As of October 2022, we run a 15 minutes fuzzing session for all Pull Requests submitted to the Virtio Device implementation in rust-vmm. But implementing the fuzz targets was not smooth sailing. In this talk, we go over the challenges of implementing fuzzing for Virtio Devices and how to overcome them.
Being one of the most critical components in a virtualization stack, the Virtio Device Model is a great target for fuzzing. Fuzzing is a security focused testing technique through which you can discover vulnerabilities in code that deals with untrusted input.
When fuzzing Virtio Devices one of the biggest challenges is mocking the device-driver communication. This talk will show how we approached this in rust-vmm, and why fuzzing should be taken into consideration from the early development stages.