Xen project Mailing List

Re: [PATCH v3 1/2] Add libfuzzer target to fuzz/x86_instruction_emulator

From: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>

Date: Mon, 22 Jul 2024 10:07:09 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=tklengyel.com; spf=pass smtp.mailfrom=tamas@xxxxxxxxxxxxx; dmarc=pass header.from=<tamas@xxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1721657268; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=ymsslw8WPnqgAd6UT7sCqI7SIkucw0cEeB7ugUBdApM=; b=ApCQno5vcmivAfiD8sXhX4RfzcL77EKkdRU+dz20bAVpSQxP1/ImOxGFvATsXhOz3JJNKPtjXV62CmBg3uX9OHArGlePjGzoavjntiUMYkUN3+T3mMVNcPG9bH/e8fSKTFH7rlS198rNwXVV2Mkul9L5TWzA3guV45yNdy0kwDI=

Arc-seal: i=1; a=rsa-sha256; t=1721657268; cv=none; d=zohomail.com; s=zohoarc; b=IIQiai6P+HMuKKVR5AX/C7TCtd1fASVSNLcUxZft5sh2BR5k9Kylg1o/682zwDjDBm3aBv6KH6bjLj/hx2AUAj5eZDTW2wUz1j5njPOoaa6pUvUdrhiTnIvfL77r2CNKmG9wuxw1dgWIUBhpHyz72zD5gvi9J4hyKvZuhU36Y+Y=

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Anthony PERARD <anthony@xxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 22 Jul 2024 14:07:57 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Jul 22, 2024 at 9:57 AM Jan Beulich <jbeulich@xxxxxxxx> wrote: > > On 22.07.2024 15:51, Tamas K Lengyel wrote: > > On Mon, Jul 22, 2024 at 8:24 AM Jan Beulich <jbeulich@xxxxxxxx> wrote: > >> > >> On 22.07.2024 13:27, Tamas K Lengyel wrote: > >>> This target enables integration into oss-fuzz. Changing invalid input > >>> return > >>> to -1 as values other then 0/-1 are reserved by libfuzzer. Also adding the > >>> missing __wrap_vsnprintf wrapper which is required for successful oss-fuzz > >>> build. > >>> > >>> Signed-off-by: Tamas K Lengyel <tamas@xxxxxxxxxxxxx> > >>> --- > >>> v3: don't include libfuzzer-harness in target 'all' as it requires > >>> specific cc > >> > >> With this, how is it going to be built at all? Only by invoking the special > >> target "manually" as it seems? Which sets this up for easy bit-rotting. I > >> wonder what others think here ... > > > > Yes, by calling make with the specific target. It's not going to > > bitrot because oss-fuzz will pick up any regression on a daily basis > > to this target. I assume you would be interested in receiving the > > fuzzing reports so it would show as a build failure in case something > > broke it. > > Please forgive my lack of knowledge here, but which part of whose > infrastructure would pick up stuff in a daily basis, and what fuzzing > reports (I've never seen any, daily or not) are you talking about? > For now it feels to me as if you're talking of what's possible down > the road, not what's going to happen from the moment this patch was > committed in a 2nd try. If so, the gap between both points in time > may be significant, and hence my bit-rotting concern would still > apply. Once these two patches are merged to Xen I'll send my PR to oss-fuzz to have it pull Xen daily and build this fuzzer and run it on their infrastructure. It usually takes them less than 24 hours to respond to PRs, I have added multiple projects there already so the "lag" you worry about it's not something to worry about. Having these two patches upstream in Xen is not required by the way, I could just send these to be upstream to oss-fuzz and have them apply them after it pulling the xen git repo but it gives more flexibility to you guys to add additional fuzzers in the future more easily if these are in your repository because you don't even have to touch oss-fuzz afterwards. If you need to learn more about what oss-fuzz is and how it operates they have a quite nice documentation. Tamas

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.