It is possible to use LibAFL with LibAFL-QEMU to fuzz different baremetal programs, including Xen hypervisor. This small series tries to add minimal (but extenable) support for fuzzing.
changes in v3: - Added patch with experimental CI integration - Severely reworked the main patch (see notes in the patch itself) Volodymyr Babchuk (2): xen: add libafl-qemu fuzzer support ci: enable fuzzing for arm64 automation/gitlab-ci/build.yaml | 11 ++++ automation/gitlab-ci/test.yaml | 34 ++++++++++ docs/hypervisor-guide/fuzzing.rst | 91 ++++++++++++++++++++++++++ xen/arch/arm/Kconfig.debug | 37 +++++++++++ xen/arch/arm/include/asm/libafl-qemu.h | 48 ++++++++++++++ xen/arch/arm/psci.c | 5 ++ xen/common/Makefile | 1 + xen/common/domain.c | 3 + xen/common/libafl-qemu.c | 80 ++++++++++++++++++++++ xen/common/sched/core.c | 6 ++ xen/common/shutdown.c | 3 + xen/drivers/char/console.c | 3 + xen/include/xen/fuzzer.h | 52 +++++++++++++++ xen/include/xen/libafl-qemu.h | 63 ++++++++++++++++++ 14 files changed, 437 insertions(+) create mode 100644 docs/hypervisor-guide/fuzzing.rst create mode 100644 xen/arch/arm/include/asm/libafl-qemu.h create mode 100644 xen/common/libafl-qemu.c create mode 100644 xen/include/xen/fuzzer.h create mode 100644 xen/include/xen/libafl-qemu.h -- 2.48.1
