[Xen-devel] [PATCH 0/2] libx86: Fuzzing harness

Andrew Cooper posted 2 patches 11 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/xen tags/patchew/1559677885-10731-1-git-send-email-andrew.cooper3@citrix.com
tools/fuzz/cpu-policy/.gitignore          |   1 +
tools/fuzz/cpu-policy/Makefile            |  28 +++++
tools/fuzz/cpu-policy/afl-policy-fuzzer.c | 187 ++++++++++++++++++++++++++++++
tools/tests/cpu-policy/test-cpu-policy.c  | 161 ++++++++++++++++++++++++-
xen/include/xen/lib/x86/cpuid.h           |  16 +++
xen/lib/x86/cpuid.c                       |  66 ++++++++++-
xen/lib/x86/private.h                     |   1 +
7 files changed, 454 insertions(+), 6 deletions(-)
create mode 100644 tools/fuzz/cpu-policy/.gitignore
create mode 100644 tools/fuzz/cpu-policy/Makefile
create mode 100644 tools/fuzz/cpu-policy/afl-policy-fuzzer.c

[Xen-devel] [PATCH 0/2] libx86: Fuzzing harness

Posted by Andrew Cooper 11 weeks ago
These are the final pieces to getting the fuzzing harness working correctly.

I accidentally left AFL running for a week while I was travelling, so this
certified "8d 15h crash-free".

Andrew Cooper (2):
  libx86: Helper for clearing out-of-range CPUID leaves
  tools/fuzz: Add a cpu-policy fuzzing harness

 tools/fuzz/cpu-policy/.gitignore          |   1 +
 tools/fuzz/cpu-policy/Makefile            |  28 +++++
 tools/fuzz/cpu-policy/afl-policy-fuzzer.c | 187 ++++++++++++++++++++++++++++++
 tools/tests/cpu-policy/test-cpu-policy.c  | 161 ++++++++++++++++++++++++-
 xen/include/xen/lib/x86/cpuid.h           |  16 +++
 xen/lib/x86/cpuid.c                       |  66 ++++++++++-
 xen/lib/x86/private.h                     |   1 +
 7 files changed, 454 insertions(+), 6 deletions(-)
 create mode 100644 tools/fuzz/cpu-policy/.gitignore
 create mode 100644 tools/fuzz/cpu-policy/Makefile
 create mode 100644 tools/fuzz/cpu-policy/afl-policy-fuzzer.c

-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH 0/2] libx86: Fuzzing harness

Posted by Jan Beulich 11 weeks ago
>>> On 04.06.19 at 21:51, <andrew.cooper3@citrix.com> wrote:
> These are the final pieces to getting the fuzzing harness working correctly.

I'm mildly confused by this statement, as it seems to imply there was
something not working correctly, when in fact there was nothing at
all - patch 2 only adds a new harness.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH 0/2] libx86: Fuzzing harness

Posted by Andrew Cooper 11 weeks ago
On 05/06/2019 10:54, Jan Beulich wrote:
>>>> On 04.06.19 at 21:51, <andrew.cooper3@citrix.com> wrote:
>> These are the final pieces to getting the fuzzing harness working correctly.
> I'm mildly confused by this statement, as it seems to imply there was
> something not working correctly, when in fact there was nothing at
> all - patch 2 only adds a new harness.

If you recall, the fuzzing harness was posted previously (during the
lead-up to L1TF) in the same patch as the unit tests, with a note saying
"sometimes AFL finds assertion failures".

In the end I dropped the fuzzing harness until I'd got it into a state
where it functioned correctly, and this is the final piece which isn't
yet committed upstream.

As to your question in patch 1 - all of the new library functionality is
strictly relevant to making DOMCTL_set_cpu_policy function correctly.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel