From mboxrd@z Thu Jan 1 00:00:00 1970 From: Felix Schmoll Subject: Re: [GSoC] GSoC Introduction : Fuzzing Xen hypercall interface Date: Fri, 24 Mar 2017 08:34:46 +0100 Message-ID: References: <2C3140B8-9B96-44F8-A4EA-CDBC07479379@gmail.com> <20170313111439.abjbrw5hyu4eda7y@citrix.com> <20170316162731.l4hzdjky34vsgjkc@citrix.com> <20170321161324.hmsnybth3ktjbzpk@citrix.com> <20170321161442.tpjjtecv6qmsgmev@citrix.com> <20170322085258.s6wcyqgz5vgomsja@citrix.com> <20170322112107.2tkxz6b3kd5emwjf@citrix.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7761573790107841925==" Return-path: In-Reply-To: <20170322112107.2tkxz6b3kd5emwjf@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Wei Liu , jgross@suse.com Cc: minios-devel@lists.xenproject.org, xen-devel@lists.xenproject.org List-Id: xen-devel@lists.xenproject.org --===============7761573790107841925== Content-Type: multipart/alternative; boundary=001a114aab1a860ce8054b750907 --001a114aab1a860ce8054b750907 Content-Type: text/plain; charset=UTF-8 Hi, this time for real: so I've been reading up on the task quite a bit now and I'd be thankful if you could clarify what exactly you're looking for with the execution path. The AFL-fuzzer seems to make use just of a rather simple representation of that (https://lwn.net/Articles/674854/), so you would just have to insert this snippet: cur_location = ; shared_mem[cur_location ^ prev_location]++; prev_location = cur_location >> 1; at every edge, i.e. into *__sanitizer_cov_trace_pc,* and somehow set up a shared memory section between kernel (where you'd run the fuzzer) and hypervisor. That might however just be true for AFL and not for other coverage-guided fuzzers, so maybe that's the problem. For the fuzzer to work I'd also have to implement some templates on what hypercalls are available and what arguments they expect, but that would still not fill three months, so I'm assuming that I'm fundamentally missing something here. On another note, would it be possible to apply for a second project (Adding Floating Point support to Mini-OS) without having to do another patch? I added Juergen Gross in the recipients for this. I'd still be prefer the fuzzing project in case I can figure out a useful proposal, but the idea for the floating point project seems much clearer, so I figured to have something along the following lines as my proposal (I also assumed that the template you provide [https://wiki.xen.org/wiki/GSo C_Student_Application_Template] is still active): 1) Personal Information *1.1) Full Name: Felix Ekkehard Schmoll* *1.2) Email: eggi.innovations@gmail.com * *1.4) Other applications:* Not currently *1.5) Previous experience:* No *1.6) Time commitment:* full-time *1.7) Other programs:* No 2) Preparation done so far *2.1) Hardware*: Yes. *2.2) Ability to Build and Test*: Yes. *2.4) Other*: Did patches suggested bei Wei Liu to get familiar with the hypervisor in general (https://lists.xen.org/archive s/html/xen-devel/2017-03/msg01450.html) 3) Proposed Project *3.1) Project Category for which you are applying* Mini-OS *3.2) Title for your proposal* Adding Floating Point Support to Mini-OS *3.3) Link to original proposal* https://wiki.xenproject.org/wiki/Outreach_Program_Projects#A dding_Floating_Point_support_to_Mini-OS 4) Implementation Plan *4.1) Detailed Problem Description* (Provide a high-level overview textual description of the problem): Mini-OS is a small kernel provided as part of the Xen project that is mainly used for stub domains, allowing to outsource certain computations from dom0. Currently Mini-OS however doesn't support the use of floating point registers, meaning that userspace programs can't do floating-point computations if they are multi-threaded. This should be fixed. *4.2) Implementation Plan* (Provide as much detail and organisation as you can. Discuss with your mentor. Make sure you build in sufficient time for learning and getting up to speed. The questions in section 2 will help you and are very valuable to create a plan): At first I will implement a test application and read up on the details of floating point support for x86 and ARM. I will then start with x86, make sure that the application runs and continue with ARM. Once that works too I will do some thorough testing. *4.3) Expected Outcomes/Goals:* (List the main outcomes that you will deliver during the program - this does not have to be perfect. It is also a good idea to link to a discussion on the relevant public mailing list here to give us some context. As an aside, it will also help you as well. Set some minimum outcomes/goals and stretch outcomes/goals - these are nice to have's. If you have experience with or prefer agile development methodologies, write down what you would like to achieve in different scrums. That's perfectly OK: you may want to discuss with your mentor - he/she can act as product owner or scrum master if you want. Do agree with him/her upfront.) - Userspace-program to test functionality of floating point registers - Patch that implements functionality of floating point registers for x86 and ARM *4.4) Timeline* (Be specific and as complete as you can. Discuss feasibility with your mentor. Build in some buffers and set some stretch goals. This will help you with progress and motivation! ): *Bonding Period* Follow mailing lists Ask clarifying questions *Weeks 1-2/ May 30 - June 13* Reading into the kernel and how usually floating point operations are implemented Read up on documentation (e.g. Intel Architecture Software Developer's Manual, Volume 1: Basic Architecture, Chapter 7 on the Floating-Point Unit) Build example application based on where critical parts are identified *Weeks 3 - 4, June 14 - June 30* Implement on x86 *Midterm deliverables* Test application using floating point registers *Weeks 5-6* Implement on ARM *Weeks 7-8* Buffer time *Weeks 9-10* Do thorough testing, consider edge cases, do stress testing, commit to source tree *4.5) Maintenance: *I don't expect any maintenance to be required, the Mini-OS tree seems to be fairly stable. 5) Let us know how much help you need *5.1 Describe experience* with Domain Support, Xen Hypervisor, The XAPI toolstack, Mirage OS, Windows PV Drivers, Embedded & Automotive Drivers (as appropriate): No previous experience *5.2) Other experience:* describe relevant experience that you have (If possible, describe what uniquely qualifies you for this proposal): Took 15-410 at CMU, i.e. building a kernel from scratch in six weeks, involved ASM and obviously large amounts of kernel programming and used an x86 processor; notably the kernel did also not support floating point computations; also built a thread-library based on the kernel *5.3) Learning and support:* describe the part(s) of the proposed plan do you expect to be most difficult ( Include the specific types of of mentor help you think you will need for the part(s): Understanding the specifics of the processor architectures might require some help, in case I have troubles with specific parts of the manuals. They're usually quite detailed though. *5.5)* Describe the part(s) of the proposed plan do you expect to be easiest: Building the user space application (user space is generally easier than kernel and you don't have to get any offsets right or alike) Questions: *What if the CPU doesn't have an FPU? Is that even possible for the given two architectures? Any comments would be appreciated. Felix 2017-03-22 12:21 GMT+01:00 Wei Liu : > On Wed, Mar 22, 2017 at 10:54:38AM +0100, Felix Schmoll wrote: > > > > Got it working! Thanks for all the help, will look into the "actual" task > > now :D > > That's good. > > IIRC the application is now open. Don't forget to submit your proposal. > > Wei. > > > > > > > > > Wei. > > > > --001a114aab1a860ce8054b750907 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,

this time for re= al:

so I've been reading up on the task quite a bit now and I'd= be thankful if you could clarify what exactly you're looking for with = the execution path. The AFL-fuzzer seems to make use just of a rather simpl= e representation of that (https://lwn.net/Articles/674854/), so you would just= have to insert this snippet:
  cur_loc=
ation =3D <COMPILE_TIME_RANDOM>;
  shared_mem[cur_location ^ prev_location]++;=20
  prev_location =3D cur_location >> 1;
at every edge, i.e. into=C2=A0__sanitizer_cov_trace_pc,= =C2=A0and somehow set up a shared memory section between kernel (where= you'd run the fuzzer) and hypervisor. That might however just be true = for AFL and not for other coverage-guided fuzzers, so maybe that's the = problem. For the fuzzer to work I'd also have to implement some templat= es on what hypercalls are available and what arguments they expect, but tha= t would still not fill three months, so I'm assuming that I'm funda= mentally missing something here.

<= /div>
On another note, would it be possible = to apply for a second project (Adding Floating Point support to Mini-OS) wi= thout having to do another patch?
I ad= ded Juergen Gross in the recipients for this. I'd still be prefer the f= uzzing project in case I can figure out a useful proposal, but the idea for= the floating point project seems much clearer, so I figured to have someth= ing along the following lines as my proposal (I also assumed that the templ= ate you provide [https://wiki.xen.org/wiki/GSoC_Student= _Application_Template] is still active):

1) Personal Informat= ion

1.1) Full Name: Felix Ekkehard Schmoll<= /b>

1.2) Email: eggi.innovations@gmail.com

1.4) Other applications:=C2=A0Not currently

1.5) Previous experience:=C2=A0No

1.6= ) Time commitment:=C2=A0full-time

1.7) Other pr= ograms:=C2=A0No

2) Preparation done s= o far

2.1) Hardware: Yes.

2.2) Ability to Build and Test: Yes.

= 2.4) Other: Did patches suggested bei Wei Liu to get familiar with t= he hypervisor in general (https://lists.xen.org/arch= ives/html/xen-devel/2017-03/msg01450.html)

3) Proposed Project

3.1) Project C= ategory for which you are applying=C2=A0Mini-OS

3.2) Title for your proposal=C2=A0Adding Floating Point Support to Min= i-OS

3.3) Link to original proposal=C2=A0

http= s://wiki.xenproject.org/wiki/Outreach_Program_Projects#Adding_Flo= ating_Point_support_to_Mini-OS

4) = Implementation Plan

4.1) Detailed Problem D= escription=C2=A0(Provide a high-level overview textual description of t= he problem): Mini-OS is a small kernel provided as part of the Xen project = that is mainly used for stub domains, allowing to outsource certain computa= tions from dom0. Currently Mini-OS however doesn't support the use of f= loating point registers, meaning that userspace programs can't do float= ing-point computations if they are multi-threaded. This should be fixed.

4.2) Implementation Plan=C2=A0(Provide as much de= tail and organisation as you can. Discuss with your mentor. Make sure you b= uild in sufficient time for learning and getting up to speed. The questions= in section 2 will help you and are very valuable to create a plan): At fir= st I will implement a test application and read up on the details of floati= ng point support for x86 and ARM. I will then start with x86, make sure tha= t the application runs and continue with ARM. Once that works too I will do= some thorough testing.

4.3) Expected Outcomes/Goal= s:=C2=A0(List the main outcomes that you will deliver during the progra= m - this does not have to be perfect. It is also a good idea to link to a d= iscussion on the relevant public mailing list here to give us some context.= As an aside, it will also help you as well. Set some minimum outcomes/goal= s and stretch outcomes/goals - these are nice to have's. If you have ex= perience with or prefer agile development methodologies, write down what yo= u would like to achieve in different scrums. That's perfectly OK: you m= ay want to discuss with your mentor - he/she can act as product owner or sc= rum master if you want. Do agree with him/her upfront.)=C2=A0

  • Userspace-program to test functiona= lity of floating point registers
  • Patch that implements functionalit= y of floating point registers for x86 and ARM

4.4) Timeline=C2=A0(Be specific and as complete as you can. Dis= cuss feasibility with your mentor. Build in some buffers and set some stret= ch goals. This will help you with progress and motivation! ):

Bonding Period

Follow mailing lists

Ask clarifying questions

Weeks = 1-2/ May 30 - June 13

Reading into the kernel and = how usually floating point operations are implemented

= Read up on documentation (e.g. Intel Architecture Software Developer's = Manual, Volume 1: Basic Architecture, Chapter 7 on the Floating-Point Unit)=

Build example application based on where critical par= ts are identified

Weeks 3 - 4, June 14 - June 30

Implement on x86

Midterm del= iverables

Test application using floating point re= gisters

Weeks 5-6

Implemen= t on ARM

Weeks 7-8

Buffer = time

Weeks 9-10

Do thoroug= h testing, consider edge cases, do stress testing, commit to source tree

4.5) Maintenance: I don't expect any maintena= nce to be required, the Mini-OS tree seems to be fairly stable.

5) Let us know how much help you need

5.1 Describe experience=C2=A0with Domain S= upport, Xen Hypervisor, The XAPI toolstack, Mirage OS, Windows PV Drivers, = Embedded & Automotive Drivers (as appropriate): No previous experience<= /p>

5.2) Other experience:=C2=A0describe relevant e= xperience that you have (If possible, describe what uniquely qualifies you = for this proposal): Took 15-410 at CMU, i.e. building a kernel from scratch= in six weeks, involved ASM and obviously large amounts of kernel programmi= ng and used an x86 processor; notably the kernel did also not support float= ing point computations; also built a thread-library based on the kernel

=

5.3) Learning and support:=C2=A0describe the part(= s) of the proposed plan do you expect to be most difficult ( Include the sp= ecific types of of mentor help you think you will need for the part(s): Und= erstanding the specifics of the processor architectures might require some = help, in case I have troubles with specific parts of the manuals. They'= re usually quite detailed though.

5.5)=C2=A0Des= cribe the part(s) of the proposed plan do you expect to be easiest:

Building the user space application (user spac= e is generally easier than kernel and you don't have to get any offsets= right or alike)

Questions:
*What if the CPU does= n't have an FPU? Is that even possible for the given two architectures?=

Any c= omments would be appreciated.

Felix

2017-03-22 12:21 GMT+01:00 Wei Liu <= wei.liu2@citrix.co= m>:
On Wed, Mar 22, 2017 at 10:54:38AM +0100, Felix Schmoll wrote:
>
> Got it working! Thanks for all the help, will look into the "actu= al" task
> now :D

That's good.

IIRC the application is now open. Don't forget to submit your proposal.=

Wei.

>
> >
> > Wei.
> >

--001a114aab1a860ce8054b750907-- --===============7761573790107841925== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5v cmcveGVuLWRldmVsCg== --===============7761573790107841925==--