* [PATCH 0/4] tests/qtest: Fixes fuzz-tests
@ 2021-01-15 15:09 Philippe Mathieu-Daudé
2021-01-15 15:09 ` [PATCH 1/4] tests/qtest: Remove TPM tests Philippe Mathieu-Daudé
` (3 more replies)
0 siblings, 4 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-15 15:09 UTC (permalink / raw)
To: qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Paolo Bonzini,
Philippe Mathieu-Daudé,
Stefan Berger
tests/qtest/fuzz-test seems to have bitrotten.
Fix it to make it useful.
Philippe Mathieu-Daudé (4):
tests/qtest: Remove TPM tests
tests/qtest: Make fuzz-test generic to all targets
tests/qtest: Only run fuzz-megasas-test if megasas device is available
tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is available
tests/qtest/fuzz-megasas-test.c | 49 +++++++++++++++++++
tests/qtest/fuzz-test.c | 76 -----------------------------
tests/qtest/fuzz-virtio-scsi-test.c | 75 ++++++++++++++++++++++++++++
MAINTAINERS | 2 +
tests/qtest/meson.build | 12 ++---
5 files changed, 132 insertions(+), 82 deletions(-)
create mode 100644 tests/qtest/fuzz-megasas-test.c
create mode 100644 tests/qtest/fuzz-virtio-scsi-test.c
--
2.26.2
^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-15 15:09 [PATCH 0/4] tests/qtest: Fixes fuzz-tests Philippe Mathieu-Daudé
@ 2021-01-15 15:09 ` Philippe Mathieu-Daudé
2021-01-15 15:52 ` Philippe Mathieu-Daudé
2021-01-17 18:47 ` Paolo Bonzini
2021-01-15 15:09 ` [PATCH 2/4] tests/qtest: Make fuzz-test generic to all targets Philippe Mathieu-Daudé
` (2 subsequent siblings)
3 siblings, 2 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-15 15:09 UTC (permalink / raw)
To: qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Paolo Bonzini,
Philippe Mathieu-Daudé,
Stefan Berger
The TPM tests are failing, and no further tests are run,
making the rest of the testsuite pointless:
$ make check-qtest
=================================================================
==3330026==ERROR: LeakSanitizer: detected memory leaks
Indirect leak of 444960 byte(s) in 108 object(s) allocated from:
#0 0x55a2df5adb87 in calloc (tests/qtest/tpm-crb-swtpm-test+0x266b87)
#1 0x7f507bbff9b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
#2 0x55a2df898766 in parse_object qobject/json-parser.c:318:12
#3 0x55a2df897d86 in parse_value qobject/json-parser.c:546:16
#4 0x55a2df8979be in json_parser_parse qobject/json-parser.c:580:14
#5 0x55a2df81ccc1 in json_message_process_token qobject/json-streamer.c:92:12
#6 0x55a2df85f773 in json_lexer_feed_char qobject/json-lexer.c:313:13
#7 0x55a2df85eb04 in json_lexer_feed qobject/json-lexer.c:350:9
#8 0x55a2df81d7ed in json_message_parser_feed qobject/json-streamer.c:121:5
#9 0x55a2df5f15f9 in qmp_fd_receive tests/qtest/libqtest.c:614:9
#10 0x55a2df5f1dda in qtest_qmp_receive_dict tests/qtest/libqtest.c:636:12
#11 0x55a2df5ef444 in qtest_qmp_receive tests/qtest/libqtest.c:624:27
#12 0x55a2df5f3a2d in qtest_vqmp tests/qtest/libqtest.c:715:12
#13 0x55a2df5efa62 in qtest_qmp tests/qtest/libqtest.c:756:16
#14 0x55a2df5eb480 in tpm_util_wait_for_migration_complete tests/qtest/tpm-util.c:245:15
#15 0x55a2df5e4167 in tpm_test_swtpm_migration_test tests/qtest/tpm-tests.c:117:5
#16 0x55a2df5e340c in tpm_crb_swtpm_migration_test tests/qtest/tpm-crb-swtpm-test.c:44:5
#17 0x7f507bc2229d (/lib64/libglib-2.0.so.0+0x7b29d)
Indirect leak of 3456 byte(s) in 108 object(s) allocated from:
#0 0x55a2df5adb87 in calloc (tests/qtest/tpm-crb-swtpm-test+0x266b87)
#1 0x7f507bbff9b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
#2 0x55a2df7886af in qdict_put_obj qobject/qdict.c:126:17
#3 0x55a2df89d706 in parse_pair qobject/json-parser.c:300:5
#4 0x55a2df898889 in parse_object qobject/json-parser.c:327:13
#5 0x55a2df897d86 in parse_value qobject/json-parser.c:546:16
#6 0x55a2df8979be in json_parser_parse qobject/json-parser.c:580:14
#7 0x55a2df81ccc1 in json_message_process_token qobject/json-streamer.c:92:12
#8 0x55a2df85f773 in json_lexer_feed_char qobject/json-lexer.c:313:13
#9 0x55a2df85eb04 in json_lexer_feed qobject/json-lexer.c:350:9
#10 0x55a2df81d7ed in json_message_parser_feed qobject/json-streamer.c:121:5
#11 0x55a2df5f15f9 in qmp_fd_receive tests/qtest/libqtest.c:614:9
#12 0x55a2df5f1dda in qtest_qmp_receive_dict tests/qtest/libqtest.c:636:12
#13 0x55a2df5ef444 in qtest_qmp_receive tests/qtest/libqtest.c:624:27
#14 0x55a2df5f3a2d in qtest_vqmp tests/qtest/libqtest.c:715:12
#15 0x55a2df5efa62 in qtest_qmp tests/qtest/libqtest.c:756:16
#16 0x55a2df5eb480 in tpm_util_wait_for_migration_complete tests/qtest/tpm-util.c:245:15
#17 0x55a2df5e4167 in tpm_test_swtpm_migration_test tests/qtest/tpm-tests.c:117:5
#18 0x55a2df5e340c in tpm_crb_swtpm_migration_test tests/qtest/tpm-crb-swtpm-test.c:44:5
#19 0x7f507bc2229d (/lib64/libglib-2.0.so.0+0x7b29d)
Indirect leak of 756 byte(s) in 108 object(s) allocated from:
#0 0x55a2df5ad9cf in malloc (tests/qtest/tpm-crb-swtpm-test+0x2669cf)
#1 0x7f507bbff958 in g_malloc (/lib64/libglib-2.0.so.0+0x58958)
SUMMARY: AddressSanitizer: 449172 byte(s) leaked in 324 allocation(s).
make: *** [Makefile.mtest:1025: run-test-126] Error 1
Remove these tests to be able to run the rest.
Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
tests/qtest/meson.build | 4 ----
1 file changed, 4 deletions(-)
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index 16d04625b8b..bcbb04d2bb4 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -41,10 +41,6 @@
(config_all_devices.has_key('CONFIG_USB_UHCI') and \
config_all_devices.has_key('CONFIG_USB_EHCI') ? ['usb-hcd-ehci-test'] : []) + \
(config_all_devices.has_key('CONFIG_USB_XHCI_NEC') ? ['usb-hcd-xhci-test'] : []) + \
- (config_all_devices.has_key('CONFIG_TPM_CRB') ? ['tpm-crb-test'] : []) + \
- (config_all_devices.has_key('CONFIG_TPM_CRB') ? ['tpm-crb-swtpm-test'] : []) + \
- (config_all_devices.has_key('CONFIG_TPM_TIS_ISA') ? ['tpm-tis-test'] : []) + \
- (config_all_devices.has_key('CONFIG_TPM_TIS_ISA') ? ['tpm-tis-swtpm-test'] : []) + \
(config_all_devices.has_key('CONFIG_RTL8139_PCI') ? ['rtl8139-test'] : []) + \
qtests_pci + \
['fdc-test',
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 2/4] tests/qtest: Make fuzz-test generic to all targets
2021-01-15 15:09 [PATCH 0/4] tests/qtest: Fixes fuzz-tests Philippe Mathieu-Daudé
2021-01-15 15:09 ` [PATCH 1/4] tests/qtest: Remove TPM tests Philippe Mathieu-Daudé
@ 2021-01-15 15:09 ` Philippe Mathieu-Daudé
2021-01-15 22:21 ` Thomas Huth
2021-01-15 15:09 ` [PATCH 3/4] tests/qtest: Only run fuzz-megasas-test if megasas device is available Philippe Mathieu-Daudé
2021-01-15 15:09 ` [PATCH 4/4] tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi " Philippe Mathieu-Daudé
3 siblings, 1 reply; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-15 15:09 UTC (permalink / raw)
To: qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Paolo Bonzini,
Philippe Mathieu-Daudé,
Stefan Berger
Tests in fuzz-test's main() already check for the supported
architecture before adding tests, therefore this test is not
specific to the X86 target. Move it to the generic set.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
tests/qtest/meson.build | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index bcbb04d2bb4..874f5d34674 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -13,7 +13,9 @@
'qom-test',
'test-hmp',
'qos-test',
+ 'fuzz-test',
]
+
if config_host.has_key('CONFIG_MODULES')
qtests_generic += [ 'modules-test' ]
endif
@@ -50,7 +52,6 @@
'bios-tables-test',
'rtc-test',
'i440fx-test',
- 'fuzz-test',
'fw_cfg-test',
'device-plug-test',
'drive_del-test',
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 3/4] tests/qtest: Only run fuzz-megasas-test if megasas device is available
2021-01-15 15:09 [PATCH 0/4] tests/qtest: Fixes fuzz-tests Philippe Mathieu-Daudé
2021-01-15 15:09 ` [PATCH 1/4] tests/qtest: Remove TPM tests Philippe Mathieu-Daudé
2021-01-15 15:09 ` [PATCH 2/4] tests/qtest: Make fuzz-test generic to all targets Philippe Mathieu-Daudé
@ 2021-01-15 15:09 ` Philippe Mathieu-Daudé
2021-01-15 22:39 ` Alexander Bulekov
2021-01-15 15:09 ` [PATCH 4/4] tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi " Philippe Mathieu-Daudé
3 siblings, 1 reply; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-15 15:09 UTC (permalink / raw)
To: qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Paolo Bonzini,
Philippe Mathieu-Daudé,
Stefan Berger
This test fails when QEMU is built without the megasas device,
restrict it to its availability.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
tests/qtest/fuzz-megasas-test.c | 49 +++++++++++++++++++++++++++++++++
tests/qtest/fuzz-test.c | 25 -----------------
MAINTAINERS | 1 +
tests/qtest/meson.build | 4 ++-
4 files changed, 53 insertions(+), 26 deletions(-)
create mode 100644 tests/qtest/fuzz-megasas-test.c
diff --git a/tests/qtest/fuzz-megasas-test.c b/tests/qtest/fuzz-megasas-test.c
new file mode 100644
index 00000000000..940a76bf25a
--- /dev/null
+++ b/tests/qtest/fuzz-megasas-test.c
@@ -0,0 +1,49 @@
+/*
+ * QTest fuzzer-generated testcase for megasas device
+ *
+ * Copyright (c) 2020 Li Qiang <liq3ea@gmail.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "libqos/libqtest.h"
+
+/*
+ * This used to trigger the assert in scsi_dma_complete
+ * https://bugs.launchpad.net/qemu/+bug/1878263
+ */
+static void test_lp1878263_megasas_zero_iov_cnt(void)
+{
+ QTestState *s;
+
+ s = qtest_init("-nographic -monitor none -serial none "
+ "-M q35 -device megasas -device scsi-cd,drive=null0 "
+ "-blockdev driver=null-co,read-zeroes=on,node-name=null0");
+ qtest_outl(s, 0xcf8, 0x80001818);
+ qtest_outl(s, 0xcfc, 0xc101);
+ qtest_outl(s, 0xcf8, 0x8000181c);
+ qtest_outl(s, 0xcf8, 0x80001804);
+ qtest_outw(s, 0xcfc, 0x7);
+ qtest_outl(s, 0xcf8, 0x8000186a);
+ qtest_writeb(s, 0x14, 0xfe);
+ qtest_writeb(s, 0x0, 0x02);
+ qtest_outb(s, 0xc1c0, 0x17);
+ qtest_quit(s);
+}
+
+int main(int argc, char **argv)
+{
+ const char *arch = qtest_get_arch();
+
+ g_test_init(&argc, &argv, NULL);
+
+ if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
+ qtest_add_func("fuzz/test_lp1878263_megasas_zero_iov_cnt",
+ test_lp1878263_megasas_zero_iov_cnt);
+ }
+
+ return g_test_run();
+}
diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c
index cdb1100a0b8..6188fbb8e96 100644
--- a/tests/qtest/fuzz-test.c
+++ b/tests/qtest/fuzz-test.c
@@ -11,29 +11,6 @@
#include "libqos/libqtest.h"
-/*
- * This used to trigger the assert in scsi_dma_complete
- * https://bugs.launchpad.net/qemu/+bug/1878263
- */
-static void test_lp1878263_megasas_zero_iov_cnt(void)
-{
- QTestState *s;
-
- s = qtest_init("-nographic -monitor none -serial none "
- "-M q35 -device megasas -device scsi-cd,drive=null0 "
- "-blockdev driver=null-co,read-zeroes=on,node-name=null0");
- qtest_outl(s, 0xcf8, 0x80001818);
- qtest_outl(s, 0xcfc, 0xc101);
- qtest_outl(s, 0xcf8, 0x8000181c);
- qtest_outl(s, 0xcf8, 0x80001804);
- qtest_outw(s, 0xcfc, 0x7);
- qtest_outl(s, 0xcf8, 0x8000186a);
- qtest_writeb(s, 0x14, 0xfe);
- qtest_writeb(s, 0x0, 0x02);
- qtest_outb(s, 0xc1c0, 0x17);
- qtest_quit(s);
-}
-
static void test_lp1878642_pci_bus_get_irq_level_assert(void)
{
QTestState *s;
@@ -104,8 +81,6 @@ int main(int argc, char **argv)
g_test_init(&argc, &argv, NULL);
if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
- qtest_add_func("fuzz/test_lp1878263_megasas_zero_iov_cnt",
- test_lp1878263_megasas_zero_iov_cnt);
qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert",
test_lp1878642_pci_bus_get_irq_level_assert);
qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache",
diff --git a/MAINTAINERS b/MAINTAINERS
index cb0656aec3d..b2ef820a9fa 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1925,6 +1925,7 @@ S: Supported
F: hw/scsi/megasas.c
F: hw/scsi/mfi.h
F: tests/qtest/megasas-test.c
+F: tests/qtest/fuzz-megasas-test.c
Network packet abstractions
M: Dmitry Fleytman <dmitry.fleytman@gmail.com>
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index 874f5d34674..a24e7f1c34a 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -4,7 +4,9 @@
subdir_done()
endif
-qtests_generic = [
+qtests_generic = \
+ (config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) + \
+ [
'cdrom-test',
'device-introspect-test',
'machine-none-test',
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 4/4] tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is available
2021-01-15 15:09 [PATCH 0/4] tests/qtest: Fixes fuzz-tests Philippe Mathieu-Daudé
` (2 preceding siblings ...)
2021-01-15 15:09 ` [PATCH 3/4] tests/qtest: Only run fuzz-megasas-test if megasas device is available Philippe Mathieu-Daudé
@ 2021-01-15 15:09 ` Philippe Mathieu-Daudé
2021-01-17 11:01 ` Michael S. Tsirkin
3 siblings, 1 reply; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-15 15:09 UTC (permalink / raw)
To: qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block,
Michael S. Tsirkin, Li Qiang, Hannes Reinecke, Alexander Bulekov,
Paolo Bonzini, Philippe Mathieu-Daudé,
Stefan Berger
This test fails when QEMU is built without the virtio-scsi device,
restrict it to its availability.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Note when running check-qtest-i386 I still get this failure:
qemu-system-i386: Cannot map used
it comes from virtio_init_region_cache().
---
tests/qtest/fuzz-test.c | 51 --------------------
tests/qtest/fuzz-virtio-scsi-test.c | 75 +++++++++++++++++++++++++++++
MAINTAINERS | 1 +
tests/qtest/meson.build | 1 +
4 files changed, 77 insertions(+), 51 deletions(-)
create mode 100644 tests/qtest/fuzz-virtio-scsi-test.c
diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c
index 6188fbb8e96..d112798afe3 100644
--- a/tests/qtest/fuzz-test.c
+++ b/tests/qtest/fuzz-test.c
@@ -25,55 +25,6 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void)
qtest_quit(s);
}
-/*
- * Here a MemoryRegionCache pointed to an MMIO region but had a
- * larger size than the underlying region.
- */
-static void test_mmio_oob_from_memory_region_cache(void)
-{
- QTestState *s;
-
- s = qtest_init("-M pc-q35-5.2 -display none -m 512M "
- "-device virtio-scsi,num_queues=8,addr=03.0 ");
-
- qtest_outl(s, 0xcf8, 0x80001811);
- qtest_outb(s, 0xcfc, 0x6e);
- qtest_outl(s, 0xcf8, 0x80001824);
- qtest_outl(s, 0xcf8, 0x80001813);
- qtest_outl(s, 0xcfc, 0xa080000);
- qtest_outl(s, 0xcf8, 0x80001802);
- qtest_outl(s, 0xcfc, 0x5a175a63);
- qtest_outb(s, 0x6e08, 0x9e);
- qtest_writeb(s, 0x9f003, 0xff);
- qtest_writeb(s, 0x9f004, 0x01);
- qtest_writeb(s, 0x9e012, 0x0e);
- qtest_writeb(s, 0x9e01b, 0x0e);
- qtest_writeb(s, 0x9f006, 0x01);
- qtest_writeb(s, 0x9f008, 0x01);
- qtest_writeb(s, 0x9f00a, 0x01);
- qtest_writeb(s, 0x9f00c, 0x01);
- qtest_writeb(s, 0x9f00e, 0x01);
- qtest_writeb(s, 0x9f010, 0x01);
- qtest_writeb(s, 0x9f012, 0x01);
- qtest_writeb(s, 0x9f014, 0x01);
- qtest_writeb(s, 0x9f016, 0x01);
- qtest_writeb(s, 0x9f018, 0x01);
- qtest_writeb(s, 0x9f01a, 0x01);
- qtest_writeb(s, 0x9f01c, 0x01);
- qtest_writeb(s, 0x9f01e, 0x01);
- qtest_writeb(s, 0x9f020, 0x01);
- qtest_writeb(s, 0x9f022, 0x01);
- qtest_writeb(s, 0x9f024, 0x01);
- qtest_writeb(s, 0x9f026, 0x01);
- qtest_writeb(s, 0x9f028, 0x01);
- qtest_writeb(s, 0x9f02a, 0x01);
- qtest_writeb(s, 0x9f02c, 0x01);
- qtest_writeb(s, 0x9f02e, 0x01);
- qtest_writeb(s, 0x9f030, 0x01);
- qtest_outb(s, 0x6e10, 0x00);
- qtest_quit(s);
-}
-
int main(int argc, char **argv)
{
const char *arch = qtest_get_arch();
@@ -83,8 +34,6 @@ int main(int argc, char **argv)
if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert",
test_lp1878642_pci_bus_get_irq_level_assert);
- qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache",
- test_mmio_oob_from_memory_region_cache);
}
return g_test_run();
diff --git a/tests/qtest/fuzz-virtio-scsi-test.c b/tests/qtest/fuzz-virtio-scsi-test.c
new file mode 100644
index 00000000000..aaf6d10e189
--- /dev/null
+++ b/tests/qtest/fuzz-virtio-scsi-test.c
@@ -0,0 +1,75 @@
+/*
+ * QTest fuzzer-generated testcase for virtio-scsi device
+ *
+ * Copyright (c) 2020 Li Qiang <liq3ea@gmail.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "libqos/libqtest.h"
+
+/*
+ * Here a MemoryRegionCache pointed to an MMIO region but had a
+ * larger size than the underlying region.
+ */
+static void test_mmio_oob_from_memory_region_cache(void)
+{
+ QTestState *s;
+
+ s = qtest_init("-M pc-q35-5.2 -display none -m 512M "
+ "-device virtio-scsi,num_queues=8,addr=03.0 ");
+
+ qtest_outl(s, 0xcf8, 0x80001811);
+ qtest_outb(s, 0xcfc, 0x6e);
+ qtest_outl(s, 0xcf8, 0x80001824);
+ qtest_outl(s, 0xcf8, 0x80001813);
+ qtest_outl(s, 0xcfc, 0xa080000);
+ qtest_outl(s, 0xcf8, 0x80001802);
+ qtest_outl(s, 0xcfc, 0x5a175a63);
+ qtest_outb(s, 0x6e08, 0x9e);
+ qtest_writeb(s, 0x9f003, 0xff);
+ qtest_writeb(s, 0x9f004, 0x01);
+ qtest_writeb(s, 0x9e012, 0x0e);
+ qtest_writeb(s, 0x9e01b, 0x0e);
+ qtest_writeb(s, 0x9f006, 0x01);
+ qtest_writeb(s, 0x9f008, 0x01);
+ qtest_writeb(s, 0x9f00a, 0x01);
+ qtest_writeb(s, 0x9f00c, 0x01);
+ qtest_writeb(s, 0x9f00e, 0x01);
+ qtest_writeb(s, 0x9f010, 0x01);
+ qtest_writeb(s, 0x9f012, 0x01);
+ qtest_writeb(s, 0x9f014, 0x01);
+ qtest_writeb(s, 0x9f016, 0x01);
+ qtest_writeb(s, 0x9f018, 0x01);
+ qtest_writeb(s, 0x9f01a, 0x01);
+ qtest_writeb(s, 0x9f01c, 0x01);
+ qtest_writeb(s, 0x9f01e, 0x01);
+ qtest_writeb(s, 0x9f020, 0x01);
+ qtest_writeb(s, 0x9f022, 0x01);
+ qtest_writeb(s, 0x9f024, 0x01);
+ qtest_writeb(s, 0x9f026, 0x01);
+ qtest_writeb(s, 0x9f028, 0x01);
+ qtest_writeb(s, 0x9f02a, 0x01);
+ qtest_writeb(s, 0x9f02c, 0x01);
+ qtest_writeb(s, 0x9f02e, 0x01);
+ qtest_writeb(s, 0x9f030, 0x01);
+ qtest_outb(s, 0x6e10, 0x00);
+ qtest_quit(s);
+}
+
+int main(int argc, char **argv)
+{
+ const char *arch = qtest_get_arch();
+
+ g_test_init(&argc, &argv, NULL);
+
+ if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
+ qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache",
+ test_mmio_oob_from_memory_region_cache);
+ }
+
+ return g_test_run();
+}
diff --git a/MAINTAINERS b/MAINTAINERS
index b2ef820a9fa..fcbe3ac79a8 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1717,6 +1717,7 @@ S: Supported
F: include/hw/scsi/*
F: hw/scsi/*
F: tests/qtest/virtio-scsi-test.c
+F: tests/qtest/fuzz-virtio-scsi-test.c
T: git https://github.com/bonzini/qemu.git scsi-next
SSI
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index a24e7f1c34a..fedce3ee3c1 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -6,6 +6,7 @@
qtests_generic = \
(config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) + \
+ (config_all_devices.has_key('CONFIG_VIRTIO_SCSI') ? ['fuzz-virtio-scsi-test'] : []) + \
[
'cdrom-test',
'device-introspect-test',
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-15 15:09 ` [PATCH 1/4] tests/qtest: Remove TPM tests Philippe Mathieu-Daudé
@ 2021-01-15 15:52 ` Philippe Mathieu-Daudé
2021-01-15 15:53 ` Stefan Berger
2021-01-17 18:47 ` Paolo Bonzini
1 sibling, 1 reply; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-15 15:52 UTC (permalink / raw)
To: qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Paolo Bonzini, Stefan Berger
Subject is incorrect, this is not a removal of the tests, but
removal of their execution. The tests are still in the repository.
This is more of a disablement.
On 1/15/21 4:09 PM, Philippe Mathieu-Daudé wrote:
> The TPM tests are failing, and no further tests are run,
> making the rest of the testsuite pointless:
>
> $ make check-qtest
> =================================================================
> ==3330026==ERROR: LeakSanitizer: detected memory leaks
...
> SUMMARY: AddressSanitizer: 449172 byte(s) leaked in 324 allocation(s).
> make: *** [Makefile.mtest:1025: run-test-126] Error 1
>
> Remove these tests to be able to run the rest.
>
> Cc: Stefan Berger <stefanb@linux.ibm.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> tests/qtest/meson.build | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
> index 16d04625b8b..bcbb04d2bb4 100644
> --- a/tests/qtest/meson.build
> +++ b/tests/qtest/meson.build
> @@ -41,10 +41,6 @@
> (config_all_devices.has_key('CONFIG_USB_UHCI') and \
> config_all_devices.has_key('CONFIG_USB_EHCI') ? ['usb-hcd-ehci-test'] : []) + \
> (config_all_devices.has_key('CONFIG_USB_XHCI_NEC') ? ['usb-hcd-xhci-test'] : []) + \
> - (config_all_devices.has_key('CONFIG_TPM_CRB') ? ['tpm-crb-test'] : []) + \
> - (config_all_devices.has_key('CONFIG_TPM_CRB') ? ['tpm-crb-swtpm-test'] : []) + \
> - (config_all_devices.has_key('CONFIG_TPM_TIS_ISA') ? ['tpm-tis-test'] : []) + \
> - (config_all_devices.has_key('CONFIG_TPM_TIS_ISA') ? ['tpm-tis-swtpm-test'] : []) + \
> (config_all_devices.has_key('CONFIG_RTL8139_PCI') ? ['rtl8139-test'] : []) + \
> qtests_pci + \
> ['fdc-test',
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-15 15:52 ` Philippe Mathieu-Daudé
@ 2021-01-15 15:53 ` Stefan Berger
2021-01-15 16:06 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 19+ messages in thread
From: Stefan Berger @ 2021-01-15 15:53 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Paolo Bonzini
On 1/15/21 10:52 AM, Philippe Mathieu-Daudé wrote:
> Subject is incorrect, this is not a removal of the tests, but
> removal of their execution. The tests are still in the repository.
> This is more of a disablement.
How do you compile / run them to have the LeakSanitizer checks?
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-15 15:53 ` Stefan Berger
@ 2021-01-15 16:06 ` Philippe Mathieu-Daudé
2021-01-15 16:07 ` Philippe Mathieu-Daudé
2021-01-15 18:40 ` Stefan Berger
0 siblings, 2 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-15 16:06 UTC (permalink / raw)
To: Stefan Berger, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Paolo Bonzini,
Alex Bennée
On 1/15/21 4:53 PM, Stefan Berger wrote:
> On 1/15/21 10:52 AM, Philippe Mathieu-Daudé wrote:
>> Subject is incorrect, this is not a removal of the tests, but
>> removal of their execution. The tests are still in the repository.
>> This is more of a disablement.
>
> How do you compile / run them to have the LeakSanitizer checks?
I used:
../configure --cc=clang --enable-sanitizers && make check-qtest
$ clang -v
clang version 10.0.1 (Fedora 10.0.1-3.fc32)
This was previously covered by patchew CI. I just figured
patchew is running without the LeakSanitizer since commit
6f89ec7442e ("docker: test-debug: disable LeakSanitizer"):
docker: test-debug: disable LeakSanitizer
There are just too many leaks in device-introspect-test (especially for
the plethora of arm and aarch64 boards) to make LeakSanitizer useful;
disable it for now.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-15 16:06 ` Philippe Mathieu-Daudé
@ 2021-01-15 16:07 ` Philippe Mathieu-Daudé
2021-01-15 18:40 ` Stefan Berger
1 sibling, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-15 16:07 UTC (permalink / raw)
To: qemu-devel, Thomas Huth, Paolo Bonzini
Cc: Fam Zheng, Laurent Vivier, Hannes Reinecke, qemu-block, Li Qiang,
Alexander Bulekov, Alex Bennée, Stefan Berger
On 1/15/21 5:06 PM, Philippe Mathieu-Daudé wrote:
> On 1/15/21 4:53 PM, Stefan Berger wrote:
>> On 1/15/21 10:52 AM, Philippe Mathieu-Daudé wrote:
>>> Subject is incorrect, this is not a removal of the tests, but
>>> removal of their execution. The tests are still in the repository.
>>> This is more of a disablement.
>>
>> How do you compile / run them to have the LeakSanitizer checks?
>
> I used:
>
> ../configure --cc=clang --enable-sanitizers && make check-qtest
>
> $ clang -v
> clang version 10.0.1 (Fedora 10.0.1-3.fc32)
>
> This was previously covered by patchew CI. I just figured
> patchew is running without the LeakSanitizer since commit
> 6f89ec7442e ("docker: test-debug: disable LeakSanitizer"):
>
> docker: test-debug: disable LeakSanitizer
>
> There are just too many leaks in device-introspect-test (especially for
> the plethora of arm and aarch64 boards) to make LeakSanitizer useful;
> disable it for now.
So if this expected, maybe the correct fix is to have meson use
ASAN_OPTIONS=detect_leaks=0 automatically when running the qtests?
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-15 16:06 ` Philippe Mathieu-Daudé
2021-01-15 16:07 ` Philippe Mathieu-Daudé
@ 2021-01-15 18:40 ` Stefan Berger
2021-01-15 19:56 ` Stefan Berger
1 sibling, 1 reply; 19+ messages in thread
From: Stefan Berger @ 2021-01-15 18:40 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Paolo Bonzini,
Alex Bennée
On 1/15/21 11:06 AM, Philippe Mathieu-Daudé wrote:
> On 1/15/21 4:53 PM, Stefan Berger wrote:
>> On 1/15/21 10:52 AM, Philippe Mathieu-Daudé wrote:
>>> Subject is incorrect, this is not a removal of the tests, but
>>> removal of their execution. The tests are still in the repository.
>>> This is more of a disablement.
>> How do you compile / run them to have the LeakSanitizer checks?
> I used:
>
> ../configure --cc=clang --enable-sanitizers && make check-qtest
>
> $ clang -v
> clang version 10.0.1 (Fedora 10.0.1-3.fc32)
>
> This was previously covered by patchew CI. I just figured
> patchew is running without the LeakSanitizer since commit
> 6f89ec7442e ("docker: test-debug: disable LeakSanitizer"):
>
> docker: test-debug: disable LeakSanitizer
>
> There are just too many leaks in device-introspect-test (especially for
> the plethora of arm and aarch64 boards) to make LeakSanitizer useful;
> disable it for now.
>
I only get short stack traces:
Indirect leak of 852840 byte(s) in 207 object(s) allocated from:
#0 0x561a8c2f8b57 in calloc
(/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23fb57)
#1 0x14f0963069b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
#2 0x561a8c4c2508 in json_parser_parse
/home/stefanb/tmp/qemu-tip/build/../qobject/json-parser.c:580:14
#3 0x561a8c4a99aa in json_message_process_token
/home/stefanb/tmp/qemu-tip/build/../qobject/json-streamer.c:92:12
#4 0x561a8c4b6cfb in json_lexer_feed_char
/home/stefanb/tmp/qemu-tip/build/../qobject/json-lexer.c:313:13
Indirect leak of 6624 byte(s) in 207 object(s) allocated from:
#0 0x561a8c2f8b57 in calloc
(/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23fb57)
#1 0x14f0963069b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
Indirect leak of 1449 byte(s) in 207 object(s) allocated from:
#0 0x561a8c2f899f in malloc
(/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23f99f)
#1 0x14f096306958 in g_malloc (/lib64/libglib-2.0.so.0+0x58958)
How can I see more of those?
Stefan
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-15 18:40 ` Stefan Berger
@ 2021-01-15 19:56 ` Stefan Berger
2021-01-16 14:56 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 19+ messages in thread
From: Stefan Berger @ 2021-01-15 19:56 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Paolo Bonzini,
Alex Bennée
On 1/15/21 1:40 PM, Stefan Berger wrote:
> On 1/15/21 11:06 AM, Philippe Mathieu-Daudé wrote:
>> On 1/15/21 4:53 PM, Stefan Berger wrote:
>>> On 1/15/21 10:52 AM, Philippe Mathieu-Daudé wrote:
>>>> Subject is incorrect, this is not a removal of the tests, but
>>>> removal of their execution. The tests are still in the repository.
>>>> This is more of a disablement.
>>> How do you compile / run them to have the LeakSanitizer checks?
>> I used:
>>
>> ../configure --cc=clang --enable-sanitizers && make check-qtest
>>
>> $ clang -v
>> clang version 10.0.1 (Fedora 10.0.1-3.fc32)
>>
>> This was previously covered by patchew CI. I just figured
>> patchew is running without the LeakSanitizer since commit
>> 6f89ec7442e ("docker: test-debug: disable LeakSanitizer"):
>>
>> docker: test-debug: disable LeakSanitizer
>>
>> There are just too many leaks in device-introspect-test (especially
>> for
>> the plethora of arm and aarch64 boards) to make LeakSanitizer useful;
>> disable it for now.
>>
> I only get short stack traces:
>
>
> Indirect leak of 852840 byte(s) in 207 object(s) allocated from:
> #0 0x561a8c2f8b57 in calloc
> (/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23fb57)
> #1 0x14f0963069b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
> #2 0x561a8c4c2508 in json_parser_parse
> /home/stefanb/tmp/qemu-tip/build/../qobject/json-parser.c:580:14
> #3 0x561a8c4a99aa in json_message_process_token
> /home/stefanb/tmp/qemu-tip/build/../qobject/json-streamer.c:92:12
> #4 0x561a8c4b6cfb in json_lexer_feed_char
> /home/stefanb/tmp/qemu-tip/build/../qobject/json-lexer.c:313:13
>
> Indirect leak of 6624 byte(s) in 207 object(s) allocated from:
> #0 0x561a8c2f8b57 in calloc
> (/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23fb57)
> #1 0x14f0963069b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
>
> Indirect leak of 1449 byte(s) in 207 object(s) allocated from:
> #0 0x561a8c2f899f in malloc
> (/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23f99f)
> #1 0x14f096306958 in g_malloc (/lib64/libglib-2.0.so.0+0x58958)
>
> How can I see more of those?
I now added -fno-omit-frame-pointer to configure (should it not be
there?) and it now shows some useful stacktraces.
diff --git a/configure b/configure
index 155dda124c..ed86b5ca32 100755
--- a/configure
+++ b/configure
@@ -5308,7 +5308,7 @@ if test "$gprof" = "yes" ; then
fi
if test "$have_asan" = "yes"; then
- QEMU_CFLAGS="-fsanitize=address $QEMU_CFLAGS"
+ QEMU_CFLAGS="-fsanitize=address -fno-omit-frame-pointer $QEMU_CFLAGS"
QEMU_LDFLAGS="-fsanitize=address $QEMU_LDFLAGS"
if test "$have_asan_iface_h" = "no" ; then
echo "ASAN build enabled, but ASAN header missing." \
diff --git a/tests/qtest/tpm-util.c b/tests/qtest/tpm-util.c
This is my TPM related fix. Maybe it resolve the issue for you also?
index 5a33a6ef0f..b70cc32d60 100644
--- a/tests/qtest/tpm-util.c
+++ b/tests/qtest/tpm-util.c
@@ -250,7 +250,7 @@ void tpm_util_wait_for_migration_complete(QTestState
*who)
status = qdict_get_str(rsp_return, "status");
completed = strcmp(status, "completed") == 0;
g_assert_cmpstr(status, !=, "failed");
- qobject_unref(rsp_return);
+ qobject_unref(rsp);
if (completed) {
return;
}
Now I see ppc64 related leaks:
Direct leak of 200 byte(s) in 1 object(s) allocated from:
#0 0x14c9b743c837 in __interceptor_calloc (/lib64/libasan.so.6+0xb0837)
#1 0x14c9b6e8b9b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
#2 0x55c5e7130a1a in qemu_init_vcpu ../softmmu/cpus.c:618
#3 0x55c5e68b30c0 in ppc_cpu_realize
../target/ppc/translate_init.c.inc:10146
#4 0x55c5e7539c08 in device_set_realized ../hw/core/qdev.c:761
#5 0x55c5e714aa38 in property_set_bool ../qom/object.c:2255
#6 0x55c5e7145d52 in object_property_set ../qom/object.c:1400
#7 0x55c5e714f99f in object_property_set_qobject
../qom/qom-qobject.c:28
#8 0x55c5e71465f4 in object_property_set_bool ../qom/object.c:1470
#9 0x55c5e666ae21 in spapr_realize_vcpu ../hw/ppc/spapr_cpu_core.c:254
#10 0x55c5e666ae21 in spapr_cpu_core_realize
../hw/ppc/spapr_cpu_core.c:337
#11 0x55c5e7539c08 in device_set_realized ../hw/core/qdev.c:761
#12 0x55c5e714aa38 in property_set_bool ../qom/object.c:2255
#13 0x55c5e7145d52 in object_property_set ../qom/object.c:1400
#14 0x55c5e714f99f in object_property_set_qobject
../qom/qom-qobject.c:28
#15 0x55c5e71465f4 in object_property_set_bool ../qom/object.c:1470
#16 0x55c5e5c7553c in qdev_device_add ../softmmu/qdev-monitor.c:665
#17 0x55c5e6fd4cc4 in device_init_func ../softmmu/vl.c:1201
#18 0x55c5e78fc7bb in qemu_opts_foreach ../util/qemu-option.c:1147
#19 0x55c5e6fc8912 in qemu_create_cli_devices ../softmmu/vl.c:2488
#20 0x55c5e6fc8912 in qmp_x_exit_preconfig ../softmmu/vl.c:2527
#21 0x55c5e6fcfb4b in qemu_init ../softmmu/vl.c:3533
#22 0x55c5e5b18e78 in main ../softmmu/main.c:49
#23 0x14c9b50fa041 in __libc_start_main (/lib64/libc.so.6+0x27041)
[..]
>
>
> Stefan
>
>
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH 2/4] tests/qtest: Make fuzz-test generic to all targets
2021-01-15 15:09 ` [PATCH 2/4] tests/qtest: Make fuzz-test generic to all targets Philippe Mathieu-Daudé
@ 2021-01-15 22:21 ` Thomas Huth
2021-01-26 11:07 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 19+ messages in thread
From: Thomas Huth @ 2021-01-15 22:21 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Hannes Reinecke, qemu-block, Li Qiang,
Alexander Bulekov, Paolo Bonzini, Stefan Berger
On 15/01/2021 16.09, Philippe Mathieu-Daudé wrote:
> Tests in fuzz-test's main() already check for the supported
> architecture before adding tests, therefore this test is not
> specific to the X86 target. Move it to the generic set.
As long as it does not run any test on non-x86, it does not make sense to
move it to the generic set, does it? We'd only waste compile cycles that way?
Thomas
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 3/4] tests/qtest: Only run fuzz-megasas-test if megasas device is available
2021-01-15 15:09 ` [PATCH 3/4] tests/qtest: Only run fuzz-megasas-test if megasas device is available Philippe Mathieu-Daudé
@ 2021-01-15 22:39 ` Alexander Bulekov
2021-01-26 11:08 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 19+ messages in thread
From: Alexander Bulekov @ 2021-01-15 22:39 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
qemu-devel, Hannes Reinecke, Paolo Bonzini, Stefan Berger
On 210115 1609, Philippe Mathieu-Daudé wrote:
> This test fails when QEMU is built without the megasas device,
> restrict it to its availability.
Should we just make a separate directory for fuzzer tests and have a
separate source file for each reproducer (or for each device)? That way,
we avoid confusion about what to do with new reproducers: they always go
into e.g. tests/qtest/reproducers/device_name.c
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-15 19:56 ` Stefan Berger
@ 2021-01-16 14:56 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-16 14:56 UTC (permalink / raw)
To: Stefan Berger, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, qemu-ppc, Paolo Bonzini,
Alex Bennée
Hi Stefan,
On 1/15/21 8:56 PM, Stefan Berger wrote:
> On 1/15/21 1:40 PM, Stefan Berger wrote:
>> On 1/15/21 11:06 AM, Philippe Mathieu-Daudé wrote:
>>> On 1/15/21 4:53 PM, Stefan Berger wrote:
>>>> On 1/15/21 10:52 AM, Philippe Mathieu-Daudé wrote:
>>>>> Subject is incorrect, this is not a removal of the tests, but
>>>>> removal of their execution. The tests are still in the repository.
>>>>> This is more of a disablement.
>>>> How do you compile / run them to have the LeakSanitizer checks?
>>> I used:
>>>
>>> ../configure --cc=clang --enable-sanitizers && make check-qtest
>>>
>>> $ clang -v
>>> clang version 10.0.1 (Fedora 10.0.1-3.fc32)
>>>
>>> This was previously covered by patchew CI. I just figured
>>> patchew is running without the LeakSanitizer since commit
>>> 6f89ec7442e ("docker: test-debug: disable LeakSanitizer"):
>>>
>>> docker: test-debug: disable LeakSanitizer
>>>
>>> There are just too many leaks in device-introspect-test (especially
>>> for
>>> the plethora of arm and aarch64 boards) to make LeakSanitizer useful;
>>> disable it for now.
>>>
>> I only get short stack traces:
>>
>>
>> Indirect leak of 852840 byte(s) in 207 object(s) allocated from:
>> #0 0x561a8c2f8b57 in calloc
>> (/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23fb57)
>>
>> #1 0x14f0963069b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
>> #2 0x561a8c4c2508 in json_parser_parse
>> /home/stefanb/tmp/qemu-tip/build/../qobject/json-parser.c:580:14
>> #3 0x561a8c4a99aa in json_message_process_token
>> /home/stefanb/tmp/qemu-tip/build/../qobject/json-streamer.c:92:12
>> #4 0x561a8c4b6cfb in json_lexer_feed_char
>> /home/stefanb/tmp/qemu-tip/build/../qobject/json-lexer.c:313:13
>>
>> Indirect leak of 6624 byte(s) in 207 object(s) allocated from:
>> #0 0x561a8c2f8b57 in calloc
>> (/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23fb57)
>>
>> #1 0x14f0963069b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
>>
>> Indirect leak of 1449 byte(s) in 207 object(s) allocated from:
>> #0 0x561a8c2f899f in malloc
>> (/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23f99f)
>>
>> #1 0x14f096306958 in g_malloc (/lib64/libglib-2.0.so.0+0x58958)
>>
>> How can I see more of those?
>
>
> I now added -fno-omit-frame-pointer to configure (should it not be
> there?) and it now shows some useful stacktraces.
No idea... Cc'ing Marc-André.
If the issue is only with ASan we could add the flag locally
to avoid generic problems with _FORTIFY_SOURCE:
-- >8 --
@@ -5309,6 +5309,9 @@ fi
if test "$have_asan" = "yes"; then
QEMU_CFLAGS="-fsanitize=address $QEMU_CFLAGS"
+ if test "$debug" = "no" ; then
+ QEMU_CFLAGS="-fno-omit-frame-pointer $QEMU_CFLAGS"
+ fi
QEMU_LDFLAGS="-fsanitize=address $QEMU_LDFLAGS"
if test "$have_asan_iface_h" = "no" ; then
echo "ASAN build enabled, but ASAN header missing." \
---
>
>
> diff --git a/configure b/configure
> index 155dda124c..ed86b5ca32 100755
> --- a/configure
> +++ b/configure
> @@ -5308,7 +5308,7 @@ if test "$gprof" = "yes" ; then
> fi
>
> if test "$have_asan" = "yes"; then
> - QEMU_CFLAGS="-fsanitize=address $QEMU_CFLAGS"
> + QEMU_CFLAGS="-fsanitize=address -fno-omit-frame-pointer $QEMU_CFLAGS"
> QEMU_LDFLAGS="-fsanitize=address $QEMU_LDFLAGS"
> if test "$have_asan_iface_h" = "no" ; then
> echo "ASAN build enabled, but ASAN header missing." \
> diff --git a/tests/qtest/tpm-util.c b/tests/qtest/tpm-util.c
>
>
> This is my TPM related fix. Maybe it resolve the issue for you also?
Great, a trivial diff :) I'll try it next week.
>
>
> index 5a33a6ef0f..b70cc32d60 100644
> --- a/tests/qtest/tpm-util.c
> +++ b/tests/qtest/tpm-util.c
> @@ -250,7 +250,7 @@ void tpm_util_wait_for_migration_complete(QTestState
> *who)
> status = qdict_get_str(rsp_return, "status");
> completed = strcmp(status, "completed") == 0;
> g_assert_cmpstr(status, !=, "failed");
> - qobject_unref(rsp_return);
> + qobject_unref(rsp);
> if (completed) {
> return;
> }
>
> Now I see ppc64 related leaks:
>
> Direct leak of 200 byte(s) in 1 object(s) allocated from:
> #0 0x14c9b743c837 in __interceptor_calloc (/lib64/libasan.so.6+0xb0837)
> #1 0x14c9b6e8b9b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
> #2 0x55c5e7130a1a in qemu_init_vcpu ../softmmu/cpus.c:618
> #3 0x55c5e68b30c0 in ppc_cpu_realize
> ../target/ppc/translate_init.c.inc:10146
> #4 0x55c5e7539c08 in device_set_realized ../hw/core/qdev.c:761
> #5 0x55c5e714aa38 in property_set_bool ../qom/object.c:2255
> #6 0x55c5e7145d52 in object_property_set ../qom/object.c:1400
> #7 0x55c5e714f99f in object_property_set_qobject
> ../qom/qom-qobject.c:28
> #8 0x55c5e71465f4 in object_property_set_bool ../qom/object.c:1470
> #9 0x55c5e666ae21 in spapr_realize_vcpu ../hw/ppc/spapr_cpu_core.c:254
> #10 0x55c5e666ae21 in spapr_cpu_core_realize
> ../hw/ppc/spapr_cpu_core.c:337
> #11 0x55c5e7539c08 in device_set_realized ../hw/core/qdev.c:761
> #12 0x55c5e714aa38 in property_set_bool ../qom/object.c:2255
> #13 0x55c5e7145d52 in object_property_set ../qom/object.c:1400
> #14 0x55c5e714f99f in object_property_set_qobject
> ../qom/qom-qobject.c:28
> #15 0x55c5e71465f4 in object_property_set_bool ../qom/object.c:1470
> #16 0x55c5e5c7553c in qdev_device_add ../softmmu/qdev-monitor.c:665
> #17 0x55c5e6fd4cc4 in device_init_func ../softmmu/vl.c:1201
> #18 0x55c5e78fc7bb in qemu_opts_foreach ../util/qemu-option.c:1147
> #19 0x55c5e6fc8912 in qemu_create_cli_devices ../softmmu/vl.c:2488
> #20 0x55c5e6fc8912 in qmp_x_exit_preconfig ../softmmu/vl.c:2527
> #21 0x55c5e6fcfb4b in qemu_init ../softmmu/vl.c:3533
> #22 0x55c5e5b18e78 in main ../softmmu/main.c:49
> #23 0x14c9b50fa041 in __libc_start_main (/lib64/libc.so.6+0x27041)
>
> [..]
Currently the fuzzed qtests are only reported for X86, so I didn't
bother testing the other targets. Cc'ing qemu-ppc@ however.
Thanks for the quick feedbacks,
Phil.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 4/4] tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is available
2021-01-15 15:09 ` [PATCH 4/4] tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi " Philippe Mathieu-Daudé
@ 2021-01-17 11:01 ` Michael S. Tsirkin
0 siblings, 0 replies; 19+ messages in thread
From: Michael S. Tsirkin @ 2021-01-17 11:01 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
qemu-devel, Alexander Bulekov, Hannes Reinecke, Paolo Bonzini,
Stefan Berger
On Fri, Jan 15, 2021 at 04:09:36PM +0100, Philippe Mathieu-Daudé wrote:
> This test fails when QEMU is built without the virtio-scsi device,
> restrict it to its availability.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Are you merging this with rest of patchset?
> ---
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
>
> Note when running check-qtest-i386 I still get this failure:
>
> qemu-system-i386: Cannot map used
>
> it comes from virtio_init_region_cache().
Not sure I understand this part.
> ---
> tests/qtest/fuzz-test.c | 51 --------------------
> tests/qtest/fuzz-virtio-scsi-test.c | 75 +++++++++++++++++++++++++++++
> MAINTAINERS | 1 +
> tests/qtest/meson.build | 1 +
> 4 files changed, 77 insertions(+), 51 deletions(-)
> create mode 100644 tests/qtest/fuzz-virtio-scsi-test.c
>
> diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c
> index 6188fbb8e96..d112798afe3 100644
> --- a/tests/qtest/fuzz-test.c
> +++ b/tests/qtest/fuzz-test.c
> @@ -25,55 +25,6 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void)
> qtest_quit(s);
> }
>
> -/*
> - * Here a MemoryRegionCache pointed to an MMIO region but had a
> - * larger size than the underlying region.
> - */
> -static void test_mmio_oob_from_memory_region_cache(void)
> -{
> - QTestState *s;
> -
> - s = qtest_init("-M pc-q35-5.2 -display none -m 512M "
> - "-device virtio-scsi,num_queues=8,addr=03.0 ");
> -
> - qtest_outl(s, 0xcf8, 0x80001811);
> - qtest_outb(s, 0xcfc, 0x6e);
> - qtest_outl(s, 0xcf8, 0x80001824);
> - qtest_outl(s, 0xcf8, 0x80001813);
> - qtest_outl(s, 0xcfc, 0xa080000);
> - qtest_outl(s, 0xcf8, 0x80001802);
> - qtest_outl(s, 0xcfc, 0x5a175a63);
> - qtest_outb(s, 0x6e08, 0x9e);
> - qtest_writeb(s, 0x9f003, 0xff);
> - qtest_writeb(s, 0x9f004, 0x01);
> - qtest_writeb(s, 0x9e012, 0x0e);
> - qtest_writeb(s, 0x9e01b, 0x0e);
> - qtest_writeb(s, 0x9f006, 0x01);
> - qtest_writeb(s, 0x9f008, 0x01);
> - qtest_writeb(s, 0x9f00a, 0x01);
> - qtest_writeb(s, 0x9f00c, 0x01);
> - qtest_writeb(s, 0x9f00e, 0x01);
> - qtest_writeb(s, 0x9f010, 0x01);
> - qtest_writeb(s, 0x9f012, 0x01);
> - qtest_writeb(s, 0x9f014, 0x01);
> - qtest_writeb(s, 0x9f016, 0x01);
> - qtest_writeb(s, 0x9f018, 0x01);
> - qtest_writeb(s, 0x9f01a, 0x01);
> - qtest_writeb(s, 0x9f01c, 0x01);
> - qtest_writeb(s, 0x9f01e, 0x01);
> - qtest_writeb(s, 0x9f020, 0x01);
> - qtest_writeb(s, 0x9f022, 0x01);
> - qtest_writeb(s, 0x9f024, 0x01);
> - qtest_writeb(s, 0x9f026, 0x01);
> - qtest_writeb(s, 0x9f028, 0x01);
> - qtest_writeb(s, 0x9f02a, 0x01);
> - qtest_writeb(s, 0x9f02c, 0x01);
> - qtest_writeb(s, 0x9f02e, 0x01);
> - qtest_writeb(s, 0x9f030, 0x01);
> - qtest_outb(s, 0x6e10, 0x00);
> - qtest_quit(s);
> -}
> -
> int main(int argc, char **argv)
> {
> const char *arch = qtest_get_arch();
> @@ -83,8 +34,6 @@ int main(int argc, char **argv)
> if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
> qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert",
> test_lp1878642_pci_bus_get_irq_level_assert);
> - qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache",
> - test_mmio_oob_from_memory_region_cache);
> }
>
> return g_test_run();
> diff --git a/tests/qtest/fuzz-virtio-scsi-test.c b/tests/qtest/fuzz-virtio-scsi-test.c
> new file mode 100644
> index 00000000000..aaf6d10e189
> --- /dev/null
> +++ b/tests/qtest/fuzz-virtio-scsi-test.c
> @@ -0,0 +1,75 @@
> +/*
> + * QTest fuzzer-generated testcase for virtio-scsi device
> + *
> + * Copyright (c) 2020 Li Qiang <liq3ea@gmail.com>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + */
> +
> +#include "qemu/osdep.h"
> +
> +#include "libqos/libqtest.h"
> +
> +/*
> + * Here a MemoryRegionCache pointed to an MMIO region but had a
> + * larger size than the underlying region.
> + */
> +static void test_mmio_oob_from_memory_region_cache(void)
> +{
> + QTestState *s;
> +
> + s = qtest_init("-M pc-q35-5.2 -display none -m 512M "
> + "-device virtio-scsi,num_queues=8,addr=03.0 ");
> +
> + qtest_outl(s, 0xcf8, 0x80001811);
> + qtest_outb(s, 0xcfc, 0x6e);
> + qtest_outl(s, 0xcf8, 0x80001824);
> + qtest_outl(s, 0xcf8, 0x80001813);
> + qtest_outl(s, 0xcfc, 0xa080000);
> + qtest_outl(s, 0xcf8, 0x80001802);
> + qtest_outl(s, 0xcfc, 0x5a175a63);
> + qtest_outb(s, 0x6e08, 0x9e);
> + qtest_writeb(s, 0x9f003, 0xff);
> + qtest_writeb(s, 0x9f004, 0x01);
> + qtest_writeb(s, 0x9e012, 0x0e);
> + qtest_writeb(s, 0x9e01b, 0x0e);
> + qtest_writeb(s, 0x9f006, 0x01);
> + qtest_writeb(s, 0x9f008, 0x01);
> + qtest_writeb(s, 0x9f00a, 0x01);
> + qtest_writeb(s, 0x9f00c, 0x01);
> + qtest_writeb(s, 0x9f00e, 0x01);
> + qtest_writeb(s, 0x9f010, 0x01);
> + qtest_writeb(s, 0x9f012, 0x01);
> + qtest_writeb(s, 0x9f014, 0x01);
> + qtest_writeb(s, 0x9f016, 0x01);
> + qtest_writeb(s, 0x9f018, 0x01);
> + qtest_writeb(s, 0x9f01a, 0x01);
> + qtest_writeb(s, 0x9f01c, 0x01);
> + qtest_writeb(s, 0x9f01e, 0x01);
> + qtest_writeb(s, 0x9f020, 0x01);
> + qtest_writeb(s, 0x9f022, 0x01);
> + qtest_writeb(s, 0x9f024, 0x01);
> + qtest_writeb(s, 0x9f026, 0x01);
> + qtest_writeb(s, 0x9f028, 0x01);
> + qtest_writeb(s, 0x9f02a, 0x01);
> + qtest_writeb(s, 0x9f02c, 0x01);
> + qtest_writeb(s, 0x9f02e, 0x01);
> + qtest_writeb(s, 0x9f030, 0x01);
> + qtest_outb(s, 0x6e10, 0x00);
> + qtest_quit(s);
> +}
> +
> +int main(int argc, char **argv)
> +{
> + const char *arch = qtest_get_arch();
> +
> + g_test_init(&argc, &argv, NULL);
> +
> + if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
> + qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache",
> + test_mmio_oob_from_memory_region_cache);
> + }
> +
> + return g_test_run();
> +}
> diff --git a/MAINTAINERS b/MAINTAINERS
> index b2ef820a9fa..fcbe3ac79a8 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1717,6 +1717,7 @@ S: Supported
> F: include/hw/scsi/*
> F: hw/scsi/*
> F: tests/qtest/virtio-scsi-test.c
> +F: tests/qtest/fuzz-virtio-scsi-test.c
> T: git https://github.com/bonzini/qemu.git scsi-next
>
> SSI
> diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
> index a24e7f1c34a..fedce3ee3c1 100644
> --- a/tests/qtest/meson.build
> +++ b/tests/qtest/meson.build
> @@ -6,6 +6,7 @@
>
> qtests_generic = \
> (config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) + \
> + (config_all_devices.has_key('CONFIG_VIRTIO_SCSI') ? ['fuzz-virtio-scsi-test'] : []) + \
> [
> 'cdrom-test',
> 'device-introspect-test',
> --
> 2.26.2
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-15 15:09 ` [PATCH 1/4] tests/qtest: Remove TPM tests Philippe Mathieu-Daudé
2021-01-15 15:52 ` Philippe Mathieu-Daudé
@ 2021-01-17 18:47 ` Paolo Bonzini
2021-01-17 18:56 ` Philippe Mathieu-Daudé
1 sibling, 1 reply; 19+ messages in thread
From: Paolo Bonzini @ 2021-01-17 18:47 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Stefan Berger
On 15/01/21 16:09, Philippe Mathieu-Daudé wrote:
> |The TPM tests are failing, and no further tests are run, making the
> rest of the testsuite pointless:|
Just use -k when running tests, it's a good idea in general.
Paolo
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 1/4] tests/qtest: Remove TPM tests
2021-01-17 18:47 ` Paolo Bonzini
@ 2021-01-17 18:56 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-17 18:56 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
Hannes Reinecke, Alexander Bulekov, Stefan Berger
On 1/17/21 7:47 PM, Paolo Bonzini wrote:
> On 15/01/21 16:09, Philippe Mathieu-Daudé wrote:
>> |The TPM tests are failing, and no further tests are run, making the
>> rest of the testsuite pointless:|
>
> Just use -k when running tests, it's a good idea in general.
Yes, this used to be the default. I still see it in the
Meson conversion in commit a2ce7dbd917 ("meson: convert
ests/qtest to meson"), see tests/qtest/meson.build:
265 test('qtest-@0@/@1@'.format(target_base, test),
266 qtest_executables[test],
267 depends: [test_deps, qtest_emulator],
268 env: qtest_env,
269 args: ['--tap', '-k'],
270 protocol: 'tap',
271 suite: ['qtest', 'qtest-' + target_base])
272 endforeach
273 endforeach
Not sure what is going on.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 2/4] tests/qtest: Make fuzz-test generic to all targets
2021-01-15 22:21 ` Thomas Huth
@ 2021-01-26 11:07 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-26 11:07 UTC (permalink / raw)
To: Thomas Huth, qemu-devel
Cc: Fam Zheng, Laurent Vivier, Hannes Reinecke, qemu-block, Li Qiang,
Alexander Bulekov, Paolo Bonzini, Stefan Berger
On 1/15/21 11:21 PM, Thomas Huth wrote:
> On 15/01/2021 16.09, Philippe Mathieu-Daudé wrote:
>> Tests in fuzz-test's main() already check for the supported
>> architecture before adding tests, therefore this test is not
>> specific to the X86 target. Move it to the generic set.
>
> As long as it does not run any test on non-x86, it does not make sense
> to move it to the generic set, does it? We'd only waste compile cycles
> that way?
OK, I'll resend this patch when the ARM reproducers are posted.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 3/4] tests/qtest: Only run fuzz-megasas-test if megasas device is available
2021-01-15 22:39 ` Alexander Bulekov
@ 2021-01-26 11:08 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-01-26 11:08 UTC (permalink / raw)
To: Alexander Bulekov
Cc: Fam Zheng, Laurent Vivier, Thomas Huth, qemu-block, Li Qiang,
qemu-devel, Hannes Reinecke, Paolo Bonzini, Stefan Berger
On 1/15/21 11:39 PM, Alexander Bulekov wrote:
> On 210115 1609, Philippe Mathieu-Daudé wrote:
>> This test fails when QEMU is built without the megasas device,
>> restrict it to its availability.
>
> Should we just make a separate directory for fuzzer tests and have a
> separate source file for each reproducer (or for each device)? That way,
> we avoid confusion about what to do with new reproducers: they always go
> into e.g. tests/qtest/reproducers/device_name.c
Yes probably. Do you mind sending a patch series?
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2021-01-26 11:09 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-15 15:09 [PATCH 0/4] tests/qtest: Fixes fuzz-tests Philippe Mathieu-Daudé
2021-01-15 15:09 ` [PATCH 1/4] tests/qtest: Remove TPM tests Philippe Mathieu-Daudé
2021-01-15 15:52 ` Philippe Mathieu-Daudé
2021-01-15 15:53 ` Stefan Berger
2021-01-15 16:06 ` Philippe Mathieu-Daudé
2021-01-15 16:07 ` Philippe Mathieu-Daudé
2021-01-15 18:40 ` Stefan Berger
2021-01-15 19:56 ` Stefan Berger
2021-01-16 14:56 ` Philippe Mathieu-Daudé
2021-01-17 18:47 ` Paolo Bonzini
2021-01-17 18:56 ` Philippe Mathieu-Daudé
2021-01-15 15:09 ` [PATCH 2/4] tests/qtest: Make fuzz-test generic to all targets Philippe Mathieu-Daudé
2021-01-15 22:21 ` Thomas Huth
2021-01-26 11:07 ` Philippe Mathieu-Daudé
2021-01-15 15:09 ` [PATCH 3/4] tests/qtest: Only run fuzz-megasas-test if megasas device is available Philippe Mathieu-Daudé
2021-01-15 22:39 ` Alexander Bulekov
2021-01-26 11:08 ` Philippe Mathieu-Daudé
2021-01-15 15:09 ` [PATCH 4/4] tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi " Philippe Mathieu-Daudé
2021-01-17 11:01 ` Michael S. Tsirkin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).