From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Alexander Bulekov <alxndr@bu.edu>,
Darren Kenny <darren.kenny@oracle.com>
Subject: [PULL 11/16] fuzz: move some DMA hooks
Date: Tue, 16 Mar 2021 17:15:26 -0400 [thread overview]
Message-ID: <20210316211531.1649909-12-pbonzini@redhat.com> (raw)
In-Reply-To: <20210316211531.1649909-1-pbonzini@redhat.com>
From: Alexander Bulekov <alxndr@bu.edu>
For the sparse-mem device, we want the fuzzer to populate entire DMA
reads from sparse-mem, rather than hooking into the individual MMIO
memory_region_dispatch_read operations. Otherwise, the fuzzer will treat
each sequential read separately (and populate it with a separate
pattern). Work around this by rearranging some DMA hooks. Since the
fuzzer has it's own logic to skip accidentally writing to MMIO regions,
we can call the DMA cb, outside the flatview_translate loop.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
softmmu/memory.c | 1 -
softmmu/physmem.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 9db47b7db6..c4730ec47a 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -1440,7 +1440,6 @@ MemTxResult memory_region_dispatch_read(MemoryRegion *mr,
unsigned size = memop_size(op);
MemTxResult r;
- fuzz_dma_read_cb(addr, size, mr);
if (!memory_region_access_valid(mr, addr, size, false, attrs)) {
*pval = unassigned_mem_read(mr, addr, size);
return MEMTX_DECODE_ERROR;
diff --git a/softmmu/physmem.c b/softmmu/physmem.c
index 7e8b0fab89..6a58c86750 100644
--- a/softmmu/physmem.c
+++ b/softmmu/physmem.c
@@ -2831,6 +2831,7 @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
bool release_lock = false;
uint8_t *buf = ptr;
+ fuzz_dma_read_cb(addr, len, mr);
for (;;) {
if (!memory_access_is_direct(mr, false)) {
/* I/O case */
@@ -2841,7 +2842,6 @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
stn_he_p(buf, l, val);
} else {
/* RAM case */
- fuzz_dma_read_cb(addr, len, mr);
ram_ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false);
memcpy(buf, ram_ptr, l);
}
--
2.26.2
next prev parent reply other threads:[~2021-03-16 21:22 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 21:15 [PULL 00/16] Fuzzing + bugfix patches for QEMU 6.0 soft freeze Paolo Bonzini
2021-03-16 21:15 ` [PULL 01/16] tests/qtest: Only run fuzz-megasas-test if megasas device is available Paolo Bonzini
2021-03-16 21:15 ` [PULL 02/16] tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi " Paolo Bonzini
2021-03-16 21:15 ` [PULL 03/16] MAINTAINERS: Cover fuzzer reproducer tests within 'Device Fuzzing' Paolo Bonzini
2021-03-16 21:15 ` [PULL 04/16] fuzz: fix the pro100 generic-fuzzer config Paolo Bonzini
2021-03-16 21:15 ` [PULL 05/16] fuzz: don't leave orphan llvm-symbolizers around Paolo Bonzini
2021-03-16 21:15 ` [PULL 06/16] fuzz: add a script to build reproducers Paolo Bonzini
2021-03-16 21:15 ` [PULL 07/16] fuzz: add instructions for building reproducers Paolo Bonzini
2021-03-16 21:15 ` [PULL 08/16] fuzz: add a am53c974 generic-fuzzer config Paolo Bonzini
2021-03-16 21:15 ` [PULL 09/16] memory: add a sparse memory device for fuzzing Paolo Bonzini
2021-04-06 13:29 ` Philippe Mathieu-Daudé
2021-03-16 21:15 ` [PULL 10/16] fuzz: configure a sparse-mem device, by default Paolo Bonzini
2021-03-16 21:15 ` Paolo Bonzini [this message]
2021-03-16 21:15 ` [PULL 12/16] configure: add option to explicitly enable/disable libgio Paolo Bonzini
2021-03-16 21:15 ` [PULL 13/16] Revert "accel: kvm: Add aligment assert for kvm_log_clear_one_slot" Paolo Bonzini
2021-03-16 21:15 ` [PULL 14/16] scsi: fix sense code for EREMOTEIO Paolo Bonzini
2021-03-16 21:15 ` [PULL 15/16] hw/i8254: fix vmstate load Paolo Bonzini
2021-03-16 21:15 ` [PULL 16/16] qemu-timer: allow freeing a NULL timer Paolo Bonzini
2021-03-18 10:05 ` [PULL 00/16] Fuzzing + bugfix patches for QEMU 6.0 soft freeze Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210316211531.1649909-12-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=alxndr@bu.edu \
--cc=darren.kenny@oracle.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).