Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

From:	Paolo Bonzini
Subject:	Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support
Date:	Fri, 11 Jan 2019 21:27:26 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1

On 11/01/19 20:09, Jonathan Metzman wrote:
> Could you clarify what you think the relationship between the qtest
> process, QEMU, and afl-fuzz will look like when fuzzing?
> 
> Is it something like this:
> 1. afl-fuzz mutates a buffer, starts a qtest process, and gives the
> qtest process the mutated buffer.
> 2. The qtest process starts a QEMU process and interacts with QEMU
> process based on the buffer AFL gave it (qtest).
> 3. goto 1
> 
> I don't think this works (under normal circumstances). AFL will think it
> is fuzzing qtest and will not learn about coverage or crashes from qsym.
> There probably are ways to get this working, but I just want to make
> sure I understand.

It should be possible to turn the qtest process into a test
postprocessor, and remove the second process.  It's much harder to
remove the QEMU process as well and turn it into a TestOneInput function.

Paolo

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, (continued)
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Bandan Das, 2019/01/10
  - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Dmitry Vyukov, 2019/01/10
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Max Moroz, 2019/01/10
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/10
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Stefan Hajnoczi, 2019/01/11
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Max Moroz, 2019/01/11
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/11
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Max Moroz, 2019/01/11
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/11
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Jonathan Metzman, 2019/01/11
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini <=
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Jonathan Metzman, 2019/01/11
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Stefan Hajnoczi, 2019/01/14
    - Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Bandan Das, 2019/01/18
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Dmitry Vyukov, 2019/01/10

Prev by Date: Re: [Qemu-devel] [PATCH] xen: Fix event channel interface for XenDevice-s
Next by Date: Re: [Qemu-devel] [PATCH] target/xtensa: rework zero overhead loops implementation
Previous by thread: Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support
Next by thread: Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support
Index(es):
- Date
- Thread