WIP: core helper fuzzer scaffolding

Signed-off-by: Dave Thaler <[email protected]>

Initial chunk of business logic

Signed-off-by: Dave Thaler <[email protected]>

More business logic

Signed-off-by: Dave Thaler <[email protected]>

Add initial helper fuzzer corpus

Signed-off-by: Dave Thaler <[email protected]>

Fix code analysis warning

Signed-off-by: Dave Thaler <[email protected]>

Update docs and CI/CD

Signed-off-by: Dave Thaler <[email protected]>

Update README.md

Signed-off-by: Dave Thaler <[email protected]>

Fix analysis warning

Signed-off-by: Dave Thaler <[email protected]>

Add verifier_fuzzer step to github CI/CD

Signed-off-by: Dave Thaler <[email protected]>

Add core helper and bpf2c fuzzers to CI/CD

Signed-off-by: Dave Thaler <[email protected]>

Fix fuzzers in CI/CD

Signed-off-by: Dave Thaler <[email protected]>

Remove changes for other fuzzers from cicd file

Signed-off-by: Dave Thaler <[email protected]>

Cleanup

Signed-off-by: Dave Thaler <[email protected]>

.github/workflows/cicd.yml

@@ -58,7 +58,7 @@ jobs:
       build_artifact: Build-x64-fuzzer
       cxx_flags: /fsanitize-coverage=inline-bool-flag /fsanitize-coverage=edge /fsanitize-coverage=trace-cmp /fsanitize-coverage=trace-div /ZH:SHA_256
       ld_flags: '"clang_rt.fuzzer_MD-x86_64.lib" "libsancov.lib"'
-      build_options: /p:Fuzzer='True' /t:tests\libfuzzer\execution_context_fuzzer /t:tests\libfuzzer\bpf2c_fuzzer /t:tests\libfuzzer\verifier_fuzzer
+      build_options: /p:Fuzzer='True' /t:tests\libfuzzer\execution_context_fuzzer /t:tests\libfuzzer\bpf2c_fuzzer /t:tests\libfuzzer\verifier_fuzzer /t:tests\libfuzzer\core_helper_fuzzer
 
   # Run the unit tests in GitHub.
   unit_tests:
@@ -179,6 +179,19 @@ jobs:
       code_coverage: false
       gather_dumps: true
 
+  core_helper_fuzzer:
+    needs: libfuzzer
+    # Always run this job.
+    if: github.event_name == 'schedule' || github.event_name == 'pull_request'
+    uses: ./.github/workflows/reusable-test.yml
+    with:
+      name: core_helper_fuzzer
+      test_command: core_helper_fuzzer core_helper_corpus -max_len=139 -runs=2000 -use_value_profile=1 -artifact_prefix=Artifacts\
+      build_artifact: Build-x64-fuzzer
+      environment: windows-2019
+      code_coverage: false
+      gather_dumps: true
+
   # Run Cilium regression tests in GitHub.
   cilium_tests:
     needs: regular

ebpf-for-windows.sln

@@ -160,6 +160,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bpf2c_fuzzer", "tests\libfu
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "verifier_fuzzer", "tests\libfuzzer\verifier\verifier_fuzzer.vcxproj", "{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}"
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "core_helper_fuzzer", "tests\libfuzzer\core_helper_fuzzer\core_helper_fuzzer.vcxproj", "{88A3E85F-669F-4CEA-8207-2E1545528D62}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|ARM = Debug|ARM
@@ -1511,6 +1513,26 @@ Global
 		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|x64.Build.0 = Release|x64
 		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|x86.ActiveCfg = Debug|x64
 		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|x86.Build.0 = Debug|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Debug|ARM.ActiveCfg = Debug|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Debug|ARM64.ActiveCfg = Debug|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Debug|x64.ActiveCfg = Debug|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Debug|x64.Build.0 = Debug|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Debug|x86.ActiveCfg = Debug|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.MinSizeRel|ARM.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.MinSizeRel|ARM64.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.MinSizeRel|x64.ActiveCfg = Debug|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.MinSizeRel|x64.Build.0 = Debug|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.MinSizeRel|x86.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Release|ARM.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Release|ARM64.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Release|x64.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Release|x64.Build.0 = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.Release|x86.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.RelWithDebInfo|ARM.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.RelWithDebInfo|ARM64.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.RelWithDebInfo|x64.ActiveCfg = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.RelWithDebInfo|x64.Build.0 = Release|x64
+		{88A3E85F-669F-4CEA-8207-2E1545528D62}.RelWithDebInfo|x86.ActiveCfg = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -1565,6 +1587,7 @@ Global
 		{6116AE11-5296-4DE9-8A8E-5380B789907E} = {E184CBC2-4B62-499F-8A4A-F15A5A182259}
 		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603} = {E184CBC2-4B62-499F-8A4A-F15A5A182259}
 		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0} = {E184CBC2-4B62-499F-8A4A-F15A5A182259}
+		{88A3E85F-669F-4CEA-8207-2E1545528D62} = {E184CBC2-4B62-499F-8A4A-F15A5A182259}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {3D5F862D-74C6-4357-9F95-0B152E33B7B8}

scripts/create_core_helper_corpus.bat

@@ -0,0 +1,9 @@
+@echo off
+rem Copyright (c) Microsoft Corporation
+rem SPDX-License-Identifier: MIT
+rem
+rem Usage: create_core_helper_corpus.bat <solution_path> <output_directory>
+
+set SOLUTIONPATH=%1
+set OUTPUTPATH=%2
+xcopy /d /i /y "%SOLUTIONPATH%\tests\libfuzzer\core_helper_fuzzer\corpus" "%OUTPUTPATH%"

tests/libfuzzer/README.md

@@ -15,7 +15,7 @@ There are now four libFuzzer-based binaries:
 1) Copy the libFuzzer binary and existing corpus to a test machine (currently only Windows 10 and Server 2019 are supported).
 2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run:
   * `bpf2c_fuzzer.exe bpf2c_fuzzer_corpus -use_value_profile=1 -max_total_time=1800`
-  * `core_helper_fuzzer.exe core_helper_fuzzer core_helper_corpus -max_len=139 -runs=3000 -use_value_profile=1`
+  * `core_helper_fuzzer.exe core_helper_fuzzer core_helper_corpus -max_len=139 -runs=2000 -use_value_profile=1`
   * `execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800`
   * `verifier_fuzzer.exe verifier_corpus -use_value_profile=1 -max_total_time=1800`
 3) If the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash.

tests/libfuzzer/core_helper_fuzzer/core_helper_fuzzer.vcxproj

@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: MIT
+-->
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{88a3e85f-669f-4cea-8207-2e1545528d62}</ProjectGuid>
+    <RootNamespace>fuzz2</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <ProjectName>core_helper_fuzzer</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <EnableASAN>true</EnableASAN>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <EnableASAN>true</EnableASAN>
+    <SpectreMitigation>false</SpectreMitigation>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(SolutionDir)tests\libfuzzer\include;$(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\encode_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>mincore.lib;;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(VCToolsInstallDir)lib\$(Platform)</AdditionalLibraryDirectories>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;NO_CATCH;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(SolutionDir)tests\libfuzzer\include;$(SolutionDir)libs\api_common;$(SolutionDir)include;$(SolutionDir)libs\api;$(SolutionDir)libs\ebpfnetsh;$(SolutionDir)tests\libs\util;$(SolutionDir)tests\libs\common;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)libs\service;$(SolutionDir)rpc_interface;$(SolutionDir)libs\platform;$(SolutionDir)libs\platform\user;$(SolutionDir)libs\execution_context;$(SolutionDir)tests\end_to_end;$(SolutionDir)tests\sample;$(SolutionDir)tests\sample\ext\inc;$(SolutionDir)\tests\xdp;$(SolutionDir)tools\encode_program_info;$(SolutionDir)libs\thunk;$(SolutionDir)libs\thunk\mock;$(SolutionDir)\netebpfext;$(SolutionDir)external\catch2\src;$(SolutionDir)external\catch2\build\generated-includes;$(SolutionDir)external\bpftool;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>mincore.lib;;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(VCToolsInstallDir)lib\$(Platform)</AdditionalLibraryDirectories>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="libfuzz_harness.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\libs\execution_context\user\execution_context_user.vcxproj">
+      <Project>{18127b0d-8381-4afe-9a3a-cf53241992d3}</Project>
+    </ProjectReference>
+    <ProjectReference Include="..\..\..\libs\platform\user\platform_user.vcxproj">
+      <Project>{c26cb6a9-158c-4a9e-a243-755ddd98e5fe}</Project>
+    </ProjectReference>
+    <ProjectReference Include="..\..\..\libs\ubpf\user\ubpf_user.vcxproj">
+      <Project>{245f0ec7-1ebc-4d68-8b1f-f758ea9196ae}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <CustomBuild Include="..\..\..\scripts\create_core_helper_corpus.bat">
+      <FileType>Document</FileType>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)core_helper_corpus\bpf_tail_call</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)core_helper_corpus\bpf_tail_call</Outputs>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(SolutionDir)scripts\create_core_helper_corpus.bat $(SolutionDir) $(OutDir)core_helper_corpus</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(SolutionDir)scripts\create_core_helper_corpus.bat $(SolutionDir) $(OutDir)core_helper_corpus</Command>
+    </CustomBuild>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

tests/libfuzzer/core_helper_fuzzer/core_helper_fuzzer.vcxproj.filters

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: MIT
+-->
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="libfuzz_harness.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <CustomBuild Include="..\..\..\scripts\create_core_helper_corpus.bat">
+      <Filter>Source Files</Filter>
+    </CustomBuild>
+  </ItemGroup>
+</Project>

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_csum_diff

@@ -0,0 +1,2 @@
+
+��������������������

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_get_current_pid_tgid

@@ -0,0 +1 @@
+

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_get_prandom_u32

@@ -0,0 +1 @@
+

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_get_smp_processor_id

@@ -0,0 +1 @@
+

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_ktime_get_boot_ns

@@ -0,0 +1 @@
+

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_ktime_get_ns

@@ -0,0 +1 @@
+

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_map_pop_elem

@@ -0,0 +1,2 @@
+
+����

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_ringbuf_output

@@ -0,0 +1 @@
+
�����

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_trace_printk2

@@ -0,0 +1 @@
+
�

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_trace_printk3

@@ -0,0 +1 @@
+%%%llu��������

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_trace_printk4

@@ -0,0 +1 @@
+%%%u%ld����������������

tests/libfuzzer/core_helper_fuzzer/corpus/bpf_trace_printk5

@@ -0,0 +1 @@
+
%lli%%%lx%d������������������������