qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Alexander Bulekov <alxndr@bu.edu>
To: qemu-devel@nongnu.org
Cc: Laurent Vivier <lvivier@redhat.com>,
	Thomas Huth <thuth@redhat.com>, Alexander Bulekov <alxndr@bu.edu>,
	f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com,
	stefanha@redhat.com, pbonzini@redhat.com,
	dimastep@yandex-team.ru
Subject: [PATCH v6 08/16] fuzz: add a DISABLE_PCI op to generic-fuzzer
Date: Wed, 21 Oct 2020 17:09:14 -0400	[thread overview]
Message-ID: <20201021210922.572955-9-alxndr@bu.edu> (raw)
In-Reply-To: <20201021210922.572955-1-alxndr@bu.edu>

This new operation is used in the next commit, which concatenates two
fuzzer-generated inputs. With this operation, we can prevent the second
input from clobbering the PCI configuration performed by the first.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
---
 tests/qtest/fuzz/generic_fuzz.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index e356873ae0..fb8bf4a112 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -39,6 +39,7 @@ enum cmds {
     OP_WRITE,
     OP_PCI_READ,
     OP_PCI_WRITE,
+    OP_DISABLE_PCI,
     OP_ADD_DMA_PATTERN,
     OP_CLEAR_DMA_PATTERNS,
     OP_CLOCK_STEP,
@@ -116,6 +117,7 @@ static GArray *dma_regions;
 
 static GArray *dma_patterns;
 static int dma_pattern_index;
+static bool pci_disabled;
 
 /*
  * Allocate a block of memory and populate it with a pattern.
@@ -479,7 +481,7 @@ static void op_pci_read(QTestState *s, const unsigned char * data, size_t len)
         uint8_t base;
         uint8_t offset;
     } a;
-    if (len < sizeof(a) || fuzzable_pci_devices->len == 0) {
+    if (len < sizeof(a) || fuzzable_pci_devices->len == 0 || pci_disabled) {
         return;
     }
     memcpy(&a, data, sizeof(a));
@@ -509,7 +511,7 @@ static void op_pci_write(QTestState *s, const unsigned char * data, size_t len)
         uint8_t offset;
         uint32_t value;
     } a;
-    if (len < sizeof(a) || fuzzable_pci_devices->len == 0) {
+    if (len < sizeof(a) || fuzzable_pci_devices->len == 0 || pci_disabled) {
         return;
     }
     memcpy(&a, data, sizeof(a));
@@ -564,6 +566,11 @@ static void op_clock_step(QTestState *s, const unsigned char *data, size_t len)
     qtest_clock_step_next(s);
 }
 
+static void op_disable_pci(QTestState *s, const unsigned char *data, size_t len)
+{
+    pci_disabled = true;
+}
+
 static void handle_timeout(int sig)
 {
     if (qtest_log_enabled) {
@@ -619,6 +626,7 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size)
         [OP_WRITE]              = op_write,
         [OP_PCI_READ]           = op_pci_read,
         [OP_PCI_WRITE]          = op_pci_write,
+        [OP_DISABLE_PCI]        = op_disable_pci,
         [OP_ADD_DMA_PATTERN]    = op_add_dma_pattern,
         [OP_CLEAR_DMA_PATTERNS] = op_clear_dma_patterns,
         [OP_CLOCK_STEP]         = op_clock_step,
@@ -651,6 +659,7 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size)
         }
 
         op_clear_dma_patterns(s, NULL, 0);
+        pci_disabled = false;
 
         while (cmd && Size) {
             /* Get the length until the next command or end of input */
-- 
2.28.0



  parent reply	other threads:[~2020-10-21 21:35 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-21 21:09 [PATCH v6 00/16] Add a Generic Virtual Device Fuzzer Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 01/16] memory: Add FlatView foreach function Alexander Bulekov
2020-10-22  8:09   ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 02/16] fuzz: Add generic virtual-device fuzzer Alexander Bulekov
2020-10-22  9:12   ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 03/16] fuzz: Add PCI features to the generic fuzzer Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 04/16] fuzz: Add DMA support to the generic-fuzzer Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 05/16] fuzz: Declare DMA Read callback function Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 06/16] fuzz: Add fuzzer callbacks to DMA-read functions Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 07/16] fuzz: Add support for custom crossover functions Alexander Bulekov
2020-10-21 21:09 ` Alexander Bulekov [this message]
2020-10-21 21:09 ` [PATCH v6 09/16] fuzz: add a crossover function to generic-fuzzer Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 10/16] scripts/oss-fuzz: Add script to reorder a generic-fuzzer trace Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 11/16] scripts/oss-fuzz: Add crash trace minimization script Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 12/16] fuzz: Add instructions for using generic-fuzz Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 13/16] fuzz: add an "opaque" to the FuzzTarget struct Alexander Bulekov
2020-10-22  9:14   ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 14/16] fuzz: add generic-fuzz configs for oss-fuzz Alexander Bulekov
2020-10-22  9:15   ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 15/16] fuzz: register predefined generic-fuzz configs Alexander Bulekov
2020-10-22  9:18   ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 16/16] scripts/oss-fuzz: remove the generic-fuzz target Alexander Bulekov
2020-10-22  9:32   ` Darren Kenny
2020-10-22 13:01     ` Alexander Bulekov
2020-10-22 13:13       ` Darren Kenny

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201021210922.572955-9-alxndr@bu.edu \
    --to=alxndr@bu.edu \
    --cc=bsd@redhat.com \
    --cc=darren.kenny@oracle.com \
    --cc=dimastep@yandex-team.ru \
    --cc=f4bug@amsat.org \
    --cc=lvivier@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).