On Tue, Apr 21, 2020 at 10:47:24AM -0700, Tamas K Lengyel wrote: > The memory sharing subsystem by default doesn't allow a domain to share memory > if it has an IOMMU active for obvious security reasons. However, when fuzzing > a > VM fork, the same security restrictions don't necessarily apply. While it > makes > no sense to try to create a full fork of a VM that has an IOMMU attached as > only > one domain can own the pass-through device at a time, creating a shallow fork > without a device model is still very useful for fuzzing kernel-mode drivers. > > By allowing the parent VM to initialize the kernel-mode driver with a real > device that's pass-through, the driver can enter into a state more suitable > for > fuzzing. Some of these initialization steps are quite complex and are easier > to > perform when a real device is present. After the initialization, shallow forks > can be utilized for fuzzing code-segments in the device driver that don't > directly interact with the device. > > Signed-off-by: Tamas K Lengyel <tamas.leng...@intel.com>
Reviewed-by: Roger Pau Monné <roger....@citrix.com> Thanks.
