Skip to content

feat(virtq): add virtio-villain inspired packed virtq coverage#1634

Open
andreiltd wants to merge 1 commit into
hyperlight-dev:mainfrom
andreiltd:fuzz-virtq
Open

feat(virtq): add virtio-villain inspired packed virtq coverage#1634
andreiltd wants to merge 1 commit into
hyperlight-dev:mainfrom
andreiltd:fuzz-virtq

Conversation

@andreiltd

@andreiltd andreiltd commented Jul 9, 2026

Copy link
Copy Markdown
Member

Map applicable packed ring cases into deterministic in process virtq tests, and add a packed-ring fuzz target with binary seed inputs.

See: https://github.com/weltling/virtio-villain/tree/main/tests/packed

Copilot AI review requested due to automatic review settings July 9, 2026 10:18
@andreiltd andreiltd added kind/enhancement For PRs adding features, improving functionality, docs, tests, etc. area/fuzzing Fuzzing related test failures created from weekly CI labels Jul 9, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR strengthens Hyperlight’s packed virtqueue (virtq) robustness by porting a set of deterministic packed-ring test cases (inspired by virtio-villain) into the in-process ring tests, and by adding a new fuzz target (with seed corpus support) for the packed-ring parser and notification/event-suppression logic.

Changes:

  • Harden packed-ring parsing/consumption by rejecting descriptors that carry INDIRECT, and by guarding DESC-event notification logic against out-of-range event indices.
  • Add a large suite of deterministic packed virtq tests covering malformed chains, phase/wrap edge cases, and notification suppression behavior.
  • Add and wire up a new fuzz_virtq_packed_ring target (Cargo/Just/CI), plus seed-corpus handling in fuzz/.gitignore and documentation updates.

Reviewed changes

Copilot reviewed 11 out of 17 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/hyperlight_common/src/virtq/ring.rs Reject INDIRECT descriptors, add notification guard, and add extensive packed-ring tests (virtio-villain inspired).
src/hyperlight_common/src/virtq/producer.rs Add regression tests for invalid used lengths/IDs and import ring consumer test helper.
src/hyperlight_common/src/virtq/desc.rs Update documentation to reflect INDIRECT rejection behavior.
src/hyperlight_common/src/virtq/consumer.rs Add regression tests ensuring bad chains don’t leak into higher-level inflight tracking.
fuzz/fuzz_targets/virtq_packed_ring.rs New fuzz target to exercise packed-ring parsing/consumption paths with compact binary inputs.
fuzz/Cargo.toml Register fuzz_virtq_packed_ring binary target.
fuzz/.gitignore Keep .bin seed inputs for the new fuzz target while ignoring other corpus artifacts.
fuzz/README.md Document that packed virtqueue ring parser is now fuzzed.
Justfile Include the new fuzz target in like-CI fuzz runs.
.github/workflows/ValidatePullRequest.yml Add new fuzz target to PR validation matrix.
.github/workflows/Fuzzing.yml Add new fuzz target to scheduled fuzzing matrix.

Comment thread fuzz/fuzz_targets/virtq_packed_ring.rs Outdated
@andreiltd andreiltd force-pushed the fuzz-virtq branch 2 times, most recently from 74a3b74 to 477abe8 Compare July 9, 2026 11:35
ludfjig
ludfjig previously approved these changes Jul 9, 2026

@ludfjig ludfjig left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Comment thread src/hyperlight_common/src/virtq/ring.rs
Comment thread src/hyperlight_common/src/virtq/ring.rs
Map applicable packed ring cases into deterministic in process virtq
tests, add high-level producer/consumer safety coverage, and add a
packed-ring fuzz target with binary seed inputs.

See: https://github.com/weltling/virtio-villain/tree/main/tests/vring

Signed-off-by: Tomasz Andrzejak <andreiltd@gmail.com>

@jsturtevant jsturtevant Jul 10, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do these bin's need to be checked in? looks like gitignore as added after?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/fuzzing Fuzzing related test failures created from weekly CI kind/enhancement For PRs adding features, improving functionality, docs, tests, etc. ready-for-review PR is ready for (re-)review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants