From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTP id 005F95A005E
	for <passt-dev@passt.top>; Fri, 25 Nov 2022 11:11:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1669371067;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=VrPMFDXS0IYrIH2dLdBdo/Kl6L1prXEBfPUIvnZnpXw=;
	b=fu9vDFiIpd6s11h9MsBdbP0PVN2gcnMwhXLBUfztKsdw0W67mMqQbfVnn1uSsEGP23fHSE
	5MKRbBMbqbiKVF6eaRK5WsHAVYbz9gmRTEmlSExJI/0iCbaympICiJK28xAc8HlSStJJ/j
	SCGYALtgoXKWx9JEeFKkrWNfuAZOFAw=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-613--3CJUpSVP4-sWzafRdZElA-1; Fri, 25 Nov 2022 05:11:06 -0500
X-MC-Unique: -3CJUpSVP4-sWzafRdZElA-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3CAE63C11040
	for <passt-dev@passt.top>; Fri, 25 Nov 2022 10:11:06 +0000 (UTC)
Received: from localhost (unknown [10.39.194.2])
	by smtp.corp.redhat.com (Postfix) with ESMTP id C6DC4C15BA5;
	Fri, 25 Nov 2022 10:11:05 +0000 (UTC)
Date: Fri, 25 Nov 2022 10:11:03 +0000
From: "Richard W.M. Jones" <rjones@redhat.com>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH passt v2 0/7] Add fuzzing
Message-ID: <20221125101103.GO7636@redhat.com>
References: <20221117184938.2270462-1-rjones@redhat.com>
 <20221125102354.0540ad95@elisabeth>
MIME-Version: 1.0
In-Reply-To: <20221125102354.0540ad95@elisabeth>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID-Hash: TZCO2V7ACT5AAGFKFWUZI74E2RATRKSE
X-Message-ID-Hash: TZCO2V7ACT5AAGFKFWUZI74E2RATRKSE
X-MailFrom: rjones@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.3
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20221125101103.GO7636@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/TZCO2V7ACT5AAGFKFWUZI74E2RATRKSE/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Fri, Nov 25, 2022 at 10:23:54AM +0100, Stefano Brivio wrote:
> and introducing frames with special values, as you hinted on IRC, for
> example one-byte frames with commands such as "go ahead with socket
> processing then come back to 'tap' frames", so that passt has a chance
> to do some meaningful socket-side operations before getting back to
> fuzz input.

You can improve the chance that the fuzzer will find these frames by
either including them in test cases (we need better test cases, which
is separate issue), or by making the encoding such that they are easy
to find.  eg. if you had four possible values, encode them only in the
bottom two bits and ignore the higher bits.  Since these frames are
only used for fuzzing you can change the meaning of them later, so
exact encoding isn't an ABI issue.

> Patch 7/7 is very useful and appreciated anyway as it demystifies the
> whole topic for me, and we can probably recycle most of the
> documentation. I'm not sure yet how/if the wrapper still fits with the
> stuff I'm looking into.

It would definitely be better to have passt itself be able to
read a file off disk.

For example when we fuzz nbdkit we do not used or need a wrapper,
because nbdkit has an -s / --single option that reads from stdin and
writes to stdout.  This was originally added to inetd support.

We drive nbdkit from the fuzzer directly like this:

  afl-fuzz -i fuzzing/testcase_dir -o fuzzing/sync_dir -M fuzz01 \
      ./server/nbdkit -s -t 1 ./plugins/memory/.libs/nbdkit-memory-plugin.so 1M

(https://gitlab.com/nbdkit/nbdkit/-/blob/ef035f7090d8bec2700ef1f941e371d351d647ad/fuzzing/README#L35-36)

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW