support AFL++ fuzzing (#623)

To support fuzzing with AFL++, add a "pipe" transport that reads from stdin and
outputs to stdout: this is the most convenient way of doing fuzzing.

Add some docs on how to run a fuzzing session.

Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>

2 files changed, 9 insertions, 2 deletions

diff --git a/samples/CMakeLists.txt b/samples/CMakeLists.txt
index e8c0bdc..8ba13ff 100644
--- a/samples/CMakeLists.txt
+++ b/samples/CMakeLists.txt
@@ -29,7 +29,9 @@
 #
 
 add_executable(client client.c
-               ../lib/tran_sock.c ../lib/migration.c)
+               ../lib/tran.c
+               ../lib/tran_sock.c
+               ../lib/migration.c)
 target_link_libraries(client json-c pthread ssl crypto)
 
 add_executable(server server.c)
diff --git a/samples/server.c b/samples/server.c
index 25b4908..c6feb34 100644
--- a/samples/server.c
+++ b/samples/server.c
@@ -429,6 +429,7 @@ int main(int argc, char *argv[])
         }
     };
     vfu_ctx_t *vfu_ctx;
+    vfu_trans_t trans = VFU_TRANS_SOCK;
     int tmpfd;
     const vfu_migration_callbacks_t migr_callbacks = {
         .version = VFU_MIGR_CALLBACKS_VERS,
@@ -459,7 +460,11 @@ int main(int argc, char *argv[])
         err(EXIT_FAILURE, "failed to register signal handler");
     }
 
-    vfu_ctx = vfu_create_ctx(VFU_TRANS_SOCK, argv[optind], 0, &server_data,
+    if (strcmp(argv[optind], "pipe") == 0) {
+        trans = VFU_TRANS_PIPE;
+    }
+
+    vfu_ctx = vfu_create_ctx(trans, argv[optind], 0, &server_data,
                              VFU_DEV_TYPE_PCI);
     if (vfu_ctx == NULL) {
         err(EXIT_FAILURE, "failed to initialize device emulation");