[Qemu-devel] [RFC 01/19] fuzz: add configure option and linker objects

Oleinik, Alexander Wed, 24 Jul 2019 20:24:52 -0700

Add -Wl,--wraps for the libfuzzer callees that we need to intercept

Signed-off-by: Alexander Oleinik <alx...@bu.edu>
---
 configure                 | 11 +++++++++++
 target/i386/Makefile.objs | 19 +++++++++++++++++++
 2 files changed, 30 insertions(+)


diff --git a/configure b/configure
index 714e7fb6a1..0a40e77053 100755
--- a/configure
+++ b/configure
@@ -499,6 +499,7 @@ docker="no"
 debug_mutex="no"
 libpmem=""
 default_devices="yes"
+fuzzing="no"
 
 # cross compilers defaults, can be overridden with --cross-cc-ARCH
 cross_cc_aarch64="aarch64-linux-gnu-gcc"
@@ -1543,6 +1544,8 @@ for opt do
   ;;
   --disable-libpmem) libpmem=no
   ;;
+  --enable-fuzzing) fuzzing=yes
+  ;;
   *)
       echo "ERROR: unknown option $opt"
       echo "Try '$0 --help' for more information"
@@ -6481,6 +6484,7 @@ echo "docker            $docker"
 echo "libpmem support   $libpmem"
 echo "libudev           $libudev"
 echo "default devices   $default_devices"
+echo "fuzzing support   $fuzzing"
 
 if test "$supported_cpu" = "no"; then
     echo
@@ -7306,6 +7310,13 @@ fi
 if test "$sheepdog" = "yes" ; then
   echo "CONFIG_SHEEPDOG=y" >> $config_host_mak
 fi
+if test "$fuzzing" = "yes" ; then
+  QEMU_CFLAGS="$QEMU_CFLAGS -fsanitize=fuzzer,address  
-fprofile-instr-generate"
+  QEMU_INCLUDES="-iquote \$(SRC_PATH)/tests $QEMU_INCLUDES"
+  QEMU_LDFLAGS="$LDFLAGS -fsanitize=fuzzer,address"
+  QEMU_LDFLAGS="$LDFLAGS 
-Wl,--wrap=__sanitizer_cov_8bit_counters_init,--wrap=__sanitizer_cov_trace_pc_guard_init
 "
+  echo "CONFIG_FUZZ=y" >> $config_host_mak
+fi
 
 if test "$tcg_interpreter" = "yes"; then
   QEMU_INCLUDES="-iquote \$(SRC_PATH)/tcg/tci $QEMU_INCLUDES"
diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs
index 48e0c28434..3d646848ef 100644
--- a/target/i386/Makefile.objs
+++ b/target/i386/Makefile.objs
@@ -18,5 +18,24 @@ endif
 obj-$(CONFIG_HVF) += hvf/
 obj-$(CONFIG_WHPX) += whpx-all.o
 endif
+
+# Need to link against target, qtest and qos.. Just list everything here, until
+# I find a better way to integrate into the build system
+ifeq ($(CONFIG_FUZZ),y)
+obj-$(CONFIG_FUZZ) += ../../tests/fuzz/ramfile.o ../../accel/fuzz.o
+obj-$(CONFIG_FUZZ) += ../../tests/fuzz/fuzz.o
+obj-$(CONFIG_FUZZ) += ../../tests/fuzz/virtio-net-fuzz.o 
+obj-$(CONFIG_FUZZ) += ../../tests/fuzz/qtest_fuzz.o
+obj-$(CONFIG_FUZZ) += ../../tests/libqtest.o
+obj-$(CONFIG_FUZZ) += ../../tests/libqos/qgraph.o ../../tests/libqos/libqos.o 
+obj-$(CONFIG_FUZZ) += ../../tests/fuzz/qos_fuzz.o 
../../tests/fuzz/qos_helpers.o
+obj-$(CONFIG_FUZZ) +=  ../../tests/libqos/malloc.o ../../tests/libqos/pci-pc.o 
\
+       ../../tests/libqos/virtio-pci.o ../../tests/libqos/malloc-pc.o \
+       ../../tests/libqos/libqos-pc.o ../../tests/libqos/fw_cfg.o \
+       ../../tests/libqos/e1000e.o ../../tests/libqos/pci.o \
+       ../../tests/libqos/pci-pc.o ../../tests/libqos/virtio.o \
+       ../../tests/libqos/virtio-net.o ../../tests/libqos/x86_64_pc-machine.o
+endif
+
 obj-$(CONFIG_SEV) += sev.o
 obj-$(call lnot,$(CONFIG_SEV)) += sev-stub.o
-- 
2.20.1

[Qemu-devel] [RFC 01/19] fuzz: add configure option and linker objects

Reply via email to