[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [GSoC] GSoC Introduction : Fuzzing Xen hypercall interface

Hi Felix

Thanks for your interest in this project.

On Sun, Mar 12, 2017 at 09:48:11PM +0100, Felix Ekkehard Schmoll wrote:
> Hi,
> I’m interested in the “Fuzzing Xen hypercall interface” project so I
> just wanted to introduce myself:
> I’m a third-year undergraduate CS student at Jacobs University in
> Bremen, Germany. It’s a rather small university and rather young but
> quite successful in the national rankings (*brag*). 
> Last semester I spent as part of an exchange program at CMU where I
> took the sort of notorious 15-410 Operating Systems course where you
> have to implement a kernel from scratch in 6 weeks. There the
> professor (amazing guy) mentioned/promoted GSoC quite a couple of
> times, and this seems like a really cool project to work on.
> From the course I have quite a substantial amount of experience in C
> and ASM on x86, of the GCC toolchain and obviously of kernel
> programming. I don’t really have any experience with fuzzing yet, but
> I’m sure I’ll figure that out.
> I’d appreciate it if you could point me to some small patches I could
> work on to get going (sorry if I missed the link to it).
> Also any other comments are of course welcome.

This project is rather challenging given the time scale. As a starter,
please install Xen from source and try it out -- you can find
instructions on how to install on the wiki.

Please also have a look at American Fuzzy Lop (the fuzzer we currently
use) and play with it a bit.

Then, as a small exercise, please provide patches against xen.git for
two tasks:

1. implement a hypercall to get back the domain id of the caller domain;
2. check out gcc 6's -fsanitize-coverage=trace-pc option and build the
   hypervisor with that enabled -- building with a stub is fine;

Please then provide some ideas on how you would approach this project.

I know the tasks I described are quite high level so please don't
hesitate to ask questions.

Note that we don't have to finish all goals listed on the wiki page.
Realistically I think if we manage to extract the execution paths from
xen within three months and commit that in xen.git that would be rather
great progress.


> Felix

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.