| Message ID | 20211123111732.83137-3-philmd@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | hw/scsi/lsi53c895a: Fix guest-triggerable assert() in lsi_do_dma() | expand |
On 23/11/2021 12:17, Philippe Mathieu-Daudé wrote: > Without the previous commit, this test triggers: > > $ make check-qtest-x86_64 > [...] > Running test qtest-x86_64/fuzz-lsi53c895a-test > qemu-system-x86_64: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed. > ERROR qtest-x86_64/fuzz-lsi53c895a-test - too few tests run (expected 1, got 0) > > Suggested-by: Alexander Bulekov <alxndr@bu.edu> > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > tests/qtest/fuzz-lsi53c895a-test.c | 52 ++++++++++++++++++++++++++++++ > MAINTAINERS | 1 + > tests/qtest/meson.build | 1 + > 3 files changed, 54 insertions(+) > create mode 100644 tests/qtest/fuzz-lsi53c895a-test.c > > diff --git a/tests/qtest/fuzz-lsi53c895a-test.c b/tests/qtest/fuzz-lsi53c895a-test.c > new file mode 100644 > index 00000000000..ba5d468970c > --- /dev/null > +++ b/tests/qtest/fuzz-lsi53c895a-test.c > @@ -0,0 +1,52 @@ > +/* SPDX-License-Identifier: GPL-2.0-or-later */ > +/* > + * QTest fuzzer-generated testcase for LSI53C895A device > + * > + * Copyright (c) Red Hat > + */ > + > +#include "qemu/osdep.h" > +#include "libqos/libqtest.h" > + > +/* > + * This used to trigger the assert in lsi_do_dma() > + * https://bugs.launchpad.net/qemu/+bug/697510 > + * https://bugs.launchpad.net/qemu/+bug/1905521 > + * https://bugs.launchpad.net/qemu/+bug/1908515 > + */ > +static void test_lsi_do_dma_empty_queue(void) > +{ > + QTestState *s; > + > + s = qtest_init("-M q35 -nographic -monitor none -serial none " > + "-drive if=none,id=drive0," > + "file=null-co://,file.read-zeroes=on,format=raw " > + "-device lsi53c895a,id=scsi0 " > + "-device scsi-hd,drive=drive0," > + "bus=scsi0.0,channel=0,scsi-id=0,lun=0"); > + qtest_outl(s, 0xcf8, 0x80001814); > + qtest_outl(s, 0xcfc, 0xe1068000); > + qtest_outl(s, 0xcf8, 0x80001818); > + qtest_outl(s, 0xcf8, 0x80001804); > + qtest_outw(s, 0xcfc, 0x7); > + qtest_outl(s, 0xcf8, 0x80002010); > + > + qtest_writeb(s, 0xe106802e, 0xff); /* Fill DSP bits 16-23 */ > + qtest_writeb(s, 0xe106802f, 0xff); /* Fill DSP bits 24-31: trigger SCRIPT */ > + > + qtest_quit(s); > +} > + > +int main(int argc, char **argv) > +{ > + const char *arch = qtest_get_arch(); > + > + g_test_init(&argc, &argv, NULL); > + > + if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { > + qtest_add_func("fuzz/lsi53c895a/lsi_do_dma_empty_queue", > + test_lsi_do_dma_empty_queue); > + } > + > + return g_test_run(); > +} > diff --git a/MAINTAINERS b/MAINTAINERS > index d3879aa3c12..3c0f76b7801 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -1825,6 +1825,7 @@ F: hw/scsi/* > F: tests/qtest/virtio-scsi-test.c > F: tests/qtest/fuzz-virtio-scsi-test.c > F: tests/qtest/am53c974-test.c > +F: tests/qtest/fuzz-lsi53c895a-test.c > T: git https://github.com/bonzini/qemu.git scsi-next > > SSI > diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build > index c9d8458062f..d2ce20d3047 100644 > --- a/tests/qtest/meson.build > +++ b/tests/qtest/meson.build > @@ -19,6 +19,7 @@ > > qtests_generic = \ > (config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) + \ > + (config_all_devices.has_key('CONFIG_LSI_SCSI_PCI') ? ['fuzz-lsi53c895a-test'] : []) + \ > (config_all_devices.has_key('CONFIG_VIRTIO_SCSI') ? ['fuzz-virtio-scsi-test'] : []) + \ > (config_all_devices.has_key('CONFIG_SB16') ? ['fuzz-sb16-test'] : []) + \ > (config_all_devices.has_key('CONFIG_SDHCI_PCI') ? ['fuzz-sdcard-test'] : []) + \ > Reviewed-by: Laurent Vivier <lvivier@redhat.com>
diff --git a/tests/qtest/fuzz-lsi53c895a-test.c b/tests/qtest/fuzz-lsi53c895a-test.c new file mode 100644 index 00000000000..ba5d468970c --- /dev/null +++ b/tests/qtest/fuzz-lsi53c895a-test.c @@ -0,0 +1,52 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * QTest fuzzer-generated testcase for LSI53C895A device + * + * Copyright (c) Red Hat + */ + +#include "qemu/osdep.h" +#include "libqos/libqtest.h" + +/* + * This used to trigger the assert in lsi_do_dma() + * https://bugs.launchpad.net/qemu/+bug/697510 + * https://bugs.launchpad.net/qemu/+bug/1905521 + * https://bugs.launchpad.net/qemu/+bug/1908515 + */ +static void test_lsi_do_dma_empty_queue(void) +{ + QTestState *s; + + s = qtest_init("-M q35 -nographic -monitor none -serial none " + "-drive if=none,id=drive0," + "file=null-co://,file.read-zeroes=on,format=raw " + "-device lsi53c895a,id=scsi0 " + "-device scsi-hd,drive=drive0," + "bus=scsi0.0,channel=0,scsi-id=0,lun=0"); + qtest_outl(s, 0xcf8, 0x80001814); + qtest_outl(s, 0xcfc, 0xe1068000); + qtest_outl(s, 0xcf8, 0x80001818); + qtest_outl(s, 0xcf8, 0x80001804); + qtest_outw(s, 0xcfc, 0x7); + qtest_outl(s, 0xcf8, 0x80002010); + + qtest_writeb(s, 0xe106802e, 0xff); /* Fill DSP bits 16-23 */ + qtest_writeb(s, 0xe106802f, 0xff); /* Fill DSP bits 24-31: trigger SCRIPT */ + + qtest_quit(s); +} + +int main(int argc, char **argv) +{ + const char *arch = qtest_get_arch(); + + g_test_init(&argc, &argv, NULL); + + if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { + qtest_add_func("fuzz/lsi53c895a/lsi_do_dma_empty_queue", + test_lsi_do_dma_empty_queue); + } + + return g_test_run(); +} diff --git a/MAINTAINERS b/MAINTAINERS index d3879aa3c12..3c0f76b7801 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1825,6 +1825,7 @@ F: hw/scsi/* F: tests/qtest/virtio-scsi-test.c F: tests/qtest/fuzz-virtio-scsi-test.c F: tests/qtest/am53c974-test.c +F: tests/qtest/fuzz-lsi53c895a-test.c T: git https://github.com/bonzini/qemu.git scsi-next SSI diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index c9d8458062f..d2ce20d3047 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -19,6 +19,7 @@ qtests_generic = \ (config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) + \ + (config_all_devices.has_key('CONFIG_LSI_SCSI_PCI') ? ['fuzz-lsi53c895a-test'] : []) + \ (config_all_devices.has_key('CONFIG_VIRTIO_SCSI') ? ['fuzz-virtio-scsi-test'] : []) + \ (config_all_devices.has_key('CONFIG_SB16') ? ['fuzz-sb16-test'] : []) + \ (config_all_devices.has_key('CONFIG_SDHCI_PCI') ? ['fuzz-sdcard-test'] : []) + \
Without the previous commit, this test triggers: $ make check-qtest-x86_64 [...] Running test qtest-x86_64/fuzz-lsi53c895a-test qemu-system-x86_64: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed. ERROR qtest-x86_64/fuzz-lsi53c895a-test - too few tests run (expected 1, got 0) Suggested-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- tests/qtest/fuzz-lsi53c895a-test.c | 52 ++++++++++++++++++++++++++++++ MAINTAINERS | 1 + tests/qtest/meson.build | 1 + 3 files changed, 54 insertions(+) create mode 100644 tests/qtest/fuzz-lsi53c895a-test.c