From: Navid Emamdoost <navidem@google.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, farosas@suse.de, lvivier@redhat.com,
pbonzini@redhat.com, zsm@google.com, alxndr@bu.edu
Subject: Re: [PATCH v2 1/5] libqos: pci: Handle zero-sized BARs gracefully
Date: Thu, 4 Dec 2025 20:16:38 -0800 [thread overview]
Message-ID: <CAGXevkgDcVLdWB7r6v8GEdGefckDzayd1cLUiQkkSU2H+zH1-w@mail.gmail.com> (raw)
In-Reply-To: <CAFEAcA97NhUDzVx8fePmW2HSKn5DhhaQEkc=FkmPzGf+vKFKzQ@mail.gmail.com>
Hi Peter,
On Thu, Nov 27, 2025 at 5:17 AM Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Thu, 27 Nov 2025 at 00:12, Navid Emamdoost <navidem@google.com> wrote:
> >
> > The qpci_iomap() function would previously fail with a fatal assertion
> > if it probed a PCI BAR that had a size of zero. This is, however,
> > expected behavior for some devices like the Q35 host bridge, and the
> > assertion blocked the creation of new fuzzing targets.
> >
> > Instead of asserting at map time, modify the QPCIBar struct to store
> > the BAR's size. Defer the safety check to the accessor functions
> > (qpci_io_readb, qpci_memread, etc.), which now assert that any
> > access is within the BAR's bounds.
> >
> > Signed-off-by: Navid Emamdoost navidem@google.com
> > ---
> > tests/qtest/libqos/pci.c | 25 ++++++++++++++++++++++++-
> > tests/qtest/libqos/pci.h | 1 +
> > 2 files changed, 25 insertions(+), 1 deletion(-)
> >
> > diff --git a/tests/qtest/libqos/pci.c b/tests/qtest/libqos/pci.c
> > index a59197b992..70caf382cc 100644
> > --- a/tests/qtest/libqos/pci.c
> > +++ b/tests/qtest/libqos/pci.c
> > @@ -396,6 +396,7 @@ void qpci_config_writel(QPCIDevice *dev, uint8_t offset, uint32_t value)
> >
> > uint8_t qpci_io_readb(QPCIDevice *dev, QPCIBar token, uint64_t off)
> > {
> > + g_assert(off + 1 <= token.size);
> > QPCIBus *bus = dev->bus;
>
> The indent seems to be wrong for all your changes to these functions?
>
> Also, we need "make check" to pass for every commit in the
> patchset, not just after it has all been applied. So we need
> to make the fixes that you have in patches 2-4 before we
> can start enforcing the size limits with assertions.
Do you think it's better to squash all changes of patch1-4 into
a single commit that reworks the libqos PCI API and fixes all affected tests.
>
> > @@ -541,6 +550,19 @@ QPCIBar qpci_iomap(QPCIDevice *dev, int barno, uint64_t *sizeptr)
> > addr &= PCI_BASE_ADDRESS_MEM_MASK;
> > }
> >
> > + if (!addr){
>
> Missing space before "{". (scripts/checkpatch.pl will
> probably catch this kind of style error.)
>
> > + /*
> > + * This is an unimplemented BAR. It is not a fatal error.
> > + * We model it as a BAR with a size of zero. Any attempt to
> > + * access it will be caught by assertions in the accessors.
> > + */
> > + if (sizeptr) {
> > + *sizeptr = 0;
> > + }
> > + memset(&bar, 0, sizeof(bar));
> > + return bar;
> > + }
> > +
> > g_assert(addr); /* Must have *some* size bits */
>
> We can drop this assert now, because we just dealt with
> the addr == 0 case.
>
> > size = 1U << ctz32(addr);
> > @@ -572,6 +594,7 @@ QPCIBar qpci_iomap(QPCIDevice *dev, int barno, uint64_t *sizeptr)
> > }
> >
> > bar.addr = loc;
> > + bar.size = size;
> > return bar;
> > }
>
> thanks
> -- PMM
--
Thank you,
Navid.
next prev parent reply other threads:[~2025-12-05 4:17 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 19:19 [PATCH 1/2] libqos: pci: Avoid fatal assert on zero-sized BARs in fuzz builds Navid Emamdoost
2025-10-08 19:19 ` [PATCH 2/2] tests/qtest/fuzz: Add generic fuzzer for pcie-pci-bridge Navid Emamdoost
2025-10-10 15:58 ` [PATCH 1/2] libqos: pci: Avoid fatal assert on zero-sized BARs in fuzz builds Alexander Bulekov
2025-10-14 1:14 ` Navid Emamdoost
2025-11-06 18:41 ` Navid Emamdoost
2025-11-13 14:02 ` Peter Maydell
2025-11-25 2:30 ` Navid Emamdoost
2025-11-25 10:01 ` Peter Maydell
2025-11-27 0:12 ` [PATCH v2 0/5] tests/qtest: Rework libqos PCI BAR handling to support fuzzing Navid Emamdoost
2025-11-27 0:12 ` [PATCH v2 1/5] libqos: pci: Handle zero-sized BARs gracefully Navid Emamdoost
2025-11-27 13:17 ` Peter Maydell
2025-12-05 4:16 ` Navid Emamdoost [this message]
2025-11-27 0:12 ` [PATCH v2 2/5] libqos: pci: Require size for legacy I/O port mapping Navid Emamdoost
2025-11-27 13:24 ` Peter Maydell
2025-11-27 0:12 ` [PATCH v2 3/5] tests/qtest: ahci-test: Check only implemented ports in verify_state Navid Emamdoost
2025-11-27 13:27 ` Peter Maydell
2025-11-27 0:12 ` [PATCH v2 4/5] tests/qtest: Rework nvmetest_oob_cmb_test for BAR check Navid Emamdoost
2025-11-27 13:29 ` Peter Maydell
2025-11-27 0:12 ` [PATCH v2 5/5] tests/qtest/fuzz: Add generic fuzzer for pcie-pci-bridge Navid Emamdoost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXevkgDcVLdWB7r6v8GEdGefckDzayd1cLUiQkkSU2H+zH1-w@mail.gmail.com \
--to=navidem@google.com \
--cc=alxndr@bu.edu \
--cc=farosas@suse.de \
--cc=lvivier@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=zsm@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).