[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [GSoC] GSoC Introduction : Fuzzing Xen hypercall interface





2017-03-13 12:14 GMT+01:00 Wei Liu <wei.liu2@xxxxxxxxxx>:
Hi Felix

Thanks for your interest in this project.

On Sun, Mar 12, 2017 at 09:48:11PM +0100, Felix Ekkehard Schmoll wrote:
> Hi,
>
> I’m interested in the “Fuzzing Xen hypercall interface” project so I
> just wanted to introduce myself:
>
> I’m a third-year undergraduate CS student at Jacobs University in
> Bremen, Germany. It’s a rather small university and rather young but
> quite successful in the national rankings (*brag*).
>
> Last semester I spent as part of an exchange program at CMU where I
> took the sort of notorious 15-410 Operating Systems course where you
> have to implement a kernel from scratch in 6 weeks. There the
> professor (amazing guy) mentioned/promoted GSoC quite a couple of
> times, and this seems like a really cool project to work on.
>
> From the course I have quite a substantial amount of experience in C
> and ASM on x86, of the GCC toolchain and obviously of kernel
> programming. I don’t really have any experience with fuzzing yet, but
> I’m sure I’ll figure that out.
>
> I’d appreciate it if you could point me to some small patches I could
> work on to get going (sorry if I missed the link to it).
>
> Also any other comments are of course welcome.

This project is rather challenging given the time scale. As a starter,
please install Xen from source and try it out -- you can find
instructions on how to install on the wiki.

Please also have a look at American Fuzzy Lop (the fuzzer we currently
use) and play with it a bit.

Then, as a small exercise, please provide patches against xen.git for
two tasks:

1. implement a hypercall to get back the domain id of the caller domain;
2. check out gcc 6's -fsanitize-coverage=trace-pc option and build the
   hypervisor with that enabled -- building with a stub is fine;

Please then provide some ideas on how you would approach this project.

I know the tasks I described are quite high level so please don't
hesitate to ask questions.

Note that we don't have to finish all goals listed on the wiki page.
Realistically I think if we manage to extract the execution paths from
xen within three months and commit that in xen.git that would be rather
great progress.

Wei.

>
> Felix


Hi,

I installed Xen from source and I figured out that for the hypercall I have to make a two-line change in xen/xen/common/kernel.c and a couple of headers. I mostly went with what I got by grepping for the "xen_version"-hypercall. It seems really basic but after struggling with this for quite a while I have some questions:

1.
-How do I test this? The usual way to make hypercalls seems to use the libxc-library, so do I have to change that as well?
-The "xen_version"-hypercall had a couple of COMPAT_versions, do I need them? This seems to be related with if I need to support both ARM and x86, although I'm really not sure here. Is it fine to just choose to support the one which my hypervisor is running on?
-Do I need to make changes in the XSM module? Again, this pops up when grepping for xen_version but it's disabled by default anyways and I'd otherwise just try to have a minimal working set.

2.
-A stub for what? dom0?

Felix


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.