On Sunday, 2021-01-17 at 18:09:23 -05, Alexander Bulekov wrote: > Signed-off-by: Alexander Bulekov <alx...@bu.edu>
Reviewed-by: Darren Kenny <darren.ke...@oracle.com> > --- > docs/devel/fuzzing.rst | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) > > diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst > index 6096242d99..8792358854 100644 > --- a/docs/devel/fuzzing.rst > +++ b/docs/devel/fuzzing.rst > @@ -181,6 +181,32 @@ To ensure that these env variables have been configured > correctly, we can use:: > > The output should contain a complete list of matched MemoryRegions. > > +OSS-Fuzz > +-------- > +QEMU is continuously fuzzed on `OSS-Fuzz` > __(https://github.com/google/oss-fuzz). > +By default, the OSS-Fuzz build will try to fuzz every fuzz-target. Since the > +generic-fuzz target requires additional information provided in environment > +variables, we pre-define some generic-fuzz configs in > +``tests/qtest/fuzz/generic_fuzz_configs.h``. Each config must specify: > + * ``.name``: To identify the fuzzer config > + * ``.args`` OR ``.argfunc``: A string or pointer to a function returning a > + string. These strings are used to specify the ``QEMU_FUZZ_ARGS`` > + environment variable. ``argfunc`` is useful when the config relies on > e.g. > + a dynamically created temp directory, or a free tcp/udp port. > + * ``.objects``: A string that specifies the ``QEMU_FUZZ_OBJECTS`` > environment > + variable. > + > +To fuzz additional devices/device configuration on OSS-Fuzz: > + * Send patches for a new device-specific fuzzer > + * Send patches for a new generic-fuzz config > + > +Build details: > + * `The basic Dockerfile that sets up the environment for building QEMU's > + fuzzers on OSS-Fuzz > + > <https://github.com/google/oss-fuzz/blob/master/projects/qemu/Dockerfile>`_ > + * The script responsible for building the fuzzers: > + ``scripts/oss-fuzz/build.sh`` > + > Implementation Details / Fuzzer Lifecycle > ----------------------------------------- > > -- > 2.28.0
