On 5/31/19 10:02 AM, Alexander Graf wrote: > > On 21.05.19 17:39, Sam Caccavale wrote: >> This commit contains the minimal set of functionality to build >> afl-harness around arch/x86/emulate.c which allows exercising code >> in that source file, like x86_emulate_insn. Resolving the >> dependencies was done via GCC's -H flag by get_headers.py. >> >> --- >> tools/Makefile | 9 ++ >> .../fuzz/x86_instruction_emulation/.gitignore | 2 + >> tools/fuzz/x86_instruction_emulation/Makefile | 57 +++++++ >> .../fuzz/x86_instruction_emulation/README.md | 12 ++ >> .../x86_instruction_emulation/afl-harness.c | 149 ++++++++++++++++++ >> tools/fuzz/x86_instruction_emulation/common.h | 87 ++++++++++ >> .../x86_instruction_emulation/emulator_ops.c | 58 +++++++ >> .../x86_instruction_emulation/emulator_ops.h | 117 ++++++++++++++ >> .../scripts/get_headers.py | 95 +++++++++++ >> .../scripts/make_deps | 4 + >> tools/fuzz/x86_instruction_emulation/stubs.c | 56 +++++++ >> tools/fuzz/x86_instruction_emulation/stubs.h | 52 ++++++ >> 12 files changed, 698 insertions(+) >> create mode 100644 tools/fuzz/x86_instruction_emulation/.gitignore >> create mode 100644 tools/fuzz/x86_instruction_emulation/Makefile >> create mode 100644 tools/fuzz/x86_instruction_emulation/README.md >> create mode 100644 tools/fuzz/x86_instruction_emulation/afl-harness.c >> create mode 100644 tools/fuzz/x86_instruction_emulation/common.h >> create mode 100644 tools/fuzz/x86_instruction_emulation/emulator_ops.c >> create mode 100644 tools/fuzz/x86_instruction_emulation/emulator_ops.h >> create mode 100644 >> tools/fuzz/x86_instruction_emulation/scripts/get_headers.py >> create mode 100755 >> tools/fuzz/x86_instruction_emulation/scripts/make_deps >> create mode 100644 tools/fuzz/x86_instruction_emulation/stubs.c >> create mode 100644 tools/fuzz/x86_instruction_emulation/stubs.h >> >> diff --git a/tools/Makefile b/tools/Makefile >> index 3dfd72ae6c1a..4d68817b7e49 100644 >> --- a/tools/Makefile >> +++ b/tools/Makefile >> @@ -94,6 +94,12 @@ freefall: FORCE >> kvm_stat: FORCE >> $(call descend,kvm/$@) >> +fuzz: FORCE >> + $(call descend,fuzz/x86_instruction_emulation) >> + >> +fuzz_deps: FORCE >> + $(call descend,fuzz/x86_instruction_emulation,fuzz_deps) >> + >> all: acpi cgroup cpupower gpio hv firewire liblockdep \ >> perf selftests spi turbostat usb \ >> virtio vm bpf x86_energy_perf_policy \ >> @@ -171,6 +177,9 @@ tmon_clean: >> freefall_clean: >> $(call descend,laptop/freefall,clean) >> +fuzz_clean: >> + $(call descend,fuzz/x86_instruction_emulation,clean) >> + >> build_clean: >> $(call descend,build,clean) >> diff --git a/tools/fuzz/x86_instruction_emulation/.gitignore >> b/tools/fuzz/x86_instruction_emulation/.gitignore >> new file mode 100644 >> index 000000000000..7d44f7ce266e >> --- /dev/null >> +++ b/tools/fuzz/x86_instruction_emulation/.gitignore >> @@ -0,0 +1,2 @@ >> +*.o >> +*-harness >> diff --git a/tools/fuzz/x86_instruction_emulation/Makefile >> b/tools/fuzz/x86_instruction_emulation/Makefile >> new file mode 100644 >> index 000000000000..d2854a332605 >> --- /dev/null >> +++ b/tools/fuzz/x86_instruction_emulation/Makefile >> @@ -0,0 +1,57 @@ >> +ROOT_DIR=../../.. >> +THIS_DIR=tools/fuzz/x86_instruction_emulation >> + >> +include ../../scripts/Makefile.include >> + >> +.DEFAULT_GOAL := all >> + >> +INCLUDES := $(patsubst -I./%,-I./$(ROOT_DIR)/%, $(LINUXINCLUDE)) >> +INCLUDES := $(patsubst ./include/%,./$(ROOT_DIR)/include/%, $(INCLUDES)) >> +INCLUDES += -include ./$(ROOT_DIR)/include/linux/compiler_types.h >> + >> +$(ROOT_DIR)/.config: >> + make -C $(ROOT_DIR) menuconfig >> + sed -i -r 's/^#? *CONFIG_KVM(.*)=.*/CONFIG_KVM\1=y/' >> $(ROOT_DIR)/.config >> + >> + >> +ifdef DEBUG >> +KBUILD_CFLAGS += -DDEBUG >> +endif >> +KBUILD_CFLAGS += -g -O0 > > > Why -O0? I would expect a some bugs to only emerge with optimization > enabled. > > Alex > This was supposed to be the `ifdef` actually. Fixed in v2. Sam