Internships/ProjectIdeas/QtestOssFuzz: Difference between revisions

From QEMU
(Created page with "=== virtio-blk oss-fuzz support === '''Summary:''' Integrate oss-fuzz into QEMU so that the virtio-blk device can be fuzz tested. oss-fuzz offers a fuzz testing service to o...")
 
Line 20: Line 20:
* Skill level: intermediate
* Skill level: intermediate
* Language: C
* Language: C
* Mentor: Stefan Hajnoczi <stefanha@redhat.com>
* Mentor: Stefan Hajnoczi <stefanha@redhat.com> ("stefanha" on IRC)

Revision as of 17:34, 9 January 2019

virtio-blk oss-fuzz support

Summary: Integrate oss-fuzz into QEMU so that the virtio-blk device can be fuzz tested.

oss-fuzz offers a fuzz testing service to open source projects. This means random inputs are continuously tested against the program in order to find crashes and other bugs. Fuzz testing complements hand-written test suites by exploring the input space of a program and therefore the code paths that may be taken.

The goal of this project is to integrate oss-fuzz into QEMU so that the virtio-blk-pci device can be fuzzed at both the VIRTIO and PCI bus level. virtio-blk-pci is a PCI device, which means it is connected to the virtual machine's PCI bus and has a certain set of registers that can be programmed by the guest. Furthermore, it is a VIRTIO device - this is the specification the describes most of the functionality of virtio-blk. Bugs exist at both the PCI and VIRTIO levels, so it's important to fuzz both of them.

Fuzzing emulated devices involves accessing their hardware registers randomly to make the device respond. QEMU has a device testing interface called "qtest" that accepts read/write and other commands over a socket and is ideal for writing device-level tests. You may find that oss-fuzz works better integrated directly into the QEMU program instead of as a separate qtest program, so you can consider adding a new command-line option to QEMU for running in oss-fuzz mode.

This project involves learning about VIRTIO and PCI devices, as well as figuring out how to integrate oss-fuzz into QEMU so that it can effective explore the code paths in virtio-blk device emulation code. You will enjoy this project if you want to learn how device emulation works and are interested in fuzzers.

Links:

Details:

  • Skill level: intermediate
  • Language: C
  • Mentor: Stefan Hajnoczi <stefanha@redhat.com> ("stefanha" on IRC)