Message ID | 20201215190811.398331-1-alxndr@bu.edu (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [v2] fuzz: map all BARs and enable PCI devices | expand |
On 15/12/2020 20.08, Alexander Bulekov wrote: > Prior to this patch, the fuzzer found inputs to map PCI device BARs and > enable the device. While it is nice that the fuzzer can do this, it > added significant overhead, since the fuzzer needs to map all the > BARs (regenerating the memory topology), at the start of each input. > With this patch, we do this once, before fuzzing, mitigating some of > this overhead. > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > Reviewed-by: Darren Kenny <darren.kenny@oracle.com> > --- > > v2: do not mix statements and declarations > > tests/qtest/fuzz/generic_fuzz.c | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > > diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c > index 07ad690683..92b598dea8 100644 > --- a/tests/qtest/fuzz/generic_fuzz.c > +++ b/tests/qtest/fuzz/generic_fuzz.c > @@ -16,6 +16,7 @@ > > #include "hw/core/cpu.h" > #include "tests/qtest/libqos/libqtest.h" > +#include "tests/qtest/libqos/pci-pc.h" > #include "fuzz.h" > #include "fork_fuzz.h" > #include "exec/address-spaces.h" > @@ -762,10 +763,28 @@ static int locate_fuzz_objects(Object *child, void *opaque) > return 0; > } > > + > +static void pci_enum(gpointer pcidev, gpointer bus) > +{ > + PCIDevice *dev = pcidev; > + QPCIDevice *qdev; > + int i; > + > + qdev = qpci_device_find(bus, dev->devfn); > + g_assert(qdev != NULL); > + for (i = 0; i < 6; i++) { > + if (dev->io_regions[i].size) { > + qpci_iomap(qdev, i, NULL); > + } > + } > + qpci_device_enable(qdev); > +} This new code just triggered a leak error in the gitlab-CI for me: https://gitlab.com/huth/qemu/-/jobs/920543745#L309 Could you please have a look? Thanks, Thomas
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index 07ad690683..92b598dea8 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -16,6 +16,7 @@ #include "hw/core/cpu.h" #include "tests/qtest/libqos/libqtest.h" +#include "tests/qtest/libqos/pci-pc.h" #include "fuzz.h" #include "fork_fuzz.h" #include "exec/address-spaces.h" @@ -762,10 +763,28 @@ static int locate_fuzz_objects(Object *child, void *opaque) return 0; } + +static void pci_enum(gpointer pcidev, gpointer bus) +{ + PCIDevice *dev = pcidev; + QPCIDevice *qdev; + int i; + + qdev = qpci_device_find(bus, dev->devfn); + g_assert(qdev != NULL); + for (i = 0; i < 6; i++) { + if (dev->io_regions[i].size) { + qpci_iomap(qdev, i, NULL); + } + } + qpci_device_enable(qdev); +} + static void generic_pre_fuzz(QTestState *s) { GHashTableIter iter; MemoryRegion *mr; + QPCIBus *pcibus; char **result; if (!getenv("QEMU_FUZZ_OBJECTS")) { @@ -810,6 +829,10 @@ static void generic_pre_fuzz(QTestState *s) exit(1); } + pcibus = qpci_new_pc(s, NULL); + g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus); + qpci_free_pc(pcibus); + counter_shm_init(); }