[Hardening] Continuously fuzz all Firecracker guest-facing attack surfaces

[raduweiss]

Constantly run a fuzzer against guest facing attack surfaces, including the entire device model as well as the MMDS interface.

[sejr]

The Rust Fuzzing Authority has a lot of resources that can help us get started with this.

[sainath14]

What is the timeline for this? I am new to rust but would like to try this fuzz testing.

[raduweiss]

There's nobody working on this right now, so no timeline either. If you want to give it a shot, it's all yours. We do have some previous work here for virtio fuzzing (which we also plan to add to the repo), but in the fuzzing world, the more the merrier.

A good first step might be to figure out how to run 1 fuzzing session against one category of attack surface, and then leave the continuous integration part for another step.

[konradwilk]

We do have some previous work here for virtio fuzzing

Is that code somewhere available to grok?

[raduweiss]

@konradwilk , not at this time.

[dianpopa]

It would be worth investing some research into whether we could also gather memory leaks related results from the fuzzing process.

[raduweiss]

Updating title/description to better reflect the path we're taking here.

[xmarcalx]

The team has made progress toward this task developing an initial fuzzy framework which test every night our main branch to search for regressions. Currently we are testing:

• some virtio devices
• some legacy devices
• api server

We will need additional work to cover the whole guest facing interface expanding such tests to the entire set of devices and mmds

[JonathanWoollett-Light]

We have implemented continuous fuzzing in Firecracker in the course of 2023. It is currently private.