From: Matias Ezequiel Vara Larsen <mvaralar@redhat.com>
To: Anatol Belski <anbelski@linux.microsoft.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [RFC] virtio-villain: Guest fault injection for VMM robustness
Date: Fri, 10 Jul 2026 14:52:54 +0200 [thread overview]
Message-ID: <alDrJiFzJsf04RFT@fedora> (raw)
In-Reply-To: <98dd26094403c204c7c2f0270d96b9c75842c7d8.camel@linux.microsoft.com>
On Sat, Jul 04, 2026 at 03:37:21PM +0200, Anatol Belski wrote:
> Hi,
>
> I would like to share virtio-villain, a guest side fault injection
> harness for virtio device models. The repository is at
> https://github.com/weltling/virtio-villain
>
> Comments on the approach, the coverage so far, and test cases worth
> adding are all welcome. While the tool targets multiple hypervisors,
> QEMU support is active and has already surfaced a few initial bugs.
>
> Threat model. The harness operates under the hostile guest model. A
> malicious or buggy guest driver violates the virtio protocol on
> purpose. It targets the modern 1.2+ interface only. The test binary
> runs as init inside a minimal initramfs, bypasses the kernel virtio
> drivers with initcall_blacklist, walks the PCI capability list
> itself, programs the queues by hand, and asserts on the exact spec
> mandated values. Each test violates one driver MUST rule and checks
> that the host VMM process handles it gracefully without crashing,
> wedging, or corrupting state.
>
> Scope and status. The primary target so far is Cloud Hypervisor,
> which accounts for most of the findings to date. Testing focuses on
> the amd64 and aarch64 architectures. QEMU is supported as a PCI host
> and as the microvm MMIO host. Differential testing across VMMs,
> running the same suite and comparing outcomes, is the roadmap. This
> is a spec violation fault injection tool that surfaces unvalidated
> input handling rather than an exploit framework, so no CVEs have
> been issued.
>
Thanks for sharing it. I am also interesting on finding violations of
the virtio specification. I presented something two years ago in LPC
(see https://lpc.events/event/18/contributions/1897/). As a result of
that work, we worked adding kani proofs in rust-vmm devices. The
validation of the spec is coded in RUST and by using kani we verify that
the implemented devices follows the specification. For some
requirements, we were able to prove that the device is conform. The
proofs are written together with the implementation of the device like
tests.
> What is already covered. There are two transports, modern virtio PCI
> and virtio MMIO via the QEMU microvm machine type. A dozen device
> categories are present. They include net, block with zoned support,
> console, entropy, balloon, vsock, virtio-fs, IOMMU, virtio-mem,
> virtio-pmem, RTC, and watchdog, plus the admin queue and the split
> and packed virtqueue layers. Test cases derive from the virtio spec
> normative text, each tied to a specific section.
>
> Beyond the static suite there are two extra layers.
>
> - Host coordinated sidecars. A test can ship a small Python file
> that drives the host, for example pause, snapshot, hot plug, or
> config change, while the guest makes a precise assertion the
> kernel driver cannot make. As an example, snapshot the VM while
> the guest sits between two block reads, then assert the used
> ring drains deterministically on resume.
>
> - A coverage guided mutation fuzzer. It encodes a descriptor chain
> into a 4096 byte blob, patches it into a fuzz guest, boots the
> VMM, and classifies the result. With a coverage instrumented
> build it feeds new edges back into the corpus. Crashes are
> grouped by error class for triage.
>
> Impact. Many findings have led to substantial improvements in
> virtio spec compliance and stability in Cloud Hypervisor, from
Feel free to file patches to the virtio specification in cases you think
the spec is too permissive.
> input validation gaps to a config read that could take down a VM
> on aarch64. In QEMU the harness has surfaced a few guest triggered
At some point, I wanted to add some checks in QEMU to inform user when
guest violates the spec. That would help to catch some issues with less
testing. For example, two years ago the virtio-sound driver was silently
violating the spec by writing the content of the buffers that were
already in the available ring.
> hangs and a double completion. The repository README lists the
> details with PR links and the test ID for each.
>
> Thanks for reading.
>
> Anatol Belski
>
next prev parent reply other threads:[~2026-07-10 12:54 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-04 13:37 [RFC] virtio-villain: Guest fault injection for VMM robustness Anatol Belski
2026-07-06 8:29 ` Daniel P. Berrangé
2026-07-06 19:22 ` Anatol Belski
2026-07-07 10:39 ` Daniel P. Berrangé
2026-07-07 21:09 ` Anatol Belski
2026-07-08 8:09 ` Daniel P. Berrangé
2026-07-08 18:25 ` Anatol Belski
2026-07-09 7:17 ` Daniel P. Berrangé
2026-07-09 10:02 ` Anatol Belski
2026-07-10 12:52 ` Matias Ezequiel Vara Larsen [this message]
2026-07-10 22:27 ` Anatol Belski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alDrJiFzJsf04RFT@fedora \
--to=mvaralar@redhat.com \
--cc=anbelski@linux.microsoft.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.