# Specify linker-script with add_project_link_arguments so that it is not placed
# within a linker --start-group/--end-group pair
if get_option('fuzzing')
- add_project_link_arguments(['-Wl,-T,',
- (meson.current_source_dir() / 'tests/qtest/fuzz/fork_fuzz.ld')],
- native: false, language: all_languages)
-
# Specify a filter to only instrument code that is directly related to
# virtual-devices.
configure_file(output: 'instrumentation-filter',
+++ /dev/null
-/*
- * Fork-based fuzzing helpers
- *
- * Copyright Red Hat Inc., 2019
- *
- * Authors:
- * Alexander Bulekov <alxndr@bu.edu>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- */
-
-#include "qemu/osdep.h"
-#include "fork_fuzz.h"
-
-
-void counter_shm_init(void)
-{
- /* Copy what's in the counter region to a temporary buffer.. */
- void *copy = malloc(&__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
- memcpy(copy,
- &__FUZZ_COUNTERS_START,
- &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
-
- /* Map a shared region over the counter region */
- if (mmap(&__FUZZ_COUNTERS_START,
- &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START,
- PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED | MAP_ANONYMOUS,
- 0, 0) == MAP_FAILED) {
- perror("Error: ");
- exit(1);
- }
-
- /* Copy the original data back to the counter-region */
- memcpy(&__FUZZ_COUNTERS_START, copy,
- &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
- free(copy);
-}
-
-
+++ /dev/null
-/*
- * Fork-based fuzzing helpers
- *
- * Copyright Red Hat Inc., 2019
- *
- * Authors:
- * Alexander Bulekov <alxndr@bu.edu>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- */
-
-#ifndef FORK_FUZZ_H
-#define FORK_FUZZ_H
-
-extern uint8_t __FUZZ_COUNTERS_START;
-extern uint8_t __FUZZ_COUNTERS_END;
-
-void counter_shm_init(void);
-
-#endif
-
+++ /dev/null
-/*
- * We adjust linker script modification to place all of the stuff that needs to
- * persist across fuzzing runs into a contiguous section of memory. Then, it is
- * easy to re-map the counter-related memory as shared.
- */
-
-SECTIONS
-{
- .data.fuzz_start : ALIGN(4K)
- {
- __FUZZ_COUNTERS_START = .;
- __start___sancov_cntrs = .;
- *(_*sancov_cntrs);
- __stop___sancov_cntrs = .;
-
- /* Lowest stack counter */
- *(__sancov_lowest_stack);
- }
-}
-INSERT AFTER .data;
-
-SECTIONS
-{
- .data.fuzz_ordered :
- {
- /*
- * Coverage counters. They're not necessary for fuzzing, but are useful
- * for analyzing the fuzzing performance
- */
- __start___llvm_prf_cnts = .;
- *(*llvm_prf_cnts);
- __stop___llvm_prf_cnts = .;
-
- /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */
- FuzzerTracePC*(.bss*);
- /*
- * In case the above line fails, explicitly specify the (mangled) name of
- * the object we care about
- */
- *(.bss._ZN6fuzzer3TPCE);
- }
-}
-INSERT AFTER .data.fuzz_start;
-
-SECTIONS
-{
- .data.fuzz_end : ALIGN(4K)
- {
- __FUZZ_COUNTERS_END = .;
- }
-}
-/*
- * Don't overwrite the SECTIONS in the default linker script. Instead insert the
- * above into the default script
- */
-INSERT AFTER .data.fuzz_ordered;
subdir_done()
endif
-specific_fuzz_ss.add(files('fuzz.c', 'fork_fuzz.c', 'qos_fuzz.c',
+specific_fuzz_ss.add(files('fuzz.c', 'qos_fuzz.c',
'qtest_wrappers.c'), qos)
# Targets
specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_BLK', if_true: files('virtio_blk_fuzz.c'))
specific_fuzz_ss.add(files('generic_fuzz.c'))
-fork_fuzz = declare_dependency(
+fuzz_ld = declare_dependency(
link_args: fuzz_exe_ldflags +
['-Wl,-wrap,qtest_inb',
'-Wl,-wrap,qtest_inw',
'-Wl,-wrap,qtest_memset']
)
-specific_fuzz_ss.add(fork_fuzz)
+specific_fuzz_ss.add(fuzz_ld)
projects / qemu.git / commitdiff