Re: [GSoC] GSoC Introduction : Fuzzing Xen hypercall interface

From: Felix Schmoll <eggi.innovations@gmail.com>
To: Wei Liu <wei.liu2@citrix.com>
Cc: xen-devel@lists.xenproject.org
Subject: Re: [GSoC] GSoC Introduction : Fuzzing Xen hypercall interface
Date: Thu, 16 Mar 2017 16:53:38 +0100	[thread overview]
Message-ID: <CAK1m5j7otAgDVEtvePoHfSzgnwX5FHd7iaoC4mmFWK3du9qYDA@mail.gmail.com> (raw)
In-Reply-To: <20170313111439.abjbrw5hyu4eda7y@citrix.com>

[-- Attachment #1.1: Type: text/plain, Size: 3395 bytes --]

2017-03-13 12:14 GMT+01:00 Wei Liu <wei.liu2@citrix.com>:

> Hi Felix
>
> Thanks for your interest in this project.
>
> On Sun, Mar 12, 2017 at 09:48:11PM +0100, Felix Ekkehard Schmoll wrote:
> > Hi,
> >
> > I’m interested in the “Fuzzing Xen hypercall interface” project so I
> > just wanted to introduce myself:
> >
> > I’m a third-year undergraduate CS student at Jacobs University in
> > Bremen, Germany. It’s a rather small university and rather young but
> > quite successful in the national rankings (*brag*).
> >
> > Last semester I spent as part of an exchange program at CMU where I
> > took the sort of notorious 15-410 Operating Systems course where you
> > have to implement a kernel from scratch in 6 weeks. There the
> > professor (amazing guy) mentioned/promoted GSoC quite a couple of
> > times, and this seems like a really cool project to work on.
> >
> > From the course I have quite a substantial amount of experience in C
> > and ASM on x86, of the GCC toolchain and obviously of kernel
> > programming. I don’t really have any experience with fuzzing yet, but
> > I’m sure I’ll figure that out.
> >
> > I’d appreciate it if you could point me to some small patches I could
> > work on to get going (sorry if I missed the link to it).
> >
> > Also any other comments are of course welcome.
>
> This project is rather challenging given the time scale. As a starter,
> please install Xen from source and try it out -- you can find
> instructions on how to install on the wiki.
>
> Please also have a look at American Fuzzy Lop (the fuzzer we currently
> use) and play with it a bit.
>
> Then, as a small exercise, please provide patches against xen.git for
> two tasks:
>
> 1. implement a hypercall to get back the domain id of the caller domain;
> 2. check out gcc 6's -fsanitize-coverage=trace-pc option and build the
>    hypervisor with that enabled -- building with a stub is fine;
>
> Please then provide some ideas on how you would approach this project.
>
> I know the tasks I described are quite high level so please don't
> hesitate to ask questions.
>
> Note that we don't have to finish all goals listed on the wiki page.
> Realistically I think if we manage to extract the execution paths from
> xen within three months and commit that in xen.git that would be rather
> great progress.
>
> Wei.
>
> >
> > Felix
>

Hi,

I installed Xen from source and I figured out that for the hypercall I have
to make a two-line change in xen/xen/common/kernel.c and a couple of
headers. I mostly went with what I got by grepping for the
"xen_version"-hypercall. It seems really basic but after struggling with
this for quite a while I have some questions:

1.
-How do I test this? The usual way to make hypercalls seems to use the
libxc-library, so do I have to change that as well?
-The "xen_version"-hypercall had a couple of COMPAT_versions, do I need
them? This seems to be related with if I need to support both ARM and x86,
although I'm really not sure here. Is it fine to just choose to support the
one which my hypervisor is running on?
-Do I need to make changes in the XSM module? Again, this pops up when
grepping for xen_version but it's disabled by default anyways and I'd
otherwise just try to have a minimal working set.

2.
-A stub for what? dom0?

Felix

[-- Attachment #1.2: Type: text/html, Size: 4451 bytes --]

[-- Attachment #2: Type: text/plain, Size: 127 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel