Merge branch 'main' into update-dbg-docs

Author: dblnz

.github/workflows/CreateRelease.yml

@@ -57,12 +57,6 @@ jobs:
     uses: ./.github/workflows/dep_build_guest_binaries.yml
     secrets: inherit
 
-  fuzzing:
-    uses: ./.github/workflows/dep_fuzzing.yml
-    with:
-      max_total_time: 3600 # 1 hour in seconds
-    secrets: inherit
-
   benchmarks:
     needs: [build-guest-binaries]
     uses: ./.github/workflows/Benchmarks.yml

.github/workflows/Fuzzing.yml

@@ -13,6 +13,6 @@ jobs:
   fuzzing:
     uses: ./.github/workflows/dep_fuzzing.yml
     with:
-      targets: '["host_print", "guest_call", "host_call"]' # Pass as a JSON array
+      targets: '["fuzz_host_print", "fuzz_guest_call", "fuzz_host_call"]' # Pass as a JSON array
       max_total_time: 18000 # 5 hours in seconds
     secrets: inherit

.github/workflows/ValidatePullRequest.yml

@@ -54,7 +54,7 @@ jobs:
       - docs-pr
     uses: ./.github/workflows/dep_fuzzing.yml
     with:
-      targets: '["host_print", "guest_call", "host_call"]' # Pass as a JSON array
+      targets: '["fuzz_host_print", "fuzz_guest_call", "fuzz_host_call"]' # Pass as a JSON array
       max_total_time: 300 # 5 minutes in seconds
       docs_only: ${{needs.docs-pr.outputs.docs-only}}
     secrets: inherit
@@ -66,3 +66,24 @@ jobs:
     - uses: actions/checkout@v4
     - name: Spell Check Repo
       uses: crate-ci/[email protected]
+
+  # Gate PR merges on this specific "join-job" which requires all other
+  # jobs to run first. We need this job since we cannot gate on particular jobs
+  # in the workflow, since they can sometimes be skipped (e.g. if the PR only touches docs).
+  # This step fixes this issue by always running.
+  report-ci-status:
+    needs:
+      - docs-pr
+      - rust
+      - fuzzing
+      - spelling
+    if: always()
+    runs-on: ubuntu-latest
+    steps:
+    - name: Previous jobs succeeded
+      if: ${{ !(contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) }}
+      run: exit 0
+    - name: Previous jobs failed
+      if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
+      run: exit 1
+    

Cargo.lock

@@ -198,3 +198,10 @@ fuzz fuzz-target:
 # Fuzzes the given target. Stops after `max_time` seconds
 fuzz-timed fuzz-target max_time:
     cargo +nightly fuzz run {{ fuzz-target }} --release -- -max_total_time={{ max_time }}
+
+# Builds fuzzers for submission to external fuzzing services
+build-fuzzers: (build-fuzzer "fuzz_guest_call") (build-fuzzer "fuzz_host_call") (build-fuzzer "fuzz_host_print")
+
+# Builds the given fuzzer
+build-fuzzer fuzz-target:
+    cargo +nightly fuzz build {{ fuzz-target }} --release -s none

Justfile

@@ -13,21 +13,21 @@ hyperlight-testing = { workspace = true }
 hyperlight-host = { workspace = true, default-features = true, features = ["fuzzing"]}
 
 [[bin]]
-name = "host_print"
+name = "fuzz_host_print"
 path = "fuzz_targets/host_print.rs"
 test = false
 doc = false
 bench = false
 
 [[bin]]
-name = "guest_call"
+name = "fuzz_guest_call"
 path = "fuzz_targets/guest_call.rs"
 test = false
 doc = false
 bench = false
 
 [[bin]]
-name = "host_call"
+name = "fuzz_host_call"
 path = "fuzz_targets/host_call.rs"
 test = false
 doc = false

fuzz/Cargo.toml

@@ -6,7 +6,7 @@ You can run the fuzzers with:
 ```sh
 just fuzz <fuzz_target>
 ```
-which evaluates to the following command `cargo +nightly fuzz run host_print --release`. We use the release profile to make sure the release-optimized guest is used. The default fuzz profile which is release+debugsymbols would cause our debug guests to be loaded, since we currently determine which test guest to load based on whether debug symbols are present.
+which evaluates to the following command `cargo +nightly fuzz run fuzz_host_print --release`. We use the release profile to make sure the release-optimized guest is used. The default fuzz profile which is release+debugsymbols would cause our debug guests to be loaded, since we currently determine which test guest to load based on whether debug symbols are present.
 
 As per Microsoft's Offensive Research & Security Engineering (MORSE) team, all host exposed functions that receive or interact with guest data must be continuously fuzzed for, at least, 500 million fuzz test cases without any crashes. Because `cargo-fuzz` doesn't support setting a maximum number of iterations; instead, we use the `--max_total_time` flag to set a maximum time to run the fuzzer. We have a GitHub action (acting like a CRON job) that runs the fuzzers for 24 hours every week.
 

fuzz/README.md

@@ -23,16 +23,17 @@ use hyperlight_host::sandbox::uninitialized::GuestBinary;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
 use hyperlight_host::{MultiUseSandbox, UninitializedSandbox};
-use hyperlight_testing::simple_guest_as_string;
+use hyperlight_testing::simple_guest_for_fuzzing_as_string;
 use libfuzzer_sys::fuzz_target;
 static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 
 // This fuzz target tests all combinations of ReturnType and Parameters for `call_guest_function_by_name`.
 // For fuzzing efficiency, we create one Sandbox and reuse it for all fuzzing iterations.
 fuzz_target!(
     init: {
+
         let u_sbox = UninitializedSandbox::new(
-            GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")),
+            GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")),
             None,
             None,
             None,

fuzz/fuzz_targets/guest_call.rs

@@ -24,7 +24,7 @@ use hyperlight_host::sandbox::SandboxConfiguration;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
 use hyperlight_host::{HyperlightError, MultiUseSandbox, UninitializedSandbox};
-use hyperlight_testing::simple_guest_as_string;
+use hyperlight_testing::simple_guest_for_fuzzing_as_string;
 use libfuzzer_sys::fuzz_target;
 static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 
@@ -33,7 +33,7 @@ static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 fuzz_target!(
     init: {
         let u_sbox = UninitializedSandbox::new(
-            GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")),
+            GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")),
             None,
             None,
             None,

fuzz/fuzz_targets/host_call.rs

@@ -7,7 +7,7 @@ use hyperlight_host::sandbox::uninitialized::GuestBinary;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
 use hyperlight_host::{MultiUseSandbox, UninitializedSandbox};
-use hyperlight_testing::simple_guest_as_string;
+use hyperlight_testing::simple_guest_for_fuzzing_as_string;
 use libfuzzer_sys::{fuzz_target, Corpus};
 
 static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
@@ -19,7 +19,7 @@ static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 fuzz_target!(
     init: {
         let u_sbox = UninitializedSandbox::new(
-            GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")),
+            GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")),
             None,
             None,
             None,