All of lore.kernel.org
 help / color / mirror / Atom feed
* [RFC] virtio-villain: Guest fault injection for VMM robustness
@ 2026-07-04 13:37 Anatol Belski
  2026-07-06  8:29 ` Daniel P. Berrangé
  2026-07-10 12:52 ` Matias Ezequiel Vara Larsen
  0 siblings, 2 replies; 11+ messages in thread
From: Anatol Belski @ 2026-07-04 13:37 UTC (permalink / raw)
  To: qemu-devel

Hi,

I would like to share virtio-villain, a guest side fault injection
harness for virtio device models. The repository is at
https://github.com/weltling/virtio-villain

Comments on the approach, the coverage so far, and test cases worth
adding are all welcome. While the tool targets multiple hypervisors,
QEMU support is active and has already surfaced a few initial bugs.

Threat model. The harness operates under the hostile guest model. A
malicious or buggy guest driver violates the virtio protocol on
purpose. It targets the modern 1.2+ interface only. The test binary
runs as init inside a minimal initramfs, bypasses the kernel virtio
drivers with initcall_blacklist, walks the PCI capability list
itself, programs the queues by hand, and asserts on the exact spec
mandated values. Each test violates one driver MUST rule and checks
that the host VMM process handles it gracefully without crashing,
wedging, or corrupting state.

Scope and status. The primary target so far is Cloud Hypervisor,
which accounts for most of the findings to date. Testing focuses on
the amd64 and aarch64 architectures. QEMU is supported as a PCI host
and as the microvm MMIO host. Differential testing across VMMs,
running the same suite and comparing outcomes, is the roadmap. This
is a spec violation fault injection tool that surfaces unvalidated
input handling rather than an exploit framework, so no CVEs have
been issued.

What is already covered. There are two transports, modern virtio PCI
and virtio MMIO via the QEMU microvm machine type. A dozen device
categories are present. They include net, block with zoned support,
console, entropy, balloon, vsock, virtio-fs, IOMMU, virtio-mem,
virtio-pmem, RTC, and watchdog, plus the admin queue and the split
and packed virtqueue layers. Test cases derive from the virtio spec
normative text, each tied to a specific section.

Beyond the static suite there are two extra layers.

  - Host coordinated sidecars. A test can ship a small Python file
    that drives the host, for example pause, snapshot, hot plug, or
    config change, while the guest makes a precise assertion the
    kernel driver cannot make. As an example, snapshot the VM while
    the guest sits between two block reads, then assert the used
    ring drains deterministically on resume.

  - A coverage guided mutation fuzzer. It encodes a descriptor chain
    into a 4096 byte blob, patches it into a fuzz guest, boots the
    VMM, and classifies the result. With a coverage instrumented
    build it feeds new edges back into the corpus. Crashes are
    grouped by error class for triage.

Impact. Many findings have led to substantial improvements in
virtio spec compliance and stability in Cloud Hypervisor, from
input validation gaps to a config read that could take down a VM
on aarch64. In QEMU the harness has surfaced a few guest triggered
hangs and a double completion. The repository README lists the
details with PR links and the test ID for each.

Thanks for reading.

Anatol Belski


^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2026-07-10 22:27 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-04 13:37 [RFC] virtio-villain: Guest fault injection for VMM robustness Anatol Belski
2026-07-06  8:29 ` Daniel P. Berrangé
2026-07-06 19:22   ` Anatol Belski
2026-07-07 10:39     ` Daniel P. Berrangé
2026-07-07 21:09       ` Anatol Belski
2026-07-08  8:09         ` Daniel P. Berrangé
2026-07-08 18:25           ` Anatol Belski
2026-07-09  7:17             ` Daniel P. Berrangé
2026-07-09 10:02               ` Anatol Belski
2026-07-10 12:52 ` Matias Ezequiel Vara Larsen
2026-07-10 22:27   ` Anatol Belski

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.