60,6 @@ typedef struct { ram_addr_t size; /* The number of bytes until the end of the I/O region */ } address_range; -static useconds_t timeout = DEFAULT_TIMEOUT_US; - static bool qtest_log_enabled; MemoryRegion *sparse_mem_mr; @@ -589,30 +587,6 @@ static void op_disable_pci(QTestState *s, const unsigned char *data, size_t len) pci_disabled = true; } -static void handle_timeout(int sig) -{ - if (qtest_log_enabled) { - fprintf(stderr, "[Timeout]\n"); - fflush(stderr); - } - - /* - * If there is a crash, libfuzzer/ASAN forks a child to run an - * "llvm-symbolizer" process for printing out a pretty stacktrace. It - * communicates with this child using a pipe. If we timeout+Exit, while - * libfuzzer is still communicating with the llvm-symbolizer child, we will - * be left with an orphan llvm-symbolizer process. Sometimes, this appears - * to lead to a deadlock in the forkserver. Use waitpid to check if there - * are any waitable children. If so, exit out of the signal-handler, and - * let libfuzzer finish communicating with the child, and exit, on its own. - */ - if (waitpid(-1, NULL, WNOHANG) == 0) { - return; - } - - _Exit(0); -} - /* * Here, we interpret random bytes from the fuzzer, as a sequence of commands. * Some commands can be variable-width, so we use a separator, SEPARATOR, to @@ -669,64 +643,32 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size) size_t cmd_len; uint8_t op; - if (fork() == 0) { - struct sigaction sact; - struct itimerval timer; - sigset_t set; - /* - * Sometimes the fuzzer will find inputs that take quite a long time to - * process. Often times, these inputs do not result in new coverage. - * Even if these inputs might be interesting, they can slow down the - * fuzzer, overall. Set a timeout for each command to avoid hurting - * performance, too much - */ - if (timeout) { - - sigemptyset(&sact.sa_mask); - sact.sa_flags = SA_NODEFER; - sact.sa_handler = handle_timeout; - sigaction(SIGALRM, &sact, NULL); + op_clear_dma_patterns(s, NULL, 0); + pci_disabled = false; - sigemptyset(&set); - sigaddset(&set, SIGALRM); - pthread_sigmask(SIG_UNBLOCK, &set, NULL); - - memset(&timer, 0, sizeof(timer)); - timer.it_value.tv_sec = timeout / USEC_IN_SEC; - timer.it_value.tv_usec = timeout % USEC_IN_SEC; - } - - op_clear_dma_patterns(s, NULL, 0); - pci_disabled = false; - - while (cmd && Size) { - /* Reset the timeout, each time we run a new command */ - if (timeout) { - setitimer(ITIMER_REAL, &timer, NULL); - } + QPCIBus *pcibus = qpci_new_pc(s, NULL); + g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus); + qpci_free_pc(pcibus); - /* Get the length until the next command or end of input */ - nextcmd = memmem(cmd, Size, SEPARATOR, strlen(SEPARATOR)); - cmd_len = nextcmd ? nextcmd - cmd : Size; + while (cmd && Size) { + /* Get the length until the next command or end of input */ + nextcmd = memmem(cmd, Size, SEPARATOR, strlen(SEPARATOR)); + cmd_len = nextcmd ? nextcmd - cmd : Size; - if (cmd_len > 0) { - /* Interpret the first byte of the command as an opcode */ - op = *cmd % (sizeof(ops) / sizeof((ops)[0])); - ops[op](s, cmd + 1, cmd_len - 1); + if (cmd_len > 0) { + /* Interpret the first byte of the command as an opcode */ + op = *cmd % (sizeof(ops) / sizeof((ops)[0])); + ops[op](s, cmd + 1, cmd_len - 1); - /* Run the main loop */ - flush_events(s); - } - /* Advance to the next command */ - cmd = nextcmd ? nextcmd + sizeof(SEPARATOR) - 1 : nextcmd; - Size = Size - (cmd_len + sizeof(SEPARATOR) - 1); - g_array_set_size(dma_regions, 0); + /* Run the main loop */ + flush_events(s); } - _Exit(0); - } else { - flush_events(s); - wait(0); + /* Advance to the next command */ + cmd = nextcmd ? nextcmd + sizeof(SEPARATOR) - 1 : nextcmd; + Size = Size - (cmd_len + sizeof(SEPARATOR) - 1); + g_array_set_size(dma_regions, 0); } + fuzz_reset(s); } static void usage(void) @@ -738,8 +680,6 @@ static void usage(void) printf("Optionally: QEMU_AVOID_DOUBLE_FETCH= " "Try to avoid racy DMA double fetch bugs? %d by default\n", avoid_double_fetches); - printf("Optionally: QEMU_FUZZ_TIMEOUT= Specify a custom timeout (us). " - "0 to disable. %d by default\n", timeout); exit(0); } @@ -825,7 +765,6 @@ static void generic_pre_fuzz(QTestState *s) { GHashTableIter iter; MemoryRegion *mr; - QPCIBus *pcibus; char **result; GString *name_pattern; @@ -838,9 +777,6 @@ static void generic_pre_fuzz(QTestState *s) if (getenv("QEMU_AVOID_DOUBLE_FETCH")) { avoid_double_fetches = 1; } - if (getenv("QEMU_FUZZ_TIMEOUT")) { - timeout = g_ascii_strtoll(getenv("QEMU_FUZZ_TIMEOUT"), NULL, 0); - } qts_global = s; /* @@ -883,12 +819,6 @@ static void generic_pre_fuzz(QTestState *s) printf("No fuzzable memory regions found...\n"); exit(1); } - - pcibus = qpci_new_pc(s, NULL); - g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus); - qpci_free_pc(pcibus); - - counter_shm_init(); } /* From patchwork Fri Feb 17 04:08:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144309 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3ABF1C05027 for ; Fri, 17 Feb 2023 04:11:33 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs47-0000iA-Ru; Thu, 16 Feb 2023 23:09:43 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs46-0000hf-9x for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:42 -0500 Received: from esa4.hc2706-39.iphmx.com ([216.71.146.118]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs44-00019C-Kl for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:42 -0500 X-IronPort-RemoteIP: 209.85.160.199 X-IronPort-MID: 258600152 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:RnaE8Kzte/2DHdstv/l6t+eJxCrEfRIJ4+MujC+fZmUNrF6WrkVRn WcYCjjXaPvca2CnKdB1PN+wph8O75fXmtNnTAtr+S00HyNBpPSeOdnIdU2Y0wF+jyHgoOCLy +1EN7Es+ehtFie0Si+Fa+Sn9j8kk/nTHNIQMcacUghpXwhoVSw9vhxqnu89k+ZAjMOwRgiAo rsemeWGULOe82MyYz18B56r8ks156yo4GNA5DTSWNgQ1LPgvyhNZH4gDfzpR5fIatE8NvK3Q e/F0Ia48gvxl/v6Ior4+lpTWhRiro/6ZGBiuFIPM0SRqkEqShgJ70oOHKF0hXG7Ktm+t4sZJ N1l7fRcQOqyV0HGsL11vxJwSkmSMUDakVNuzLfWXcG7liX7n3XQL/pGS0E9AaIq2LlOMFpy7 tlbOg8ORR2eiLfjqF67YrEEasULKcDqOMYGpiglw2iIXLApRpfMR6iM7thdtNsyrpoWTLCOO oxAN2IpNUWRC/FMEg5/5JYWleO4gHXlWzdF7l+ZuMLb5kCJkVwviOC0bYC9ltqieuVewkO9v mX/0D7aGDs8OYe6zTzd7Sf57gPItWahMG4IL5Wh+/t3xVGe2GEXIBsRU1S9vL++kEHWZj5EA 0kd+y5rtLRrsULyH4i7UBq/r3qJ+BUbXrK8DtEH1e1E8YKMiy7xO4TOZmcphAAO3CPueQEX6 w== IronPort-HdrOrdr: A9a23:fvf2oqiVwbAKK2mFwwXWy+RKunBQXhYji2hC6mlwRA09TyVXrb HLoB19726KtN9xYgBdpTnkAsO9qBznhPhICOUqTNWftUzdyRCVxeJZnPbfKkPbalTDH4dmvM 8KAstD4Z/LfCJHZK7BgDVQeOxQp+VvnprY4Nv2/jNGYTsvRZtdzzpUPC6mL2wefng5OXP7Lv ahDwh8ygZItU54Ui3CPAh8YwELnbKrqK7b Received: from mail-qt1-f199.google.com ([209.85.160.199]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:38 -0500 Received: by mail-qt1-f199.google.com with SMTP id i5-20020ac813c5000000b003b86b748aadso2426515qtj.14 for ; Thu, 16 Feb 2023 20:09:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Kzjbw0bY3n9Mlk4J3cnpwOVTTHZIbU7scMt6+artRNQ=; b=gfizW9x7d5YXITKrQS5ZNYS+wQAQBbY/urGuEd1KFYc9jz3B5uKWDjXBN17ATEvgZr 9NhByC5fvyNIpMC4FYnV29y4b9Cezs3FFpmvBxOdMgcyPbbNc3LJQ+MBD0YmQoCev3ap JdZ8xFqZ/VaDZocsliHT59g2rXMaYgmZvwnZJ5siU3Eg9QebHfon6ZYgtcG0ZN/MNME7 LHOHIr5lsMND1RBsQ6gV8+XucONbEpknx+cMYuXmoMKFxgpqFcrGBgW6IJSiBMk4gdxl WO72qz1VxE6oG65RGLAkOYmvS+JKVdL3okvB4ZlIl/xQXKP2ZkFwGjmtgSCrh7dell+a SJSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Kzjbw0bY3n9Mlk4J3cnpwOVTTHZIbU7scMt6+artRNQ=; b=tOGT8LN+YTGCSln7GpQ+cj9YVF9gt0bMt5Kqe04LbmYMImPZPKycEHFhvzIuX+x+TD gDBlCa6yfxFdS1dwlxwERpC2Z2kLDmjyG0refjq7iVnhE5oYuKzYhYaZzHqVD08vd8S5 dNrFqVgLLUW31rWu3JqRPRgQQN68Ehxntsy893/hCA0j+oQXpsN3zHud+NJ1T2+RuU38 0IN6bAkQ70WBj5l+8RQfLAcyBC3od9W+d3pExjMIODKy55nXY7GBSD7Cl3okEyz/t4xD dh95sOu5Q5kPN5z4WYpgijNFNyUTxL/5iW+QVub6SBSEVmjgUwdy3eMcq7Gheb6tLU4h EQSQ== X-Gm-Message-State: AO0yUKWNTkUUjiH6JJMaKuSK/ZDKFv6v0B0QYEwOOet4mHHcqgCKs0VO yFbYE7phFVhKQkPW6rGw4ej9nltSu8jNf7O1yIOkJsDFm2qRcCzwJPHTwKiVqqjL6jx8moTWXxX DGxbp3jLBXUh4x/X8WqaNXXHllIUvhj9FcZRPBQ== X-Received: by 2002:a05:622a:296:b0:3b2:1003:37e5 with SMTP id z22-20020a05622a029600b003b2100337e5mr14382973qtw.55.1676606976649; Thu, 16 Feb 2023 20:09:36 -0800 (PST) X-Google-Smtp-Source: AK7set/pKL8WUlnDeHl1prs4II+qAaPdAnfudsL1DccPZb+yHNyE4m0spghavVkr9gl9Zy9/nfXCoQ== X-Received: by 2002:a05:622a:296:b0:3b2:1003:37e5 with SMTP id z22-20020a05622a029600b003b2100337e5mr14382952qtw.55.1676606976369; Thu, 16 Feb 2023 20:09:36 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id 13-20020ac8564d000000b003afbf704c7csm1392066qtt.24.2023.02.16.20.09.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:35 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , =?utf-8?q?P?= =?utf-8?q?hilippe_Mathieu-Daud=C3=A9?= , Darren Kenny , Paolo Bonzini , Bandan Das , Stefan Hajnoczi , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PULL 04/10] fuzz/generic-fuzz: add a limit on DMA bytes written Date: Thu, 16 Feb 2023 23:08:49 -0500 Message-Id: <20230217040855.16873-5-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.146.118; envelope-from=alxndr@bu.edu; helo=esa4.hc2706-39.iphmx.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org As we have repplaced fork-based fuzzing, with reboots - we can no longer use a timeout+exit() to avoid slow inputs. Libfuzzer has its own timer that it uses to catch slow inputs, however these timeouts are usually seconds-minutes long: more than enough to bog-down the fuzzing process. However, I found that slow inputs often attempt to fill overly large DMA requests. Thus, we can mitigate most timeouts by setting a cap on the total number of DMA bytes written by an input. Signed-off-by: Alexander Bulekov Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Darren Kenny --- tests/qtest/fuzz/generic_fuzz.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index f4acfa45cc..c525d22951 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -51,6 +51,7 @@ enum cmds { #define USEC_IN_SEC 1000000000 #define MAX_DMA_FILL_SIZE 0x10000 +#define MAX_TOTAL_DMA_SIZE 0x10000000 #define PCI_HOST_BRIDGE_CFG 0xcf8 #define PCI_HOST_BRIDGE_DATA 0xcfc @@ -61,6 +62,7 @@ typedef struct { } address_range; static bool qtest_log_enabled; +size_t dma_bytes_written; MemoryRegion *sparse_mem_mr; @@ -194,6 +196,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr) */ if (dma_patterns->len == 0 || len == 0 + || dma_bytes_written + len > MAX_TOTAL_DMA_SIZE || (mr != current_machine->ram && mr != sparse_mem_mr)) { return; } @@ -266,6 +269,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr) fflush(stderr); } qtest_memwrite(qts_global, addr, buf, l); + dma_bytes_written += l; } len -= l; buf += l; @@ -645,6 +649,7 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size) op_clear_dma_patterns(s, NULL, 0); pci_disabled = false; + dma_bytes_written = 0; QPCIBus *pcibus = qpci_new_pc(s, NULL); g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus); From patchwork Fri Feb 17 04:08:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144299 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5AABDC636D4 for ; Fri, 17 Feb 2023 04:10:01 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs4C-0000il-8J; Thu, 16 Feb 2023 23:09:48 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs48-0000ib-R2 for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:44 -0500 Received: from esa13.hc2706-39.iphmx.com ([216.71.137.83]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs46-0001Aw-VH for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:09:44 -0500 X-IronPort-RemoteIP: 209.85.160.200 X-IronPort-MID: 259336063 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:IMEb96tM1C404ui/cfmKGQid3+fnVOhcMUV32f8akzHdYApBsoF/q tZmKW3XafrfMzTyKdpxa4i3pk0A78TUm4c1GQFu/3swHyMU9ZOVVN+UEBzMMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliefTAOK6ULWeUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS93uDgNyo4GlD5gZnO6gQ1LPjvyJ94Kw3dPnZw0TQH9E88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IPM0SQqkEqSh8ai87XAMEhhXJ/0F1lqTzQJ OJl7vRcQS9xVkHFdX90vxNwSkmSNoUfkFPLzOTWXWV+ACQqflO1q8iCAn3aMqUa28VmODtg+ cA7cm4OVT6gl8TuzpOkH7wEasQLdKEHPasas3BkiCjFVLMoG8ibBarN4tBc0XE7gcUm8fT2P ZJIL2oyKk2eO1sVYg9/5JEWxY9EglH2dy1epEi9r7dx7mTOpOB0+OKwYYGOJITUHq25mG7Bj zn9/U3/CyoZNee08hDU7GC0xcr2yHaTtIU6UefQGuRRqESew3FWBBAIWF+Tp/6/hUijHdVFJ CQpFjEGqKEz8AmyUoC4UUfg+DiLuRkTX9cWGOo/gO2Q9pfpD8+iLjBsZlZ8hBYO7qfamRRCO oe1ou7U IronPort-HdrOrdr: A9a23:2dLnhqMi+NmR28BcTvKjsMiBIKoaSvp037B87TEJdfU1SL38qy jN9M5w6faQslsssR4b9exoVJPufZq+z+8W3WByB9eftVLdyQ2VxehZhOOI/9SHIUPDH4VmpM RdmsZFaeEZojJB/L7HCKXTKadF/DEnmprY4tvj8w== Received: from mail-qt1-f200.google.com ([209.85.160.200]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:41 -0500 Received: by mail-qt1-f200.google.com with SMTP id l10-20020ac84a8a000000b003bd0d4e3a50so13765qtq.9 for ; Thu, 16 Feb 2023 20:09:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9Phgy+V4He7Yjv/0srTRJ3QnbvcXvk52FKU0VdrYD9A=; b=YlylxUS4Z5rNWhUMkkpcW4I/V2zNVCelJQHZByEjKIudp3ROaj2QnDPZMPkx09TBHQ uB0Lc1Wmhb2/nGGfgSOW/OkjlSjotaBLi+pr/Riq501nB/wv/qdH0A+DcW6fBgGM9kA8 gq6hAGZjIIa2bIj0BInEML4DzWseyUTEWuAUpZMzldzrFwgeREVm1Arz0qnnt8rOLLym JaMEoAecyEGc1YDUAeM4pPHQDqGzVo7pUSCsCUVj2DoAi2wBYvfnvmdm5u5QGyMj7auz tNVa6tWxIdqZv18TKZdbvkpLK4fYqDgZ/SYlH8pSVqd9g3fRBxF/P6f5LFkcp2zGNGBM jfTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9Phgy+V4He7Yjv/0srTRJ3QnbvcXvk52FKU0VdrYD9A=; b=GZwZRe35dvh0hrnIM7n+BYhwk0Xm+RdT85/HUo8jDw++xieO+Ao17YYbdepvagSbq0 UCm/09twfbVNn5rB46AyN/PQukaTa6AKrcW0Lz6/yRyKO+GAXrrUup55Xql0XW3QC7q+ CSD4MRZr2CtJjUvFBUnvSBFRTERaIH/m85HKkB1INu0zq3ouzffMypxM3D6WC4wHKTK2 OLpP7C9rpoJIHhWFJLgT73wXyoKBuUIC0COCqsikB6NXpl/G//reoG+63dLDUoXr4aKg WUHcyHMHL7tNicRNZhRcJyu32fvUEB3hD8PjMRjtYSPWVICNA6UdcjCsEnLxNDENcz8a Nd5A== X-Gm-Message-State: AO0yUKWAT2ORCQKv+PaVdycRqkX934U/pYIr4kNUMRshke+xMjE7ZX2q dDozl4Lti44LdGDH7mBXQcWnj6JP8IpqpvnCkEm66ExbQMGz4qcsK4Eroc8nKEeVFlZAOn40wCw 38UDAU6P+anmebFkAeMU5NHHSCgiUKIyeB5gMPw== X-Received: by 2002:ac8:4e89:0:b0:3b9:bc8c:c1fa with SMTP id 9-20020ac84e89000000b003b9bc8cc1famr8287654qtp.5.1676606979796; Thu, 16 Feb 2023 20:09:39 -0800 (PST) X-Google-Smtp-Source: AK7set+CJjB5o1U+wrT6R0alJdKgYoheQBsHzqdZrWhTnlOkX2bMCVcrq+Jy8V3iRU8uL7EwKYtk4A== X-Received: by 2002:ac8:4e89:0:b0:3b9:bc8c:c1fa with SMTP id 9-20020ac84e89000000b003b9bc8cc1famr8287638qtp.5.1676606979532; Thu, 16 Feb 2023 20:09:39 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id e186-20020a3769c3000000b0073b2e678ffdsm2520578qkc.51.2023.02.16.20.09.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:39 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , Darren Kenny , Paolo Bonzini , Bandan Das , Stefan Hajnoczi , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PULL 05/10] fuzz/virtio-scsi: remove fork-based fuzzer Date: Thu, 16 Feb 2023 23:08:50 -0500 Message-Id: <20230217040855.16873-6-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.83; envelope-from=alxndr@bu.edu; helo=esa13.hc2706-39.iphmx.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/virtio_scsi_fuzz.c | 51 ++++------------------------- 1 file changed, 7 insertions(+), 44 deletions(-) diff --git a/tests/qtest/fuzz/virtio_scsi_fuzz.c b/tests/qtest/fuzz/virtio_scsi_fuzz.c index b3220ef6cb..b6268efd59 100644 --- a/tests/qtest/fuzz/virtio_scsi_fuzz.c +++ b/tests/qtest/fuzz/virtio_scsi_fuzz.c @@ -20,7 +20,6 @@ #include "standard-headers/linux/virtio_pci.h" #include "standard-headers/linux/virtio_scsi.h" #include "fuzz.h" -#include "fork_fuzz.h" #include "qos_fuzz.h" #define PCI_SLOT 0x02 @@ -132,48 +131,24 @@ static void virtio_scsi_fuzz(QTestState *s, QVirtioSCSIQueues* queues, } } -static void virtio_scsi_fork_fuzz(QTestState *s, - const unsigned char *Data, size_t Size) -{ - QVirtioSCSI *scsi = fuzz_qos_obj; - static QVirtioSCSIQueues *queues; - if (!queues) { - queues = qvirtio_scsi_init(scsi->vdev, 0); - } - if (fork() == 0) { - virtio_scsi_fuzz(s, queues, Data, Size); - flush_events(s); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } -} - static void virtio_scsi_with_flag_fuzz(QTestState *s, const unsigned char *Data, size_t Size) { QVirtioSCSI *scsi = fuzz_qos_obj; static QVirtioSCSIQueues *queues; - if (fork() == 0) { - if (Size >= sizeof(uint64_t)) { - queues = qvirtio_scsi_init(scsi->vdev, *(uint64_t *)Data); - virtio_scsi_fuzz(s, queues, - Data + sizeof(uint64_t), Size - sizeof(uint64_t)); - flush_events(s); - } - _Exit(0); - } else { + if (Size >= sizeof(uint64_t)) { + queues = qvirtio_scsi_init(scsi->vdev, *(uint64_t *)Data); + virtio_scsi_fuzz(s, queues, + Data + sizeof(uint64_t), Size - sizeof(uint64_t)); flush_events(s); - wait(NULL); } + fuzz_reset(s); } static void virtio_scsi_pre_fuzz(QTestState *s) { qos_init_path(s); - counter_shm_init(); } static void *virtio_scsi_test_setup(GString *cmd_line, void *arg) @@ -189,22 +164,10 @@ static void *virtio_scsi_test_setup(GString *cmd_line, void *arg) static void register_virtio_scsi_fuzz_targets(void) { - fuzz_add_qos_target(&(FuzzTarget){ - .name = "virtio-scsi-fuzz", - .description = "Fuzz the virtio-scsi virtual queues, forking " - "for each fuzz run", - .pre_vm_init = &counter_shm_init, - .pre_fuzz = &virtio_scsi_pre_fuzz, - .fuzz = virtio_scsi_fork_fuzz,}, - "virtio-scsi", - &(QOSGraphTestOptions){.before = virtio_scsi_test_setup} - ); - fuzz_add_qos_target(&(FuzzTarget){ .name = "virtio-scsi-flags-fuzz", - .description = "Fuzz the virtio-scsi virtual queues, forking " - "for each fuzz run (also fuzzes the virtio flags)", - .pre_vm_init = &counter_shm_init, + .description = "Fuzz the virtio-scsi virtual queues. " + "Also fuzzes the virtio flags", .pre_fuzz = &virtio_scsi_pre_fuzz, .fuzz = virtio_scsi_with_flag_fuzz,}, "virtio-scsi", From patchwork Fri Feb 17 04:08:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144301 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 67180C6379F for ; Fri, 17 Feb 2023 04:10:32 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs4l-0001Vk-GK; Thu, 16 Feb 2023 23:10:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4h-0001BL-FS for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:20 -0500 Received: from esa12.hc2706-39.iphmx.com ([216.71.137.82]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4Y-0001BX-8Q for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:18 -0500 X-IronPort-RemoteIP: 209.85.222.198 X-IronPort-MID: 259423675 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:opFNHaCJa3k4rxVW/5fhw5YqxClBgxIJ4kV8jS/XYbTApG8r32QCy TMfXj+BPq7bZjSjeIt/boy1ph8GsZaEnIBiTANkpHpgcSl2pJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdleF+lH2dOCn9SImvU2xbuKUIPbePSxsThNTRi4kiBZy88Y0mYctitWia++3k YqaT/b3ZRn0hFaYDkpOs/jY8Ek24qyp0N8llgdWic5j7Qe2e0Y9Ucp3yZGZdxPQXoRSF+imc OfPpJnRErTxpkpF5nuNy94XQ2VTKlLgFVHmZkl+AsBOtiN/Shkaic7XAha9hXB/0F1ll/gpo DlEWAfZpQ0BZ8Ugk8xEO/VU/r0X0QSrN9YrLFDm2fF/wXEqfFPK6eVND14GPLcZxf51AWMXy vMfJSA0O0Xra+KemNpXS8Fpj8UnadDoZcYR4yAwiz7eCvkiTNbIRKCiCd1whm9hwJATW6yEP YxAOGoHgBfoOnWjPn8eDII4kP2AjGS5fjFFwL6QjfBqsjSJl1IujdABNvKLVtuFG5UPpX2i5 WHg1E3gOxEWD8KAnG/tHnWEw7WncTnAcJsfEaD9+vN0jVm7wGsVBxsLE1yhrpGEZlWWXtteL wkN+XNro/FjpAqkSd7yWxD+q3mB1vIBZ+dt/yQBwFnl4sLpD8yxXwDokhYphAQaifIL IronPort-HdrOrdr: A9a23:7D3arKPzwy2r08BcTl+jsMiBIKoaSvp037BL7S9MoHluGPBw+P rDoB12726StN9pYgBZpTniAse9qBHnhPpIyLALMbavVATrowKTTb2KhLGKqwEIfReOlNK1vp 0QCpSWZuecMXFKyeb87QW1HpILxdmK973trf7Gpk0dKz1CWuVB6Ap0BgveOEtwWQVAGN4FBI ORj/A3wgaISDA2acm2CnRAcMPnzueqqLvWJT4AChIq5U2yr1qTmcXH+kijtSs2QndEybM6+W jKlEj468yYwpKG9iM= Received: from mail-qk1-f198.google.com ([209.85.222.198]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:44 -0500 Received: by mail-qk1-f198.google.com with SMTP id a198-20020ae9e8cf000000b007259083a3c8so2447510qkg.7 for ; Thu, 16 Feb 2023 20:09:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0lcDqOOean2B6Pwa7LPtUCmUmjISrrlgXRCUhMcVK7Y=; b=ghzsys43HCXEiPM4GG4k44WRTbKxRBUiWQg8ya1EylIjKx4RlgFrLIICV0RSFNR+bE NRwu+47s1unkgwRC5XGK6OjH14suLJNwRKqwEpSLk8taDHFb+sFxJakTt5bfC2xuDx7n Q53/YFgiLDi24TMm2ONLpNdzbhog2kXJFgRLYme4GZebfbUCy6P4zRgoyVpqdQHNnLe6 3dxPhX5e2xXjyED6v4cy4huxtS6YSM1CeMT1J9yv4XHQKdxfqD0dvahn1vekWhBcPHko aflDXscH8zA2UfNCdO0m5FIshhmWUi9VpAQlubisPSYmdQKQQI31/Vf8JI7K8+n6pFHp P9BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0lcDqOOean2B6Pwa7LPtUCmUmjISrrlgXRCUhMcVK7Y=; b=s3U2gpF+vpdXwz3ehWcoRXsU4W9VWTc+QIc7ry5CbKnRlnKahsQAL3TKLfrDTgtlfy SWYxIZzoTL+r3YbiS+sFsdhPQtHMRVkaq4AMX4b5RY1vseYI3AX3rqXXagTPnTKANsPm jv+VSEcCKd4oFz3kE2QGOFn+Tv0O4kPwE6PTwM9JKpsGXE6wTdI5zsTpsEl4P9vow0oN CgvrEtMqSuGnmq7j71VetLoT0CWuQUvgPFReGKmUA51mtCGw32NTNx369NS2gzapNGhS Qr3ROhDRt75siQIbcCcH06SMi/Ye9G/Vi4BzavIpD/27ZVbgtX+KPHze3V78NWKVSLyu loIA== X-Gm-Message-State: AO0yUKW5DKXgCrJnAxJ+82B6H1k+LNoEFViDCGaBDq+9kmZrNp9js6sE 2t+zgV6AVZP7rgE7+AbntMe5GtDdHsROjgt0XdZdEtK6zaaNELMPajgvpXsfuLzc+s08dF/fCNa r6mkJBaOXYd1zIILYV1ikHtL0lVNrAl3FzU3CAw== X-Received: by 2002:a05:622a:181a:b0:3b9:f4a0:e600 with SMTP id t26-20020a05622a181a00b003b9f4a0e600mr12463517qtc.60.1676606983648; Thu, 16 Feb 2023 20:09:43 -0800 (PST) X-Google-Smtp-Source: AK7set8FxQmftHtCj7hLlBE1S9FAfPWqOJOWqdH2CKcw6pBcWpN6Njy73FQwLvwehrh4Ibyq9toyZg== X-Received: by 2002:a05:622a:181a:b0:3b9:f4a0:e600 with SMTP id t26-20020a05622a181a00b003b9f4a0e600mr12463496qtc.60.1676606983363; Thu, 16 Feb 2023 20:09:43 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id x68-20020a379547000000b0073b692623c5sm2492214qkd.129.2023.02.16.20.09.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:42 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , Darren Kenny , Paolo Bonzini , Bandan Das , Stefan Hajnoczi , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PULL 06/10] fuzz/virtio-net: remove fork-based fuzzer Date: Thu, 16 Feb 2023 23:08:51 -0500 Message-Id: <20230217040855.16873-7-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.82; envelope-from=alxndr@bu.edu; helo=esa12.hc2706-39.iphmx.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/virtio_net_fuzz.c | 54 +++--------------------------- 1 file changed, 5 insertions(+), 49 deletions(-) diff --git a/tests/qtest/fuzz/virtio_net_fuzz.c b/tests/qtest/fuzz/virtio_net_fuzz.c index c2c15f07f0..e239875e3b 100644 --- a/tests/qtest/fuzz/virtio_net_fuzz.c +++ b/tests/qtest/fuzz/virtio_net_fuzz.c @@ -16,7 +16,6 @@ #include "tests/qtest/libqtest.h" #include "tests/qtest/libqos/virtio-net.h" #include "fuzz.h" -#include "fork_fuzz.h" #include "qos_fuzz.h" @@ -115,36 +114,18 @@ static void virtio_net_fuzz_multi(QTestState *s, } } -static void virtio_net_fork_fuzz(QTestState *s, - const unsigned char *Data, size_t Size) -{ - if (fork() == 0) { - virtio_net_fuzz_multi(s, Data, Size, false); - flush_events(s); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } -} -static void virtio_net_fork_fuzz_check_used(QTestState *s, +static void virtio_net_fuzz_check_used(QTestState *s, const unsigned char *Data, size_t Size) { - if (fork() == 0) { - virtio_net_fuzz_multi(s, Data, Size, true); - flush_events(s); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } + virtio_net_fuzz_multi(s, Data, Size, true); + flush_events(s); + fuzz_reset(s); } static void virtio_net_pre_fuzz(QTestState *s) { qos_init_path(s); - counter_shm_init(); } static void *virtio_net_test_setup_socket(GString *cmd_line, void *arg) @@ -158,23 +139,8 @@ static void *virtio_net_test_setup_socket(GString *cmd_line, void *arg) return arg; } -static void *virtio_net_test_setup_user(GString *cmd_line, void *arg) -{ - g_string_append_printf(cmd_line, " -netdev user,id=hs0 "); - return arg; -} - static void register_virtio_net_fuzz_targets(void) { - fuzz_add_qos_target(&(FuzzTarget){ - .name = "virtio-net-socket", - .description = "Fuzz the virtio-net virtual queues. Fuzz incoming " - "traffic using the socket backend", - .pre_fuzz = &virtio_net_pre_fuzz, - .fuzz = virtio_net_fork_fuzz,}, - "virtio-net", - &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket} - ); fuzz_add_qos_target(&(FuzzTarget){ .name = "virtio-net-socket-check-used", @@ -182,20 +148,10 @@ static void register_virtio_net_fuzz_targets(void) "descriptors to be used. Timeout may indicate improperly handled " "input", .pre_fuzz = &virtio_net_pre_fuzz, - .fuzz = virtio_net_fork_fuzz_check_used,}, + .fuzz = virtio_net_fuzz_check_used,}, "virtio-net", &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket} ); - fuzz_add_qos_target(&(FuzzTarget){ - .name = "virtio-net-slirp", - .description = "Fuzz the virtio-net virtual queues with the slirp " - " backend. Warning: May result in network traffic emitted from the " - " process. Run in an isolated network environment.", - .pre_fuzz = &virtio_net_pre_fuzz, - .fuzz = virtio_net_fork_fuzz,}, - "virtio-net", - &(QOSGraphTestOptions){.before = virtio_net_test_setup_user} - ); } fuzz_target_init(register_virtio_net_fuzz_targets); From patchwork Fri Feb 17 04:08:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144307 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9D0A9C636D4 for ; Fri, 17 Feb 2023 04:11:04 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs4p-0001qo-SD; Thu, 16 Feb 2023 23:10:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4i-0001Hl-Hy for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:20 -0500 Received: from esa12.hc2706-39.iphmx.com ([216.71.137.82]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4f-0001C4-RY for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:20 -0500 X-IronPort-RemoteIP: 209.85.160.199 X-IronPort-MID: 259423681 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:ZBVYP6qTmTQfYkdwwKD34Pw6hKteBmKmZxIvgKrLsJaIsI4StFCzt garIBmOaP+DZjf9e9tyYdy08EgB7JLdzYIyTwU4ry00HysU85acVYWSI3mrAy7DdceroGCLT ik9hnssCOhuExcwcz/0auCJQUFUjP3OHfykTrafYEidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+UwHUMja4mtC5QRkPK4T5zcyqlFOZH4hDfDpR5fHatQMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+AsBOsDAbzsAB+v9T2M4nVKtio27hc+ada Tl6ncfYpQ8BZsUgkQmGOvVSO3gW0aZuodcrLZUj2CA6IoKvn3bEmp1T4E8K0YIwxOFLAj5o3 PgicmopbgCTxOS2nIOgc7w57igjBJGD0II3v3hhyXTAEa9jT8mSEuPF4thX2Dp2jcdLdRrcT 5BBOHw/MVKZPUUJYwZGYH49tL7Aan3XejlIrl6PjaAqpWXf0WSd1ZC3bYuJIIfUFZw9ckCwh Ebv9Fn9ADgjafuA5wuo/S22md/AgnauMG4VPPjinhJwu3WKy2kOTREbS1a/if++jEG4RpRYM UN8x8Y1ha079UjuV8WkGhPh8S/CsRkbVN5dVeY97Wlh15bp3upQPUBcJhYpVTDsnJVeqeACv rNRo+7UOA== IronPort-HdrOrdr: A9a23:X5Kf8qp3hBpxNSC02kxc1LsaV5r9eYIsimQD101hICG9vPbo8/ xG+85rqSMc7Qx6ZJhOo6HnBEDtewK/yXcx2/hrAV7AZniahILXFvAa0WKK+VSJcFycygce79 YbT0EXMr3N5DNB/KHHCWeDYrMd6ejC2oyTwcnl81dRYTdDV5xAhj0JdTpz0XcbeOCFP/cE/V aniPav3wDQAUj/p/7VZ0U4Yw== Received: from mail-qt1-f199.google.com ([209.85.160.199]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:48 -0500 Received: by mail-qt1-f199.google.com with SMTP id v8-20020a05622a144800b003ba0dc5d798so2422322qtx.22 for ; Thu, 16 Feb 2023 20:09:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=k+rkA7yqe1v+7MHE0IZMKWViVHmTa9V+2cxVonneGdM=; b=ZN4Td4vsCoU/hUW7hCp6pxTvQfswziU/JHwCg+ASNt4V3zLD7HS2LsRN46sWEv+dpw fG82FakUqT+z6VFuRo+rTE2p6vPQWGhR/CEI/eszQiIpS9L/z/LF/2Vwbl16vrjLey1P 1sxVjCmAf2vjTT85p2vlPVp7NBlJo7X7iEFLDQMU1KxHR+wsOQ01SOMSODeODSHYzNjQ XE/o0xwIFpwxbBeJ4a8ps/AS9Dd00/EBdzNPpew3nmXpT+0hko1XNuRtTk+nubof7yYf JQ4JcbPnSqmZBov6twq8dXVGJHjrWIFVN4Td8V3xyoOj8fCPvBlXpzm5iHVGKDRD5C1+ uSLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k+rkA7yqe1v+7MHE0IZMKWViVHmTa9V+2cxVonneGdM=; b=PQOUYidSYlTrMNV7ESLXcDDWlAX/nYWQYZQTuqHspywzQOiYqrcJKUXk0FI23mebVM kLdB+c4C3V+IEh5ZZ9kIwUEVrMImTqnJ+mUvol1AHSphfsVu4OCBJcV4kZxPtUSgQhOe xKvW27aEPKdWz9Pe0asG2zRKSGEeopUmBL9lj/W6u7JuKqJj989Rbuojuke6BwuVItuD nJyifEp/7Dpiyjc27btanB5p4xrKCEHk8HVrwOQPbIepgD0rCBKm8/vIsz1C8EvlUTiT GCsEOVgM1eX7nlXB0Q9Y4rt/IqCuI7CAkLuKPwuTpahaRko53bFWFMwm1o+TTLRWUwkS WvKg== X-Gm-Message-State: AO0yUKUW2fMt4prjPmW1APRbZ0m0rw4YTSrN5xf50WaThwKBnrHDcEyp zjKYEfhxO03esTXAOq6aSWn+XUV0BL86j3S17ksj+wcIJcDmtUJMq5dktJBsTWtM7v6IJs+9fTO 3YA0Zgr2t5aEZ2BfUMnEgzx3/YdAgIGUcylrt2A== X-Received: by 2002:a05:6214:23cc:b0:56e:f1fd:f16c with SMTP id hr12-20020a05621423cc00b0056ef1fdf16cmr8638792qvb.20.1676606987148; Thu, 16 Feb 2023 20:09:47 -0800 (PST) X-Google-Smtp-Source: AK7set94/RB1USkEdYBdQOE+vbH1Mk9S1f30OiDruEr7MFWiUAm5mvjyrEi1F3aq6cw5rzqK3+KH9A== X-Received: by 2002:a05:6214:23cc:b0:56e:f1fd:f16c with SMTP id hr12-20020a05621423cc00b0056ef1fdf16cmr8638759qvb.20.1676606986833; Thu, 16 Feb 2023 20:09:46 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id e187-20020a3769c4000000b0073b9c59e668sm1842810qkc.74.2023.02.16.20.09.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:46 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , Darren Kenny , Paolo Bonzini , Bandan Das , Stefan Hajnoczi , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PULL 07/10] fuzz/virtio-blk: remove fork-based fuzzer Date: Thu, 16 Feb 2023 23:08:52 -0500 Message-Id: <20230217040855.16873-8-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.82; envelope-from=alxndr@bu.edu; helo=esa12.hc2706-39.iphmx.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/virtio_blk_fuzz.c | 51 ++++-------------------------- 1 file changed, 7 insertions(+), 44 deletions(-) diff --git a/tests/qtest/fuzz/virtio_blk_fuzz.c b/tests/qtest/fuzz/virtio_blk_fuzz.c index a9fb9ecf6c..651fd4f043 100644 --- a/tests/qtest/fuzz/virtio_blk_fuzz.c +++ b/tests/qtest/fuzz/virtio_blk_fuzz.c @@ -19,7 +19,6 @@ #include "standard-headers/linux/virtio_pci.h" #include "standard-headers/linux/virtio_blk.h" #include "fuzz.h" -#include "fork_fuzz.h" #include "qos_fuzz.h" #define TEST_IMAGE_SIZE (64 * 1024 * 1024) @@ -128,48 +127,24 @@ static void virtio_blk_fuzz(QTestState *s, QVirtioBlkQueues* queues, } } -static void virtio_blk_fork_fuzz(QTestState *s, - const unsigned char *Data, size_t Size) -{ - QVirtioBlk *blk = fuzz_qos_obj; - static QVirtioBlkQueues *queues; - if (!queues) { - queues = qvirtio_blk_init(blk->vdev, 0); - } - if (fork() == 0) { - virtio_blk_fuzz(s, queues, Data, Size); - flush_events(s); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } -} - static void virtio_blk_with_flag_fuzz(QTestState *s, const unsigned char *Data, size_t Size) { QVirtioBlk *blk = fuzz_qos_obj; static QVirtioBlkQueues *queues; - if (fork() == 0) { - if (Size >= sizeof(uint64_t)) { - queues = qvirtio_blk_init(blk->vdev, *(uint64_t *)Data); - virtio_blk_fuzz(s, queues, - Data + sizeof(uint64_t), Size - sizeof(uint64_t)); - flush_events(s); - } - _Exit(0); - } else { + if (Size >= sizeof(uint64_t)) { + queues = qvirtio_blk_init(blk->vdev, *(uint64_t *)Data); + virtio_blk_fuzz(s, queues, + Data + sizeof(uint64_t), Size - sizeof(uint64_t)); flush_events(s); - wait(NULL); } + fuzz_reset(s); } static void virtio_blk_pre_fuzz(QTestState *s) { qos_init_path(s); - counter_shm_init(); } static void drive_destroy(void *path) @@ -208,22 +183,10 @@ static void *virtio_blk_test_setup(GString *cmd_line, void *arg) static void register_virtio_blk_fuzz_targets(void) { - fuzz_add_qos_target(&(FuzzTarget){ - .name = "virtio-blk-fuzz", - .description = "Fuzz the virtio-blk virtual queues, forking " - "for each fuzz run", - .pre_vm_init = &counter_shm_init, - .pre_fuzz = &virtio_blk_pre_fuzz, - .fuzz = virtio_blk_fork_fuzz,}, - "virtio-blk", - &(QOSGraphTestOptions){.before = virtio_blk_test_setup} - ); - fuzz_add_qos_target(&(FuzzTarget){ .name = "virtio-blk-flags-fuzz", - .description = "Fuzz the virtio-blk virtual queues, forking " - "for each fuzz run (also fuzzes the virtio flags)", - .pre_vm_init = &counter_shm_init, + .description = "Fuzz the virtio-blk virtual queues. " + "Also fuzzes the virtio flags)", .pre_fuzz = &virtio_blk_pre_fuzz, .fuzz = virtio_blk_with_flag_fuzz,}, "virtio-blk", From patchwork Fri Feb 17 04:08:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144303 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 466C6C6379F for ; Fri, 17 Feb 2023 04:10:35 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs4o-0001hw-PC; Thu, 16 Feb 2023 23:10:26 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4i-0001Hz-IP for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:20 -0500 Received: from esa12.hc2706-39.iphmx.com ([216.71.137.82]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4f-0001CO-Ga for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:20 -0500 X-IronPort-RemoteIP: 209.85.222.198 X-IronPort-MID: 259423688 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:/k5S86B4j44RVhVW/5fhw5YqxClBgxIJ4kV8jS/XYbTApDlz12FSn zAbWziDbqqCNzejf9FzOY208kxT6sSEztJiTANkpHpgcSl2pJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdleF+lH2dOCn9SImvU2xbuKUIPbePSxsThNTRi4kiBZy88Y0mYctitWia++3k YqaT/b3ZRn0hFaYDkpOs/jY8Ek24qyp0N8llgdWic5j7Qe2e0Y9Ucp3yZGZdxPQXoRSF+imc OfPpJnRErTxpkpF5nuNy94XQ2VTKlLgFVHmZkl+AsBOtiN/Shkaic7XAha9hXB/0F1ll/gpo DlEWAfZpQ0BZ8Ugk8xEO/VU/r0X0QSrN9YrLFDm2fF/wXEqfFP8/uxUDkcEOrECoN5cI3sS3 NwWIzACO0Xra+KemNpXS8Fpj8UnadDoZcYR4yAwiz7eCvkiTNbIRKCiCd1whm9hwJATW6yEP YxAOGoHgBfoOnWjPn8eDII4kP2AjGS5fjFFwL6QjfBqsjSJl1IhgNABNvLUWtOhWdRnvn/Bu 1rE3HygGQ05bdWmnG/tHnWEw7WncTnAcJsfEaD9+vN0jVm7wGsVBxsLE1yhrpGEZlWWXtteL wkN+XNro/FjpAqkSd7yWxD+q3mB1vIBZ+dt/yQBwFnl4sLpD8yxXwDokhYphAQaifIL IronPort-HdrOrdr: A9a23:+oIzj6q/91yQ7T6EwidG5KgaV5r9eYIsimQD101hICG9vPbo8/ xG+85rqSMc7Qx6ZJhOo6HnBEDtewK/yXcx2/hrAV7AZniahILXFvAa0WKK+VSJcFycygce79 YbT0EXMr3N5DNB/KHHCWeDYrMd6ejC2oyTwcnl81dRYTdDV5xAhj0JdTpz0XcbeOCFP/cE/V aniPav3wDQAUj/p/7VZ0U4Yw== Received: from mail-qk1-f198.google.com ([209.85.222.198]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:51 -0500 Received: by mail-qk1-f198.google.com with SMTP id x14-20020a05620a14ae00b0072f7f0f356bso2453158qkj.1 for ; Thu, 16 Feb 2023 20:09:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4PAaI03fXa/LDgvfkr7+SODyHcwEOPlKcrbifwWxogs=; b=CPmCfvPxxhTPSF6YYzmOJ8HtJeHERYgh7BDllE0/g+FJQxkUmPcU7TlUpjlO2NjAhx soopPsYtHa15ozTGx7LYCm9edwIhOpvmpv8wVvnG/iSkWnE/BUbbwYsk2ColkHUOrWxq ZPgG/txT31OnLfxqNq4uYrIq7BPbWSuNMq2M8j84vQEJ4gLZufaKUe+W7XrXTB8M8iQP JIRfmWAC81e0kt/4WoP8uciocQXM5UOyZ1QTyYzZn1mcZw77qbO/8Ijp72TbSQNTKkww kyEiotCoO5A+XLlqyEWMyASMwhBib80OJqm+obfM0IddTZm0TL6bqDKCjkCyJByAE9Hq 8deQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4PAaI03fXa/LDgvfkr7+SODyHcwEOPlKcrbifwWxogs=; b=Okkd7Oyse2PooWB/3yyrRroIFCtHARVxXJiurJFz4j9MSIse5NVR9Tvwn0bQCZ0wTQ XpoVUxj68TxUtSsP09i2WHZ8efGfU0W9O6n+6afmMuKFfDwKa/oBUerhzE77r9c/i99J JItE5F0zwJDeULZmlvVV6ieI15Tmki0cpubtHbQRnKmjmb5KS4ZfTckfQq/Oc/4pkHB2 nhUWnHs4YV0K3qlh8cH2LiGZhYysqTFLEiNWtMVDIzUORsO+G2KIPMP9M8s/W+kvWSAa vseEqSCrC8gWGUmCnbh4cqW9deNYI7M1OMIIl+q5CiAcWN6QN68vMDNsY1hlv0eGpWSx xeaw== X-Gm-Message-State: AO0yUKXcIaNe0r7HSebmKyAOQLBaes8481NnSwE890W6RpnvPHfHtMTa VszmEUrsNIPOonkknlRgbYMff/69qA1kQcMof+N0dKyaGQz4oqI9jClLn25mkvlsv637y65VLgQ 28KHptct1OZSBZgndASWhr+bDgefB9voxepeVsw== X-Received: by 2002:a05:622a:43:b0:3b8:6a41:c329 with SMTP id y3-20020a05622a004300b003b86a41c329mr14227013qtw.21.1676606990883; Thu, 16 Feb 2023 20:09:50 -0800 (PST) X-Google-Smtp-Source: AK7set99eFVMWA2GiNppfox4bzSp+36UXS5j8Ogn2uXptmaMC4EpaXhb1KFbXQNgSpSwcZ40dmY55Q== X-Received: by 2002:a05:622a:43:b0:3b8:6a41:c329 with SMTP id y3-20020a05622a004300b003b86a41c329mr14226996qtw.21.1676606990629; Thu, 16 Feb 2023 20:09:50 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id v14-20020ac8748e000000b003a81eef14efsm2562801qtq.45.2023.02.16.20.09.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:50 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , Darren Kenny , Paolo Bonzini , Bandan Das , Stefan Hajnoczi , Thomas Huth , Qiuhao Li , Laurent Vivier Subject: [PULL 08/10] fuzz/i440fx: remove fork-based fuzzer Date: Thu, 16 Feb 2023 23:08:53 -0500 Message-Id: <20230217040855.16873-9-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.82; envelope-from=alxndr@bu.edu; helo=esa12.hc2706-39.iphmx.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/i440fx_fuzz.c | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c index b17fc725df..155fe018f8 100644 --- a/tests/qtest/fuzz/i440fx_fuzz.c +++ b/tests/qtest/fuzz/i440fx_fuzz.c @@ -18,7 +18,6 @@ #include "tests/qtest/libqos/pci-pc.h" #include "fuzz.h" #include "qos_fuzz.h" -#include "fork_fuzz.h" #define I440FX_PCI_HOST_BRIDGE_CFG 0xcf8 @@ -89,6 +88,7 @@ static void i440fx_fuzz_qtest(QTestState *s, size_t Size) { ioport_fuzz_qtest(s, Data, Size); + fuzz_reset(s); } static void pciconfig_fuzz_qos(QTestState *s, QPCIBus *bus, @@ -145,17 +145,6 @@ static void i440fx_fuzz_qos(QTestState *s, pciconfig_fuzz_qos(s, bus, Data, Size); } -static void i440fx_fuzz_qos_fork(QTestState *s, - const unsigned char *Data, size_t Size) { - if (fork() == 0) { - i440fx_fuzz_qos(s, Data, Size); - _Exit(0); - } else { - flush_events(s); - wait(NULL); - } -} - static const char *i440fx_qtest_argv = TARGET_NAME " -machine accel=qtest" " -m 0 -display none"; static GString *i440fx_argv(FuzzTarget *t) @@ -163,10 +152,6 @@ static GString *i440fx_argv(FuzzTarget *t) return g_string_new(i440fx_qtest_argv); } -static void fork_init(void) -{ - counter_shm_init(); -} static void register_pci_fuzz_targets(void) { @@ -178,16 +163,6 @@ static void register_pci_fuzz_targets(void) .get_init_cmdline = i440fx_argv, .fuzz = i440fx_fuzz_qtest}); - /* Uses libqos and forks to prevent state leakage */ - fuzz_add_qos_target(&(FuzzTarget){ - .name = "i440fx-qos-fork-fuzz", - .description = "Fuzz the i440fx using raw qtest commands and " - "rebooting after each run", - .pre_vm_init = &fork_init, - .fuzz = i440fx_fuzz_qos_fork,}, - "i440FX-pcihost", - &(QOSGraphTestOptions){} - ); /* * Uses libqos. Doesn't do anything to reset state. Note that if we were to From patchwork Fri Feb 17 04:08:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144305 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EDF7EC05027 for ; Fri, 17 Feb 2023 04:10:55 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs4o-0001hX-Mr; Thu, 16 Feb 2023 23:10:26 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4i-0001Hs-I7 for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:20 -0500 Received: from esa16.hc2706-39.iphmx.com ([216.71.140.205]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4f-0001Cc-Ao for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:20 -0500 X-IronPort-RemoteIP: 209.85.222.200 X-IronPort-MID: 257552918 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:8xSadKqDN/NH1EnEAMp4zDULkJ9eBmKmZxIvgKrLsJaIsI4StFCzt garIBnXafaPM2XzLtwkYdjg/UkD7MCEz9Q2TQdk+SphHy8WoJacVYWSI3mrAy7DdceroGCLT ik9hnssCOhuExcwcz/0auCJQUFUjP3OHfykTrafYEidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+UwHUMja4mtC5QRkPK4T5zcyqlFOZH4hDfDpR5fHatQMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+AsBOsDAbzsAB+v9T2M4nVKtio27hc+ada Tl6ncfYpQ8BZsUgkQmGOvVSO3gW0aZuodcrLZUj2CA6IoKvn3bEmp1T4E8K0YIwueYrE2Iey dYjIRcBbAmSjeaO0b+bY7w57igjBJGD0II3v3hhyXTADq9jT8qbG+PF4thX2Dp2jcdLdRrcT 5BBOHw/MVKaOUcJYA9PYH49tL7Aan3XejlIrl6PjaAqpWXf0WSd1ZC3bYWIJ4bbHJU9ckCwh V2czmepEjsmd/e1zD3e3mOFhLbptHauMG4VPPjinhJwu3WKy2kOTREbS1a/if++jEG4RpRYM UN8x8Y1ha079UjuV9qkGhPi+CbCsRkbVN5dVeY97Wlh15bp3upQPUBcJhYpVTDsnJZeqeACv rNRo+7UOA== IronPort-HdrOrdr: A9a23:79ijN64RTyJDnQAM/QPXwPHXdLJyesId70hD6qkXc20tTiX4rb HJoB1/73TJYVkqNk3I9ersBEDCewK+yXcX2+gs1NWZLW7bUQKTRekJ0WKF+V3d8kbFmdK1u5 0NT0EwMqyTMbHWt7ee3OD9KadF/OW6 Received: from mail-qk1-f200.google.com ([209.85.222.200]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:54 -0500 Received: by mail-qk1-f200.google.com with SMTP id s7-20020ae9f707000000b007294677a6e8so2440912qkg.17 for ; Thu, 16 Feb 2023 20:09:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4MMcsmDjPrdhrvy0zqL881q3Uz+LWoYeuCovRDIWIGg=; b=bSci//MNLyi0c/TbbnsA2VxVJbeWD8XTvgAmEu52QoCrbaiQzk0SLTMb/mxzosdXXV +BpDw5tVnCDuMYIfBn6pAHDgMj8y8pd4bjEIzVuHJ3Ra6EHrXQkq3VFO2TTwm7suP4A+ JbKgNlgBB5VxaCHv21HnslhpfcpwbiDFizf52mN7fjSTAVKTT94qEyJZq65DmR3gkJVJ X1oeFgfkv697aHkR8Ib3/6KJYd2UWf2QMardBDcrp5tFII+XKYgNKUkE0DD/ICpIcIVz aX+4nHJ80vqRtAAI0FGTS5uCft7e8URhpMYZ80MKQ2eE9nyJV5g1b70Qlsn317glJQBC WQVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4MMcsmDjPrdhrvy0zqL881q3Uz+LWoYeuCovRDIWIGg=; b=Htf5OPmnOxpttFD+JT+xgsZs5Gilh1iCxQy6Pf1a6VRoJoBPAKGLkWv8Im/kgZL7vf fmS4YEb9YunAGTMmXEddmmezSSqF3aru3PyqEnLUZhv9kCiFmswZIn9EZWPCboYpkisc svQr+G7WBE1ZLJBBfj2fMH+S2KOhyDj2/93IFrnAKTfXdSm4wJ+o1lOFXI9aKubrjaOc bv6b1GPW0hMaz/6xwRYzxEzfhpCz7/fYfVD4vCsXMK9nYtMsdhFrAqoR4aH3ju6hM2PZ bJq/Hn4KK0CvvfVcAIFu9CcMV8aWwRsQ/RdYoehBmcoUhOTVIc90c8wjlZ2B3JRqInFn PurQ== X-Gm-Message-State: AO0yUKWFBXXTiqYH+Za6ar420bAIwYIgaCpidaU/TLiyieUpp/F/lW7H GjCK89GPJk5D8CnqtHJU/2F0irCeq+RGLN7ZD2eXOo8J+NqPrRq8lZt2q/C7bj2Xv0Qot1pozYz 14zf7cEZpqjUh8v/yJklbSRj0Z4IC8U8Uo4/OWw== X-Received: by 2002:ac8:5c86:0:b0:3b8:938e:73b3 with SMTP id r6-20020ac85c86000000b003b8938e73b3mr13145232qta.45.1676606994265; Thu, 16 Feb 2023 20:09:54 -0800 (PST) X-Google-Smtp-Source: AK7set/hlZ94jWyrwHd4qpLMuUXDl/NK5EgniNBzKNhE2hVyp9o9vwRJq7apBUvuaSePFa1ZOWNzOg== X-Received: by 2002:ac8:5c86:0:b0:3b8:938e:73b3 with SMTP id r6-20020ac85c86000000b003b8938e73b3mr13145200qta.45.1676606993929; Thu, 16 Feb 2023 20:09:53 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id a143-20020ae9e895000000b007389403f7e6sm2613315qkg.9.2023.02.16.20.09.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:53 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , Darren Kenny , Paolo Bonzini , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Thomas Huth , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Bandan Das , Stefan Hajnoczi , Qiuhao Li , Laurent Vivier Subject: [PULL 09/10] fuzz: remove fork-fuzzing scaffolding Date: Thu, 16 Feb 2023 23:08:54 -0500 Message-Id: <20230217040855.16873-10-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.140.205; envelope-from=alxndr@bu.edu; helo=esa16.hc2706-39.iphmx.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Fork-fuzzing provides a few pros, but our implementation prevents us from using fuzzers other than libFuzzer, and may be causing issues such as coverage-failure builds on OSS-Fuzz. It is not a great long-term solution as it depends on internal implementation details of libFuzzer (which is no longer in active development). Remove it in favor of other methods of resetting state between inputs. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- meson.build | 4 --- tests/qtest/fuzz/fork_fuzz.c | 41 ------------------------- tests/qtest/fuzz/fork_fuzz.h | 23 -------------- tests/qtest/fuzz/fork_fuzz.ld | 56 ----------------------------------- tests/qtest/fuzz/meson.build | 6 ++-- 5 files changed, 3 insertions(+), 127 deletions(-) delete mode 100644 tests/qtest/fuzz/fork_fuzz.c delete mode 100644 tests/qtest/fuzz/fork_fuzz.h delete mode 100644 tests/qtest/fuzz/fork_fuzz.ld diff --git a/meson.build b/meson.build index a76c855312..b6f92bba35 100644 --- a/meson.build +++ b/meson.build @@ -215,10 +215,6 @@ endif # Specify linker-script with add_project_link_arguments so that it is not placed # within a linker --start-group/--end-group pair if get_option('fuzzing') - add_project_link_arguments(['-Wl,-T,', - (meson.current_source_dir() / 'tests/qtest/fuzz/fork_fuzz.ld')], - native: false, language: all_languages) - # Specify a filter to only instrument code that is directly related to # virtual-devices. configure_file(output: 'instrumentation-filter', diff --git a/tests/qtest/fuzz/fork_fuzz.c b/tests/qtest/fuzz/fork_fuzz.c deleted file mode 100644 index 6ffb2a7937..0000000000 --- a/tests/qtest/fuzz/fork_fuzz.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Fork-based fuzzing helpers - * - * Copyright Red Hat Inc., 2019 - * - * Authors: - * Alexander Bulekov - * - * This work is licensed under the terms of the GNU GPL, version 2 or later. - * See the COPYING file in the top-level directory. - * - */ - -#include "qemu/osdep.h" -#include "fork_fuzz.h" - - -void counter_shm_init(void) -{ - /* Copy what's in the counter region to a temporary buffer.. */ - void *copy = malloc(&__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START); - memcpy(copy, - &__FUZZ_COUNTERS_START, - &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START); - - /* Map a shared region over the counter region */ - if (mmap(&__FUZZ_COUNTERS_START, - &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START, - PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED | MAP_ANONYMOUS, - 0, 0) == MAP_FAILED) { - perror("Error: "); - exit(1); - } - - /* Copy the original data back to the counter-region */ - memcpy(&__FUZZ_COUNTERS_START, copy, - &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START); - free(copy); -} - - diff --git a/tests/qtest/fuzz/fork_fuzz.h b/tests/qtest/fuzz/fork_fuzz.h deleted file mode 100644 index 9ecb8b58ef..0000000000 --- a/tests/qtest/fuzz/fork_fuzz.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Fork-based fuzzing helpers - * - * Copyright Red Hat Inc., 2019 - * - * Authors: - * Alexander Bulekov - * - * This work is licensed under the terms of the GNU GPL, version 2 or later. - * See the COPYING file in the top-level directory. - * - */ - -#ifndef FORK_FUZZ_H -#define FORK_FUZZ_H - -extern uint8_t __FUZZ_COUNTERS_START; -extern uint8_t __FUZZ_COUNTERS_END; - -void counter_shm_init(void); - -#endif - diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld deleted file mode 100644 index cfb88b7fdb..0000000000 --- a/tests/qtest/fuzz/fork_fuzz.ld +++ /dev/null @@ -1,56 +0,0 @@ -/* - * We adjust linker script modification to place all of the stuff that needs to - * persist across fuzzing runs into a contiguous section of memory. Then, it is - * easy to re-map the counter-related memory as shared. - */ - -SECTIONS -{ - .data.fuzz_start : ALIGN(4K) - { - __FUZZ_COUNTERS_START = .; - __start___sancov_cntrs = .; - *(_*sancov_cntrs); - __stop___sancov_cntrs = .; - - /* Lowest stack counter */ - *(__sancov_lowest_stack); - } -} -INSERT AFTER .data; - -SECTIONS -{ - .data.fuzz_ordered : - { - /* - * Coverage counters. They're not necessary for fuzzing, but are useful - * for analyzing the fuzzing performance - */ - __start___llvm_prf_cnts = .; - *(*llvm_prf_cnts); - __stop___llvm_prf_cnts = .; - - /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */ - FuzzerTracePC*(.bss*); - /* - * In case the above line fails, explicitly specify the (mangled) name of - * the object we care about - */ - *(.bss._ZN6fuzzer3TPCE); - } -} -INSERT AFTER .data.fuzz_start; - -SECTIONS -{ - .data.fuzz_end : ALIGN(4K) - { - __FUZZ_COUNTERS_END = .; - } -} -/* - * Don't overwrite the SECTIONS in the default linker script. Instead insert the - * above into the default script - */ -INSERT AFTER .data.fuzz_ordered; diff --git a/tests/qtest/fuzz/meson.build b/tests/qtest/fuzz/meson.build index 189901d4a2..4d10b47b8f 100644 --- a/tests/qtest/fuzz/meson.build +++ b/tests/qtest/fuzz/meson.build @@ -2,7 +2,7 @@ if not get_option('fuzzing') subdir_done() endif -specific_fuzz_ss.add(files('fuzz.c', 'fork_fuzz.c', 'qos_fuzz.c', +specific_fuzz_ss.add(files('fuzz.c', 'qos_fuzz.c', 'qtest_wrappers.c'), qos) # Targets @@ -12,7 +12,7 @@ specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_SCSI', if_true: files('virtio_scsi_fuz specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_BLK', if_true: files('virtio_blk_fuzz.c')) specific_fuzz_ss.add(files('generic_fuzz.c')) -fork_fuzz = declare_dependency( +fuzz_ld = declare_dependency( link_args: fuzz_exe_ldflags + ['-Wl,-wrap,qtest_inb', '-Wl,-wrap,qtest_inw', @@ -35,4 +35,4 @@ fork_fuzz = declare_dependency( '-Wl,-wrap,qtest_memset'] ) -specific_fuzz_ss.add(fork_fuzz) +specific_fuzz_ss.add(fuzz_ld) From patchwork Fri Feb 17 04:08:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 13144306 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 750D6C636D4 for ; Fri, 17 Feb 2023 04:10:58 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSs4p-0001pj-Pj; Thu, 16 Feb 2023 23:10:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4j-0001O5-V3 for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:22 -0500 Received: from esa7.hc2706-39.iphmx.com ([216.71.137.80]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSs4f-0001Cu-Tc for qemu-devel@nongnu.org; Thu, 16 Feb 2023 23:10:21 -0500 X-IronPort-RemoteIP: 209.85.219.70 X-IronPort-MID: 260573041 X-IronPort-Reputation: None X-IronPort-Listener: OutgoingMail X-IronPort-SenderGroup: RELAY_GSUITE X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:jbXBdq9/1pWAtpOoF1nQDrUDPXyTJUtcMsCJ2f8bNWPcYEJGY0x3n zMeC2iHOvvbYjP0etElPYyzp0kOvpXcn9MwHAs/+3oxFiIbosf7XuiUfxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuVGuG96yI6jefQHeCU5NfsYkhZXRVjRDoqlSVtkus4hp8AqdWiCkaGt MiaT/f3YTdJ4BYpdDNLg06/gEk35q+q4mpG5gdWic1j5zcyqVFEVPrzGonsdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVHmZkh+AsBOsTAbzsAG6ZvXAdJHAathZ5RlqPgqo DlFncTYpQ7EpcQgksxEO/VTO3gW0aGrZNYriJVw2CCe5xSuTpfi/xlhJF4bBI8J1uJmO0VX8 bs3MmEuNxCzhsvjldpXSsE07igiBMziPYdao285iD+GVbApRpfMR6iM7thdtNsyrpoWTLCOO oxDMGspM0yojx5nYz/7DLo3mPeuimPXeSAepV6IzUYyyzKNlFEui+CxabI5fPSDHuNVsha5t FuB4jnCAC0mbsKEkWaKpyfEaujn2HmTtJgpPKS18+MvjFCNy2g7DhoQWl2m5/6jhSaDt8l3L kUV/m83s/F3+hPzCNb6WBK8rTiPuRt0t8dsLtDWITqlksL8izt1zEBdJtKdQLTKbPMLeAE= IronPort-HdrOrdr: A9a23:xasL5qwmCndyAOmXyYZlKrPw+r1zdoMgy1knxilNoNJuA6ilfq eV7YgmPHrP4gr5N0tQ/+xoVJPwI080sKQFmrX5Xo3SITUOxlHYVb2KhLGKq1aQeBEWtNQtr5 uIG5IfNDSaNykcsS+V2njcL/8QhPOqyuSHv9v/8ltaZT1WSshbnnhE48WgfnGehjMqOXP0Lv ShD7J81kKdkL0sAaWGOkU= Received: from mail-qv1-f70.google.com ([209.85.219.70]) by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 16 Feb 2023 23:09:58 -0500 Received: by mail-qv1-f70.google.com with SMTP id f6-20020a0cc306000000b0056e96f4fd64so2265505qvi.15 for ; Thu, 16 Feb 2023 20:09:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bu.edu; s=s1gsbu; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fxzgfX4+v/nnrAbv0bHpRj7WdNVW28zLqE1nexQp+8o=; b=OMai67KEf5jlQBBeLPZRYgiokPNhkuybnS/AADDv3JTMs48clqgnkjFIaha/Xqgs/q X1I2Qe16j5tMarji+yWbcMnyMAi0oXA8NjQfxu6uZIIDuUAe7Q2+XdWA/rXNSxS9Of3K kFi002I4euGM+6r0eSAzmj5Ls7cfeGW1T4g72F+j9efgYq1IVcqxcxhBiEisPzU5VRHo s5IRQC8ursCIiFJOsNZxU7ZZgibtNK1K3v+ec1c3Yt4KHEldav9cZP3COufWVJy8PWew 75lGKKjT7IlSTOOm/ly1Be5ybqHcDaLfIlMyThh5LkW5OmrCHCue8dvXdmhbxT5wcq5H EenA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fxzgfX4+v/nnrAbv0bHpRj7WdNVW28zLqE1nexQp+8o=; b=ZhVh9zWn7N64T1X3UVzf2HeeImpErglocpC0NK9T9v+Ch+dNeUFD9xo0tBRtxuF4uc 2kX3dN0JXY1fnLlM888tjBzXSAkQEPyu/XmldgxRVYvSDkj3BaCmRUmlvi+EHEBXMjSP Gey+mlEzY/b8F9sl7L2NZqa/olbd2ItPo+5JfiJukxMvtdriU2NbYbPI1lZTuQKjGxOA yA64Kr+VAfLUrxDDp3DKAArUYJBsGasVXFT88l+wyrRz24ieNlqG75hkVQzrvBTqGh4P vsg9+K/N7ax/DDYUyoBz9/YGm180lDixXt8CNqrxpEwhTGyr/YEoGGEw33FZpCxi+RuY 7LWg== X-Gm-Message-State: AO0yUKX65MEyBwcrQxf++v0ewjWjetsyMeB4IN/Q1FAEGXK0S0urh1WQ 5O3rKwE0qoQ60aNEIHSFhSSAhgPmZ1AeXTClb9Fb3o8wc4i8T4uq7TrXJZhXKfpS0VXmMTuHArY CFyDd6bzVH8P6PstdrgrLTmOEvsQUEc7j+6COuw== X-Received: by 2002:a05:6214:230c:b0:56e:fef4:7ff2 with SMTP id gc12-20020a056214230c00b0056efef47ff2mr6696078qvb.28.1676606997410; Thu, 16 Feb 2023 20:09:57 -0800 (PST) X-Google-Smtp-Source: AK7set/lWGLNeF+mj97F03YPPVvjGzgj/qTs7hWPzYJb0rd4iKWQJqYgVcjSDeJu/tMecWukEvFpcw== X-Received: by 2002:a05:6214:230c:b0:56e:fef4:7ff2 with SMTP id gc12-20020a056214230c00b0056efef47ff2mr6696058qvb.28.1676606997157; Thu, 16 Feb 2023 20:09:57 -0800 (PST) Received: from mozz.bu.edu (mozz.bu.edu. [128.197.127.33]) by smtp.gmail.com with ESMTPSA id 145-20020a370897000000b007296805f607sm1911891qki.17.2023.02.16.20.09.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Feb 2023 20:09:56 -0800 (PST) From: Alexander Bulekov To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, Alexander Bulekov , Darren Kenny , Paolo Bonzini , Bandan Das , Stefan Hajnoczi , Thomas Huth , Qiuhao Li Subject: [PULL 10/10] docs/fuzz: remove mentions of fork-based fuzzing Date: Thu, 16 Feb 2023 23:08:55 -0500 Message-Id: <20230217040855.16873-11-alxndr@bu.edu> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230217040855.16873-1-alxndr@bu.edu> References: <20230217040855.16873-1-alxndr@bu.edu> MIME-Version: 1.0 X-CES-GSUITE_AUTH: bf3aNvsZpxl8 Received-SPF: pass client-ip=216.71.137.80; envelope-from=alxndr@bu.edu; helo=esa7.hc2706-39.iphmx.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.649, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- docs/devel/fuzzing.rst | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst index 715330c856..3bfcb33fc4 100644 --- a/docs/devel/fuzzing.rst +++ b/docs/devel/fuzzing.rst @@ -19,11 +19,6 @@ responsibility to ensure that state is reset between fuzzing-runs. Building the fuzzers -------------------- -*NOTE*: If possible, build a 32-bit binary. When forking, the 32-bit fuzzer is -much faster, since the page-map has a smaller size. This is due to the fact that -AddressSanitizer maps ~20TB of memory, as part of its detection. This results -in a large page-map, and a much slower ``fork()``. - To build the fuzzers, install a recent version of clang: Configure with (substitute the clang binaries with the version you installed). Here, enable-sanitizers, is optional but it allows us to reliably detect bugs @@ -296,10 +291,9 @@ input. It is also responsible for manually calling ``main_loop_wait`` to ensure that bottom halves are executed and any cleanup required before the next input. Since the same process is reused for many fuzzing runs, QEMU state needs to -be reset at the end of each run. There are currently two implemented -options for resetting state: +be reset at the end of each run. For example, this can be done by rebooting the +VM, after each run. -- Reboot the guest between runs. - *Pros*: Straightforward and fast for simple fuzz targets. - *Cons*: Depending on the device, does not reset all device state. If the @@ -308,15 +302,3 @@ options for resetting state: reboot. - *Example target*: ``i440fx-qtest-reboot-fuzz`` - -- Run each test case in a separate forked process and copy the coverage - information back to the parent. This is fairly similar to AFL's "deferred" - fork-server mode [3] - - - *Pros*: Relatively fast. Devices only need to be initialized once. No need to - do slow reboots or vmloads. - - - *Cons*: Not officially supported by libfuzzer. Does not work well for - devices that rely on dedicated threads. - - - *Example target*: ``virtio-net-fork-fuzz``