diff mbox series

[v4,14/16] fuzz: add general-fuzz configs for oss-fuzz

Message ID 20201015134137.205958-15-alxndr@bu.edu
State New
Headers show
Series Add a General Virtual Device Fuzzer | expand

Commit Message

Alexander Bulekov Oct. 15, 2020, 1:41 p.m. UTC 
Predefine some general-fuzz configs. For each of these, we will create a
separate FuzzTarget that can be selected through argv0 and, therefore,
fuzzed on oss-fuzz.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
---

Maybe this isn't the best way to specify a list string-triples. I saw
that some files use QLIT_QDICT for purposes that seem similar, however I
don't think that plays well with multi-line strings. Does anyone have a
better suggestion?

 tests/qtest/fuzz/general_fuzz_configs.c | 140 ++++++++++++++++++++++++
 tests/qtest/fuzz/general_fuzz_configs.h |  24 ++++
 tests/qtest/fuzz/meson.build            |   2 +-
 3 files changed, 165 insertions(+), 1 deletion(-)
 create mode 100644 tests/qtest/fuzz/general_fuzz_configs.c
 create mode 100644 tests/qtest/fuzz/general_fuzz_configs.h

Comments

Paolo Bonzini Oct. 16, 2020, 1:32 p.m. UTC | #1 
On 15/10/20 15:41, Alexander Bulekov wrote:
> +typedef struct general_fuzz_config {
> +    const char *name, *args, *objects;
> +} general_fuzz_config;
> +
> +GArray *get_general_fuzz_configs(void);

Can't it be even a "const struct general_fuzz_config
general_fuzz_configs[] = ..." instead of a GArray?  Not a huge
difference, but still.

Paolo
Alexander Bulekov Oct. 16, 2020, 2:44 p.m. UTC | #2 
On 201016 1532, Paolo Bonzini wrote:
> On 15/10/20 15:41, Alexander Bulekov wrote:
> > +typedef struct general_fuzz_config {
> > +    const char *name, *args, *objects;
> > +} general_fuzz_config;
> > +
> > +GArray *get_general_fuzz_configs(void);
> 
> Can't it be even a "const struct general_fuzz_config
> general_fuzz_configs[] = ..." instead of a GArray?  Not a huge
> difference, but still.
> 

Now that I think about it, I don't see why not.. I'll send a v5 soon.
-Alex

> Paolo
>
diff mbox series

Patch

diff --git a/tests/qtest/fuzz/general_fuzz_configs.c b/tests/qtest/fuzz/general_fuzz_configs.c
new file mode 100644
index 0000000000..5364976517
--- /dev/null
+++ b/tests/qtest/fuzz/general_fuzz_configs.c
@@ -0,0 +1,140 @@ 
+/*
+ * General Virtual-Device Fuzzing Target Configs
+ *
+ * Copyright Red Hat Inc., 2020
+ *
+ * Authors:
+ *  Alexander Bulekov   <alxndr@bu.edu>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "general_fuzz_configs.h"
+
+/*
+ * Specify pre-defined general-fuzz configs here.
+ */
+GArray *get_general_fuzz_configs(void){
+
+    struct general_fuzz_config config;
+    GArray *configs = g_array_new(false, false, sizeof(general_fuzz_config));
+
+    config.name = "virtio-net-pci-slirp";
+    config.args = "-M q35 -nodefaults "
+        "-device virtio-net,netdev=net0 -netdev user,id=net0";
+    config.objects = "virtio*";
+    g_array_append_val(configs, config);
+
+    config.name = "virtio-blk";
+    config.args = "-machine q35 -device virtio-blk,drive=disk0 "
+        "-drive file=null-co://,id=disk0,if=none,format=raw";
+    config.objects = "virtio*";
+    g_array_append_val(configs, config);
+
+    config.name = "virtio-scsi";
+    config.args = "-machine q35 -device virtio-scsi,num_queues=8 "
+        "-device scsi-hd,drive=disk0 "
+        "-drive file=null-co://,id=disk0,if=none,format=raw";
+    config.objects = "scsi* virtio*";
+    g_array_append_val(configs, config);
+
+    config.name = "virtio-gpu";
+    config.args = "-machine q35 -nodefaults -device virtio-gpu";
+    config.objects = "virtio*";
+    g_array_append_val(configs, config);
+
+    config.name = "virtio-vga";
+    config.args = "-machine q35 -nodefaults -device virtio-vga";
+    config.objects = "virtio*";
+    g_array_append_val(configs, config);
+
+    config.name = "virtio-rng";
+    config.args = "-machine q35 -nodefaults -device virtio-rng";
+    config.objects = "virtio*";
+    g_array_append_val(configs, config);
+
+    config.name = "virtio-balloon";
+    config.args = "-machine q35 -nodefaults -device virtio-balloon";
+    config.objects = "virtio*";
+    g_array_append_val(configs, config);
+
+    config.name = "virtio-serial";
+    config.args = "-machine q35 -nodefaults -device virtio-serial";
+    config.objects = "virtio*";
+    g_array_append_val(configs, config);
+
+    config.name = "virtio-mouse";
+    config.args = "-machine q35 -nodefaults -device virtio-mouse";
+    config.objects = "virtio*";
+    g_array_append_val(configs, config);
+
+    config.name = "e1000";
+    config.args = "-M q35 -nodefaults "
+        "-device e1000,netdev=net0 -netdev user,id=net0";
+    config.objects = "e1000";
+    g_array_append_val(configs, config);
+
+    config.name = "e1000e";
+    config.args = "-M q35 -nodefaults "
+        "-device e1000e,netdev=net0 -netdev user,id=net0";
+    config.objects = "e1000e";
+    g_array_append_val(configs, config);
+
+    config.name = "cirrus-vga";
+    config.args = "-machine q35 -nodefaults -device cirrus-vga";
+    config.objects = "cirrus*";
+    g_array_append_val(configs, config);
+
+    config.name = "bochs-display";
+    config.args = "-machine q35 -nodefaults -device bochs-display";
+    config.objects = "bochs*";
+    g_array_append_val(configs, config);
+
+    config.name = "intel-hda";
+    config.args = "-machine q35 -nodefaults -device intel-hda,id=hda0 "
+        "-device hda-output,bus=hda0.0 -device hda-micro,bus=hda0.0 "
+        "-device hda-duplex,bus=hda0.0";
+    config.objects = "intel-hda";
+    g_array_append_val(configs, config);
+
+    config.name = "ide-hd";
+    config.args = "-machine q35 -nodefaults "
+        "-drive file=null-co://,if=none,format=raw,id=disk0 "
+        "-device ide-hd,drive=disk0";
+    config.objects = "ahci*";
+    g_array_append_val(configs, config);
+
+    config.name = "floppy";
+    config.args = "-machine pc -nodefaults -device floppy,id=floppy0 "
+        "-drive id=disk0,file=null-co://,file.read-zeroes=on,if=none "
+        "-device floppy,drive=disk0,drive-type=288";
+    config.objects = "fd* floppy*";
+    g_array_append_val(configs, config);
+
+    config.name = "xhci";
+    config.args = "-machine q35 -nodefaults"
+        "-drive file=null-co://,if=none,format=raw,id=disk0 "
+        "-device qemu-xhci,id=xhci -device usb-tablet,bus=xhci.0 "
+        "-device usb-bot -device usb-storage,drive=disk0 "
+        "-chardev null,id=cd0 -chardev null,id=cd1 "
+        "-device usb-braille,chardev=cd0 -device usb-ccid -device usb-ccid "
+        "-device usb-kbd -device usb-mouse -device usb-serial,chardev=cd1 "
+        "-device usb-tablet -device usb-wacom-tablet -device usb-audio";
+    config.objects = "*usb* *uhci* *xhci*";
+    g_array_append_val(configs, config);
+
+    config.name = "pc-i440fx";
+    config.args = "-machine pc";
+    config.objects = "*";
+    g_array_append_val(configs, config);
+
+    config.name = "pc-q35";
+    config.args = "-machine q35";
+    config.objects = "*";
+    g_array_append_val(configs, config);
+
+    return configs;
+}
diff --git a/tests/qtest/fuzz/general_fuzz_configs.h b/tests/qtest/fuzz/general_fuzz_configs.h
new file mode 100644
index 0000000000..afea8dee92
--- /dev/null
+++ b/tests/qtest/fuzz/general_fuzz_configs.h
@@ -0,0 +1,24 @@ 
+/*
+ * General Virtual-Device Fuzzing Target Configs
+ *
+ * Copyright Red Hat Inc., 2020
+ *
+ * Authors:
+ *  Alexander Bulekov   <alxndr@bu.edu>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef GENERAL_FUZZ_CONFIGS_H
+#define GENERAL_FUZZ_CONFIGS_H
+
+#include "qemu/osdep.h"
+
+typedef struct general_fuzz_config {
+    const char *name, *args, *objects;
+} general_fuzz_config;
+
+GArray *get_general_fuzz_configs(void);
+
+#endif
diff --git a/tests/qtest/fuzz/meson.build b/tests/qtest/fuzz/meson.build
index a59de6aa8c..42f97555bf 100644
--- a/tests/qtest/fuzz/meson.build
+++ b/tests/qtest/fuzz/meson.build
@@ -5,7 +5,7 @@  specific_fuzz_ss.add(files('fuzz.c', 'fork_fuzz.c', 'qos_fuzz.c',
 specific_fuzz_ss.add(when: 'CONFIG_I440FX', if_true: files('i440fx_fuzz.c'))
 specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('virtio_net_fuzz.c'))
 specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_SCSI', if_true: files('virtio_scsi_fuzz.c'))
-specific_fuzz_ss.add(files('general_fuzz.c'))
+specific_fuzz_ss.add(files('general_fuzz.c', 'general_fuzz_configs.c'))
 
 fork_fuzz = declare_dependency(
   link_args: config_host['FUZZ_EXE_LDFLAGS'].split() +