All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] fuzz: refine the ide/ahci fuzzer configs
@ 2021-01-20  6:07 Alexander Bulekov
  2021-01-20  9:03 ` Philippe Mathieu-Daudé
  2021-01-20  9:53 ` Thomas Huth
  0 siblings, 2 replies; 5+ messages in thread
From: Alexander Bulekov @ 2021-01-20  6:07 UTC (permalink / raw)
  To: qemu-devel
  Cc: Laurent Vivier, Thomas Huth, Alexander Bulekov, Bandan Das,
	Stefan Hajnoczi, Paolo Bonzini

Disks work differently depending on the x86 machine type (SATA vs PATA).
Additionally, we should fuzz the atapi code paths, which might contain
vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
machine types.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
---
 tests/qtest/fuzz/generic_fuzz_configs.h | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h
index 7fed035345..2ec52fbb63 100644
--- a/tests/qtest/fuzz/generic_fuzz_configs.h
+++ b/tests/qtest/fuzz/generic_fuzz_configs.h
@@ -85,10 +85,28 @@ const generic_fuzz_config predefined_configs[] = {
         .objects = "intel-hda",
     },{
         .name = "ide-hd",
+        .args = "-machine pc -nodefaults "
+        "-drive file=null-co://,if=none,format=raw,id=disk0 "
+        "-device ide-hd,drive=disk0",
+        .objects = "*ide*",
+    },{
+        .name = "ide-atapi",
+        .args = "-machine pc -nodefaults "
+        "-drive file=null-co://,if=none,format=raw,id=disk0 "
+        "-device ide-cd,drive=disk0",
+        .objects = "*ide*",
+    },{
+        .name = "ahci-hd",
+        .args = "-machine q35 -nodefaults "
+        "-drive file=null-co://,if=none,format=raw,id=disk0 "
+        "-device ide-hd,drive=disk0",
+        .objects = "*ahci*",
+    },{
+        .name = "ahci-atapi",
         .args = "-machine q35 -nodefaults "
         "-drive file=null-co://,if=none,format=raw,id=disk0 "
         "-device ide-hd,drive=disk0",
-        .objects = "ahci*",
+        .objects = "*ahci*",
     },{
         .name = "floppy",
         .args = "-machine pc -nodefaults -device floppy,id=floppy0 "
-- 
2.28.0



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] fuzz: refine the ide/ahci fuzzer configs
  2021-01-20  6:07 [PATCH] fuzz: refine the ide/ahci fuzzer configs Alexander Bulekov
@ 2021-01-20  9:03 ` Philippe Mathieu-Daudé
  2021-01-20 14:30   ` Alexander Bulekov
  2021-01-20  9:53 ` Thomas Huth
  1 sibling, 1 reply; 5+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-20  9:03 UTC (permalink / raw)
  To: Alexander Bulekov, qemu-devel
  Cc: Laurent Vivier, Paolo Bonzini, Thomas Huth, Bandan Das, Stefan Hajnoczi

On 1/20/21 7:07 AM, Alexander Bulekov wrote:
> Disks work differently depending on the x86 machine type (SATA vs PATA).
> Additionally, we should fuzz the atapi code paths, which might contain
> vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
> cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
> machine types.

Yet another point for using qgraph generated configs ;)



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] fuzz: refine the ide/ahci fuzzer configs
  2021-01-20  6:07 [PATCH] fuzz: refine the ide/ahci fuzzer configs Alexander Bulekov
  2021-01-20  9:03 ` Philippe Mathieu-Daudé
@ 2021-01-20  9:53 ` Thomas Huth
  2021-01-20 14:16   ` Alexander Bulekov
  1 sibling, 1 reply; 5+ messages in thread
From: Thomas Huth @ 2021-01-20  9:53 UTC (permalink / raw)
  To: Alexander Bulekov, qemu-devel
  Cc: Laurent Vivier, Paolo Bonzini, Bandan Das, Stefan Hajnoczi

On 20/01/2021 07.07, Alexander Bulekov wrote:
> Disks work differently depending on the x86 machine type (SATA vs PATA).
> Additionally, we should fuzz the atapi code paths, which might contain
> vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
> cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
> machine types.
> 
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
>   tests/qtest/fuzz/generic_fuzz_configs.h | 20 +++++++++++++++++++-
>   1 file changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h
> index 7fed035345..2ec52fbb63 100644
> --- a/tests/qtest/fuzz/generic_fuzz_configs.h
> +++ b/tests/qtest/fuzz/generic_fuzz_configs.h
> @@ -85,10 +85,28 @@ const generic_fuzz_config predefined_configs[] = {
>           .objects = "intel-hda",
>       },{
>           .name = "ide-hd",
> +        .args = "-machine pc -nodefaults "
> +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> +        "-device ide-hd,drive=disk0",
> +        .objects = "*ide*",
> +    },{
> +        .name = "ide-atapi",
> +        .args = "-machine pc -nodefaults "
> +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> +        "-device ide-cd,drive=disk0",
> +        .objects = "*ide*",
> +    },{
> +        .name = "ahci-hd",
> +        .args = "-machine q35 -nodefaults "
> +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> +        "-device ide-hd,drive=disk0",
> +        .objects = "*ahci*",
> +    },{
> +        .name = "ahci-atapi",
>           .args = "-machine q35 -nodefaults "
>           "-drive file=null-co://,if=none,format=raw,id=disk0 "
>           "-device ide-hd,drive=disk0",

Shouldn't that be ide-cd now for ahci-atapi?

  Thomas



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] fuzz: refine the ide/ahci fuzzer configs
  2021-01-20  9:53 ` Thomas Huth
@ 2021-01-20 14:16   ` Alexander Bulekov
  0 siblings, 0 replies; 5+ messages in thread
From: Alexander Bulekov @ 2021-01-20 14:16 UTC (permalink / raw)
  To: Thomas Huth
  Cc: Laurent Vivier, Paolo Bonzini, Bandan Das, qemu-devel, Stefan Hajnoczi

On 210120 1053, Thomas Huth wrote:
> On 20/01/2021 07.07, Alexander Bulekov wrote:
> > Disks work differently depending on the x86 machine type (SATA vs PATA).
> > Additionally, we should fuzz the atapi code paths, which might contain
> > vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
> > cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
> > machine types.
> > 
> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> > ---
> >   tests/qtest/fuzz/generic_fuzz_configs.h | 20 +++++++++++++++++++-
> >   1 file changed, 19 insertions(+), 1 deletion(-)
> > 
> > diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h
> > index 7fed035345..2ec52fbb63 100644
> > --- a/tests/qtest/fuzz/generic_fuzz_configs.h
> > +++ b/tests/qtest/fuzz/generic_fuzz_configs.h
> > @@ -85,10 +85,28 @@ const generic_fuzz_config predefined_configs[] = {
> >           .objects = "intel-hda",
> >       },{
> >           .name = "ide-hd",
> > +        .args = "-machine pc -nodefaults "
> > +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> > +        "-device ide-hd,drive=disk0",
> > +        .objects = "*ide*",
> > +    },{
> > +        .name = "ide-atapi",
> > +        .args = "-machine pc -nodefaults "
> > +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> > +        "-device ide-cd,drive=disk0",
> > +        .objects = "*ide*",
> > +    },{
> > +        .name = "ahci-hd",
> > +        .args = "-machine q35 -nodefaults "
> > +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> > +        "-device ide-hd,drive=disk0",
> > +        .objects = "*ahci*",
> > +    },{
> > +        .name = "ahci-atapi",
> >           .args = "-machine q35 -nodefaults "
> >           "-drive file=null-co://,if=none,format=raw,id=disk0 "
> >           "-device ide-hd,drive=disk0",
> 
> Shouldn't that be ide-cd now for ahci-atapi?

Thanks for catching that.
-Alex

> 
>  Thomas
> 


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] fuzz: refine the ide/ahci fuzzer configs
  2021-01-20  9:03 ` Philippe Mathieu-Daudé
@ 2021-01-20 14:30   ` Alexander Bulekov
  0 siblings, 0 replies; 5+ messages in thread
From: Alexander Bulekov @ 2021-01-20 14:30 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: Laurent Vivier, Thomas Huth, qemu-devel, Bandan Das,
	Stefan Hajnoczi, Paolo Bonzini

On 210120 1003, Philippe Mathieu-Daudé wrote:
> On 1/20/21 7:07 AM, Alexander Bulekov wrote:
> > Disks work differently depending on the x86 machine type (SATA vs PATA).
> > Additionally, we should fuzz the atapi code paths, which might contain
> > vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
> > cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
> > machine types.
> 
> Yet another point for using qgraph generated configs ;)
> 
Yes. Though in this particular case, ahci-test.c and ide-test.c still
do their own disk setup, and -drive arguments. I don't think PATA is
built out within libqos at all, yet.


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-01-20 14:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-20  6:07 [PATCH] fuzz: refine the ide/ahci fuzzer configs Alexander Bulekov
2021-01-20  9:03 ` Philippe Mathieu-Daudé
2021-01-20 14:30   ` Alexander Bulekov
2021-01-20  9:53 ` Thomas Huth
2021-01-20 14:16   ` Alexander Bulekov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.