Xen project Mailing List

[PATCH 1/2] Add libfuzzer target to fuzz/x86_instruction_emulator

From: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>

Date: Fri, 21 Jun 2024 15:14:33 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=tklengyel.com; spf=pass smtp.mailfrom=tamas@xxxxxxxxxxxxx; dmarc=pass header.from=<tamas@xxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1718997296; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To; bh=tf78nJzAnYuw/IQmW4aPCL35F7SvB2Dnwn2xVGuwziQ=; b=EUgMRdN0JwK65zlcVvYPIFoTD1coq0QvIjy3kX+66DzQWqbt+e+jCWlINGdRWLQ6ntb6AtA1hBrIaMhvvGLgRFHGz2NIsiCkrDNpdZOMvuIDpS6Qtd+6ErkBE8VQsIgKswosrK/hnaH3zlaIRgDXBKSOnmcPLEdJvLXbt7sbd+w=

Arc-seal: i=1; a=rsa-sha256; t=1718997296; cv=none; d=zohomail.com; s=zohoarc; b=f0GGN2wPkxoNdUdauBNAYzKCDO2IKvPkY+1VkdH/SMtHDFTJ3K2MuiB0uF2eTAIajjNn9xoLASUhJkq8tJRQmEKkvoGx5z9kk0ummam/PwRTKSoQ2zBA83irqfUsyUL5W0Z8AwApmu9b4y2k/1bjA8MeuozfWHTCLoYk1eg/9Y4=

Cc: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Anthony PERARD <anthony@xxxxxxxxxxxxxx>

Delivered-to: tamas@xxxxxxxxxxxxx

Delivery-date: Fri, 21 Jun 2024 19:15:19 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This target enables integration into oss-fuzz. Signed-off-by: Tamas K Lengyel <tamas@xxxxxxxxxxxxx> --- tools/fuzz/x86_instruction_emulator/Makefile | 10 ++++++++-- tools/fuzz/x86_instruction_emulator/fuzz-emul.c | 6 ++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/tools/fuzz/x86_instruction_emulator/Makefile b/tools/fuzz/x86_instruction_emulator/Makefile index 1e4c6b37f5..de5f1e7e30 100644 --- a/tools/fuzz/x86_instruction_emulator/Makefile +++ b/tools/fuzz/x86_instruction_emulator/Makefile @@ -3,7 +3,7 @@ include $(XEN_ROOT)/tools/Rules.mk .PHONY: x86-insn-fuzz-all ifeq ($(CONFIG_X86_64),y) -x86-insn-fuzz-all: x86-insn-fuzzer.a fuzz-emul.o afl +x86-insn-fuzz-all: x86-insn-fuzzer.a fuzz-emul.o afl libfuzzer else x86-insn-fuzz-all: endif @@ -58,6 +58,9 @@ afl-harness: afl-harness.o $(OBJS) cpuid.o wrappers.o afl-harness-cov: afl-harness-cov.o $(patsubst %.o,%-cov.o,$(OBJS)) cpuid.o wrappers.o $(CC) $(CFLAGS) $(GCOV_FLAGS) $(addprefix -Wl$(comma)--wrap=,$(WRAPPED)) $^ -o $@ +libfuzzer-harness: $(OBJS) cpuid.o + $(CC) $(CFLAGS) $(LIB_FUZZING_ENGINE) -fsanitize=fuzzer $^ -o $@ + # Common targets .PHONY: all all: x86-insn-fuzz-all @@ -67,7 +70,7 @@ distclean: clean .PHONY: clean clean: - rm -f *.a *.o $(DEPS_RM) afl-harness afl-harness-cov *.gcda *.gcno *.gcov + rm -f *.a *.o $(DEPS_RM) afl-harness afl-harness-cov *.gcda *.gcno *.gcov libfuzzer-harness rm -rf x86_emulate x86-emulate.c x86-emulate.h wrappers.c cpuid.c .PHONY: install @@ -81,4 +84,7 @@ afl: afl-harness .PHONY: afl-cov afl-cov: afl-harness-cov +.PHONY: libfuzzer +libfuzzer: libfuzzer-harness + -include $(DEPS_INCLUDE) diff --git a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c index eeeb6931f4..2ba9ca9e0b 100644 --- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c +++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c @@ -906,14 +906,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t size) if ( size <= DATA_OFFSET ) { - printf("Input too small\n"); - return 1; + return -1; } if ( size > FUZZ_CORPUS_SIZE ) { - printf("Input too large\n"); - return 1; + return -1; } memcpy(&input, data_p, size); -- 2.34.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.