| Message ID | 20210117201014.271610-3-alxndr@bu.edu |
|---|---|
| State | New |
| Headers | show |
| Series | Small fuzzer-related changes | expand |
On 17/01/2021 21.10, Alexander Bulekov wrote: > This is useful for building reproducers. Instead checking the code or > the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > --- > tests/qtest/fuzz/fuzz.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c > index 238866a037..496d11a231 100644 > --- a/tests/qtest/fuzz/fuzz.c > +++ b/tests/qtest/fuzz/fuzz.c > @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > char *target_name; > const char *bindir; > char *datadir; > + GString *cmd_line; > + gchar *pretty_cmd_line; > bool serialize = false; > > /* Initialize qgraph and modules */ > @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > } > > /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ > - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > g_string_append_printf(cmd_line, " %s -qtest /dev/null ", > getenv("QTEST_LOG") ? "" : "-qtest-log none"); > > @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > wordexp(cmd_line->str, &result, 0); > g_string_free(cmd_line, true); > > + if (getenv("QTEST_LOG")) { > + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); > + printf("Starting %s with Arguments: %s\n", > + result.we_wordv[0], pretty_cmd_line); > + g_free(pretty_cmd_line); > + } > + > qemu_init(result.we_wordc, result.we_wordv, NULL); > > /* re-enable the rcu atfork, which was previously disabled in qemu_init */ > Reviewed-by: Thomas Huth <thuth@redhat.com>
On 17/01/21 21:10, Alexander Bulekov wrote: > This is useful for building reproducers. Instead checking the code or > the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > --- > tests/qtest/fuzz/fuzz.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c > index 238866a037..496d11a231 100644 > --- a/tests/qtest/fuzz/fuzz.c > +++ b/tests/qtest/fuzz/fuzz.c > @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > char *target_name; > const char *bindir; > char *datadir; > + GString *cmd_line; > + gchar *pretty_cmd_line; > bool serialize = false; > > /* Initialize qgraph and modules */ > @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > } > > /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ > - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > g_string_append_printf(cmd_line, " %s -qtest /dev/null ", > getenv("QTEST_LOG") ? "" : "-qtest-log none"); > > @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) > wordexp(cmd_line->str, &result, 0); > g_string_free(cmd_line, true); > > + if (getenv("QTEST_LOG")) { > + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); > + printf("Starting %s with Arguments: %s\n", > + result.we_wordv[0], pretty_cmd_line); > + g_free(pretty_cmd_line); > + } > + > qemu_init(result.we_wordc, result.we_wordv, NULL); > > /* re-enable the rcu atfork, which was previously disabled in qemu_init */ > Hi Alexander, can you send _me_ a pull request for all the pending fuzzing patches? I haven't paid much attention, but I have seen external contributions and I have the feeling that they aren't being applied/reviewed promptly. Paolo
On 18/01/2021 09.43, Paolo Bonzini wrote: > On 17/01/21 21:10, Alexander Bulekov wrote: >> This is useful for building reproducers. Instead checking the code or >> the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. >> >> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> >> --- >> tests/qtest/fuzz/fuzz.c | 11 ++++++++++- >> 1 file changed, 10 insertions(+), 1 deletion(-) >> >> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c >> index 238866a037..496d11a231 100644 >> --- a/tests/qtest/fuzz/fuzz.c >> +++ b/tests/qtest/fuzz/fuzz.c >> @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char >> ***envp) >> char *target_name; >> const char *bindir; >> char *datadir; >> + GString *cmd_line; >> + gchar *pretty_cmd_line; >> bool serialize = false; >> /* Initialize qgraph and modules */ >> @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char >> ***envp) >> } >> /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ >> - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); >> + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); >> g_string_append_printf(cmd_line, " %s -qtest /dev/null ", >> getenv("QTEST_LOG") ? "" : "-qtest-log none"); >> @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, >> char ***envp) >> wordexp(cmd_line->str, &result, 0); >> g_string_free(cmd_line, true); >> + if (getenv("QTEST_LOG")) { >> + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); >> + printf("Starting %s with Arguments: %s\n", >> + result.we_wordv[0], pretty_cmd_line); >> + g_free(pretty_cmd_line); >> + } >> + >> qemu_init(result.we_wordc, result.we_wordv, NULL); >> /* re-enable the rcu atfork, which was previously disabled in >> qemu_init */ >> > > Hi Alexander, can you send _me_ a pull request for all the pending fuzzing > patches? I haven't paid much attention, but I have seen external > contributions and I have the feeling that they aren't being applied/reviewed > promptly. I'm normally taking the fuzzing patches through the qtest tree (and also merged some contributions last week, see 22ec0c696fd28e and the following commits) ... which patch series that got missed did you have in mind? Anyway, the amount of fuzzer patches seems to have increased during the last weeks, and I'm not very familiar with the fuzzing stuff and also sometimes I do not get CC:-ed on fuzzing patches, so it might make sense indeed that Alexander now gathers the fuzzing patches and starts sending pull requests for these. Alexander, do you want to have a try now? Thomas
On 18/01/21 10:30, Thomas Huth wrote: >> >> Hi Alexander, can you send _me_ a pull request for all the pending >> fuzzing patches? I haven't paid much attention, but I have seen >> external contributions and I have the feeling that they aren't being >> applied/reviewed promptly. > > I'm normally taking the fuzzing patches through the qtest tree (and also > merged some contributions last week, see 22ec0c696fd28e and the > following commits) ... which patch series that got missed did you have > in mind? I was thinking mostly of "fuzz: improve crash case minimization" which I had lost track of, but that one has been merged. Paolo > Anyway, the amount of fuzzer patches seems to have increased during the > last weeks, and I'm not very familiar with the fuzzing stuff and also > sometimes I do not get CC:-ed on fuzzing patches, so it might make sense > indeed that Alexander now gathers the fuzzing patches and starts sending > pull requests for these. Alexander, do you want to have a try now? > > Thomas
On 210118 1030, Thomas Huth wrote: > On 18/01/2021 09.43, Paolo Bonzini wrote: > > On 17/01/21 21:10, Alexander Bulekov wrote: > > > This is useful for building reproducers. Instead checking the code or > > > the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. > > > > > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > > > --- > > > tests/qtest/fuzz/fuzz.c | 11 ++++++++++- > > > 1 file changed, 10 insertions(+), 1 deletion(-) > > > > > > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c > > > index 238866a037..496d11a231 100644 > > > --- a/tests/qtest/fuzz/fuzz.c > > > +++ b/tests/qtest/fuzz/fuzz.c > > > @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char > > > ***argv, char ***envp) > > > char *target_name; > > > const char *bindir; > > > char *datadir; > > > + GString *cmd_line; > > > + gchar *pretty_cmd_line; > > > bool serialize = false; > > > /* Initialize qgraph and modules */ > > > @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char > > > ***argv, char ***envp) > > > } > > > /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ > > > - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > > > + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); > > > g_string_append_printf(cmd_line, " %s -qtest /dev/null ", > > > getenv("QTEST_LOG") ? "" : "-qtest-log none"); > > > @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char > > > ***argv, char ***envp) > > > wordexp(cmd_line->str, &result, 0); > > > g_string_free(cmd_line, true); > > > + if (getenv("QTEST_LOG")) { > > > + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); > > > + printf("Starting %s with Arguments: %s\n", > > > + result.we_wordv[0], pretty_cmd_line); > > > + g_free(pretty_cmd_line); > > > + } > > > + > > > qemu_init(result.we_wordc, result.we_wordv, NULL); > > > /* re-enable the rcu atfork, which was previously disabled in > > > qemu_init */ > > > > > > > Hi Alexander, can you send _me_ a pull request for all the pending > > fuzzing patches? I haven't paid much attention, but I have seen > > external contributions and I have the feeling that they aren't being > > applied/reviewed promptly. > > I'm normally taking the fuzzing patches through the qtest tree (and also > merged some contributions last week, see 22ec0c696fd28e and the following > commits) ... which patch series that got missed did you have in mind? > > Anyway, the amount of fuzzer patches seems to have increased during the last > weeks, and I'm not very familiar with the fuzzing stuff and also sometimes I > do not get CC:-ed on fuzzing patches, so it might make sense indeed that > Alexander now gathers the fuzzing patches and starts sending pull requests > for these. Alexander, do you want to have a try now? > Sure - I'll wait for both remaining series to be fully reviewed. Then I'll follow this: https://wiki.qemu.org/Contribute/SubmitAPullRequest -Alex > Thomas >
diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index 238866a037..496d11a231 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -159,6 +159,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) char *target_name; const char *bindir; char *datadir; + GString *cmd_line; + gchar *pretty_cmd_line; bool serialize = false; /* Initialize qgraph and modules */ @@ -217,7 +219,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) } /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ - GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); + cmd_line = fuzz_target->get_init_cmdline(fuzz_target); g_string_append_printf(cmd_line, " %s -qtest /dev/null ", getenv("QTEST_LOG") ? "" : "-qtest-log none"); @@ -226,6 +228,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) wordexp(cmd_line->str, &result, 0); g_string_free(cmd_line, true); + if (getenv("QTEST_LOG")) { + pretty_cmd_line = g_strjoinv(" ", result.we_wordv + 1); + printf("Starting %s with Arguments: %s\n", + result.we_wordv[0], pretty_cmd_line); + g_free(pretty_cmd_line); + } + qemu_init(result.we_wordc, result.we_wordv, NULL); /* re-enable the rcu atfork, which was previously disabled in qemu_init */
This is useful for building reproducers. Instead checking the code or the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> --- tests/qtest/fuzz/fuzz.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)