[PATCH] fuzz: Add support for custom fuzzing library

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] fuzz: Add support for custom fuzzing library

From:	Alexander Bulekov
Subject:	[PATCH] fuzz: Add support for custom fuzzing library
Date:	Tue, 1 Sep 2020 14:18:00 -0400

---
 configure                    | 12 ++++++++++--
 meson.build                  |  6 +++++-
 tests/qtest/fuzz/meson.build |  5 ++---
 3 files changed, 17 insertions(+), 6 deletions(-)


Hi Paolo,
Here I'm trying to specify the linker-script with
add_project_link_arguments. How I'm testing this:

$ CC=clang-10 CXX=clang++-10 ../configure --enable-fuzzing
$ make V=1 "-j$(nproc)" qemu-fuzz-i386

clang++-10  -o qemu-fuzz-i386 
qemu-fuzz-i386.p/tests_qtest_fuzz_qtest_wrappers.c.o \
... libblock.fa chardev/libchardev.fa \
-Wl,--start-group tests/qtest/libqos/libqos.a -Wl,--no-whole-archive \
-Wl,-T,/home/alxndr/Development/qemu/tests/qtest/fuzz/fork_fuzz.ld \
... \
-Wl,-rpath-link,/home/alxndr/Development/qemu/build/ -lstdc++ -Wl,--end-group

Maybe if I can get the oss-fuzz LIB_FUZZING_ENGINE
(/usr/lib/libFuzzingEngine.a) into the --start-group, that could also
solve the issue... I'll take another look at exactly what the oss-fuzz
build container does.

-Alex

diff --git a/configure b/configure
index 6ecaff429b..d31b91850c 100755
--- a/configure
+++ b/configure
@@ -6165,7 +6165,7 @@ fi
 
 ##########################################
 # checks for fuzzer
-if test "$fuzzing" = "yes" ; then
+if test "$fuzzing" = "yes" && test -z "${LIB_FUZZING_ENGINE+xxx}"; then
   write_c_fuzzer_skeleton
   if compile_prog "$CPU_CFLAGS -Werror -fsanitize=fuzzer" ""; then
     have_fuzzer=yes
@@ -7505,7 +7505,14 @@ if test "$have_mlockall" = "yes" ; then
   echo "HAVE_MLOCKALL=y" >> $config_host_mak
 fi
 if test "$fuzzing" = "yes" ; then
-  QEMU_CFLAGS="$QEMU_CFLAGS -fsanitize=fuzzer-no-link"
+  # If LIB_FUZZING_ENGINE is set, assume we are running on OSS-Fuzz, and the
+  # needed CFLAGS have already been provided
+  if test -z "${LIB_FUZZING_ENGINE+xxx}" ; then
+    QEMU_CFLAGS="$QEMU_CFLAGS -fsanitize=fuzzer-no-link"
+    FUZZ_LINK_COMMAND="-fsanitize=fuzzer"
+  else
+    FUZZ_LINK_COMMAND="$LIB_FUZZING_ENGINE"
+  fi
 fi
 
 if test "$plugins" = "yes" ; then
@@ -7619,6 +7626,7 @@ if test "$libudev" != "no"; then
 fi
 if test "$fuzzing" != "no"; then
     echo "CONFIG_FUZZ=y" >> $config_host_mak
+    echo "FUZZ_LINK_COMMAND=$FUZZ_LINK_COMMAND" >> $config_host_mak
 fi
 
 if test "$edk2_blobs" = "yes" ; then
diff --git a/meson.build b/meson.build
index 74f8ea0c2e..3a5205040f 100644
--- a/meson.build
+++ b/meson.build
@@ -35,11 +35,16 @@ add_project_arguments(config_host['QEMU_CFLAGS'].split(),
                       native: false, language: ['c', 'objc'])
 add_project_arguments(config_host['QEMU_CXXFLAGS'].split(),
                       native: false, language: 'cpp')
+if 'CONFIG_FUZZ' in config_host
+   add_project_link_arguments(['-Wl,-T,' + (meson.current_source_dir() / 
'tests/qtest/fuzz/fork_fuzz.ld')],
+   native: false, language: ['c', 'cpp', 'objc'])
+endif
 add_project_link_arguments(config_host['QEMU_LDFLAGS'].split(),
                            native: false, language: ['c', 'cpp', 'objc'])
 add_project_arguments(config_host['QEMU_INCLUDES'].split(),
                       language: ['c', 'cpp', 'objc'])
 
+
 python = import('python').find_installation()
 
 link_language = meson.get_external_property('link_language', 'cpp')
@@ -1019,7 +1024,6 @@ foreach target : target_dirs
         'gui': false,
         'sources': specific_fuzz.sources(),
         'dependencies': specific_fuzz.dependencies(),
-        'link_depends': [files('tests/qtest/fuzz/fork_fuzz.ld')],
       }]
     endif
   else
diff --git a/tests/qtest/fuzz/meson.build b/tests/qtest/fuzz/meson.build
index bb0a3f271d..c0accc8af9 100644
--- a/tests/qtest/fuzz/meson.build
+++ b/tests/qtest/fuzz/meson.build
@@ -9,9 +9,8 @@ specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_SCSI', if_true: 
files('virtio_scsi_fuz
 # unfortunately declare_dependency does not support link_depends, so
 # this will be duplicated in meson.build
 fork_fuzz = declare_dependency(
-  link_args: ['-fsanitize=fuzzer',
-              '-Wl,-T,' + (meson.current_source_dir() / 'fork_fuzz.ld'),
-              '-Wl,-wrap,qtest_inb',
+  link_args: config_host['FUZZ_LINK_COMMAND'].split() +
+              ['-Wl,-wrap,qtest_inb',
               '-Wl,-wrap,qtest_inw',
               '-Wl,-wrap,qtest_inl',
               '-Wl,-wrap,qtest_outb',
-- 
2.28.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] fuzz: Add support for custom fuzzing library, Alexander Bulekov <=
- Re: [PATCH] fuzz: Add support for custom fuzzing library, Paolo Bonzini, 2020/09/01
- Re: [PATCH] fuzz: Add support for custom fuzzing library, Paolo Bonzini, 2020/09/01
- Re: [PATCH] fuzz: Add support for custom fuzzing library, no-reply, 2020/09/02
- Re: [PATCH] fuzz: Add support for custom fuzzing library, no-reply, 2020/09/02
- Re: [PATCH] fuzz: Add support for custom fuzzing library, no-reply, 2020/09/02

Prev by Date: [PATCH v3 4/4] net: Do not use legacy info_str for backends
Next by Date: [PATCH 4/7] hw/hppa: Inform SeaBIOS about fw_cfg port address
Previous by thread: [PATCH v3 0/4] Introducing QMP query-netdevs command
Next by thread: Re: [PATCH] fuzz: Add support for custom fuzzing library
Index(es):
- Date
- Thread