[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH fuzzer v1] Added the --ignore-sigill option for AFL fuzzing

To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Sam Caccavale <samcacc@xxxxxxxxx>
Date: Thu, 18 Apr 2019 17:02:38 +0200
Cc: Sam Caccavale <samcacc@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Martin Mazein <amazein@xxxxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>, Norbert Manthey <nmanthey@xxxxxxxxx>
Delivery-date: Thu, 18 Apr 2019 15:07:42 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

As of now, the x86_instruction_emulator will execute opcodes
belonging to CPU extensions that the host may not have.
Specifying --ignore-sigill when running afl-harness will ignore
all SIG_ILL including those generated by the above issue.
---
 .../fuzz/x86_instruction_emulator/afl-harness.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/tools/fuzz/x86_instruction_emulator/afl-harness.c 
b/tools/fuzz/x86_instruction_emulator/afl-harness.c
--- a/tools/fuzz/x86_instruction_emulator/afl-harness.c
+++ b/tools/fuzz/x86_instruction_emulator/afl-harness.c
@@ -1,4 +1,5 @@
 #include <assert.h>
+#include <signal.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -8,11 +9,17 @@
 
 static uint8_t input[INPUT_SIZE];
 
+void SIGILL_handler(int signo) {
+    printf("Exiting due to executing an unsupported opcdode.\n");
+    exit(0);
+}
+
 int main(int argc, char **argv)
 {
     size_t size;
     FILE *fp = NULL;
     int max, count;
+    struct sigaction sa, osa;
 
     setbuf(stdin, NULL);
     setbuf(stdout, NULL);
@@ -20,9 +27,11 @@ int main(int argc, char **argv)
     while ( 1 )
     {
         enum {
+            IGNORE_SIGILL,
             OPT_MIN_SIZE,
         };
         static const struct option lopts[] = {
+            { "ignore-sigill", no_argument, NULL, IGNORE_SIGILL },
             { "min-input-size", no_argument, NULL, OPT_MIN_SIZE },
             { 0, 0, 0, 0 }
         };
@@ -33,13 +42,19 @@ int main(int argc, char **argv)
 
         switch ( c )
         {
+        case IGNORE_SIGILL:
+            sa.sa_flags = 0;
+            sa.sa_handler = SIGILL_handler;
+            sigaction(SIGILL, &sa, &osa);
+            break;
+
         case OPT_MIN_SIZE:
             printf("%u\n", fuzz_minimal_input_size());
             exit(0);
             break;
 
         case '?':
-            printf("Usage: %s $FILE [$FILE...] | [--min-input-size]\n", 
argv[0]);
+            printf("Usage: %s $FILE [$FILE...] [--ignore-sigill] | 
[--min-input-size]\n", argv[0]);
             exit(-1);
             break;
 
-- 
2.17.1




Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich
Ust-ID: DE 289 237 879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH fuzzer v1] Added the --ignore-sigill option for AFL fuzzing
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [xen-unstable-smoke test] 134952: regressions - FAIL
Next by Date: Re: [Xen-devel] [PATCH for-next 8/9] xen: Introduce HAS_M2P config and use to protect mfn_to_gmfn call
Previous by thread: [Xen-devel] [xen-unstable-smoke test] 134952: regressions - FAIL
Next by thread: Re: [Xen-devel] [PATCH fuzzer v1] Added the --ignore-sigill option for AFL fuzzing
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.