ivampiresp/Spdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6b757ecb0f
Spdk/test/app/fuzz/vhost_fuzz
History
Shuhei Matsumoto ab0bc5c254 lib/thread: Use function name as poller name by using macro SPDK_POLLER_REGISTER 
We will be create fine name for each poller but it will need large
effort. Replacing spdk_poller_register by the macro SPDK_POLLER_REGISTER
will provide better name than function address with minimum effort.

Following patches may improve function name for clarification.

Signed-off-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Change-Id: If862a274c5879065c3f7cb04dcb5ca7844523e68
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/1781
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Paul Luse <paul.e.luse@intel.com>
Reviewed-by: Aleksey Marchuk <alexeymar@mellanox.com>
Reviewed-by: Maciej Szwed <maciej.szwed@intel.com>
Community-CI: Broadcom CI
2020-04-15 07:23:09 +00:00
..
.gitignore test: add a fuzzer for the vhost API 2019-07-08 09:18:19 +00:00
example.json test: add a fuzzer for the vhost API 2019-07-08 09:18:19 +00:00
Makefile test: add a fuzzer for the vhost API 2019-07-08 09:18:19 +00:00
README.md doc: Fix Markdown MD032 linter warnings 2020-02-06 09:46:06 +00:00
vhost_fuzz_rpc.c Remove remaining spdk_jsonrpc_begin_result() NULL checks 2019-08-09 16:35:00 +00:00
vhost_fuzz.c lib/thread: Use function name as poller name by using macro SPDK_POLLER_REGISTER 2020-04-15 07:23:09 +00:00
vhost_fuzz.h test: add a fuzzer for the vhost API 2019-07-08 09:18:19 +00:00

README.md

Overview

This application is intended to fuzz test the SPDK vhost target by supplying malformed or invalid requests across a unix domain socket. This fuzzer currently supports fuzzing both vhost block and vhost scsi devices. When fuzzing a vhost scsi device, users can select whether to fuzz the scsi I/O queue or the scsi admin queue. Please see the NVMe fuzzer readme for information on how output is generated, debugging procedures, and the JSON format expected when supplying preconstructed values to the fuzzer.

Request Types

Like the NVMe fuzzer, there is an example json file showing the types of requests that the application accepts. Since the vhost application accepts both vhost block and vhost scsi commands, there are three distinct object types that can be passed in to the application.

  1. vhost_blk_cmd
  2. vhost_scsi_cmd
  3. vhost_scsi_mgmt_cmd

Each one of these objects contains distinct data types and they should not be used interchangeably.

All three of the data types begin with three iovec structures describing the request, data, and response memory locations. By default, these values are overwritten by the application even when supplied as part of a json file. This is because the request and resp data pointers are intended to point to portions of the data structure.

If you want to override these iovec values using a json file, you can specify the -k option. In most cases, this will just result in the application failing all I/O immediately since the request will no longer point to a valid memory location.

It is possible to supply all three types of requests in a single array to the application. They will be parsed and submitted to the proper block devices.

RPC

The vhost fuzzer differs from the NVMe fuzzer in that it expects devices to be configured via rpc. The fuzzer should always be started with the --wait-for-rpc argument. Please see below for an example of starting the fuzzer.

./test/app/fuzz/vhost_fuzz/vhost_fuzz -t 30 --wait-for-rpc &
./scripts/rpc.py fuzz_vhost_create_dev -s ./Vhost.1 -b -V
./scripts/rpc.py fuzz_vhost_create_dev -s ./naa.VhostScsi0.1 -l -V
./scripts/rpc.py framework_start_init