From: Stefan Hajnoczi <stefanha@gmail.com>
To: "Oleinik, Alexander" <alxndr@bu.edu>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH v4 16/20] fuzz: add support for fork-based fuzzing.
Date: Thu, 7 Nov 2019 14:17:05 +0100 [thread overview]
Message-ID: <20191107131705.GB365089@stefanha-x1.localdomain> (raw)
In-Reply-To: <20191030144926.11873-17-alxndr@bu.edu>
[-- Attachment #1: Type: text/plain, Size: 1893 bytes --]
On Wed, Oct 30, 2019 at 02:50:01PM +0000, Oleinik, Alexander wrote:
> diff --git a/tests/fuzz/fork_fuzz.c b/tests/fuzz/fork_fuzz.c
> new file mode 100644
> index 0000000000..4c4d00b034
> --- /dev/null
> +++ b/tests/fuzz/fork_fuzz.c
> @@ -0,0 +1,51 @@
> +/*
> + * Fork-based fuzzing helpers
> + *
> + * Copyright Red Hat Inc., 2019
> + *
> + * Authors:
> + * Alexander Bulekov <alxndr@bu.edu>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +#include "fork_fuzz.h"
> +
> +uintptr_t feature_shm;
Where is this variable used?
> +
> +void counter_shm_init(void)
> +{
> + int fd = shm_open("/qemu-fuzz-cntrs", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
It must be possible to run multiple fuzzer instances simultaneously on
one host. Please use a unique shmem path for each parent process (e.g.
getpid() in the parent and getppid() in the child).
> + if (fd == -1) {
> + perror("Error: ");
> + exit(1);
> + }
> + if (ftruncate(fd, &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START) == -1) {
> + perror("Error: ");
> + exit(1);
> + }
> + /* Copy what's in the counter region to the shm.. */
> + void *rptr = mmap(NULL ,
> + &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START,
> + PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
> + memcpy(rptr,
> + &__FUZZ_COUNTERS_START,
> + &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
> +
> + munmap(rptr, &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
> +
> + /* And map the shm over the counter region */
> + rptr = mmap(&__FUZZ_COUNTERS_START,
> + &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START,
> + PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, 0);
fd can be closed here to prevent leaking it.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2019-11-07 13:18 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-30 14:49 [PATCH v4 00/20] Add virtual device fuzzing support Oleinik, Alexander
2019-10-30 14:49 ` [PATCH v4 01/20] softmmu: split off vl.c:main() into main.c Oleinik, Alexander
2019-11-05 16:41 ` Darren Kenny
2019-11-12 16:46 ` Alexander Bulekov
2019-11-06 15:01 ` Stefan Hajnoczi
2019-10-30 14:49 ` [PATCH v4 02/20] libqos: Rename i2c_send and i2c_recv Oleinik, Alexander
2019-11-06 15:17 ` Stefan Hajnoczi
2019-10-30 14:49 ` [PATCH v4 03/20] fuzz: Add FUZZ_TARGET module type Oleinik, Alexander
2019-11-06 13:17 ` Darren Kenny
2019-11-06 15:18 ` Stefan Hajnoczi
2019-10-30 14:49 ` [PATCH v4 04/20] qtest: add qtest_server_send abstraction Oleinik, Alexander
2019-11-06 13:29 ` Darren Kenny
2019-11-06 15:19 ` Stefan Hajnoczi
2019-10-30 14:49 ` [PATCH v4 06/20] module: check module wasn't already initialized Oleinik, Alexander
2019-11-06 15:26 ` Stefan Hajnoczi
2019-11-06 17:40 ` Darren Kenny
2019-10-30 14:49 ` [PATCH v4 05/20] libqtest: Add a layer of abstraciton to send/recv Oleinik, Alexander
2019-11-06 16:22 ` Stefan Hajnoczi
2019-10-30 14:49 ` [PATCH v4 07/20] qtest: add in-process incoming command handler Oleinik, Alexander
2019-11-06 16:33 ` Stefan Hajnoczi
2019-10-30 14:49 ` [PATCH v4 08/20] tests: provide test variables to other targets Oleinik, Alexander
2019-11-07 14:32 ` Darren Kenny
2019-10-30 14:49 ` [PATCH v4 09/20] libqos: split qos-test and libqos makefile vars Oleinik, Alexander
2019-11-07 14:03 ` Darren Kenny
2019-10-30 14:49 ` [PATCH v4 10/20] libqos: move useful qos-test funcs to qos_external Oleinik, Alexander
2019-11-06 16:41 ` Stefan Hajnoczi
2019-10-30 14:49 ` [PATCH v4 11/20] libqtest: make qtest_bufwrite send "atomic" Oleinik, Alexander
2019-11-06 16:44 ` Stefan Hajnoczi
2019-10-30 14:49 ` [PATCH v4 12/20] libqtest: add in-process qtest.c tx/rx handlers Oleinik, Alexander
2019-11-06 16:56 ` Stefan Hajnoczi
2019-11-12 17:38 ` Alexander Bulekov
2019-10-30 14:49 ` [PATCH v4 13/20] fuzz: add configure flag --enable-fuzzing Oleinik, Alexander
2019-11-06 16:57 ` Stefan Hajnoczi
2019-10-30 14:50 ` [PATCH v4 15/20] fuzz: add fuzzer skeleton Oleinik, Alexander
2019-11-07 12:55 ` Stefan Hajnoczi
2019-11-12 19:04 ` Alexander Bulekov
2019-10-30 14:50 ` [PATCH v4 14/20] fuzz: Add target/fuzz makefile rules Oleinik, Alexander
2019-11-07 14:31 ` Darren Kenny
2019-10-30 14:50 ` [PATCH v4 16/20] fuzz: add support for fork-based fuzzing Oleinik, Alexander
2019-11-07 13:17 ` Stefan Hajnoczi [this message]
2019-10-30 14:50 ` [PATCH v4 17/20] fuzz: add support for qos-assisted fuzz targets Oleinik, Alexander
2019-11-07 13:22 ` Stefan Hajnoczi
2019-10-30 14:50 ` [PATCH v4 18/20] fuzz: add i440fx " Oleinik, Alexander
2019-11-07 13:26 ` Stefan Hajnoczi
2019-10-30 14:50 ` [PATCH v4 19/20] fuzz: add virtio-net fuzz target Oleinik, Alexander
2019-11-07 13:36 ` Stefan Hajnoczi
2019-11-07 13:42 ` Jason Wang
2019-11-07 15:41 ` Stefan Hajnoczi
2019-10-30 14:50 ` [PATCH v4 20/20] fuzz: add documentation to docs/devel/ Oleinik, Alexander
2019-11-07 13:40 ` Stefan Hajnoczi
2019-11-07 15:02 ` Alexander Oleinik
2019-10-30 15:23 ` [PATCH v4 00/20] Add virtual device fuzzing support no-reply
2019-11-06 15:27 ` Stefan Hajnoczi
2019-11-05 13:57 ` Darren Kenny
2019-11-05 16:28 ` Alexander Oleinik
2019-11-05 16:47 ` Darren Kenny
2019-11-07 13:41 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191107131705.GB365089@stefanha-x1.localdomain \
--to=stefanha@gmail.com \
--cc=alxndr@bu.edu \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.