[PATCH v2] fuzz: refine the ide/ahci fuzzer configs

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] fuzz: refine the ide/ahci fuzzer configs
@ 2021-01-20 15:22 Alexander Bulekov
  2021-01-20 15:45 ` Thomas Huth
  2021-01-20 17:09 ` Darren Kenny
  0 siblings, 2 replies; 3+ messages in thread
From: Alexander Bulekov @ 2021-01-20 15:22 UTC (permalink / raw)
  To: qemu-devel
  Cc: Laurent Vivier, Thomas Huth, Alexander Bulekov, Bandan Das,
	Stefan Hajnoczi, Paolo Bonzini

Disks work differently depending on the x86 machine type (SATA vs PATA).
Additionally, we should fuzz the atapi code paths, which might contain
vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
machine types.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
---

v2: Fix ide-hd -> ide-cd in the ahci-atapi config

 tests/qtest/fuzz/generic_fuzz_configs.h | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h
index 7fed035345..aa4c03f1ae 100644
--- a/tests/qtest/fuzz/generic_fuzz_configs.h
+++ b/tests/qtest/fuzz/generic_fuzz_configs.h
@@ -85,10 +85,28 @@ const generic_fuzz_config predefined_configs[] = {
         .objects = "intel-hda",
     },{
         .name = "ide-hd",
+        .args = "-machine pc -nodefaults "
+        "-drive file=null-co://,if=none,format=raw,id=disk0 "
+        "-device ide-hd,drive=disk0",
+        .objects = "*ide*",
+    },{
+        .name = "ide-atapi",
+        .args = "-machine pc -nodefaults "
+        "-drive file=null-co://,if=none,format=raw,id=disk0 "
+        "-device ide-cd,drive=disk0",
+        .objects = "*ide*",
+    },{
+        .name = "ahci-hd",
         .args = "-machine q35 -nodefaults "
         "-drive file=null-co://,if=none,format=raw,id=disk0 "
         "-device ide-hd,drive=disk0",
-        .objects = "ahci*",
+        .objects = "*ahci*",
+    },{
+        .name = "ahci-atapi",
+        .args = "-machine q35 -nodefaults "
+        "-drive file=null-co://,if=none,format=raw,id=disk0 "
+        "-device ide-cd,drive=disk0",
+        .objects = "*ahci*",
     },{
         .name = "floppy",
         .args = "-machine pc -nodefaults -device floppy,id=floppy0 "
-- 
2.28.0



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] fuzz: refine the ide/ahci fuzzer configs
  2021-01-20 15:22 [PATCH v2] fuzz: refine the ide/ahci fuzzer configs Alexander Bulekov
@ 2021-01-20 15:45 ` Thomas Huth
  2021-01-20 17:09 ` Darren Kenny
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Huth @ 2021-01-20 15:45 UTC (permalink / raw)
  To: Alexander Bulekov, qemu-devel
  Cc: Laurent Vivier, Paolo Bonzini, Bandan Das, Stefan Hajnoczi

On 20/01/2021 16.22, Alexander Bulekov wrote:
> Disks work differently depending on the x86 machine type (SATA vs PATA).
> Additionally, we should fuzz the atapi code paths, which might contain
> vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
> cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
> machine types.
> 
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
> 
> v2: Fix ide-hd -> ide-cd in the ahci-atapi config
> 
>   tests/qtest/fuzz/generic_fuzz_configs.h | 20 +++++++++++++++++++-
>   1 file changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h
> index 7fed035345..aa4c03f1ae 100644
> --- a/tests/qtest/fuzz/generic_fuzz_configs.h
> +++ b/tests/qtest/fuzz/generic_fuzz_configs.h
> @@ -85,10 +85,28 @@ const generic_fuzz_config predefined_configs[] = {
>           .objects = "intel-hda",
>       },{
>           .name = "ide-hd",
> +        .args = "-machine pc -nodefaults "
> +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> +        "-device ide-hd,drive=disk0",
> +        .objects = "*ide*",
> +    },{
> +        .name = "ide-atapi",
> +        .args = "-machine pc -nodefaults "
> +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> +        "-device ide-cd,drive=disk0",
> +        .objects = "*ide*",
> +    },{
> +        .name = "ahci-hd",
>           .args = "-machine q35 -nodefaults "
>           "-drive file=null-co://,if=none,format=raw,id=disk0 "
>           "-device ide-hd,drive=disk0",
> -        .objects = "ahci*",
> +        .objects = "*ahci*",
> +    },{
> +        .name = "ahci-atapi",
> +        .args = "-machine q35 -nodefaults "
> +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> +        "-device ide-cd,drive=disk0",
> +        .objects = "*ahci*",
>       },{
>           .name = "floppy",
>           .args = "-machine pc -nodefaults -device floppy,id=floppy0 "
> 

Acked-by: Thomas Huth <thuth@redhat.com>



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] fuzz: refine the ide/ahci fuzzer configs
  2021-01-20 15:22 [PATCH v2] fuzz: refine the ide/ahci fuzzer configs Alexander Bulekov
  2021-01-20 15:45 ` Thomas Huth
@ 2021-01-20 17:09 ` Darren Kenny
  1 sibling, 0 replies; 3+ messages in thread
From: Darren Kenny @ 2021-01-20 17:09 UTC (permalink / raw)
  To: Alexander Bulekov, qemu-devel
  Cc: Laurent Vivier, Thomas Huth, Alexander Bulekov, Bandan Das,
	Stefan Hajnoczi, Paolo Bonzini

On Wednesday, 2021-01-20 at 10:22:11 -05, Alexander Bulekov wrote:
> Disks work differently depending on the x86 machine type (SATA vs PATA).
> Additionally, we should fuzz the atapi code paths, which might contain
> vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
> cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
> machine types.
>
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>

> ---
>
> v2: Fix ide-hd -> ide-cd in the ahci-atapi config
>
>  tests/qtest/fuzz/generic_fuzz_configs.h | 20 +++++++++++++++++++-
>  1 file changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h
> index 7fed035345..aa4c03f1ae 100644
> --- a/tests/qtest/fuzz/generic_fuzz_configs.h
> +++ b/tests/qtest/fuzz/generic_fuzz_configs.h
> @@ -85,10 +85,28 @@ const generic_fuzz_config predefined_configs[] = {
>          .objects = "intel-hda",
>      },{
>          .name = "ide-hd",
> +        .args = "-machine pc -nodefaults "
> +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> +        "-device ide-hd,drive=disk0",
> +        .objects = "*ide*",
> +    },{
> +        .name = "ide-atapi",
> +        .args = "-machine pc -nodefaults "
> +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> +        "-device ide-cd,drive=disk0",
> +        .objects = "*ide*",
> +    },{
> +        .name = "ahci-hd",
>          .args = "-machine q35 -nodefaults "
>          "-drive file=null-co://,if=none,format=raw,id=disk0 "
>          "-device ide-hd,drive=disk0",
> -        .objects = "ahci*",
> +        .objects = "*ahci*",
> +    },{
> +        .name = "ahci-atapi",
> +        .args = "-machine q35 -nodefaults "
> +        "-drive file=null-co://,if=none,format=raw,id=disk0 "
> +        "-device ide-cd,drive=disk0",
> +        .objects = "*ahci*",
>      },{
>          .name = "floppy",
>          .args = "-machine pc -nodefaults -device floppy,id=floppy0 "
> -- 
> 2.28.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-01-20 17:19 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-01-20 15:22 [PATCH v2] fuzz: refine the ide/ahci fuzzer configs Alexander Bulekov
2021-01-20 15:45 ` Thomas Huth
2021-01-20 17:09 ` Darren Kenny

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).