[libvirt] [GSOC] project libvirt fuzzing

Michal Privoznik mprivozn at redhat.com
Sun Mar 5 07:47:55 UTC 2017


On 04.03.2017 07:23, Da L wrote:
> Dear all,
> 

Hey,

> This is my first post in the list.

Very well. Welcome. It is always nice to see people interested in libvirt.

> 
> I am currently a graduate student studying computer science, particularly
> interested in visualization technologies and I have been using QEMU for a
> variety of projects for a while. Two of the courses that I am taking this
> semester really attracted me to the libvirt community  are Advanced
> Operating Systems and Secure Software Development. I have been learning
> kernel fuzzing as well as other general fuzzing tools.
> 
> Then I found the topic of "QEMU command line generator XML fuzzing" is
> pretty interesting and totally in line with my interest and background.
> Though I have read through the documentations on the website, just to make
> sure I am doing it correctly, could anyone confirm this project is still
> available? And what I need to do next in order to participate the project
> this summer? Do I need to find a mentor by myself? Potentially, I could
> find my OS or Security professor as my mentor, but I am not sure yet which
> would be the best way.

Yes, the project is still on. It does not have a mentor assigned yet,
but don't worry about that now - there is a lot of mentors around. For
now, I can be your point of contact.

So, just to explain you some details of the project: libvirt's format
for storing domain configuration is XML. However, none of the
hypervisors out there uses XML to describe domain configuration. For
instance, in qemu it's all about the command line. You want this disk
for you domain? You have to put it onto the command line. And so on.
Therefore, in a very simplistic way, for qemu libvirt translates the XML
into qemu command line language. Now, this process is very complex and
sort of tricky. That's why we would like to generate "all" possible
combinations of XML, let the command line generator crunch them and
produce qemu command line. Well, that's not entirely true, because
command line generator works over some internal representation of domain
(not XML) that is produced by our XML parser:

  XML document -> XML parser -> QEMU cmd line generator -> QEMU cmd line

There is plenty of fuzzing libraries available on the market, so I guess
one of the first steps would be to explore our options and pick one that
suits our needs. Do you have experience with any of them? Frankly, I
have very little.

Regarding the GSoC process, each organization makes their own rules for
accepting students. Here at libvirt the rules are described here:

  http://wiki.libvirt.org/page/Google_Summer_of_Code_FAQ

Please let me know what are your thoughts on all of this, and also don't
hesitate to ask anything.

Michal




More information about the libvir-list mailing list