From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xen.org>
Cc: George Dunlap <george.dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Wei Liu <wei.liu2@citrix.com>, Jan Beulich <JBeulich@suse.com>
Subject: [PATCH 10/10] tools/insn-fuzz: Always use x86_swint_emulate_all
Date: Mon, 27 Mar 2017 10:56:38 +0100 [thread overview]
Message-ID: <1490608598-11197-11-git-send-email-andrew.cooper3@citrix.com> (raw)
In-Reply-To: <1490608598-11197-1-git-send-email-andrew.cooper3@citrix.com>
The swint_emulate parameter indicates how much extra work the emulator needs
to do to cover issues with certain hardware injection methods.
Using x86_swint_emulate_all opens up maximum coverage in the emulator.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
CC: Wei Liu <wei.liu2@citrix.com>
---
tools/fuzz/x86_instruction_emulator/fuzz-emul.c | 21 ++-------------------
1 file changed, 2 insertions(+), 19 deletions(-)
diff --git a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
index 1906186..a5dbb2f 100644
--- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
+++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
@@ -626,8 +626,7 @@ enum {
HOOK_put_fpu,
HOOK_invlpg,
HOOK_vmfunc,
- OPTION_swint_emulation, /* Two bits */
- CANONICALIZE_rip = OPTION_swint_emulation + 2,
+ CANONICALIZE_rip,
CANONICALIZE_rsp,
CANONICALIZE_rbp
};
@@ -669,21 +668,6 @@ static void disable_hooks(struct x86_emulate_ctxt *ctxt)
MAYBE_DISABLE_HOOK(invlpg);
}
-static void set_swint_support(struct x86_emulate_ctxt *ctxt)
-{
- struct fuzz_state *s = ctxt->data;
- struct fuzz_corpus *c = s->corpus;
- unsigned int swint_opt = (c->options >> OPTION_swint_emulation) & 3;
- static const enum x86_swint_emulation map[4] = {
- x86_swint_emulate_none,
- x86_swint_emulate_none,
- x86_swint_emulate_icebp,
- x86_swint_emulate_all
- };
-
- ctxt->swint_emulate = map[swint_opt];
-}
-
/*
* Constrain input to architecturally-possible states where
* the emulator relies on these
@@ -762,6 +746,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t size)
};
struct x86_emulate_ctxt ctxt = {
.data = &state,
+ .swint_emulate = x86_swint_emulate_all,
.regs = ®s,
.addr_size = 8 * sizeof(void *),
.sp_size = 8 * sizeof(void *),
@@ -792,8 +777,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t size)
disable_hooks(&ctxt);
- set_swint_support(&ctxt);
-
do {
/* FIXME: Until we actually implement SIGFPE handling properly */
setup_fpu_exception_handler();
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-03-27 9:56 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-27 9:56 [PATCH 00/10] x86 emulation bugfixes and fuzzer improvements Andrew Cooper
2017-03-27 9:56 ` [PATCH 01/10] x86/emul: Correct the decoding of vlddqu Andrew Cooper
2017-03-27 11:24 ` Jan Beulich
2017-03-27 12:10 ` Andrew Cooper
2017-03-27 12:30 ` Jan Beulich
2017-03-27 9:56 ` [PATCH 02/10] x86/emul: Add feature check for clzero Andrew Cooper
2017-03-27 11:25 ` Jan Beulich
2017-03-27 11:28 ` Jan Beulich
2017-03-27 12:13 ` Andrew Cooper
2017-03-27 12:31 ` Jan Beulich
2017-03-27 13:40 ` Andrew Cooper
2017-03-27 9:56 ` [PATCH 03/10] tools/insn-fuzz: Don't use memcpy() for zero-length reads Andrew Cooper
2017-03-27 11:02 ` George Dunlap
2017-03-27 11:05 ` Andrew Cooper
2017-03-27 11:32 ` Jan Beulich
2017-03-27 12:22 ` Andrew Cooper
2017-03-27 12:35 ` Jan Beulich
2017-03-27 11:36 ` Jan Beulich
2017-03-27 12:14 ` Andrew Cooper
2017-03-27 9:56 ` [PATCH 04/10] tools/insn-fuzz: Avoid making use of static data Andrew Cooper
2017-03-27 11:39 ` Jan Beulich
2017-03-27 9:56 ` [PATCH 05/10] tools/insn-fuzz: Fix a stability bug in afl-clang-fast mode Andrew Cooper
2017-03-27 11:41 ` Jan Beulich
2017-03-27 9:56 ` [PATCH 06/10] tools/insn-fuzz: Correct hook prototypes, and assert() appropriate segments Andrew Cooper
2017-03-27 11:48 ` Jan Beulich
2017-03-27 12:49 ` Andrew Cooper
2017-03-27 9:56 ` [PATCH 07/10] tools/insn-fuzz: Provide IA32_DEBUGCTL consistently to the emulator Andrew Cooper
2017-03-27 11:53 ` Jan Beulich
2017-03-27 12:53 ` Andrew Cooper
2017-03-27 9:56 ` [PATCH 08/10] tools/insn-fuzz: Fix assertion failures in x86_emulate_wrapper() Andrew Cooper
2017-03-27 12:01 ` Jan Beulich
2017-03-27 9:56 ` [PATCH 09/10] tools/x86emul: Advertise more CPUID features for testing purposes Andrew Cooper
2017-03-27 11:20 ` George Dunlap
2017-03-27 12:13 ` Jan Beulich
2017-03-27 12:56 ` George Dunlap
2017-03-27 13:03 ` Andrew Cooper
2017-03-27 13:08 ` George Dunlap
2017-03-27 13:42 ` Jan Beulich
2017-03-27 13:49 ` Andrew Cooper
2017-03-27 13:37 ` Andrew Cooper
2017-03-27 13:45 ` Jan Beulich
2017-03-27 12:09 ` Jan Beulich
2017-03-27 13:01 ` Andrew Cooper
2017-03-27 13:40 ` Jan Beulich
2017-03-27 9:56 ` Andrew Cooper [this message]
2017-03-27 11:00 ` [PATCH 10/10] tools/insn-fuzz: Always use x86_swint_emulate_all George Dunlap
2017-03-27 13:09 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1490608598-11197-11-git-send-email-andrew.cooper3@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=george.dunlap@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).