LLVM provides libFuzzer which does coverage-guided
fuzzing of a library or application under test. For
SPDK, we can use this as a new and better way to
generate random commands to the SPDK nvmf target.
By default, libFuzzer provides the main() and your
source file just provides the function called by
LLVM for each iteration of random data. But this
doesn't really work for SPDK since we need to start
the app framework and the nvmf target. So we
specify -fsanitizer=fuzzer-no-link, explicitly
specify the location of the fuzzer_no_main library
and then call LLVMFuzzerRunDriver to start the
fuzzing process once we are ready.
Since this is all coverage-guided, we invoke the
fuzzer inside the nvmf target application. So this
patch creates a new target application called
'llvm_nvme_fuzz'. One core is needed to run the
nvmf target, then we spawn a pthread to run the
fuzzer against it.
Currently there are two fuzzers defined. Fuzzer 0
does random testing of admin commands. Fuzzer 1
is focused solely on GET_LOG_PAGE and fuzzes a
smaller subset of the bytes in the spdk_nvme_cmd.
Additional fuzzers can be added in the future for
other commands, testing I/O queues, data payloads,
etc.
You do need to specify CC and CXX when running
configure, as well as specify the location of the
special clang_rt.fuzz_no_main library. The path of
that library is dependent on your clang version and
architecture. If using clang-12 on x86_64 platform,
it will look like:
CC=clang-12 CXX=clang++-12 ./configure --with-fuzzer= \
/usr/lib/llvm-12/lib/clang/12.0.0/lib/linux/libclang_rt.fuzzer_no_main-x86_64.a
Then just do the following to demonstrate the fuzzer
tool.
make
test/nvmf/target/llvm_nvme_fuzz.sh --time=60 --fuzzer=0
Signed-off-by: Jim Harris <james.r.harris@intel.com>
Change-Id: Iee0997501893ac284a3947a1db7a155c5ceb7849
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/10038
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Enables us to test randomized data against the iSCSI target interface.
Change-Id: I56bd5bcd936b92ba152d4d5678d7124b3165c03c
Signed-off-by: Hailiang Wang <hailiangx.e.wang@intel.com>
Signed-off-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/509
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
This reverts commit 4700ef0fa6.
This has merge conflicts with the iSCSI async write patch
series that was merged.
Signed-off-by: Jim Harris <james.r.harris@intel.com>
Change-Id: I5a27460a369ef5f13bf490a287603e566071be40
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/482482
Enables us to test randomized data against the iSCSI target interface.
Change-Id: I9ff9a06c11bb16b315686156b27855664f21bd48
Signed-off-by: Hailiang Wang <hailiangx.e.wang@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/470925
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-by: Seth Howell <seth.howell@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Community-CI: SPDK CI Jenkins <sys_sgci@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Using the vhost_user API on the initiator side, we can craft arbitrary
requests to fuzz the vhost target APIs. This script currently supports
vhost_blk, but will support both vhost_blk and vhost_scsi.
Change-Id: I7f0af6ca2adabbc18b7029ea77b33f47fce9c16b
Signed-off-by: Seth Howell <seth.howell@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/454682
Reviewed-by: Darek Stojaczyk <dariusz.stojaczyk@intel.com>
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Enables us to test randomized data against the NVMe-oF target interface.
Change-Id: Ie7ab46949ccd89f74b10b79a24256aeae2df89ab
Signed-off-by: Seth Howell <seth.howell@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/431571
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Hailiang Wang <hailiangx.e.wang@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: qun wan <qun.wan@intel.com>
Reviewed-by: Darek Stojaczyk <dariusz.stojaczyk@intel.com>
