From: Alexander Bulekov <alxndr@bu.edu>
To: qemu-devel@nongnu.org
Cc: darren.kenny@oracle.com, f4bug@amsat.org,
Alexander Bulekov <alxndr@bu.edu>
Subject: [PATCH v3 0/3] fuzz: Add a sparse-memory device to accelerate fuzzing
Date: Mon, 15 Mar 2021 10:05:09 -0400 [thread overview]
Message-ID: <20210315140512.8357-1-alxndr@bu.edu> (raw)
v3:
- Fix innacurate commit message for the sparse-mem dev
- Remove debug printfs
v2:
- Make the device a TYPE_SYS_BUS_DEVICE device
- Remove the qtest (the device cannot be enabled for testing outside
of the fuzzing code).
- Since this will only be used for short-lived fuzzing processes, do
not keep track of empty regions.
- Move some DMA callbacks to properly fill DMA buffers in sparse
memory
The generic-fuzzer often provides virtual-devices with bogus DMA
addresses (e.g. 0x4141414141414141). The probability that these fuzzed
addresses actually land within RAM is quite small. The fuzzer eventually
finds valid addresses, however, this takes some time, and this problem is
compounded when the device accesses multiple DMA regions. This series
adds a "sparse" memory device, and configures it for the generic-fuzzer.
This allows us to simulate 16 EB ram (only a tiny portion actually
populated). Thus, almost any randomly generated 64-bit address will land
in memory that the fuzzer can populate with data.
Alexander Bulekov (3):
memory: add a sparse memory device for fuzzing
fuzz: configure a sparse-mem device, by default
fuzz: move some DMA hooks
MAINTAINERS | 1 +
hw/mem/meson.build | 1 +
hw/mem/sparse-mem.c | 151 ++++++++++++++++++++++++++++++++
include/hw/mem/sparse-mem.h | 19 ++++
softmmu/memory.c | 1 -
softmmu/physmem.c | 2 +-
tests/qtest/fuzz/generic_fuzz.c | 14 ++-
7 files changed, 184 insertions(+), 5 deletions(-)
create mode 100644 hw/mem/sparse-mem.c
create mode 100644 include/hw/mem/sparse-mem.h
--
2.27.0
next reply other threads:[~2021-03-15 14:08 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-15 14:05 Alexander Bulekov [this message]
2021-03-15 14:05 ` [PATCH v3 1/3] memory: add a sparse memory device for fuzzing Alexander Bulekov
2021-03-15 14:54 ` Darren Kenny
2021-03-15 14:05 ` [PATCH v3 2/3] fuzz: configure a sparse-mem device, by default Alexander Bulekov
2021-03-15 14:05 ` [PATCH v3 3/3] fuzz: move some DMA hooks Alexander Bulekov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210315140512.8357-1-alxndr@bu.edu \
--to=alxndr@bu.edu \
--cc=darren.kenny@oracle.com \
--cc=f4bug@amsat.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.