microsoft/openvmm
Publicmirrored fromhttps://github.com/microsoft/openvmmAvailable
Guide/src/dev_guide/tests/fuzzing.md
27lines · modecode
| 1 | # Fuzzing in OpenVMM |
| 2 | |
| 3 | Fuzzing infrastructure in OpenVMM is based on the excellent |
| 4 | [cargo-fuzz](https://github.com/rust-fuzz/cargo-fuzz) project, which makes it super easy to get |
| 5 | up-and-running with fuzzing in Rust projects. |
| 6 | |
| 7 | Under-the-hood, `cargo-fuzz` hooks into LLVM's |
| 8 | [libFuzzer](https://www.llvm.org/docs/LibFuzzer.html) to do the actual fuzzing. |
| 9 | |
| 10 | ```admonish important |
| 11 | Fuzzing only works on **Linux**. libfuzzer-sys doesn't support Windows. |
| 12 | On **aarch64**, set `RUSTFLAGS="-Ctarget-feature=+lse,+neon"` before any |
| 13 | cargo-fuzz command, or builds will fail with atomics errors. |
| 14 | ``` |
| 15 | |
| 16 | OpenVMM fuzzers target several categories of code: |
| 17 | |
| 18 | - **Chipset devices** (battery, CMOS/RTC, IDE) — PIO, MMIO, and PCI config |
| 19 | interfaces exposed to guests |
| 20 | - **VMBus devices** (storvsp) — VMBus channel protocol and SCSI command |
| 21 | processing |
| 22 | - **Driver stacks** (NVMe) — driver-side fuzzing against fuzzed device |
| 23 | responses |
| 24 | - **Unsafe abstractions** (scsi_buffers, guestmem, sparse_mmap) — safe API |
| 25 | surface over unsafe internals |
| 26 | - **Protocol parsers** (UEFI NVRAM, mesh ttrpc, UCS-2) — parsing and |
| 27 | validation of structured data |
| 28 | |