* [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test
@ 2012-05-19 12:54 Blue Swirl
2012-05-21 7:51 ` Kevin Wolf
0 siblings, 1 reply; 8+ messages in thread
From: Blue Swirl @ 2012-05-19 12:54 UTC (permalink / raw)
To: Kevin Wolf, Paolo Bonzini, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 2390 bytes --]
Add a simple register fuzzing test to floppy controller tests.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
---
There's a lot of output like:
GTESTER check-qtest-i386
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f
FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93
FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4
FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1
FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92
Maybe they should be fixed first.
---
tests/fdc-test.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/tests/fdc-test.c b/tests/fdc-test.c
index 5b5dd74..5a22a31 100644
--- a/tests/fdc-test.c
+++ b/tests/fdc-test.c
@@ -154,6 +154,22 @@ static void test_media_change(void)
assert_bit_clear(dir, DSKCHG);
}
+/* success if no crash or abort */
+static void fuzz_registers(void)
+{
+ unsigned int i;
+
+ for (i = 0; i < 1000; i++) {
+ uint8_t reg, val;
+
+ reg = (uint8_t)g_test_rand_int_range(0, 8);
+ val = (uint8_t)g_test_rand_int_range(0, 256);
+
+ outb(FLOPPY_BASE + reg, val);
+ inb(FLOPPY_BASE + reg);
+ }
+}
+
int main(int argc, char **argv)
{
const char *arch = qtest_get_arch();
@@ -184,6 +200,7 @@ int main(int argc, char **argv)
qtest_start(cmdline);
qtest_irq_intercept_in(global_qtest, "ioapic");
qtest_add_func("/fdc/media_change", test_media_change);
+ qtest_add_func("/fdc/fuzz-registers", fuzz_registers);
ret = g_test_run();
--
1.7.10
[-- Attachment #2: 0001-qtest-add-a-fuzz-test-to-fdc-test.patch --]
[-- Type: text/x-patch, Size: 1454 bytes --]
From 1ccf05afa5560127b9ccf88348bddf4a2765fe95 Mon Sep 17 00:00:00 2001
Message-Id: <1ccf05afa5560127b9ccf88348bddf4a2765fe95.1337431940.git.blauwirbel@gmail.com>
From: Blue Swirl <blauwirbel@gmail.com>
Date: Thu, 17 May 2012 18:55:58 +0000
Subject: [PATCH] qtest: add a fuzz test to fdc-test
Add a simple register fuzzing test to floppy controller tests.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
---
tests/fdc-test.c | 17 +++++++++++++++++
1 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/tests/fdc-test.c b/tests/fdc-test.c
index 5b5dd74..5a22a31 100644
--- a/tests/fdc-test.c
+++ b/tests/fdc-test.c
@@ -154,6 +154,22 @@ static void test_media_change(void)
assert_bit_clear(dir, DSKCHG);
}
+/* success if no crash or abort */
+static void fuzz_registers(void)
+{
+ unsigned int i;
+
+ for (i = 0; i < 1000; i++) {
+ uint8_t reg, val;
+
+ reg = (uint8_t)g_test_rand_int_range(0, 8);
+ val = (uint8_t)g_test_rand_int_range(0, 256);
+
+ outb(FLOPPY_BASE + reg, val);
+ inb(FLOPPY_BASE + reg);
+ }
+}
+
int main(int argc, char **argv)
{
const char *arch = qtest_get_arch();
@@ -184,6 +200,7 @@ int main(int argc, char **argv)
qtest_start(cmdline);
qtest_irq_intercept_in(global_qtest, "ioapic");
qtest_add_func("/fdc/media_change", test_media_change);
+ qtest_add_func("/fdc/fuzz-registers", fuzz_registers);
ret = g_test_run();
--
1.7.2.5
^ permalink raw reply related [flat|nested] 8+ messages in thread* Re: [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test
2012-05-19 12:54 [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test Blue Swirl
@ 2012-05-21 7:51 ` Kevin Wolf
2012-05-21 8:11 ` Paolo Bonzini
0 siblings, 1 reply; 8+ messages in thread
From: Kevin Wolf @ 2012-05-21 7:51 UTC (permalink / raw)
To: Blue Swirl; +Cc: Paolo Bonzini, qemu-devel
Am 19.05.2012 14:54, schrieb Blue Swirl:
> Add a simple register fuzzing test to floppy controller tests.
>
> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
> ---
> There's a lot of output like:
> GTESTER check-qtest-i386
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f
> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93
> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4
> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1
> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92
>
> Maybe they should be fixed first.
What do you mean by fixing? Turning them into DPRINTFs?
Kevin
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test
2012-05-21 7:51 ` Kevin Wolf
@ 2012-05-21 8:11 ` Paolo Bonzini
2012-05-21 8:14 ` Kevin Wolf
0 siblings, 1 reply; 8+ messages in thread
From: Paolo Bonzini @ 2012-05-21 8:11 UTC (permalink / raw)
To: Kevin Wolf; +Cc: Blue Swirl, qemu-devel
Il 21/05/2012 09:51, Kevin Wolf ha scritto:
>> > GTESTER check-qtest-i386
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f
>> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93
>> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4
>> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1
>> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92
>> >
>> > Maybe they should be fixed first.
> What do you mean by fixing? Turning them into DPRINTFs?
Or trace events?
Paolo
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test
2012-05-21 8:11 ` Paolo Bonzini
@ 2012-05-21 8:14 ` Kevin Wolf
2012-05-21 8:18 ` Paolo Bonzini
2012-05-21 17:30 ` Blue Swirl
0 siblings, 2 replies; 8+ messages in thread
From: Kevin Wolf @ 2012-05-21 8:14 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: Blue Swirl, qemu-devel
Am 21.05.2012 10:11, schrieb Paolo Bonzini:
> Il 21/05/2012 09:51, Kevin Wolf ha scritto:
>>>> GTESTER check-qtest-i386
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f
>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93
>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4
>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1
>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92
>>>>
>>>> Maybe they should be fixed first.
>> What do you mean by fixing? Turning them into DPRINTFs?
>
> Or trace events?
Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the
point here is that today it's a FLOPPY_ERROR, and except for register
fuzzing they report real problems with the emulation and not just some
debugging information. So I'm not sure if hiding them is really a fix.
Kevin
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test
2012-05-21 8:14 ` Kevin Wolf
@ 2012-05-21 8:18 ` Paolo Bonzini
2012-05-21 17:33 ` Blue Swirl
2012-05-21 17:30 ` Blue Swirl
1 sibling, 1 reply; 8+ messages in thread
From: Paolo Bonzini @ 2012-05-21 8:18 UTC (permalink / raw)
To: Kevin Wolf; +Cc: Blue Swirl, qemu-devel
> >> What do you mean by fixing? Turning them into DPRINTFs?
> >
> > Or trace events?
>
> Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the
> point here is that today it's a FLOPPY_ERROR, and except for register
> fuzzing they report real problems with the emulation and not just
> some debugging information. So I'm not sure if hiding them is really a
> fix.
It depends, "controller not ready for reading" is most likely just caused by
fuzzing. Most unimplemented commands are also invalid on real hardware too.
Paolo
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test
2012-05-21 8:18 ` Paolo Bonzini
@ 2012-05-21 17:33 ` Blue Swirl
0 siblings, 0 replies; 8+ messages in thread
From: Blue Swirl @ 2012-05-21 17:33 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: Kevin Wolf, qemu-devel
On Mon, May 21, 2012 at 8:18 AM, Paolo Bonzini <pbonzini@redhat.com> wrote:
>> >> What do you mean by fixing? Turning them into DPRINTFs?
>> >
>> > Or trace events?
>>
>> Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the
>> point here is that today it's a FLOPPY_ERROR, and except for register
>> fuzzing they report real problems with the emulation and not just
>> some debugging information. So I'm not sure if hiding them is really a
>> fix.
>
> It depends, "controller not ready for reading" is most likely just caused by
> fuzzing. Most unimplemented commands are also invalid on real hardware too.
Yes, but a malevolent guest could issue the same commands if those
could cause problems to QEMU.
>
> Paolo
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test
2012-05-21 8:14 ` Kevin Wolf
2012-05-21 8:18 ` Paolo Bonzini
@ 2012-05-21 17:30 ` Blue Swirl
2012-05-21 17:47 ` Peter Maydell
1 sibling, 1 reply; 8+ messages in thread
From: Blue Swirl @ 2012-05-21 17:30 UTC (permalink / raw)
To: Kevin Wolf; +Cc: Paolo Bonzini, qemu-devel
On Mon, May 21, 2012 at 8:14 AM, Kevin Wolf <kwolf@redhat.com> wrote:
> Am 21.05.2012 10:11, schrieb Paolo Bonzini:
>> Il 21/05/2012 09:51, Kevin Wolf ha scritto:
>>>>> GTESTER check-qtest-i386
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f
>>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading
>>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93
>>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4
>>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1
>>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92
>>>>>
>>>>> Maybe they should be fixed first.
>>> What do you mean by fixing? Turning them into DPRINTFs?
>>
>> Or trace events?
>
> Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the
> point here is that today it's a FLOPPY_ERROR, and except for register
> fuzzing they report real problems with the emulation and not just some
> debugging information. So I'm not sure if hiding them is really a fix.
While not a DoS, letting the guest spam the console at will is not
nice either. Maybe we need a new method to enable a selected set of
printouts, something like '-d unimplemented'. That way no recompiling
would be needed.
>
> Kevin
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test
2012-05-21 17:30 ` Blue Swirl
@ 2012-05-21 17:47 ` Peter Maydell
0 siblings, 0 replies; 8+ messages in thread
From: Peter Maydell @ 2012-05-21 17:47 UTC (permalink / raw)
To: Blue Swirl; +Cc: Kevin Wolf, Paolo Bonzini, qemu-devel
On 21 May 2012 18:30, Blue Swirl <blauwirbel@gmail.com> wrote:
> On Mon, May 21, 2012 at 8:14 AM, Kevin Wolf <kwolf@redhat.com> wrote:
>> Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the
>> point here is that today it's a FLOPPY_ERROR, and except for register
>> fuzzing they report real problems with the emulation and not just some
>> debugging information. So I'm not sure if hiding them is really a fix.
>
> While not a DoS, letting the guest spam the console at will is not
> nice either. Maybe we need a new method to enable a selected set of
> printouts, something like '-d unimplemented'. That way no recompiling
> would be needed.
+1 for a better set of graduated logging/debug levels and a sensible
command line interface for turning them on and off. Possible severity
levels:
* debug output
* guest has done something that suggests it might be buggy, eg
accessing nonexistent register
* guest has tried to use something qemu doesn't implement
* qemu (fatal) error
These should be orthogonal to the "what area should we print logging
for" question, I think.
With a clean API for defining log messages I think we could clean
up a lot of the legacy functions for asserting/aborting in various
ways (in particular a lot of the hw_error() uses).
-- PMM
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2012-05-21 17:47 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-05-19 12:54 [Qemu-devel] [PATCH] qtest: add a fuzz test to fdc-test Blue Swirl
2012-05-21 7:51 ` Kevin Wolf
2012-05-21 8:11 ` Paolo Bonzini
2012-05-21 8:14 ` Kevin Wolf
2012-05-21 8:18 ` Paolo Bonzini
2012-05-21 17:33 ` Blue Swirl
2012-05-21 17:30 ` Blue Swirl
2012-05-21 17:47 ` Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.