[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RFC PATCH v3 2/2] ci: enable fuzzing for arm64

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Wed, 7 May 2025 09:53:59 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zrgxLnq+1M27/FdxfIrcQlXl+0orAj7TnE3PgbZ7Cq4=; b=N1qY03Z1XNIBfox+fcWYAUBd2cm+U1EBkRURnkiN/hf03n+X8O5HloaFj4kkKWyY9KlEx64vn4Ao7IqhfGrGpHE6X1r5VkER4IQeJAg+4yFdc6zBJuew6T+uGistWxuVvEUJizOSCWmA9Y9J6cyaFYVakKPebIvWbeyDC34GtSXGrK/9zzFEcsBcAQUiFOTm8U9Ff+Ms9yz3X7xcH1sdRP7KO1ZVgSJw793ryJBnQtlUAyxXieAmoXvS7OomHTVuZ7N+FJNl9C8glXmKce+L8N9MbbfYSMZa8HtZa6iocQv3esHoWch2MEqttWSg2MskWCkHK7DoTreIjd4Ua3gYWg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=k+TfH2WvxBU9zIjWbjHpwrysohK17VGiTwN4w8/vNFSqLe8g4cIBHVJqmYTP72rIZMhbJzFfAL9QlZdBMDn5O0eYCLBwOIxHHuHGYuQ9EDBIsgwuk3fUDwFvtyUtU/dRBwJ2PH8pG8fgiZcmg2om9nMI7txfVz4VMn3joUMvjkHE0FvA3xAJ0UmA315Z6OgPOhwELdPk+B39lTdWG04nqBNPjcpdWR4U+BAinIjRtmPmRcp0itbm7E0iG+fFYwyWGctDOADuJSkU0HI8hlud6ZE7+ydH1UFUx/1Mfo3UyCXKhkVSThPvU15WVuRz3cAdLYjU0/YaDo7AcROxfTD5Lw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Wed, 07 May 2025 09:54:18 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHbvzX0DP4RwWsFtkCwrnnT9nV/Vg==
  • Thread-topic: [RFC PATCH v3 2/2] ci: enable fuzzing for arm64
Add new alpine-based build that enables LibAFL-based fuzzer.

Use this new build to run two fuzzing sessions: hypercall fuzzing and
gicv2 fuzzing. Currently, this is all the fuzzing modes supported by
xen fuzzer. Every fuzzing session will run approximately 10 minutes.

Fuzzing session will provide fuzzer log and any crash input data as
artifacts. This crash data can be used later to replay the input to
reproduce the crash.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>

---

This patch is demonstration on how xen fuzzer can be integrated in
CI. With this setup, it can serve as smoke test, because 10 minute
fuzzing session is not enough. While there is no strict rule on now
long fuzzing session should run, most widely accepted time is 24
hours. This will require additional rules (weekly tests?) and separate
runners (probably).

Right now this patch uses docker container build by me that is hosted
on docker hub. Of course, in the final version, this container should
hosted together with other Xen CI containers.

Also, that container is built based on xen-fuzzer-rs project that is
also hosted on Xen-Troops GitHub repo, along with custom XTF
fork. These components also should be moved to gitlab/xen.
---
 automation/gitlab-ci/build.yaml | 11 +++++++++++
 automation/gitlab-ci/test.yaml  | 34 +++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
index ab5211f77e..6fc11fffe6 100644
--- a/automation/gitlab-ci/build.yaml
+++ b/automation/gitlab-ci/build.yaml
@@ -407,12 +407,23 @@ alpine-3.18-gcc-arm64:
     CONTAINER: alpine:3.18-arm64v8
 
 alpine-3.18-gcc-debug-arm64:
+  extends: .gcc-arm64-build-debug
+  variables:
+    CONTAINER: alpine:3.18-arm64v8
+    EXTRA_XEN_CONFIG: |
+      CONFIG_UBSAN=y
+      CONFIG_UBSAN_FATAL=
+
+alpine-3.18-gcc-fuzzing-arm64:
   extends: .gcc-arm64-build-debug
   variables:
     CONTAINER: alpine:3.18-arm64v8
     EXTRA_XEN_CONFIG: |
       CONFIG_UBSAN=y
       CONFIG_UBSAN_FATAL=y
+      CONFIG_FUZZING=y
+      CONFIG_FUZZER_LIBAFL_QEMU=y
+      CONFIG_FUZZER_PASS_BLOCKING=y
 
 alpine-3.18-gcc-arm64-randconfig:
   extends: .gcc-arm64-build
diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml
index a603d4039a..bb8670026f 100644
--- a/automation/gitlab-ci/test.yaml
+++ b/automation/gitlab-ci/test.yaml
@@ -197,6 +197,30 @@
   tags:
     - qubes-hw11
 
+.fuzzer-arm:
+  stage: test
+  image: xentroops/xen-fuzzer:v1
+  variables:
+    HARNESS: hypercall
+    FUZZING_TIME: 600
+  rules:
+  - if: $SELECTED_JOBS_ONLY && $CI_JOB_NAME =~ $SELECTED_JOBS_ONLY
+  - if: $SELECTED_JOBS_ONLY
+    when: never
+  - when: on_success
+  script:
+    - cd /root/
+    - ./xen_fuzzer -t ${FUZZING_TIME} run ${CI_PROJECT_DIR}/binaries/xen 
test-mmu64le-arm-${HARNESS}-fuzzer 2>&1 | tee 
${CI_PROJECT_DIR}/fuzzer-${HARNESS}.log
+  after_script:
+    - cd ${CI_PROJECT_DIR}
+    - mv /root/crashes .
+  artifacts:
+    paths:
+      - fuzzer-${HARNESS}.log
+      - crashes/
+  needs:
+    - alpine-3.18-gcc-fuzzing-arm64
+
 # Test jobs
 build-each-commit-gcc:
   extends: .test-jobs-common
@@ -704,3 +728,13 @@ qemu-smoke-ppc64le-powernv9-gcc:
     - ./automation/scripts/qemu-smoke-ppc64le.sh powernv9 2>&1 | tee ${LOGFILE}
   needs:
     - debian-12-ppc64le-gcc-debug
+
+arm-hypercall-fuzzer:
+  extends: .fuzzer-arm
+  variables:
+    HARNESS: hypercall
+
+arm-vgic-fuzzer:
+  extends: .fuzzer-arm
+  variables:
+    HARNESS: vgic
-- 
2.48.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.