[PATCH passt 0/5] Add fuzzing

["Richard W.M. Jones" <rjones@redhat.com>]

(Note this patch series does not work so far and needs some help, read on ...)

Patches 1 & 2 are general cleanup.

The rest of the patches aim to add fuzzing support for Passt using
AFL++, Clang and ASAN.  I used the same approach as with libnbd:

https://gitlab.com/nbdkit/libnbd/-/tree/master/fuzzing

Firstly (patch 3) I added an --fd option.  This is useful for fuzzing,
but also generally useful.  It allows a controller process to open a
connected stream socket and pass that down to passt via inheritance.
Uses outside fuzzing include: having the controlling process open the
socket with elevated privleges, and allowing alternate address
families to be used (eg. vsock or IB).

Unfortunately I don't think the --fd option is working.  stracing the
code shows the socket being added to the epoll, but it somehow never
gets read.  It might be something obvious but I couldn't see what was
wrong.  (NB: The socket passed in is *connected* already).

Patch 4 adds the fuzzing wrapper.  The purpose of the wrapper is to
allow AFL to submit test cases to passt as local files.  It works by
creating a socketpair(2), forking and execing passt in the parent:

  (parent) passt -f -e -1 --fd <sock>
                               |   ^
                               |   |
  (child)                      |  input file
                               V
                            /dev/null

The child reads the input file (test case) from the command line and
pushes it into the socket, while discarding anything written by passt.
IOW the child takes the place of qemu.

With all patches applied you can test the wrapper alone using:

$ ./fuzz-wrapper testcase_dir/empty_tap

You will see that it currently hangs which it should not do, and I
suspect the problem is related to the implementation of --fd as the
wrapper is old and well-tested code.

Rich.