Xen project Mailing List

Re: [PATCH 1/2] Add libfuzzer target to fuzz/x86_instruction_emulator

From: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>

Date: Mon, 24 Jun 2024 17:23:26 -0400

Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=tklengyel.com; spf=pass smtp.mailfrom=tamas@xxxxxxxxxxxxx; dmarc=pass header.from=<tamas@xxxxxxxxxxxxx>

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1719264244; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=rDR0CtGnRUytB9puns+4maTSy3KDvr3FXJ0+K8eJa14=; b=F3znArzuKrWC/177cHrQWQC0RLofCC+3V3nPBctPU2MD382E5syVTiTUAaZtI/dEVqgMrX0aqJyYm/O3eqTJO5kd2dWomVDe8a+DH7M54KIAYTi2tslycDIdrAwPzuaVb9nx60BStLspFuedN1NlaUsaXSCu19B+nvY2jLntXZY=

Arc-seal: i=1; a=rsa-sha256; t=1719264244; cv=none; d=zohomail.com; s=zohoarc; b=S8N1nc2JxCc9xDI+M24vohX4DXa+jUOMMcB4+IvJc7MvckQbHdDWz0kWh3FwcFzkzFOUwKt1oxlVBVpScUNyuhOs0ub35U5/Y1d7kau37GsBFjVKucWAzNL5I4QBugMi70Gp+hzLN8xWZxCbbhP4nDlwWxFnUBBaXxWHsr63IJU=

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Anthony PERARD <anthony@xxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 24 Jun 2024 21:24:26 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Jun 24, 2024 at 11:55 AM Jan Beulich <jbeulich@xxxxxxxx> wrote: > > On 21.06.2024 21:14, Tamas K Lengyel wrote: > > @@ -58,6 +58,9 @@ afl-harness: afl-harness.o $(OBJS) cpuid.o wrappers.o > > afl-harness-cov: afl-harness-cov.o $(patsubst %.o,%-cov.o,$(OBJS)) cpuid.o > > wrappers.o > > $(CC) $(CFLAGS) $(GCOV_FLAGS) $(addprefix > > -Wl$(comma)--wrap=,$(WRAPPED)) $^ -o $@ > > > > +libfuzzer-harness: $(OBJS) cpuid.o > > + $(CC) $(CFLAGS) $(LIB_FUZZING_ENGINE) -fsanitize=fuzzer $^ -o $@ > > What is LIB_FUZZING_ENGINE? I don't think we have any use of that in the > tree anywhere. It's used by oss-fuzz, otherwise it's not doing anything. > > I'm further surprised you get away here without wrappers.o. Wrappers.o was actually breaking the build for oss-fuzz at the linking stage. It works just fine without it. > > Finally, despite its base name the lack of an extension suggest to me > this isn't actually a library. Can you help me bring both aspects together? Libfuzzer is the the name of the fuzzing engine, like afl: https://llvm.org/docs/LibFuzzer.html > > > @@ -67,7 +70,7 @@ distclean: clean > > > > .PHONY: clean > > clean: > > - rm -f *.a *.o $(DEPS_RM) afl-harness afl-harness-cov *.gcda *.gcno > > *.gcov > > + rm -f *.a *.o $(DEPS_RM) afl-harness afl-harness-cov *.gcda *.gcno > > *.gcov libfuzzer-harness > > I'm inclined to suggest it's time to split this line (e.g. keeping all the > wildcard patterns together and moving the rest to a new rm invocation). Sure. > > > --- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c > > +++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c > > @@ -906,14 +906,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data_p, > > size_t size) > > > > if ( size <= DATA_OFFSET ) > > { > > - printf("Input too small\n"); > > - return 1; > > + return -1; > > } > > > > if ( size > FUZZ_CORPUS_SIZE ) > > { > > - printf("Input too large\n"); > > - return 1; > > + return -1; > > } > > > > memcpy(&input, data_p, size); > > This part of the change clearly needs explaining in the description. > It's not even clear to me in how far this is related to the purpose > of the patch here (iow it may want to be a separate change, depending > on why the change is needed). The printf simply produces a ton of unnecessary output while the fuzzer is running, slowing it down. It's also not useful at all, even for debugging. Switching the return -1 is necessary because beside 0/-1 values are reserved by libfuzzer for "future use". No issue about putting this info into the commit message. Tamas

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.