On 21.05.19 17:39, Sam Caccavale wrote:
This commit contains the minimal set of functionality to build
afl-harness around arch/x86/emulate.c which allows exercising code
in that source file, like x86_emulate_insn. Resolving the
dependencies was done via GCC's -H flag by get_headers.py.
---
tools/Makefile | 9 ++
.../fuzz/x86_instruction_emulation/.gitignore | 2 +
tools/fuzz/x86_instruction_emulation/Makefile | 57 +++++++
.../fuzz/x86_instruction_emulation/README.md | 12 ++
.../x86_instruction_emulation/afl-harness.c | 149 ++++++++++++++++++
tools/fuzz/x86_instruction_emulation/common.h | 87 ++++++++++
.../x86_instruction_emulation/emulator_ops.c | 58 +++++++
.../x86_instruction_emulation/emulator_ops.h | 117 ++++++++++++++
.../scripts/get_headers.py | 95 +++++++++++
.../scripts/make_deps | 4 +
tools/fuzz/x86_instruction_emulation/stubs.c | 56 +++++++
tools/fuzz/x86_instruction_emulation/stubs.h | 52 ++++++
12 files changed, 698 insertions(+)
create mode 100644 tools/fuzz/x86_instruction_emulation/.gitignore
create mode 100644 tools/fuzz/x86_instruction_emulation/Makefile
create mode 100644 tools/fuzz/x86_instruction_emulation/README.md
create mode 100644 tools/fuzz/x86_instruction_emulation/afl-harness.c
create mode 100644 tools/fuzz/x86_instruction_emulation/common.h
create mode 100644 tools/fuzz/x86_instruction_emulation/emulator_ops.c
create mode 100644 tools/fuzz/x86_instruction_emulation/emulator_ops.h
create mode 100644 tools/fuzz/x86_instruction_emulation/scripts/get_headers.py
create mode 100755 tools/fuzz/x86_instruction_emulation/scripts/make_deps
create mode 100644 tools/fuzz/x86_instruction_emulation/stubs.c
create mode 100644 tools/fuzz/x86_instruction_emulation/stubs.h
diff --git a/tools/Makefile b/tools/Makefile
index 3dfd72ae6c1a..4d68817b7e49 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -94,6 +94,12 @@ freefall: FORCE
kvm_stat: FORCE
$(call descend,kvm/$@)
+fuzz: FORCE
+ $(call descend,fuzz/x86_instruction_emulation)
+
+fuzz_deps: FORCE
+ $(call descend,fuzz/x86_instruction_emulation,fuzz_deps)
+
all: acpi cgroup cpupower gpio hv firewire liblockdep \
perf selftests spi turbostat usb \
virtio vm bpf x86_energy_perf_policy \
@@ -171,6 +177,9 @@ tmon_clean:
freefall_clean:
$(call descend,laptop/freefall,clean)
+fuzz_clean:
+ $(call descend,fuzz/x86_instruction_emulation,clean)
+
build_clean:
$(call descend,build,clean)
diff --git a/tools/fuzz/x86_instruction_emulation/.gitignore b/tools/fuzz/x86_instruction_emulation/.gitignore
new file mode 100644
index 000000000000..7d44f7ce266e
--- /dev/null
+++ b/tools/fuzz/x86_instruction_emulation/.gitignore
@@ -0,0 +1,2 @@
+*.o
+*-harness
diff --git a/tools/fuzz/x86_instruction_emulation/Makefile b/tools/fuzz/x86_instruction_emulation/Makefile
new file mode 100644
index 000000000000..d2854a332605
--- /dev/null
+++ b/tools/fuzz/x86_instruction_emulation/Makefile
@@ -0,0 +1,57 @@
+ROOT_DIR=../../..
+THIS_DIR=tools/fuzz/x86_instruction_emulation
+
+include ../../scripts/Makefile.include
+
+.DEFAULT_GOAL := all
+
+INCLUDES := $(patsubst -I./%,-I./$(ROOT_DIR)/%, $(LINUXINCLUDE))
+INCLUDES := $(patsubst ./include/%,./$(ROOT_DIR)/include/%, $(INCLUDES))
+INCLUDES += -include ./$(ROOT_DIR)/include/linux/compiler_types.h
+
+$(ROOT_DIR)/.config:
+ make -C $(ROOT_DIR) menuconfig
+ sed -i -r 's/^#? *CONFIG_KVM(.*)=.*/CONFIG_KVM\1=y/' $(ROOT_DIR)/.config
+
+
+ifdef DEBUG
+KBUILD_CFLAGS += -DDEBUG
+endif
+KBUILD_CFLAGS += -g -O0
Why -O0? I would expect a some bugs to only emerge with optimization
enabled.
Alex
