This adds configurations for fuzzing the following devices on oss-fuzz: * vmxnet3 CC: Dmitry Fleytman <dmitry.fleyt...@gmail.com> * ne2k * pcnet * rtl8139 CC: Jason Wang <jasow...@redhat.com> * eepro100 CC: Stefan Weil <s...@weilnetz.de> * sdhci CC: Philippe Mathieu-Daudé <f4...@amsat.org> * ehci * ohci * ac97 * cs4231a * es1370 * sb16 CC: Gerd Hoffmann <kra...@redhat.com> * megasas CC: Hannes Reinecke <h...@suse.com> * parallel CC: Michael S. Tsirkin <m...@redhat.com> CC: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Alexander Bulekov <alx...@bu.edu> --- Hello, If you are CC-ed on this email, this patch will likely enable continuous fuzzing for a device that you are listed under in MAINTAINERS. If this is accepted, these devices will be continuously fuzzed over their PCI, PIO, MMIO and DMA interfaces. The fuzzer will start qemu with the arguments specified by ".args" and we will use the globs specified under ".objects" to match the Object/MemoryRegion names that we should fuzz. The fuzzer will find and report issues such as memory-corruptions and aborts. For now, I am manually reproducing each issue and opening a bug-report with a qtest-based reproducer, so the process is still quite flexible. The current code-coverage achieved by fuzzing using the existing-configurations is available here: https://storage.googleapis.com/oss-fuzz-coverage/qemu/reports/20201122/linux/src/qemu/hw/report.html I am slowly trying to fill in the blanks. I have little context for how useful these configurations are for fuzzing. I appreciate if you can Ack/Nack them or provide feedback if the devices should be configured differently. Of course, if you think we should be fuzzing some additional device configurations, you can also submit a patch adding the necessary lines to this generic_fuzz_configs.h file. Thanks -Alex tests/qtest/fuzz/generic_fuzz_configs.h | 80 +++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h index c4d925f9e6..0b1fe0f836 100644 --- a/tests/qtest/fuzz/generic_fuzz_configs.h +++ b/tests/qtest/fuzz/generic_fuzz_configs.h @@ -115,6 +115,86 @@ const generic_fuzz_config predefined_configs[] = { .name = "pc-q35", .args = "-machine q35", .objects = "*", + },{ + .name = "vmxnet3", + .args = "-machine q35 -nodefaults " + "-device vmxnet3,netdev=net0 -netdev user,id=net0", + .objects = "vmxnet3" + },{ + .name = "ne2k_pci", + .args = "-machine q35 -nodefaults " + "-device ne2k_pci,netdev=net0 -netdev user,id=net0", + .objects = "ne2k*" + },{ + .name = "pcnet", + .args = "-machine q35 -nodefaults " + "-device pcnet,netdev=net0 -netdev user,id=net0", + .objects = "pcnet" + },{ + .name = "rtl8139", + .args = "-machine q35 -nodefaults " + "-device rtl8139,netdev=net0 -netdev user,id=net0", + .objects = "rtl8139" + },{ + .name = "i82550", + .args = "-machine q35 -nodefaults " + "-device i82550,netdev=net0 -netdev user,id=net0", + .objects = "eepro*" + },{ + .name = "sdhci-v3", + .args = "-nodefaults -device sdhci-pci,sd-spec-version=3 " + "-device sd-card,drive=mydrive " + "-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive -nographic", + .objects = "sd*" + },{ + .name = "ehci", + .args = "-machine q35 -nodefaults " + "-device ich9-usb-ehci1,bus=pcie.0,addr=1d.7," + "multifunction=on,id=ich9-ehci-1 " + "-device ich9-usb-uhci1,bus=pcie.0,addr=1d.0," + "multifunction=on,masterbus=ich9-ehci-1.0,firstport=0 " + "-device ich9-usb-uhci2,bus=pcie.0,addr=1d.1," + "multifunction=on,masterbus=ich9-ehci-1.0,firstport=2 " + "-device ich9-usb-uhci3,bus=pcie.0,addr=1d.2," + "multifunction=on,masterbus=ich9-ehci-1.0,firstport=4 " + "-drive if=none,id=usbcdrom,media=cdrom " + "-device usb-tablet,bus=ich9-ehci-1.0,port=1,usb_version=1 " + "-device usb-storage,bus=ich9-ehci-1.0,port=2,drive=usbcdrom", + .objects = "*usb* *hci*", + },{ + .name = "ohci", + .args = "-machine q35 -nodefaults -device pci-ohci -device usb-kbd", + .objects = "*usb* *ohci*", + },{ + .name = "megaraid", + .args = "-machine q35 -nodefaults -device megasas -device scsi-cd,drive=null0 " + "-blockdev driver=null-co,read-zeroes=on,node-name=null0", + .objects = "megasas*", + },{ + .name = "ac97", + .args = "-machine q35 -nodefaults " + "-device ac97,audiodev=snd0 -audiodev none,id=snd0 -nodefaults", + .objects = "ac97*", + },{ + .name = "cs4231a", + .args = "-machine q35 -nodefaults " + "-device cs4231a,audiodev=snd0 -audiodev none,id=snd0 -nodefaults", + .objects = "cs4231a* i8257*", + },{ + .name = "es1370", + .args = "-machine q35 -nodefaults " + "-device es1370,audiodev=snd0 -audiodev none,id=snd0 -nodefaults", + .objects = "es1370*", + },{ + .name = "sb16", + .args = "-machine q35 -nodefaults " + "-device sb16,audiodev=snd0 -audiodev none,id=snd0 -nodefaults", + .objects = "sb16* i8257*", + },{ + .name = "parallel", + .args = "-machine q35 -nodefaults " + "-parallel file:/dev/null", + .objects = "parallel*", } }; -- 2.28.0
