On Wed, Oct 30, 2019 at 02:50:01PM +0000, Oleinik, Alexander wrote: > diff --git a/tests/fuzz/fork_fuzz.c b/tests/fuzz/fork_fuzz.c > new file mode 100644 > index 0000000000..4c4d00b034 > --- /dev/null > +++ b/tests/fuzz/fork_fuzz.c > @@ -0,0 +1,51 @@ > +/* > + * Fork-based fuzzing helpers > + * > + * Copyright Red Hat Inc., 2019 > + * > + * Authors: > + * Alexander Bulekov <[email protected]> > + * > + * This work is licensed under the terms of the GNU GPL, version 2 or later. > + * See the COPYING file in the top-level directory. > + * > + */ > + > +#include "qemu/osdep.h" > +#include "fork_fuzz.h" > + > +uintptr_t feature_shm;
Where is this variable used?
> +
> +void counter_shm_init(void)
> +{
> + int fd = shm_open("/qemu-fuzz-cntrs", O_CREAT | O_RDWR, S_IRUSR |
> S_IWUSR);
It must be possible to run multiple fuzzer instances simultaneously on
one host. Please use a unique shmem path for each parent process (e.g.
getpid() in the parent and getppid() in the child).
> + if (fd == -1) {
> + perror("Error: ");
> + exit(1);
> + }
> + if (ftruncate(fd, &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START) == -1) {
> + perror("Error: ");
> + exit(1);
> + }
> + /* Copy what's in the counter region to the shm.. */
> + void *rptr = mmap(NULL ,
> + &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START,
> + PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
> + memcpy(rptr,
> + &__FUZZ_COUNTERS_START,
> + &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
> +
> + munmap(rptr, &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START);
> +
> + /* And map the shm over the counter region */
> + rptr = mmap(&__FUZZ_COUNTERS_START,
> + &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START,
> + PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, 0);
fd can be closed here to prevent leaking it.
signature.asc
Description: PGP signature
