On Thu, Nov 7, 2019 at 2:44 PM Jason Wang <jasow...@redhat.com> wrote: > On 2019/10/30 下午10:50, Oleinik, Alexander wrote: > > From: Alexander Oleinik <alx...@bu.edu> > > > > The virtio-net fuzz target feeds inputs to all three virtio-net > > virtqueues, and uses forking to avoid leaking state between fuzz runs. > > > > Signed-off-by: Alexander Oleinik <alx...@bu.edu> > > > Can this fuzz vhost-net or vhost-user (I only see socket backend)? If > it's not too hard, it would be even more interesting.
Fuzzing vhost devices would be awesome but this patch series does not do that. libfuzzer uses coverage-guided fuzzing. It needs to instrument the code. vhost kernel modules or external vhost-user processes aren't instrumented so the fuzzing engine has no code instrumentation feedback. It should be possible to solve those problems eventually. You could also run it as-is, but the fuzzer wouldn't make intelligent decisions about mutating input data to explore new code paths in vhost kernel modules. Stefan
