ivampiresp/Spdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fuzz/llvm: provide a prefix to use when saving artifacts

Browse Source 
Save crash files and other artifacts in `$output_dir/llvm/`

Signed-off-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
Change-Id: I2ff82b414592cc492b79c9178b7257b2e87440b5
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/15827
Reviewed-by: Michal Berger <michal.berger@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
This commit is contained in:
Sebastian Brzezinka 2022-12-08 18:37:07 +01:00 committed by David Ko
parent 3926afd5f5
commit 2df6ee9845
4 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz.c
View File

@ -15,6 +15,7 @@
static const uint8_t *g_data;
static bool g_trid_specified = false;
static char *g_artifact_prefix;
static int32_t g_time_in_sec = 10;
static char *g_corpus_dir;
static uint8_t *g_repro_data;
@ -828,9 +829,11 @@ start_fuzzer(void *ctx)
"-detect_leaks=1",
NULL,
NULL,
NULL,
NULL
};
char time_str[128];
char prefix[PATH_MAX];
char len_str[128];
char **argv = _argv;
int argc = SPDK_COUNTOF(_argv);
@ -838,6 +841,8 @@ start_fuzzer(void *ctx)
int rc;
spdk_unaffinitize_thread();
snprintf(prefix, sizeof(prefix), "-artifact_prefix=%s", g_artifact_prefix);
argv[argc - 4] = prefix;
len = MAX_COMMANDS * g_fuzzer->bytes_per_cmd;
snprintf(len_str, sizeof(len_str), "-max_len=%d", len);
argv[argc - 3] = len_str;
@ -847,6 +852,9 @@ start_fuzzer(void *ctx)
g_in_fuzzer = true;
atexit(exit_handler);
free(g_artifact_prefix);
if (g_repro_data) {
printf("Running single test based on reproduction data file.\n");
rc = TestOneInput(g_repro_data, g_repro_size);
@ -888,6 +896,7 @@ nvme_fuzz_usage(void)
fprintf(stderr, " -D Path of corpus directory.\n");
fprintf(stderr, " -F Transport ID for subsystem that should be fuzzed.\n");
fprintf(stderr, " -N Name of reproduction data file.\n");
fprintf(stderr, " -P Provide a prefix to use when saving artifacts.\n");
fprintf(stderr, " -t Time to run fuzz tests (in seconds). Default: 10\n");
fprintf(stderr, " -Z Fuzzer to run (0 to %lu)\n", NUM_FUZZERS - 1);
}
@ -927,6 +936,13 @@ nvme_fuzz_parse(int ch, char *arg)
return -1;
}
break;
case 'P':
g_artifact_prefix = strdup(optarg);
if (!g_artifact_prefix) {
fprintf(stderr, "cannot strdup: %s\n", optarg);
return -ENOMEM;
}
break;
case 't':
case 'Z':
tmp = spdk_strtoll(optarg, 10);
@ -980,7 +996,7 @@ main(int argc, char **argv)
opts.name = "nvme_fuzz";
opts.shutdown_cb = fuzz_shutdown;
if ((rc = spdk_app_parse_args(argc, argv, &opts, "D:F:N:t:Z:", NULL, nvme_fuzz_parse,
if ((rc = spdk_app_parse_args(argc, argv, &opts, "D:F:N:P:t:Z:", NULL, nvme_fuzz_parse,
nvme_fuzz_usage) != SPDK_APP_PARSE_ARGS_SUCCESS)) {
return rc;
}

17
test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz.c
View File

@ -29,6 +29,7 @@ struct fuzz_type {
static uint8_t payload[VFIO_USER_MAX_PAYLOAD_SIZE];
static char *g_ctrlr_path;
static char *g_artifact_prefix;
static int32_t g_time_in_sec = 10;
static char *g_corpus_dir;
static uint8_t *g_repro_data;
@ -161,15 +162,19 @@ start_fuzzer(void *ctx)
"-detect_leaks=1",
NULL,
NULL,
NULL,
NULL
};
char time_str[128];
char prefix[PATH_MAX];
char len_str[128];
char **argv = _argv;
int argc = SPDK_COUNTOF(_argv);
uint32_t len = 0;
spdk_unaffinitize_thread();
snprintf(prefix, sizeof(prefix), "-artifact_prefix=%s", g_artifact_prefix);
argv[argc - 4] = prefix;
len = 10 * g_fuzzer->bytes_per_cmd;
snprintf(len_str, sizeof(len_str), "-max_len=%d", len);
argv[argc - 3] = len_str;
@ -179,6 +184,8 @@ start_fuzzer(void *ctx)
atexit(exit_handler);
free(g_artifact_prefix);
if (g_repro_data) {
printf("Running single test based on reproduction data file.\n");
TestOneInput(g_repro_data, g_repro_size);
@ -435,6 +442,7 @@ vfio_fuzz_usage(void)
fprintf(stderr, " -D Path of corpus directory.\n");
fprintf(stderr, " -F Path for ctrlr that should be fuzzed.\n");
fprintf(stderr, " -N Name of reproduction data file.\n");
fprintf(stderr, " -P Provide a prefix to use when saving artifacts.\n");
fprintf(stderr, " -t Time to run fuzz tests (in seconds). Default: 10\n");
fprintf(stderr, " -Y Path of addition controller to perform io.\n");
fprintf(stderr, " -Z Fuzzer to run (0 to %lu)\n", NUM_FUZZERS - 1);
@ -473,6 +481,13 @@ vfio_fuzz_parse(int ch, char *arg)
return -1;
}
break;
case 'P':
g_artifact_prefix = strdup(optarg);
if (!g_artifact_prefix) {
fprintf(stderr, "cannot strdup: %s\n", optarg);
return -ENOMEM;
}
break;
case 'Y':
g_io_thread.io_ctrlr_path = strdup(optarg);
if (!g_io_thread.io_ctrlr_path) {
@ -533,7 +548,7 @@ main(int argc, char **argv)
opts.name = "vfio_fuzz";
opts.shutdown_cb = fuzz_shutdown;
if ((rc = spdk_app_parse_args(argc, argv, &opts, "D:F:N:t:Y:Z:", NULL, vfio_fuzz_parse,
if ((rc = spdk_app_parse_args(argc, argv, &opts, "D:F:N:P:t:Y:Z:", NULL, vfio_fuzz_parse,
vfio_fuzz_usage) != SPDK_APP_PARSE_ARGS_SUCCESS)) {
return rc;
}

1
test/fuzz/llvm/nvmf/run.sh
View File

@ -35,6 +35,7 @@ function start_llvm_fuzz() {
$rootdir/test/app/fuzz/llvm_nvme_fuzz/llvm_nvme_fuzz \
-m $core \
-s $mem_size \
-P $output_dir/llvm/ \
-F "$trid" \
-c $nvmf_cfg \
-t $timen \

1
test/fuzz/llvm/vfio/run.sh
View File

@ -37,6 +37,7 @@ function start_llvm_fuzz() {
$rootdir/test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz \
-m $core \
-s $mem_size \
-P $output_dir/llvm/ \
-F $vfiouser_dir \
-c $vfiouser_cfg \
-t $timen \