diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 450e6aae9b..d622bba50e 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -152,20 +152,61 @@ jobs: code_coverage: false gather_dumps: true - # Run the libfuzzer tests in GitHub. - fuzzing: + bpf2c_fuzzer: needs: libfuzzer # Always run this job. if: github.event_name == 'schedule' || github.event_name == 'pull_request' uses: ./.github/workflows/reusable-test.yml with: - name: fuzzing + name: bpf2c_fuzzer + test_command: bpf2c_fuzzer.exe bpf2c_fuzzer_corpus -use_value_profile=1 -max_total_time=1800 + build_artifact: Build-x64-fuzzer + environment: windows-2019 + code_coverage: false + gather_dumps: true + + core_helper_fuzzer: + needs: libfuzzer + # Always run this job. + if: github.event_name == 'schedule' || github.event_name == 'pull_request' + uses: ./.github/workflows/reusable-test.yml + with: + name: core_helper_fuzzer test_command: core_helper_fuzzer ..\..\tests\libfuzzer\core_helper_fuzzer\corpus -max_len=139 -runs=3000 -use_value_profile=1 build_artifact: Build-x64-fuzzer environment: windows-2019 code_coverage: false gather_dumps: true + execution_context_fuzzer: + needs: libfuzzer + # Always run this job. + if: github.event_name == 'schedule' || github.event_name == 'pull_request' + uses: ./.github/workflows/reusable-test.yml + with: + name: execution_context_fuzzer + test_command: execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800 + build_artifact: Build-x64-fuzzer + environment: windows-2019 + code_coverage: false + gather_dumps: true + + # Enable this once https://github.com/vbpf/ebpf-verifier/pull/350 is merged and + # this repo updated to point to the resulting ebpf-verifier commit. + # + #verifier_fuzzer: + # needs: libfuzzer + # # Always run this job. + # if: github.event_name == 'schedule' || github.event_name == 'pull_request' + # uses: ./.github/workflows/reusable-test.yml + # with: + # name: verifier_fuzzer + # test_command: verifier_fuzzer.exe verifier_corpus -use_value_profile=1 -max_total_time=1800 + # build_artifact: Build-x64-fuzzer + # environment: windows-2019 + # code_coverage: false + # gather_dumps: true + # Run Cilium regression tests in GitHub. cilium_tests: needs: regular diff --git a/tests/libfuzzer/README.md b/tests/libfuzzer/README.md index 086c210925..9efe5c5644 100644 --- a/tests/libfuzzer/README.md +++ b/tests/libfuzzer/README.md @@ -14,9 +14,10 @@ There are now four libFuzzer-based binaries: ## Usage 1) Copy the libFuzzer binary and existing corpus to a test machine (currently only Windows 10 and Server 2019 are supported). 2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run: + * `bpf2c_fuzzer.exe bpf2c_fuzzer_corpus -use_value_profile=1 -max_total_time=1800` + * `core_helper_fuzzer.exe core_helper_fuzzer ..\..\tests\libfuzzer\core_helper_fuzzer\corpus -max_len=139 -runs=3000 -use_value_profile=1` * `execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800` - * `core_helper_fuzzer ..\..\tests\libfuzzer\core_helper_fuzzer\corpus -max_len=139 -runs=3000 -use_value_profile=1` - * `verifier_corpus -use_value_profile=1 -max_total_time=1800` + * `verifier_fuzzer.exe verifier_corpus -use_value_profile=1 -max_total_time=1800` 3) If the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash. 4) Copy any new test cases and check them into the repo.