From 2a4f360c8e3f02b802e5414d99e518a754b8e687 Mon Sep 17 00:00:00 2001 From: Gan Qixin Date: Fri, 5 Feb 2021 20:25:56 +0800 Subject: [PATCH] EulerRobot: Add qemu fuzzing script and job file Add an automated script to execute fuzzing test. The current script only tests the case where the virtual machine architecture is x86_64. Signed-off-by: Gan Qixin --- jobs/virttest_fuzz.yaml | 14 +++++ tests/virttest_fuzz | 119 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 jobs/virttest_fuzz.yaml create mode 100755 tests/virttest_fuzz diff --git a/jobs/virttest_fuzz.yaml b/jobs/virttest_fuzz.yaml new file mode 100644 index 0000000..1cc83c8 --- /dev/null +++ b/jobs/virttest_fuzz.yaml @@ -0,0 +1,14 @@ +suite: virttest_fuzz +testcase: virttest_fuzz +category: functional + +os: openeuler +os_version: 20.03 +os_arch: aarch64 +os_mount: initramfs + +virttest_fuzz: + repo_name: qemu + repo_url: https://gitee.com/mirrors/qemu.git + repo_branch: master + sleep_time: 8h diff --git a/tests/virttest_fuzz b/tests/virttest_fuzz new file mode 100755 index 0000000..3073310 --- /dev/null +++ b/tests/virttest_fuzz @@ -0,0 +1,119 @@ +#!/bin/bash +# - repo_name +# - repo_url +# - repo_branch +# - sleep_time + +. $LKP_SRC/lib/debug.sh +. $LKP_SRC/lib/env.sh +. $LKP_SRC/lib/upload.sh + +[ -n "$repo_name" ] || die "repo_name is empty" +[ -n "$repo_url" ] || die "repo_url is empty" +[ -n "$repo_branch" ] || die "repo_branch is empty" +[ -n "$sleep_time" ] || die "sleep_time is empty" + +workdir=$(pwd) + +add_dependency() { + yum install -y \ + compiler-rt \ + clang \ + libasan \ + git \ + make \ + python-pip \ + cmake \ + glib2-devel \ + pixman-devel \ + diffutils \ + tar \ + ninja-build +} + +build() { + git clone $repo_url + cd $repo_name + git checkout $repo_branch + + page_size=`getconf PAGESIZE` + case $page_size in + 16384) + sed -i 's/4K/16K/g' tests/qtest/fuzz/fork_fuzz.ld + ;; + 65536) + sed -i 's/4K/64K/g' tests/qtest/fuzz/fork_fuzz.ld + ;; + esac + + mkdir build && cd build + CC=clang CXX=clang++ \ + ../configure \ + --enable-fuzzing \ + --enable-sanitizers + + make qemu-fuzz-x86_64 -j +} + +run_test() { + export ASAN_OPTIONS=detect_leaks=1 + export ASAN_OPTIONS=$ASAN_OPTIONS:halt_on_error=0 + export ASAN_OPTIONS=$ASAN_OPTIONS:log_exe_name=1 + export ASAN_OPTIONS=$ASAN_OPTIONS:disable_coredump=0 + export ASAN_OPTIONS=$ASAN_OPTIONS:fast_unwind_on_malloc=0 + + if [ -d "$workdir/result" ] + then + rm -rf result + fi + mkdir -p $workdir/result/log + + pid_list=() + for i in `./qemu-fuzz-x86_64 | grep "\*" | grep -v "generic-fuzz " | awk '{print $2}'` + do + nohup ./qemu-fuzz-x86_64 --fuzz-target=$i &> $workdir/result/log/$i.log & + pid=`echo $!` + pid_list=(${pid_list[@]} $pid) + done + + sleep $1 +} + +collect_results() { + for i in ${pid_list[@]} + do + kill -9 $i + done + + mkdir -p $workdir/result/crash/data + + for i in `ls $workdir/result/log` + do + err=`cat $workdir/result/log/$i | grep -i error` + if [ -z $err ] + then + echo "[FUZZ_TEST]${i%.*}: OK" >> $workdir/result/SUMMARY + else + crash_id=`cat $workdir/result/log/$i | grep crash` + if [ -z $crash_id ] + then + echo "[FUZZ_TEST]${i%.*}: ERROR" >> $workdir/result/SUMMARY + else + echo "[FUZZ_TEST]${i%.*}: ERROR (use the files in crash_list_${i%.*} to reproduce)" >> $workdir/result/SUMMARY + echo $crash_id | awk '{for (f=1; f<= NF; f+=1) {if ($f ~ /crash-/) {print $f}}}' >> $workdir/result/crash/crash_list_${i%.*} + fi + fi + done + + mv $workdir/$repo_name/build/crash* $workdir/result/crash/data + cd $workdir/result/crash + tar -zcvf data.tar.gz data + rm -rf $workdir/result/crash/data + upload_files -t result $workdir/result/* + rm -rf $workdir/result +} + +add_dependency +build +run_test $sleep_time +collect_results -- Gitee