Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

[Ccing Nitesh] Stefan Hajnoczi writes: > On Fri, Jan 11, 2019 at 05:16:40PM +0100, Paolo Bonzini wrote: >> On 11/01/19 16:41, Max Moroz wrote: >> > On Fri, Jan 11, 2019 at 7:34 AM Paolo Bonzini > > > wrote: >> > >> > On 11/01/19 16:04, Max Moroz wrote: >> > >

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

On Fri, Jan 11, 2019 at 05:16:40PM +0100, Paolo Bonzini wrote: > On 11/01/19 16:41, Max Moroz wrote: > > On Fri, Jan 11, 2019 at 7:34 AM Paolo Bonzini > > wrote: > > > > On 11/01/19 16:04, Max Moroz wrote: > > > We usually have a single fuzzing process, it

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

>It should be possible to turn the qtest process into a test postprocessor, OSS-Fuzz doesn't support AFL's preprocessors, but adding support shouldn't be hard. >It's much harder to remove the QEMU process as well and turn it into a TestOneInput function. Got it. I am not familiar with

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

Could you clarify what you think the relationship between the qtest process, QEMU, and afl-fuzz will look like when fuzzing? Is it something like this: 1. afl-fuzz mutates a buffer, starts a qtest process, and gives the qtest process the mutated buffer. 2. The qtest process starts a QEMU process

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

On 11/01/19 20:09, Jonathan Metzman wrote: > Could you clarify what you think the relationship between the qtest > process, QEMU, and afl-fuzz will look like when fuzzing? > > Is it something like this: > 1. afl-fuzz mutates a buffer, starts a qtest process, and gives the > qtest process the

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

On 11/01/19 16:41, Max Moroz wrote: > > > On Fri, Jan 11, 2019 at 7:34 AM Paolo Bonzini > wrote: > > On 11/01/19 16:04, Max Moroz wrote: > > We usually have a single fuzzing process, it starts with a fuzzing > > engine's main function and is calling 

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

On Fri, Jan 11, 2019 at 7:34 AM Paolo Bonzini wrote: > On 11/01/19 16:04, Max Moroz wrote: > > We usually have a single fuzzing process, it starts with a fuzzing > > engine's main function and is calling LLVMFuzzerTestOneInput with > > various inputs and keep mutating them based on the coverage

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

On 11/01/19 16:04, Max Moroz wrote: > We usually have a single fuzzing process, it starts with a fuzzing > engine's main function and is calling LLVMFuzzerTestOneInput with > various inputs and keep mutating them based on the coverage feedback. > Running a second process which you don't care too

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

Paolo, thanks for clarifying, that makes total sense! I'd suggest not focusing on AFL, but go for a libFuzzer-based fuzz target (i.e. write LLVMFuzzerTestOneInput function), in that case you'll get both libFuzzer and AFL engines pluggable to that fuzz target. OSS-Fuzz runs both. On Thu, Jan 10,

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

On Thu, Jan 10, 2019 at 11:25 PM Paolo Bonzini wrote: > On 10/01/19 17:07, Max Moroz via Qemu-devel wrote: > > +Oliver and Jonathan > > > > I'm a little confused. Do you want to fuzz QEMU or to fuzz something else > > using QEMU? In case of the latter, there was some discussion on OSS-Fuzz > >

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

On 10/01/19 17:07, Max Moroz via Qemu-devel wrote: > +Oliver and Jonathan > > I'm a little confused. Do you want to fuzz QEMU or to fuzz something else > using QEMU? In case of the latter, there was some discussion on OSS-Fuzz > and (I think) even a build support was (sort of) added: >

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

+Oliver and Jonathan I'm a little confused. Do you want to fuzz QEMU or to fuzz something else using QEMU? In case of the latter, there was some discussion on OSS-Fuzz and (I think) even a build support was (sort of) added: https://github.com/google/oss-fuzz/issues/1754 In any case, it would

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

On Wed, Jan 9, 2019 at 6:34 PM Stefan Hajnoczi wrote: > > Hi folks, > I'd like to start fuzzing emulated devices in QEMU. Here is an > internship project idea I'm proposing to do this. > > Any thoughts? Want to co-mentor this in Google Summer of Code or Outreachy? > > Stefan > > '''Summary:'''

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

On Thu, Jan 10, 2019 at 2:40 PM Bandan Das wrote: > > Hi Stefan, > > Stefan Hajnoczi writes: > > > Hi folks, > > I'd like to start fuzzing emulated devices in QEMU. Here is an > > internship project idea I'm proposing to do this. > > > > Any thoughts? Want to co-mentor this in Google Summer of

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

Hi Stefan, Stefan Hajnoczi writes: > Hi folks, > I'd like to start fuzzing emulated devices in QEMU. Here is an > internship project idea I'm proposing to do this. > > Any thoughts? Want to co-mentor this in Google Summer of Code or Outreachy? > > Stefan > > '''Summary:''' Integrate oss-fuzz

[Qemu-devel] Internship idea: virtio-blk oss-fuzz support

Hi folks, I'd like to start fuzzing emulated devices in QEMU. Here is an internship project idea I'm proposing to do this. Any thoughts? Want to co-mentor this in Google Summer of Code or Outreachy? Stefan '''Summary:''' Integrate oss-fuzz into QEMU so that the virtio-blk device can be fuzz