Name Date Size #Lines LOC

..--

.gitignoreH A D15-May-201911 21

MakefileH A D01-Nov-2022396 177

README.mdH A D24-Aug-20212.1 KiB4735

example.jsonH A D15-May-20191.9 KiB9695

vhost_fuzz.cH A D04-Apr-202430.8 KiB1,095919

vhost_fuzz.hH A D01-Nov-2022320 135

vhost_fuzz_rpc.cH A D01-Nov-20222.8 KiB7863

README.md

1# Overview
2
3This application is intended to fuzz test the SPDK vhost target by supplying
4malformed or invalid requests across a unix domain socket. This fuzzer
5currently supports fuzzing both vhost block and vhost scsi devices. When
6fuzzing a vhost scsi device, users can select whether to fuzz the scsi I/O
7queue or the scsi admin queue. Please see the NVMe fuzzer readme for information
8on how output is generated, debugging procedures, and the JSON format expected
9when supplying preconstructed values to the fuzzer.
10
11## Request Types
12
13Like the NVMe fuzzer, there is an example json file showing the types of requests
14that the application accepts. Since the vhost application accepts both vhost block
15and vhost scsi commands, there are three distinct object types that can be passed in
16to the application.
17
181. vhost_blk_cmd
192. vhost_scsi_cmd
203. vhost_scsi_mgmt_cmd
21
22Each one of these objects contains distinct data types and they should not be used interchangeably.
23
24All three of the data types begin with three iovec structures describing the request, data, and response
25memory locations. By default, these values are overwritten by the application even when supplied as part
26of a json file. This is because the request and resp data pointers are intended to point to portions of
27the data structure.
28
29If you want to override these iovec values using a json file, you can specify the -k option.
30In most cases, this will just result in the application failing all I/O immediately since
31the request will no longer point to a valid memory location.
32
33It is possible to supply all three types of requests in a single array to the application. They will be parsed and
34submitted to the proper block devices.
35
36## RPC
37
38The vhost fuzzer differs from the NVMe fuzzer in that it expects devices to be configured via rpc. The fuzzer should
39always be started with the --wait-for-rpc argument. Please see below for an example of starting the fuzzer.
40
41~~~bash
42./test/app/fuzz/vhost_fuzz/vhost_fuzz -t 30 --wait-for-rpc &
43./scripts/rpc.py fuzz_vhost_create_dev -s ./Vhost.1 -b -V
44./scripts/rpc.py fuzz_vhost_create_dev -s ./naa.VhostScsi0.1 -l -V
45./scripts/rpc.py framework_start_init
46~~~
47