On Sat, Feb 22, 2020 at 05:34:29AM -0600, Eric Blake wrote: > On 2/22/20 2:50 AM, Stefan Hajnoczi wrote: > > From: Alexander Bulekov <alx...@bu.edu> > > > > fork() is a simple way to ensure that state does not leak in between > > fuzzing runs. Unfortunately, the fuzzer mutation engine relies on > > bitmaps which contain coverage information for each fuzzing run, and > > these bitmaps should be copied from the child to the parent(where the > > mutation occurs). These bitmaps are created through compile-time > > instrumentation and they are not shared with fork()-ed processes, by > > default. To address this, we create a shared memory region, adjust its > > size and map it _over_ the counter region. Furthermore, libfuzzer > > doesn't generally expose the globals that specify the location of the > > counters/coverage bitmap. As a workaround, we rely on a custom linker > > script which forces all of the bitmaps we care about to be placed in a > > contiguous region, which is easy to locate and mmap over. > > > > Signed-off-by: Alexander Bulekov <alx...@bu.edu> > > Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com> > > Reviewed-by: Darren Kenny <darren.ke...@oracle.com> > > Message-id: 20200220041118.23264-16-alx...@bu.edu > > Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com> > > --- > > Random drive-by observation: > > > +++ b/tests/qtest/fuzz/fork_fuzz.ld > > @@ -0,0 +1,37 @@ > > +/* We adjust linker script modification to place all of the stuff that > > needs to > > + * persist across fuzzing runs into a contiguous seciton of memory. Then, > > it is > > section
Thanks, Eric! Alex, please send follow-up patches to fix this typo and the 80 character line limit issues identified by patchew (see patch email reply to this email thread). Stefan
signature.asc
Description: PGP signature
