* [PATCH 0/2] Small fuzzer-related changes @ 2021-01-17 20:10 Alexander Bulekov 2021-01-17 20:10 ` [PATCH 1/2] docs/fuzz: fix pre-meson path Alexander Bulekov 2021-01-17 20:10 ` [PATCH 2/2] fuzz: log the arguments used to initialize QEMU Alexander Bulekov 0 siblings, 2 replies; 9+ messages in thread From: Alexander Bulekov @ 2021-01-17 20:10 UTC (permalink / raw) To: qemu-devel; +Cc: Alexander Bulekov Fix outdated paths in documentation and log some useful information. Alexander Bulekov (2): docs/fuzz: fix pre-meson path fuzz: log the arguments used to initialize QEMU docs/devel/fuzzing.rst | 5 ++--- tests/qtest/fuzz/fuzz.c | 11 ++++++++++- 2 files changed, 12 insertions(+), 4 deletions(-) -- 2.28.0 ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 1/2] docs/fuzz: fix pre-meson path 2021-01-17 20:10 [PATCH 0/2] Small fuzzer-related changes Alexander Bulekov @ 2021-01-17 20:10 ` Alexander Bulekov 2021-01-18 7:50 ` Thomas Huth 2021-01-17 20:10 ` [PATCH 2/2] fuzz: log the arguments used to initialize QEMU Alexander Bulekov 1 sibling, 1 reply; 9+ messages in thread From: Alexander Bulekov @ 2021-01-17 20:10 UTC (permalink / raw) To: qemu-devel Cc: Alexander Bulekov, Bandan Das, Thomas Huth, Stefan Hajnoczi, Paolo Bonzini Signed-off-by: Alexander Bulekov <alxndr@bu.edu> --- docs/devel/fuzzing.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst index 8792358854..b9bb07988b 100644 --- a/docs/devel/fuzzing.rst +++ b/docs/devel/fuzzing.rst @@ -119,7 +119,7 @@ Adding a new fuzzer Coverage over virtual devices can be improved by adding additional fuzzers. Fuzzers are kept in ``tests/qtest/fuzz/`` and should be added to -``tests/qtest/fuzz/Makefile.include`` +``tests/qtest/fuzz/meson.build`` Fuzzers can rely on both qtest and libqos to communicate with virtual devices. @@ -128,8 +128,7 @@ Fuzzers can rely on both qtest and libqos to communicate with virtual devices. 2. Write the fuzzing code using the libqtest/libqos API. See existing fuzzers for reference. -3. Register the fuzzer in ``tests/fuzz/Makefile.include`` by appending the - corresponding object to fuzz-obj-y +3. Add the fuzzer to ``tests/qtest/fuzz/meson.build``. Fuzzers can be more-or-less thought of as special qtest programs which can modify the qtest commands and/or qtest command arguments based on inputs -- 2.28.0 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] docs/fuzz: fix pre-meson path 2021-01-17 20:10 ` [PATCH 1/2] docs/fuzz: fix pre-meson path Alexander Bulekov @ 2021-01-18 7:50 ` Thomas Huth 0 siblings, 0 replies; 9+ messages in thread From: Thomas Huth @ 2021-01-18 7:50 UTC (permalink / raw) To: Alexander Bulekov, qemu-devel; +Cc: Paolo Bonzini, Bandan Das, Stefan Hajnoczi On 17/01/2021 21.10, Alexander Bulekov wrote: > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > --- > docs/devel/fuzzing.rst | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst > index 8792358854..b9bb07988b 100644 > --- a/docs/devel/fuzzing.rst > +++ b/docs/devel/fuzzing.rst > @@ -119,7 +119,7 @@ Adding a new fuzzer > > Coverage over virtual devices can be improved by adding additional fuzzers. > Fuzzers are kept in ``tests/qtest/fuzz/`` and should be added to > -``tests/qtest/fuzz/Makefile.include`` > +``tests/qtest/fuzz/meson.build`` > > Fuzzers can rely on both qtest and libqos to communicate with virtual devices. > > @@ -128,8 +128,7 @@ Fuzzers can rely on both qtest and libqos to communicate with virtual devices. > 2. Write the fuzzing code using the libqtest/libqos API. See existing fuzzers > for reference. > > -3. Register the fuzzer in ``tests/fuzz/Makefile.include`` by appending the > - corresponding object to fuzz-obj-y > +3. Add the fuzzer to ``tests/qtest/fuzz/meson.build``. > > Fuzzers can be more-or-less thought of as special qtest programs which can > modify the qtest commands and/or qtest command arguments based on inputs > Reviewed-by: Thomas Huth <thuth@redhat.com> ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 2/2] fuzz: log the arguments used to initialize QEMU 2021-01-17 20:10 [PATCH 0/2] Small fuzzer-related changes Alexander Bulekov 2021-01-17 20:10 ` [PATCH 1/2] docs/fuzz: fix pre-meson path Alexander Bulekov @ 2021-01-17 20:10 ` Alexander Bulekov 2021-01-18 7:50 ` Thomas Huth 2021-01-18 8:43 ` pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU) Paolo Bonzini 1 sibling, 2 replies; 9+ messages in thread From: Alexander Bulekov @ 2021-01-17 20:10 UTC (permalink / raw) To: qemu-devel Cc: Laurent Vivier, Thomas Huth, Alexander Bulekov, Bandan Das, Stefan Hajnoczi, Paolo Bonzini This is useful for building reproducers. Instead checking the code or the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> --- tests/qtest/fuzz/fuzz.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index 238866a037..496d11a231 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) char *target_name; const char *bindir; char *datadir; + GString *cmd_line; + gchar *pretty_cmd_line; bool serialize = false; /* Initialize qgraph and modules */ @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) } /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); g_string_append_printf(cmd_line, " %s -qtest /dev/null ", getenv("QTEST_LOG") ? "" : "-qtest-log none"); @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) wordexp(cmd_line->str, &result, 0); g_string_free(cmd_line, true); + if (getenv("QTEST_LOG")) { + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); + printf("Starting %s with Arguments: %s\n", + result.we_wordv[0], pretty_cmd_line); + g_free(pretty_cmd_line); + } + qemu_init(result.we_wordc, result.we_wordv, NULL); /* re-enable the rcu atfork, which was previously disabled in qemu_init */ -- 2.28.0 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU 2021-01-17 20:10 ` [PATCH 2/2] fuzz: log the arguments used to initialize QEMU Alexander Bulekov @ 2021-01-18 7:50 ` Thomas Huth 2021-01-18 8:43 ` pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU) Paolo Bonzini 1 sibling, 0 replies; 9+ messages in thread From: Thomas Huth @ 2021-01-18 7:50 UTC (permalink / raw) To: Alexander Bulekov, qemu-devel Cc: Laurent Vivier, Paolo Bonzini, Bandan Das, Stefan Hajnoczi On 17/01/2021 21.10, Alexander Bulekov wrote: > This is useful for building reproducers. Instead checking the code or > the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > --- > tests/qtest/fuzz/fuzz.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c > index 238866a037..496d11a231 100644 > --- a/tests/qtest/fuzz/fuzz.c > +++ b/tests/qtest/fuzz/fuzz.c > @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > char *target_name; > const char *bindir; > char *datadir; > + GString *cmd_line; > + gchar *pretty_cmd_line; > bool serialize = false; > > /* Initialize qgraph and modules */ > @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > } > > /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ > - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > g_string_append_printf(cmd_line, " %s -qtest /dev/null ", > getenv("QTEST_LOG") ? "" : "-qtest-log none"); > > @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > wordexp(cmd_line->str, &result, 0); > g_string_free(cmd_line, true); > > + if (getenv("QTEST_LOG")) { > + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); > + printf("Starting %s with Arguments: %s\n", > + result.we_wordv[0], pretty_cmd_line); > + g_free(pretty_cmd_line); > + } > + > qemu_init(result.we_wordc, result.we_wordv, NULL); > > /* re-enable the rcu atfork, which was previously disabled in qemu_init */ > Reviewed-by: Thomas Huth <thuth@redhat.com> ^ permalink raw reply [flat|nested] 9+ messages in thread
* pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU) 2021-01-17 20:10 ` [PATCH 2/2] fuzz: log the arguments used to initialize QEMU Alexander Bulekov 2021-01-18 7:50 ` Thomas Huth @ 2021-01-18 8:43 ` Paolo Bonzini 2021-01-18 9:30 ` Thomas Huth 1 sibling, 1 reply; 9+ messages in thread From: Paolo Bonzini @ 2021-01-18 8:43 UTC (permalink / raw) To: Alexander Bulekov, qemu-devel Cc: Laurent Vivier, Peter Maydell, Bandan Das, Thomas Huth, Stefan Hajnoczi On 17/01/21 21:10, Alexander Bulekov wrote: > This is useful for building reproducers. Instead checking the code or > the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > --- > tests/qtest/fuzz/fuzz.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c > index 238866a037..496d11a231 100644 > --- a/tests/qtest/fuzz/fuzz.c > +++ b/tests/qtest/fuzz/fuzz.c > @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > char *target_name; > const char *bindir; > char *datadir; > + GString *cmd_line; > + gchar *pretty_cmd_line; > bool serialize = false; > > /* Initialize qgraph and modules */ > @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > } > > /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ > - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > g_string_append_printf(cmd_line, " %s -qtest /dev/null ", > getenv("QTEST_LOG") ? "" : "-qtest-log none"); > > @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > wordexp(cmd_line->str, &result, 0); > g_string_free(cmd_line, true); > > + if (getenv("QTEST_LOG")) { > + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); > + printf("Starting %s with Arguments: %s\n", > + result.we_wordv[0], pretty_cmd_line); > + g_free(pretty_cmd_line); > + } > + > qemu_init(result.we_wordc, result.we_wordv, NULL); > > /* re-enable the rcu atfork, which was previously disabled in qemu_init */ > Hi Alexander, can you send _me_ a pull request for all the pending fuzzing patches? I haven't paid much attention, but I have seen external contributions and I have the feeling that they aren't being applied/reviewed promptly. Paolo ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU) 2021-01-18 8:43 ` pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU) Paolo Bonzini @ 2021-01-18 9:30 ` Thomas Huth 2021-01-18 13:38 ` Paolo Bonzini 2021-01-18 13:54 ` Alexander Bulekov 0 siblings, 2 replies; 9+ messages in thread From: Thomas Huth @ 2021-01-18 9:30 UTC (permalink / raw) To: Paolo Bonzini, Alexander Bulekov, qemu-devel Cc: Laurent Vivier, Peter Maydell, Bandan Das, Stefan Hajnoczi On 18/01/2021 09.43, Paolo Bonzini wrote: > On 17/01/21 21:10, Alexander Bulekov wrote: >> This is useful for building reproducers. Instead checking the code or >> the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. >> >> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> >> --- >> tests/qtest/fuzz/fuzz.c | 11 ++++++++++- >> 1 file changed, 10 insertions(+), 1 deletion(-) >> >> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c >> index 238866a037..496d11a231 100644 >> --- a/tests/qtest/fuzz/fuzz.c >> +++ b/tests/qtest/fuzz/fuzz.c >> @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char >> ***envp) >> char *target_name; >> const char *bindir; >> char *datadir; >> + GString *cmd_line; >> + gchar *pretty_cmd_line; >> bool serialize = false; >> /* Initialize qgraph and modules */ >> @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char >> ***envp) >> } >> /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ >> - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); >> + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); >> g_string_append_printf(cmd_line, " %s -qtest /dev/null ", >> getenv("QTEST_LOG") ? "" : "-qtest-log none"); >> @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, >> char ***envp) >> wordexp(cmd_line->str, &result, 0); >> g_string_free(cmd_line, true); >> + if (getenv("QTEST_LOG")) { >> + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); >> + printf("Starting %s with Arguments: %s\n", >> + result.we_wordv[0], pretty_cmd_line); >> + g_free(pretty_cmd_line); >> + } >> + >> qemu_init(result.we_wordc, result.we_wordv, NULL); >> /* re-enable the rcu atfork, which was previously disabled in >> qemu_init */ >> > > Hi Alexander, can you send _me_ a pull request for all the pending fuzzing > patches? I haven't paid much attention, but I have seen external > contributions and I have the feeling that they aren't being applied/reviewed > promptly. I'm normally taking the fuzzing patches through the qtest tree (and also merged some contributions last week, see 22ec0c696fd28e and the following commits) ... which patch series that got missed did you have in mind? Anyway, the amount of fuzzer patches seems to have increased during the last weeks, and I'm not very familiar with the fuzzing stuff and also sometimes I do not get CC:-ed on fuzzing patches, so it might make sense indeed that Alexander now gathers the fuzzing patches and starts sending pull requests for these. Alexander, do you want to have a try now? Thomas ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU) 2021-01-18 9:30 ` Thomas Huth @ 2021-01-18 13:38 ` Paolo Bonzini 2021-01-18 13:54 ` Alexander Bulekov 1 sibling, 0 replies; 9+ messages in thread From: Paolo Bonzini @ 2021-01-18 13:38 UTC (permalink / raw) To: Thomas Huth, Alexander Bulekov, qemu-devel Cc: Laurent Vivier, Peter Maydell, Bandan Das, Stefan Hajnoczi On 18/01/21 10:30, Thomas Huth wrote: >> >> Hi Alexander, can you send _me_ a pull request for all the pending >> fuzzing patches? I haven't paid much attention, but I have seen >> external contributions and I have the feeling that they aren't being >> applied/reviewed promptly. > > I'm normally taking the fuzzing patches through the qtest tree (and also > merged some contributions last week, see 22ec0c696fd28e and the > following commits) ... which patch series that got missed did you have > in mind? I was thinking mostly of "fuzz: improve crash case minimization" which I had lost track of, but that one has been merged. Paolo > Anyway, the amount of fuzzer patches seems to have increased during the > last weeks, and I'm not very familiar with the fuzzing stuff and also > sometimes I do not get CC:-ed on fuzzing patches, so it might make sense > indeed that Alexander now gathers the fuzzing patches and starts sending > pull requests for these. Alexander, do you want to have a try now? > > Thomas ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU) 2021-01-18 9:30 ` Thomas Huth 2021-01-18 13:38 ` Paolo Bonzini @ 2021-01-18 13:54 ` Alexander Bulekov 1 sibling, 0 replies; 9+ messages in thread From: Alexander Bulekov @ 2021-01-18 13:54 UTC (permalink / raw) To: Thomas Huth Cc: Laurent Vivier, Peter Maydell, qemu-devel, Bandan Das, Stefan Hajnoczi, Paolo Bonzini On 210118 1030, Thomas Huth wrote: > On 18/01/2021 09.43, Paolo Bonzini wrote: > > On 17/01/21 21:10, Alexander Bulekov wrote: > > > This is useful for building reproducers. Instead checking the code or > > > the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. > > > > > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > > > --- > > > tests/qtest/fuzz/fuzz.c | 11 ++++++++++- > > > 1 file changed, 10 insertions(+), 1 deletion(-) > > > > > > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c > > > index 238866a037..496d11a231 100644 > > > --- a/tests/qtest/fuzz/fuzz.c > > > +++ b/tests/qtest/fuzz/fuzz.c > > > @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char > > > ***argv, char ***envp) > > > char *target_name; > > > const char *bindir; > > > char *datadir; > > > + GString *cmd_line; > > > + gchar *pretty_cmd_line; > > > bool serialize = false; > > > /* Initialize qgraph and modules */ > > > @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char > > > ***argv, char ***envp) > > > } > > > /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ > > > - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > > > + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > > > g_string_append_printf(cmd_line, " %s -qtest /dev/null ", > > > getenv("QTEST_LOG") ? "" : "-qtest-log none"); > > > @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char > > > ***argv, char ***envp) > > > wordexp(cmd_line->str, &result, 0); > > > g_string_free(cmd_line, true); > > > + if (getenv("QTEST_LOG")) { > > > + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); > > > + printf("Starting %s with Arguments: %s\n", > > > + result.we_wordv[0], pretty_cmd_line); > > > + g_free(pretty_cmd_line); > > > + } > > > + > > > qemu_init(result.we_wordc, result.we_wordv, NULL); > > > /* re-enable the rcu atfork, which was previously disabled in > > > qemu_init */ > > > > > > > Hi Alexander, can you send _me_ a pull request for all the pending > > fuzzing patches? I haven't paid much attention, but I have seen > > external contributions and I have the feeling that they aren't being > > applied/reviewed promptly. > > I'm normally taking the fuzzing patches through the qtest tree (and also > merged some contributions last week, see 22ec0c696fd28e and the following > commits) ... which patch series that got missed did you have in mind? > > Anyway, the amount of fuzzer patches seems to have increased during the last > weeks, and I'm not very familiar with the fuzzing stuff and also sometimes I > do not get CC:-ed on fuzzing patches, so it might make sense indeed that > Alexander now gathers the fuzzing patches and starts sending pull requests > for these. Alexander, do you want to have a try now? > Sure - I'll wait for both remaining series to be fully reviewed. Then I'll follow this: https://wiki.qemu.org/Contribute/SubmitAPullRequest -Alex > Thomas > ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-01-18 13:56 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-01-17 20:10 [PATCH 0/2] Small fuzzer-related changes Alexander Bulekov 2021-01-17 20:10 ` [PATCH 1/2] docs/fuzz: fix pre-meson path Alexander Bulekov 2021-01-18 7:50 ` Thomas Huth 2021-01-17 20:10 ` [PATCH 2/2] fuzz: log the arguments used to initialize QEMU Alexander Bulekov 2021-01-18 7:50 ` Thomas Huth 2021-01-18 8:43 ` pending fuzzing patches (was Re: [PATCH 2/2] fuzz: log the arguments used to initialize QEMU) Paolo Bonzini 2021-01-18 9:30 ` Thomas Huth 2021-01-18 13:38 ` Paolo Bonzini 2021-01-18 13:54 ` Alexander Bulekov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).