Google Summer of Code 2016: Difference between revisions

From QEMU
(Created page with '= Introduction = QEMU is applying for [http://g.co/gsoc Google Summer of Code 2016]. This page contains our ideas list and information for students and mentors. If QEMU is acce…')
 
No edit summary
Line 59: Line 59:


== QEMU projects ==
== QEMU projects ==
=== AF_VSOCK packet capture in Linux and Wireshark ===
'''Summary:''' Develop a AF_VSOCK packet capture Linux device driver and Wireshark dissector
Wireshark and Linux's packet capture functionality support more than just Ethernet traffic dumping.  USB device traffic and netlink software communication can also be captured.
The AF_VSOCK address family is currently not support by Wireshark because there is no Linux kernel device driver for packet capture.  AF_VSOCK is the socket address family that is used by the virtio-vsock host/guest communication device that is currently in development.  The aim of this project is to first implement a Linux device driver for AF_VSOCK packet capture and then a Wireshark dissector.  Minor changes to tcpdump may be necessary too.
This will allow tcpdump and Wireshark to dump host/guest communication with virtio-vsock (and maybe also VMware VMSockets).  Traffic capture is an essential debugging tool for network communication and has not been available to programs using AF_VSOCK.
This project is challenging because you need to work on multiple codebases.  You must have experience with device driver development and network programming.
'''Links:'''
* How AF_NETLINK does packet capture: [http://lxr.free-electrons.com/source/drivers/net/nlmon.c nlmon.c]
* [https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html Wireshark dissector docs] (I'm not a Wireshark expert, some research may be necessary)
* [http://vmsplice.net/~stefan/stefanha-kvm-forum-2015.pdf virtio-vsock: Zero-configuration host/guest communication (pdf)] presentation on virtio-vsock
'''Details:'''
* Skill level: advanced
* Language: C
* Mentor: Stefan Hajnoczi <stefanha@redhat.com> (stefanha on IRC)
=== qemu-img fuzzing using afl-fuzz ===
'''Summary:''' Apply the afl-fuzz fuzz testing tool to qemu-img and submit patches fixing bugs discovered with afl-fuzz.
The qemu-img tool is used to convert between disk image file formats and inspect image files.  It supports multiple file formats including qcow2, vmdk, vhdx, and parallels.  Since this tool is often used on untrusted inputs (e.g. in a cloud or hosting environment where end-users can upload disk image files), it must not allow arbitrary code execution or other classes of security bugs.
afl-fuzz instruments the program to record codepaths taken for each input test file.  This allows afl-fuzz to mutate inputs and choose the ones that explore new codepaths.  The amount of prior knowledge that afl-fuzz needs about the input grammar is limited since it learns how inputs affect the codepath.  This makes it possible to fuzz various disk image file formats without painstakingly writing grammars for each file format.
In Outreach Program for Women 2014, a qcow2-specific fuzzing tool was developed in Python and several bugs were discovered.  This project aims to tackle the other file formats (especially vmdk, vhdx, and parallels).
This project is suitable for candidates interested in software security, software testing, compilers, and disk image file formats.
'''Links:'''
* [http://lcamtuf.coredump.cx/afl/ afl-fuzz]
* [https://en.wikipedia.org/wiki/VMDK VMDK file format]
* [http://download.microsoft.com/download/E/F/E/EFED95B0-FAED-4BED-8543-84B6C33B8824/VHDX%20Format%20Specification-v1.00.docx VHDX file format (docx)]
* Existing qcow2 fuzzer in qemu.git: [http://git.qemu-project.org/?p=qemu.git;a=tree;f=tests/image-fuzzer;hb=HEAD source code]
'''Details:'''
* Skill level: intermediate
* Language: C
* Mentor: Stefan Hajnoczi <stefanha@redhat.com> (stefanha on IRC)
* Suggested by: Stefan Hajnoczi
== Libvirt projects ==
== Libvirt projects ==
== Project idea template ==
== Project idea template ==

Revision as of 17:19, 25 January 2016

Introduction

QEMU is applying for Google Summer of Code 2016. This page contains our ideas list and information for students and mentors. If QEMU is accepted, we will be able to mentor students doing 12-week full-time open source work from May to August 2016!

Note to students: Participating organizations have not yet been announced so we don't know whether or not QEMU will take part this year. You are welcome to investigate project ideas that interest you but please don't invest too much time and effort until Google announces participating organizations.

Example coding exercise

Here is a C coding exercise we have used in previous years when interviewing students: 2014 coding exercise

Try it and see if you are comfortable enough writing C. We cannot answer questions about the previous coding exercise but hopefully it should be self-explanatory.

If you find the exercise challenging, think about applying to other organizations where you have a stronger technical background and will be more competitive compared with other candidates.

Find Us

  • IRC (GSoC specific): #qemu-gsoc on irc.oftc.net
  • IRC (development):
    • QEMU: #qemu on irc.oftc.net
    • libvirt: #virt on irc.oftc.net
    • KVM: #kvm on chat.freenode.net

Please contact the mentor for the project idea you are interested in. IRC is usually the quickest way to get an answer.

For general questions about QEMU in GSoC, please contact the following people:

How to get familiar with our software

See what people are developing and talking about on the mailing lists:

Grab the source code or browse it:

Build QEMU and run it: QEMU on Linux Hosts

Important links

Project Ideas

This is the listing of suggested project ideas. Students are free to suggest their own projects by emailing qemu-devel@nongnu.org and (optionally) CCing potential mentors.

QEMU projects

AF_VSOCK packet capture in Linux and Wireshark

Summary: Develop a AF_VSOCK packet capture Linux device driver and Wireshark dissector

Wireshark and Linux's packet capture functionality support more than just Ethernet traffic dumping. USB device traffic and netlink software communication can also be captured.

The AF_VSOCK address family is currently not support by Wireshark because there is no Linux kernel device driver for packet capture. AF_VSOCK is the socket address family that is used by the virtio-vsock host/guest communication device that is currently in development. The aim of this project is to first implement a Linux device driver for AF_VSOCK packet capture and then a Wireshark dissector. Minor changes to tcpdump may be necessary too.

This will allow tcpdump and Wireshark to dump host/guest communication with virtio-vsock (and maybe also VMware VMSockets). Traffic capture is an essential debugging tool for network communication and has not been available to programs using AF_VSOCK.

This project is challenging because you need to work on multiple codebases. You must have experience with device driver development and network programming.

Links:

Details:

  • Skill level: advanced
  • Language: C
  • Mentor: Stefan Hajnoczi <stefanha@redhat.com> (stefanha on IRC)

qemu-img fuzzing using afl-fuzz

Summary: Apply the afl-fuzz fuzz testing tool to qemu-img and submit patches fixing bugs discovered with afl-fuzz.

The qemu-img tool is used to convert between disk image file formats and inspect image files. It supports multiple file formats including qcow2, vmdk, vhdx, and parallels. Since this tool is often used on untrusted inputs (e.g. in a cloud or hosting environment where end-users can upload disk image files), it must not allow arbitrary code execution or other classes of security bugs.

afl-fuzz instruments the program to record codepaths taken for each input test file. This allows afl-fuzz to mutate inputs and choose the ones that explore new codepaths. The amount of prior knowledge that afl-fuzz needs about the input grammar is limited since it learns how inputs affect the codepath. This makes it possible to fuzz various disk image file formats without painstakingly writing grammars for each file format.

In Outreach Program for Women 2014, a qcow2-specific fuzzing tool was developed in Python and several bugs were discovered. This project aims to tackle the other file formats (especially vmdk, vhdx, and parallels).

This project is suitable for candidates interested in software security, software testing, compilers, and disk image file formats.

Links:

Details:

  • Skill level: intermediate
  • Language: C
  • Mentor: Stefan Hajnoczi <stefanha@redhat.com> (stefanha on IRC)
  • Suggested by: Stefan Hajnoczi

Libvirt projects

Project idea template

=== TITLE ===
 
 '''Summary:''' Short description of the project
 
 Detailed description of the project.
 
 '''Links:'''
 * Wiki links to relevant material
 * External links to mailing lists or web sites
 
 '''Details:'''
 * Skill level: beginner or intermediate or advanced
 * Language: C
 * Mentor: Email address and IRC nick
 * Suggested by: Person who suggested the idea

Information for mentors

Mentors are responsible for keeping in touch with their student and assessing the student's progress. GSoC has a mid-term evaluation and a final evaluation where both the mentor and student assess each other.

The mentor typically gives advice, reviews the student's code, and has regular communication with the student to ensure progress is being made.

Being a mentor is a significant time commitment, plan for 5 hours per week. Make sure you can make this commitment because backing out during the summer will affect the student's experience.

The mentor chooses their student by reviewing student application forms and conducting IRC interviews with candidates. Depending on the number of candidates, this can be time-consuming in itself. Choosing the right student is critical so that both the mentor and the student can have a successful experience.

Retrieved from "https://wiki.qemu.org/index.php?title=Google_Summer_of_Code_2016&oldid=5277"