| Message ID | 20200611055651.13784-1-alxndr@bu.edu (mailing list archive) |
|---|---|
| Headers | show |
| Series | fuzz: add generic fuzzer | expand |
Patchew URL: https://patchew.org/QEMU/20200611055651.13784-1-alxndr@bu.edu/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Message-id: 20200611055651.13784-1-alxndr@bu.edu
Subject: [RFC PATCH 0/3] fuzz: add generic fuzzer
Type: series
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
From https://github.com/patchew-project/qemu
* [new tag] patchew/20200611055651.13784-1-alxndr@bu.edu -> patchew/20200611055651.13784-1-alxndr@bu.edu
Switched to a new branch 'test'
581b756 fuzz: Add callbacks for dma-access functions
efcea82 fuzz: add support for fuzzing DMA regions
03d7012 fuzz: add a general fuzzer for any qemu arguments
=== OUTPUT BEGIN ===
1/3 Checking commit 03d701265206 (fuzz: add a general fuzzer for any qemu arguments)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#23:
new file mode 100644
ERROR: "foo* bar" should be "foo *bar"
#366: FILE: tests/qtest/fuzz/general_fuzz.c:339:
+ void (*ops[]) (QTestState* s, const unsigned char* , size_t) = {
total: 1 errors, 1 warnings, 461 lines checked
Patch 1/3 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/3 Checking commit efcea82301ce (fuzz: add support for fuzzing DMA regions)
ERROR: externs should be avoided in .c files
#35: FILE: tests/qtest/fuzz/general_fuzz.c:71:
+void dma_read_cb(size_t addr, size_t len);
total: 1 errors, 0 warnings, 147 lines checked
Patch 2/3 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/3 Checking commit 581b756ff038 (fuzz: Add callbacks for dma-access functions)
ERROR: space required before the open parenthesis '('
#20: FILE: exec.c:3251:
+ if(as->root == get_system_memory())
ERROR: space required before the open parenthesis '('
#31: FILE: exec.c:3563:
+ if(as->root == get_system_memory() && !is_write)
ERROR: braces {} are necessary for all arms of this statement
#31: FILE: exec.c:3563:
+ if(as->root == get_system_memory() && !is_write)
[...]
ERROR: space required before the open parenthesis '('
#42: FILE: exec.c:3574:
+ if(as->root == get_system_memory() && !is_write)
ERROR: braces {} are necessary for all arms of this statement
#42: FILE: exec.c:3574:
+ if(as->root == get_system_memory() && !is_write)
[...]
ERROR: space required before the open parenthesis '('
#53: FILE: exec.c:3650:
+ if(as->root == get_system_memory() && !is_write)
ERROR: braces {} are necessary for all arms of this statement
#53: FILE: exec.c:3650:
+ if(as->root == get_system_memory() && !is_write)
[...]
ERROR: braces {} are necessary for all arms of this statement
#128: FILE: include/sysemu/dma.h:109:
+ if (dir == DMA_DIRECTION_TO_DEVICE)
[...]
total: 8 errors, 0 warnings, 136 lines checked
Patch 3/3 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===
Test command exited with code: 1
The full log is available at
http://patchew.org/logs/20200611055651.13784-1-alxndr@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
On Thu, Jun 11, 2020 at 01:56:48AM -0400, Alexander Bulekov wrote: > These patches add a generic fuzzer for virtual devices. This should > allow us to fuzz devices that accept inputs over MMIO, PIO and DMA > without any device-specific code. > > Example: > QEMU_FUZZ_ARGS="-device virtio-net" \ > FUZZ_REGION_WHITELIST="virtio pci-" \ > ./i386-softmmu/qemu-fuzz-i386 --fuzz-target=general-pci-enum-fuzz > > The above command will add a virtio-net device to the QEMU arguments and > restrict the fuzzer to only interact with MMIO and PIO regions with > names that contain "virtio" or "pci-". I find these names using the info > mtree monitor command. > > Basically, the fuzzer splits the input into a series of commands, such > as mmio_write, pio_write, etc. Additionally, these patches add "hooks" > to functions that are typically used by virtual-devices to read from RAM > (DMA). These hooks attempt to populate these DMA regions with fuzzed > data, just in time. There are some differences from my reference code > that seem to result in performance issues that I am still trying to iron > out. I also need to figure out how to add the DMA "hooks" in a neat way. > Maybe I can use -Wl,--wrap for this. I appreciate any feedback. > > Alexander Bulekov (3): > fuzz: add a general fuzzer for any qemu arguments > fuzz: add support for fuzzing DMA regions > fuzz: Add callbacks for dma-access functions > > exec.c | 17 +- > include/exec/memory.h | 8 + > include/exec/memory_ldst_cached.inc.h | 9 + > include/sysemu/dma.h | 5 +- > memory_ldst.inc.c | 12 + > tests/qtest/fuzz/Makefile.include | 1 + > tests/qtest/fuzz/general_fuzz.c | 556 ++++++++++++++++++++++++++ > 7 files changed, 606 insertions(+), 2 deletions(-) > create mode 100644 tests/qtest/fuzz/general_fuzz.c CCing Dima in case he is interested in this generic fuzzing approach. Stefan
On Tue, Jun 23, 2020 at 03:16:01PM +0100, Stefan Hajnoczi wrote: > On Thu, Jun 11, 2020 at 01:56:48AM -0400, Alexander Bulekov wrote: > > These patches add a generic fuzzer for virtual devices. This should > > allow us to fuzz devices that accept inputs over MMIO, PIO and DMA > > without any device-specific code. > > > > Example: > > QEMU_FUZZ_ARGS="-device virtio-net" \ > > FUZZ_REGION_WHITELIST="virtio pci-" \ > > ./i386-softmmu/qemu-fuzz-i386 --fuzz-target=general-pci-enum-fuzz > > > > The above command will add a virtio-net device to the QEMU arguments and > > restrict the fuzzer to only interact with MMIO and PIO regions with > > names that contain "virtio" or "pci-". I find these names using the info > > mtree monitor command. > > > > Basically, the fuzzer splits the input into a series of commands, such > > as mmio_write, pio_write, etc. Additionally, these patches add "hooks" > > to functions that are typically used by virtual-devices to read from RAM > > (DMA). These hooks attempt to populate these DMA regions with fuzzed > > data, just in time. There are some differences from my reference code > > that seem to result in performance issues that I am still trying to iron > > out. I also need to figure out how to add the DMA "hooks" in a neat way. > > Maybe I can use -Wl,--wrap for this. I appreciate any feedback. > > > > Alexander Bulekov (3): > > fuzz: add a general fuzzer for any qemu arguments > > fuzz: add support for fuzzing DMA regions > > fuzz: Add callbacks for dma-access functions > > > > exec.c | 17 +- > > include/exec/memory.h | 8 + > > include/exec/memory_ldst_cached.inc.h | 9 + > > include/sysemu/dma.h | 5 +- > > memory_ldst.inc.c | 12 + > > tests/qtest/fuzz/Makefile.include | 1 + > > tests/qtest/fuzz/general_fuzz.c | 556 ++++++++++++++++++++++++++ > > 7 files changed, 606 insertions(+), 2 deletions(-) > > create mode 100644 tests/qtest/fuzz/general_fuzz.c > > CCing Dima in case he is interested in this generic fuzzing approach. > > Stefan Thanks for adding me, going to look into it on this weekend. Dima.