Xen project Mailing List

[RFC PATCH v3 0/2] xen: add libalf fuzzing support

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Date: Wed, 7 May 2025 09:53:58 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ImhYg9dkirrA85PgTSSSHIR76WDXQMdG46XAZVEQQSk=; b=RylLK4KaYfKTn0cN7mZ2quujjEeZpY1d/tBgfhAH5UcBLqJjrRoYAwi1pm7teIYyj+5gGs/N7B8sNFzd2jcioZkymphrr/OPizXsMWvTqx+WouusEk7j9tR5EJKNSdjB7WeMCjSrdnElyKWNGaDl2jPSXzYo/p/vgSDszhJZ7Shu7wOYKzTAZ95V+z9Vc3zYQnzJtbCtvHpQkQtRrk0YsVq0gC7wMPqIZ1w4dKeycuhO8quPzhHmNMmx8cEf7YPz8ENWYinLZEx+IvDoc1gRCxZpjXV5eUc5SRikHqVi+GBL8ffVZEN/S28OIqwoWSCLT2mrGNnUIiuIbsrvQHu78A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LRZHv+kAANNHnWFXNPoDY6cS54+2/Kju7I+Oj8IxB13WC5sydsAdU1cpLv/r+YX+hztbZLHba0bEt9tNzvIIYDxczBGPf123zLVLyNU7K0+n1NPHSQMvnASavln490uX0jMb8YtdoiZIVboj7o4DN6Cpi2wkHHWFKApEyE5SKdLc1WsKT0Ss+0nBLk8l27jz9Q4r6nl/Ab540+G57L0Trmhv9T2ifUDmYJOqk1ulZGJvTomCCKydADQeeI9N2QT90KEWktSc174wpNfQfP0ZBIJ+/YTS7qzB0UUNdUB6WtigHJ3Ue3uAzEj4BoyZcOj1zgdMDRjyypDtwq5s7E5DpA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;

Cc: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, George Dunlap <gwd@xxxxxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>

Delivery-date: Wed, 07 May 2025 09:54:18 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHbvzXz/i9afaO75kKXSCRcBU5Yag==

Thread-topic: [RFC PATCH v3 0/2] xen: add libalf fuzzing support

It is possible to use LibAFL with LibAFL-QEMU to fuzz different baremetal programs, including Xen hypervisor. This small series tries to add minimal (but extenable) support for fuzzing. changes in v3: - Added patch with experimental CI integration - Severely reworked the main patch (see notes in the patch itself) Volodymyr Babchuk (2): xen: add libafl-qemu fuzzer support ci: enable fuzzing for arm64 automation/gitlab-ci/build.yaml | 11 ++++ automation/gitlab-ci/test.yaml | 34 ++++++++++ docs/hypervisor-guide/fuzzing.rst | 91 ++++++++++++++++++++++++++ xen/arch/arm/Kconfig.debug | 37 +++++++++++ xen/arch/arm/include/asm/libafl-qemu.h | 48 ++++++++++++++ xen/arch/arm/psci.c | 5 ++ xen/common/Makefile | 1 + xen/common/domain.c | 3 + xen/common/libafl-qemu.c | 80 ++++++++++++++++++++++ xen/common/sched/core.c | 6 ++ xen/common/shutdown.c | 3 + xen/drivers/char/console.c | 3 + xen/include/xen/fuzzer.h | 52 +++++++++++++++ xen/include/xen/libafl-qemu.h | 63 ++++++++++++++++++ 14 files changed, 437 insertions(+) create mode 100644 docs/hypervisor-guide/fuzzing.rst create mode 100644 xen/arch/arm/include/asm/libafl-qemu.h create mode 100644 xen/common/libafl-qemu.c create mode 100644 xen/include/xen/fuzzer.h create mode 100644 xen/include/xen/libafl-qemu.h -- 2.48.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.