[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH] xen: add libafl-qemu fuzzer support

  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Mon, 25 Nov 2024 23:23:23 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=J+ypn+xtdaSRVSPn1xCrFQb32fWsefaxuIODkRrFmWc=; b=MszWDG1UaIIVw2SpidNGn+BDVW0OCjO3d+0ukuaFczQAd0lqY4dnJGAEDrT+KClOTnr7qypNaFqYqf384TBkvJlc5A9RiVA3HUrI1526pHLWVsxbrU5+rQZa652EHk/HxouI+Luuq9uM0d1rRpO2g7OoRMcRfkTI5+rmqOmGFioj+4kssQQao/O6Gi4qJcCx17rx0HIT3zq91UvyYMVHrJetwlgUM7Y4gDXn6VUxO8czeL5pAb+O+o61pZ3pwn+9tW9TF6k7KiVXNboIq+zsgPYFmL0DdYL7qE+8pgXS0ry64HgyRD3bHIvcyFtDYuvV2a2K0ZHUO7uo3ZTV6awXCw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JIR68V+R56z1PyadVHUJTtemopaB/G9WQwUednhbwRIgYKkkDUfAELUbTfEoOXRPx//ZrTR+d2Cn3BzfrwK6lI27EyDIAXRtSKln4I8J3NZn1jISZA2Y4qDWXlNhvgHa+DbwfjKHSm3KMdoskMjXCSnADui6fmQTDmQfGWLeDyhGGVyZ5DlNymJOeoMdnsFxiWveRgEVIOEMXA9Hmeq/poqO1a9oISYPBRr1zdhvrWO+b+nlh5dD9icfi2qul+j1hA/gEWmmnCY1bi09rQv8yBPsWdG7hBvwcVTz4IeQvRJyk8m3o6OjE8LR98BbReRYJGEuAmBilhkb/iE4bp/JWw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, George Dunlap <gwd@xxxxxxxxxxxxxx>
  • Delivery-date: Mon, 25 Nov 2024 23:23:50 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHbNucXRmUX3Y7lRUGcS7d55ZSXhw==
  • Thread-topic: [RFC PATCH] xen: add libafl-qemu fuzzer support
Hello Stefano,

Stefano Stabellini <sstabellini@xxxxxxxxxx> writes:

> On Thu, 21 Nov 2024, Volodymyr Babchuk wrote:
>> Hi Stefano,
>>
>> Stefano Stabellini <sstabellini@xxxxxxxxxx> writes:
>>
>> > On Wed, 20 Nov 2024, Volodymyr Babchuk wrote:
>> >> Hi Stefano,
>> >>
>> >> (sorry, hit wrong Reply-To option, re-sending for wider audience)
>> >>
>> >> Stefano Stabellini <sstabellini@xxxxxxxxxx> writes:
>> >>
>> >> > On Tue, 19 Nov 2024, Volodymyr Babchuk wrote:
>> >> >> Hi Stefano,
>> >> >>
>> >> >> Stefano Stabellini <sstabellini@xxxxxxxxxx> writes:
>> >> >>
>>
>> [...]
>>
>> >> >>
>> >> >> I was considering this as well. Problem is that fuzzing should be
>> >> >> running for a prolonged periods of time. There is no clear consensus on
>> >> >> "how long", but most widely accepted time period is 24 hours. So looks
>> >> >> like it should be something like "nightly build" task. Fuzzer code
>> >> >> needs to be extended to support some runtime restriction, because right
>> >> >> now it runs indefinitely, until user stops it.
>> >> >
>> >> > We can let it run for 48 hours continuously every weekend using the
>> >> > Gitlab runners
>> >>
>> >> Great idea. Anyways, I need to add option to limit runtime to the fuzzer
>> >> and invent some method for reporting discovered crashes to the CI first.
>> >>
>> >> >
>> >> >> I am certainly going to implement this, but this is a separate topic,
>> >> >> because it quires changes in the fuzzer app. Speaking on which... Right
>> >> >> now both fuzzer and test harness reside in our github repo, as you
>> >> >> noticed. I believe it is better to host it on xenbits as an official
>> >> >> part of the Xen Project.
>> >> >
>> >> > Yes we can create repos under gitlab.com/xen-project for this, maybe a
>> >> > new subgroup gitlab.com/xen-project/fuzzer
>> >>
>> >> Good. Whom should I ask to do this?
>> >
>> > I created gitlab.com/xen-project/fuzzer as an empty group. What
>> > repositories do you need under it?
>>
>> Right now it is only the fuzzer itself
>> (https://github.com/xen-troops/xen-fuzzer-rs). If
>> we are going to use
>> XTF then we don't need additional repo for the the harness.
>
> Please see:
> https://gitlab.com/xen-project/fuzzer/xen-fuzzer

Thank you!

> Before pushing the master of
> https://github.com/xen-troops/xen-fuzzer-rs
> to
> https://gitlab.com/xen-project/fuzzer/xen-fuzzer,
> we need to make
> sure that an appropriate Open Source license is clearly specified for
> the project either with a top level COPYING file, or with an SPDX tag on
> top of each source file, or both. MIT is a good candidate as LibAFL is
> dual licensed as MIT.

Sure. I added COPYING with MIT license.

--
WBR, Volodymyr

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.