feat(virtq): add virtio-villain inspired packed virtq coverage#1634
feat(virtq): add virtio-villain inspired packed virtq coverage#1634andreiltd wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR strengthens Hyperlight’s packed virtqueue (virtq) robustness by porting a set of deterministic packed-ring test cases (inspired by virtio-villain) into the in-process ring tests, and by adding a new fuzz target (with seed corpus support) for the packed-ring parser and notification/event-suppression logic.
Changes:
- Harden packed-ring parsing/consumption by rejecting descriptors that carry
INDIRECT, and by guardingDESC-event notification logic against out-of-range event indices. - Add a large suite of deterministic packed virtq tests covering malformed chains, phase/wrap edge cases, and notification suppression behavior.
- Add and wire up a new
fuzz_virtq_packed_ringtarget (Cargo/Just/CI), plus seed-corpus handling infuzz/.gitignoreand documentation updates.
Reviewed changes
Copilot reviewed 11 out of 17 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/hyperlight_common/src/virtq/ring.rs | Reject INDIRECT descriptors, add notification guard, and add extensive packed-ring tests (virtio-villain inspired). |
| src/hyperlight_common/src/virtq/producer.rs | Add regression tests for invalid used lengths/IDs and import ring consumer test helper. |
| src/hyperlight_common/src/virtq/desc.rs | Update documentation to reflect INDIRECT rejection behavior. |
| src/hyperlight_common/src/virtq/consumer.rs | Add regression tests ensuring bad chains don’t leak into higher-level inflight tracking. |
| fuzz/fuzz_targets/virtq_packed_ring.rs | New fuzz target to exercise packed-ring parsing/consumption paths with compact binary inputs. |
| fuzz/Cargo.toml | Register fuzz_virtq_packed_ring binary target. |
| fuzz/.gitignore | Keep .bin seed inputs for the new fuzz target while ignoring other corpus artifacts. |
| fuzz/README.md | Document that packed virtqueue ring parser is now fuzzed. |
| Justfile | Include the new fuzz target in like-CI fuzz runs. |
| .github/workflows/ValidatePullRequest.yml | Add new fuzz target to PR validation matrix. |
| .github/workflows/Fuzzing.yml | Add new fuzz target to scheduled fuzzing matrix. |
74a3b74 to
477abe8
Compare
Map applicable packed ring cases into deterministic in process virtq tests, add high-level producer/consumer safety coverage, and add a packed-ring fuzz target with binary seed inputs. See: https://github.com/weltling/virtio-villain/tree/main/tests/vring Signed-off-by: Tomasz Andrzejak <andreiltd@gmail.com>
There was a problem hiding this comment.
do these bin's need to be checked in? looks like gitignore as added after?
There was a problem hiding this comment.
Yes, the intention was to have a valid queue as starting point for fuzzer and mutate memory from there. The seed is just binary form of the queue. I think it's more realistic than just starting from completely random mapping.
There was a problem hiding this comment.
Is there another way to produce and maybe cache them without checking in binaries? Having binaries makes it hard to identify changes to the files.
Map applicable packed ring cases into deterministic in process virtq tests, and add a packed-ring fuzz target with binary seed inputs.
See: https://github.com/weltling/virtio-villain/tree/main/tests/packed