Dear all, This series aims to provide an entrypoint for, and fuzz KVM's x86 instruction emulator from userspace. It mirrors Xen's application of the AFL fuzzer to it's instruction emulator in the hopes of discovering vulnerabilities. Since this entrypoint also allows arbitrary execution of the emulators code from userspace, it may also be useful for testing. The current 4 patches build the emulator and 2 harnesses: simple-harness is an example of unit testing; afl-harness is a frontend for the AFL fuzzer. Patches ======= - 01: Builds and links afl-harness with the required kernel objects. - 02: Introduces the minimal set of emulator operations and supporting code to emulate simple instructions. - 03: Demonstrates simple-harness as a unit test. - 04: Adds scripts for install, running, and crash triage. Any comments/suggestions are greatly appreciated. Best, Sam Caccavale Sam Caccavale (4): Build target for emulate.o as a userspace binary Emulate simple x86 instructions in userspace Demonstrating unit testing via simple-harness Added scripts for filtering, building, deploying tools/Makefile | 9 + tools/fuzz/x86ie/.gitignore | 2 + tools/fuzz/x86ie/Makefile | 54 +++ tools/fuzz/x86ie/README.md | 12 + tools/fuzz/x86ie/afl-harness.c | 151 +++++++ tools/fuzz/x86ie/common.h | 87 ++++ tools/fuzz/x86ie/emulator_ops.c | 398 ++++++++++++++++++ tools/fuzz/x86ie/emulator_ops.h | 120 ++++++ tools/fuzz/x86ie/scripts/afl-many | 28 ++ tools/fuzz/x86ie/scripts/bin.sh | 49 +++ tools/fuzz/x86ie/scripts/build.sh | 32 ++ tools/fuzz/x86ie/scripts/coalesce.sh | 6 + tools/fuzz/x86ie/scripts/deploy.sh | 9 + tools/fuzz/x86ie/scripts/deploy_remote.sh | 9 + tools/fuzz/x86ie/scripts/gen_output.sh | 11 + tools/fuzz/x86ie/scripts/install_afl.sh | 14 + .../fuzz/x86ie/scripts/install_deps_ubuntu.sh | 5 + tools/fuzz/x86ie/scripts/rebuild.sh | 6 + tools/fuzz/x86ie/scripts/run.sh | 10 + tools/fuzz/x86ie/scripts/summarize.sh | 9 + tools/fuzz/x86ie/simple-harness.c | 42 ++ tools/fuzz/x86ie/stubs.c | 56 +++ tools/fuzz/x86ie/stubs.h | 52 +++ 23 files changed, 1171 insertions(+) create mode 100644 tools/fuzz/x86ie/.gitignore create mode 100644 tools/fuzz/x86ie/Makefile create mode 100644 tools/fuzz/x86ie/README.md create mode 100644 tools/fuzz/x86ie/afl-harness.c create mode 100644 tools/fuzz/x86ie/common.h create mode 100644 tools/fuzz/x86ie/emulator_ops.c create mode 100644 tools/fuzz/x86ie/emulator_ops.h create mode 100755 tools/fuzz/x86ie/scripts/afl-many create mode 100755 tools/fuzz/x86ie/scripts/bin.sh create mode 100755 tools/fuzz/x86ie/scripts/build.sh create mode 100755 tools/fuzz/x86ie/scripts/coalesce.sh create mode 100644 tools/fuzz/x86ie/scripts/deploy.sh create mode 100755 tools/fuzz/x86ie/scripts/deploy_remote.sh create mode 100755 tools/fuzz/x86ie/scripts/gen_output.sh create mode 100755 tools/fuzz/x86ie/scripts/install_afl.sh create mode 100755 tools/fuzz/x86ie/scripts/install_deps_ubuntu.sh create mode 100755 tools/fuzz/x86ie/scripts/rebuild.sh create mode 100755 tools/fuzz/x86ie/scripts/run.sh create mode 100755 tools/fuzz/x86ie/scripts/summarize.sh create mode 100644 tools/fuzz/x86ie/simple-harness.c create mode 100644 tools/fuzz/x86ie/stubs.c create mode 100644 tools/fuzz/x86ie/stubs.h -- 2.17.1 Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879
