From: Richard Liu <richy.liu.2002@gmail.com>
To: qemu-devel@nongnu.org
Cc: alxndr@bu.edu, bsd@redhat.com, darren.kenny@oracle.com,
Richard Liu <richy.liu.2002@gmail.com>
Subject: [RFC 0/3] add snapshot/restore fuzzing device
Date: Fri, 22 Jul 2022 12:20:38 -0700 [thread overview]
Message-ID: <20220722192041.93006-1-richy.liu.2002@gmail.com> (raw)
This RFC adds a virtual device for snapshot/restores within QEMU. I am working
on this as a part of QEMU Google Summer of Code 2022. Fast snapshot/restores
within QEMU is helpful for code fuzzing.
I reused the migration code for saving and restoring virtual device and CPU
state. As for the RAM, I am using a simple COW mmaped file to do restores.
The loadvm migration function I used for doing restores only worked after I
called it from a qemu_bh. I'm not sure if I should run the migration code in a
separate thread (see patch 3), since currently it is running as a part of the
device code in the vCPU thread.
This is a rough first revision and feedback on the cpu and device state restores
is appreciated.
To test locally, boot up any linux distro. I used the following C file to
interact with the PCI snapshot device:
#include <stdio.h>
#include <stdint.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <unistd.h>
int main() {
int fd = open("/sys/bus/pci/devices/0000:00:04.0/resource0", O_RDWR | O_SYNC);
size_t size = 1024 * 1024;
uint32_t* memory = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
printf("%x\n", memory[0]);
int a = 0;
memory[0] = 0x101; // save snapshot
printf("before: value of a = %d\n", a);
a = 1;
printf("middle: value of a = %d\n", a);
memory[0] = 0x102; // load snapshot
printf("after: value of a = %d\n", a);
return 0;
}
Richard Liu (3):
create skeleton snapshot device and add docs
implement ram save/restore
use migration code for cpu and device save/restore
docs/devel/snapshot.rst | 26 +++++++
hw/i386/Kconfig | 1 +
hw/misc/Kconfig | 3 +
hw/misc/meson.build | 1 +
hw/misc/snapshot.c | 164 ++++++++++++++++++++++++++++++++++++++++
migration/savevm.c | 84 ++++++++++++++++++++
migration/savevm.h | 3 +
7 files changed, 282 insertions(+)
create mode 100644 docs/devel/snapshot.rst
create mode 100644 hw/misc/snapshot.c
--
2.35.1
next reply other threads:[~2022-07-22 19:24 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-22 19:20 Richard Liu [this message]
2022-07-22 19:20 ` [RFC 1/3] create skeleton snapshot device and add docs Richard Liu
2022-07-22 19:20 ` [RFC 2/3] implement ram save/restore Richard Liu
2022-07-22 19:20 ` [RFC 3/3] use migration code for cpu and device save/restore Richard Liu
2022-07-22 20:10 ` [RFC 0/3] add snapshot/restore fuzzing device Claudio Fontana
2022-07-23 15:52 ` Alexander Bulekov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220722192041.93006-1-richy.liu.2002@gmail.com \
--to=richy.liu.2002@gmail.com \
--cc=alxndr@bu.edu \
--cc=bsd@redhat.com \
--cc=darren.kenny@oracle.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).