From: Alexander Bulekov <alxndr@bu.edu>
To: qemu-devel@nongnu.org
Cc: Laurent Vivier <lvivier@redhat.com>,
Thomas Huth <thuth@redhat.com>, Alexander Bulekov <alxndr@bu.edu>,
f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com,
stefanha@redhat.com, pbonzini@redhat.com,
dimastep@yandex-team.ru
Subject: [PATCH v6 08/16] fuzz: add a DISABLE_PCI op to generic-fuzzer
Date: Wed, 21 Oct 2020 17:09:14 -0400 [thread overview]
Message-ID: <20201021210922.572955-9-alxndr@bu.edu> (raw)
In-Reply-To: <20201021210922.572955-1-alxndr@bu.edu>
This new operation is used in the next commit, which concatenates two
fuzzer-generated inputs. With this operation, we can prevent the second
input from clobbering the PCI configuration performed by the first.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
---
tests/qtest/fuzz/generic_fuzz.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index e356873ae0..fb8bf4a112 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -39,6 +39,7 @@ enum cmds {
OP_WRITE,
OP_PCI_READ,
OP_PCI_WRITE,
+ OP_DISABLE_PCI,
OP_ADD_DMA_PATTERN,
OP_CLEAR_DMA_PATTERNS,
OP_CLOCK_STEP,
@@ -116,6 +117,7 @@ static GArray *dma_regions;
static GArray *dma_patterns;
static int dma_pattern_index;
+static bool pci_disabled;
/*
* Allocate a block of memory and populate it with a pattern.
@@ -479,7 +481,7 @@ static void op_pci_read(QTestState *s, const unsigned char * data, size_t len)
uint8_t base;
uint8_t offset;
} a;
- if (len < sizeof(a) || fuzzable_pci_devices->len == 0) {
+ if (len < sizeof(a) || fuzzable_pci_devices->len == 0 || pci_disabled) {
return;
}
memcpy(&a, data, sizeof(a));
@@ -509,7 +511,7 @@ static void op_pci_write(QTestState *s, const unsigned char * data, size_t len)
uint8_t offset;
uint32_t value;
} a;
- if (len < sizeof(a) || fuzzable_pci_devices->len == 0) {
+ if (len < sizeof(a) || fuzzable_pci_devices->len == 0 || pci_disabled) {
return;
}
memcpy(&a, data, sizeof(a));
@@ -564,6 +566,11 @@ static void op_clock_step(QTestState *s, const unsigned char *data, size_t len)
qtest_clock_step_next(s);
}
+static void op_disable_pci(QTestState *s, const unsigned char *data, size_t len)
+{
+ pci_disabled = true;
+}
+
static void handle_timeout(int sig)
{
if (qtest_log_enabled) {
@@ -619,6 +626,7 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size)
[OP_WRITE] = op_write,
[OP_PCI_READ] = op_pci_read,
[OP_PCI_WRITE] = op_pci_write,
+ [OP_DISABLE_PCI] = op_disable_pci,
[OP_ADD_DMA_PATTERN] = op_add_dma_pattern,
[OP_CLEAR_DMA_PATTERNS] = op_clear_dma_patterns,
[OP_CLOCK_STEP] = op_clock_step,
@@ -651,6 +659,7 @@ static void generic_fuzz(QTestState *s, const unsigned char *Data, size_t Size)
}
op_clear_dma_patterns(s, NULL, 0);
+ pci_disabled = false;
while (cmd && Size) {
/* Get the length until the next command or end of input */
--
2.28.0
next prev parent reply other threads:[~2020-10-21 21:35 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-21 21:09 [PATCH v6 00/16] Add a Generic Virtual Device Fuzzer Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 01/16] memory: Add FlatView foreach function Alexander Bulekov
2020-10-22 8:09 ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 02/16] fuzz: Add generic virtual-device fuzzer Alexander Bulekov
2020-10-22 9:12 ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 03/16] fuzz: Add PCI features to the generic fuzzer Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 04/16] fuzz: Add DMA support to the generic-fuzzer Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 05/16] fuzz: Declare DMA Read callback function Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 06/16] fuzz: Add fuzzer callbacks to DMA-read functions Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 07/16] fuzz: Add support for custom crossover functions Alexander Bulekov
2020-10-21 21:09 ` Alexander Bulekov [this message]
2020-10-21 21:09 ` [PATCH v6 09/16] fuzz: add a crossover function to generic-fuzzer Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 10/16] scripts/oss-fuzz: Add script to reorder a generic-fuzzer trace Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 11/16] scripts/oss-fuzz: Add crash trace minimization script Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 12/16] fuzz: Add instructions for using generic-fuzz Alexander Bulekov
2020-10-21 21:09 ` [PATCH v6 13/16] fuzz: add an "opaque" to the FuzzTarget struct Alexander Bulekov
2020-10-22 9:14 ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 14/16] fuzz: add generic-fuzz configs for oss-fuzz Alexander Bulekov
2020-10-22 9:15 ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 15/16] fuzz: register predefined generic-fuzz configs Alexander Bulekov
2020-10-22 9:18 ` Darren Kenny
2020-10-21 21:09 ` [PATCH v6 16/16] scripts/oss-fuzz: remove the generic-fuzz target Alexander Bulekov
2020-10-22 9:32 ` Darren Kenny
2020-10-22 13:01 ` Alexander Bulekov
2020-10-22 13:13 ` Darren Kenny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201021210922.572955-9-alxndr@bu.edu \
--to=alxndr@bu.edu \
--cc=bsd@redhat.com \
--cc=darren.kenny@oracle.com \
--cc=dimastep@yandex-team.ru \
--cc=f4bug@amsat.org \
--cc=lvivier@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).