From patchwork Thu Jul 25 03:23:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057907 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D1DF7138D for ; Thu, 25 Jul 2019 03:24:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7D5428929 for ; Thu, 25 Jul 2019 03:24:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AA67C28936; Thu, 25 Jul 2019 03:24:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id ED8F228929 for ; Thu, 25 Jul 2019 03:24:13 +0000 (UTC) Received: from localhost ([::1]:55442 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMW-0005Ih-Ji for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:24:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40098) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUM9-0003wy-Ne for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUM8-0001nX-Lj for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:49 -0400 Received: from mail-eopbgr810120.outbound.protection.outlook.com ([40.107.81.120]:6127 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUM8-0001mt-G3 for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:48 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RJCuMYpgtRWwntCN3N5VU03IJzHRE6+jt9ouI8v4skSEYAN30tHUuh7MLyhIXdzFLsKCcQGvm+VsvdlX1JMLldC6a0tgh8oMjDDF6EE1AFZhFzu/PcqRsGebW4ZL6aFoHEJ7n2FrzA/0YQwJwD+4IUqVWlp48Tet1Z2CSMw8zg4NW3opJPe12NMqE2Dw50slHzoE93YHWP3McEl3BrWD3r37I00bd3gZ5zz8IMMRLoBdCsd+wbcJJ8CqFGgzyarieFeQoGeWC7rClzIh6iliu6UDWA4G6BslzLEYxaSGDb7mQsAkMn29jyiOPr5/XZTMwBD5pImF/T9hGGIAHirDuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e1GBEFxFADLwp3bfhDgDdG81Pos3Cs3BpKzzaukIGR4=; b=KubMeHNgYc3FolDQfTI7N+Kfxr1EFgGjme1+NwYJpxRSrMz3+X/0yT7in9umQnPkiiV3HikcUTetnEf+pqdG0ryYre+hmxUvP1Q3kLWBjGzMgXYZ9LMHX45P3wcK/TUmGyjKXAR50uNlyQ18GhlkJL5ceTq5CVc/ukY9NMx2j0uuYr61ee54sT8/YBlMkj7x8MG8cDstLQblHWkg/Ld//a1mThcXvOYNTNR+g3K9nB7h5O8rAZ6umvGCX8afQNXLVI5JXu4HR/VFqeW4Q++ghn3IeBqZH/2j9xGabP6PwAlpsM841+Io3+U8h9+3UrMmJmMsV7x6o26dxpKZEPXMCA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e1GBEFxFADLwp3bfhDgDdG81Pos3Cs3BpKzzaukIGR4=; b=E7KU4vKVx3ji6GjqGwbS2veAEtK1NKKUufabriWGtUroigc5WvsBZzKisuU7G8GoK/A4eoNtkwgdIgsMXadsFO/1PInJlUmoD7bT8cVU1taoifRsCAEPtfBf5So/AyxsSw3WSKT1QVok5IMxsSEuVKF0LQOL9uqOfQdZoW/2eP8= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:44 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:44 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 01/19] fuzz: add configure option and linker objects Thread-Index: AQHVQphdXF61UqrZSEiFS77JxxqhMA== Date: Thu, 25 Jul 2019 03:23:44 +0000 Message-ID: <20190725032321.12721-2-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0125e2ac-828e-4030-3cf8-08d710af7f94 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: SS+JW7EUvPyc4gGDNIn+KaHmoZ4KOS0lqk5zSEHymqXoPcKdakIWQCJWyUbg/k+sHaLnf1HCvp/PvjLnfEqhhIH1m9/6RyqFksNL/KHkHfEBxkKlEAZ4EXYaep7zWX9DJd65yV1sSbKL+JqQ3jlQL3MxtUCSgI8bQ5HyRPHdu5OFxfnUXLWHGISBuq4/fTzcfAMWu6zTdHGQ4z2yjAbw40CpddUmuz4ckoH21KSRSNBuPhNjPPvjoleOF8faC5cM6giQyV6XySYBwYvopb91Cngt4NsUNlrJ8Sre88TZ7S8+qlsZ8z6UNJCr0/WwgdNCIe5fwfW8XrVxDiko+mFh3+zDRkMV6RwZyh8CaJSL4VZqqEcbm4FyEebOi1K4aad110wgcA5DXg6wJasZpXrrzwGQZyPYmuzvgaVojkzXy4k= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 0125e2ac-828e-4030-3cf8-08d710af7f94 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:44.4266 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.120 Subject: [Qemu-devel] [RFC 01/19] fuzz: add configure option and linker objects X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , "Oleinik, Alexander" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "pbonzini@redhat.com" , Richard Henderson Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Add -Wl,--wraps for the libfuzzer callees that we need to intercept Signed-off-by: Alexander Oleinik --- configure | 11 +++++++++++ target/i386/Makefile.objs | 19 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/configure b/configure index 714e7fb6a1..0a40e77053 100755 --- a/configure +++ b/configure @@ -499,6 +499,7 @@ docker="no" debug_mutex="no" libpmem="" default_devices="yes" +fuzzing="no" # cross compilers defaults, can be overridden with --cross-cc-ARCH cross_cc_aarch64="aarch64-linux-gnu-gcc" @@ -1543,6 +1544,8 @@ for opt do ;; --disable-libpmem) libpmem=no ;; + --enable-fuzzing) fuzzing=yes + ;; *) echo "ERROR: unknown option $opt" echo "Try '$0 --help' for more information" @@ -6481,6 +6484,7 @@ echo "docker $docker" echo "libpmem support $libpmem" echo "libudev $libudev" echo "default devices $default_devices" +echo "fuzzing support $fuzzing" if test "$supported_cpu" = "no"; then echo @@ -7306,6 +7310,13 @@ fi if test "$sheepdog" = "yes" ; then echo "CONFIG_SHEEPDOG=y" >> $config_host_mak fi +if test "$fuzzing" = "yes" ; then + QEMU_CFLAGS="$QEMU_CFLAGS -fsanitize=fuzzer,address -fprofile-instr-generate" + QEMU_INCLUDES="-iquote \$(SRC_PATH)/tests $QEMU_INCLUDES" + QEMU_LDFLAGS="$LDFLAGS -fsanitize=fuzzer,address" + QEMU_LDFLAGS="$LDFLAGS -Wl,--wrap=__sanitizer_cov_8bit_counters_init,--wrap=__sanitizer_cov_trace_pc_guard_init " + echo "CONFIG_FUZZ=y" >> $config_host_mak +fi if test "$tcg_interpreter" = "yes"; then QEMU_INCLUDES="-iquote \$(SRC_PATH)/tcg/tci $QEMU_INCLUDES" diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs index 48e0c28434..3d646848ef 100644 --- a/target/i386/Makefile.objs +++ b/target/i386/Makefile.objs @@ -18,5 +18,24 @@ endif obj-$(CONFIG_HVF) += hvf/ obj-$(CONFIG_WHPX) += whpx-all.o endif + +# Need to link against target, qtest and qos.. Just list everything here, until +# I find a better way to integrate into the build system +ifeq ($(CONFIG_FUZZ),y) +obj-$(CONFIG_FUZZ) += ../../tests/fuzz/ramfile.o ../../accel/fuzz.o +obj-$(CONFIG_FUZZ) += ../../tests/fuzz/fuzz.o +obj-$(CONFIG_FUZZ) += ../../tests/fuzz/virtio-net-fuzz.o +obj-$(CONFIG_FUZZ) += ../../tests/fuzz/qtest_fuzz.o +obj-$(CONFIG_FUZZ) += ../../tests/libqtest.o +obj-$(CONFIG_FUZZ) += ../../tests/libqos/qgraph.o ../../tests/libqos/libqos.o +obj-$(CONFIG_FUZZ) += ../../tests/fuzz/qos_fuzz.o ../../tests/fuzz/qos_helpers.o +obj-$(CONFIG_FUZZ) += ../../tests/libqos/malloc.o ../../tests/libqos/pci-pc.o \ + ../../tests/libqos/virtio-pci.o ../../tests/libqos/malloc-pc.o \ + ../../tests/libqos/libqos-pc.o ../../tests/libqos/fw_cfg.o \ + ../../tests/libqos/e1000e.o ../../tests/libqos/pci.o \ + ../../tests/libqos/pci-pc.o ../../tests/libqos/virtio.o \ + ../../tests/libqos/virtio-net.o ../../tests/libqos/x86_64_pc-machine.o +endif + obj-$(CONFIG_SEV) += sev.o obj-$(call lnot,$(CONFIG_SEV)) += sev-stub.o From patchwork Thu Jul 25 03:23:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057917 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 57F55138D for ; Thu, 25 Jul 2019 03:25:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4844828931 for ; Thu, 25 Jul 2019 03:25:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3C9412893A; Thu, 25 Jul 2019 03:25:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DB5CE28931 for ; Thu, 25 Jul 2019 03:25:03 +0000 (UTC) Received: from localhost ([::1]:55470 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUNK-0000Mj-LB for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:25:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40118) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMA-0003wz-F1 for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUM9-0001nj-Bt for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:50 -0400 Received: from mail-eopbgr810120.outbound.protection.outlook.com ([40.107.81.120]:6127 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUM9-0001mt-5v for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:49 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Dc1vPQTF/LnFFWQuTGo/1QZzOoq0xq+zYdHIamEepWV5sKoCNYSEMWl1ba/V+Zqh73zzsFJLCKLls44JEOsOQVZobGwlXkkWxJvuRcgm1699jzn76/2zVCCkyNEVw1eO9+UHi6PZjsN9p2O/Evu9nzEMiz6cTgTc+UJ41HyDfU8bLB+Y0te/GJzjc6yvb/ZvxWat0bLueAXnz3BOY6dz+5+4VQ9jcnrI838337iRk5HLBGqMRGaT4Fv0mE0jvFhOfv5ku8eYmAALs6XeMFuqDnPyivCrSRW20m1sle2mS2Q9u9a1Px4SP9SEipXZjOLAWvo9WS8dvmf2vzF1ffRhaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EjYMqT6/BF7MLNaZv2l287+T79d1p/sIrLwutZSSeKc=; b=img6GInmhPaQcfcGenwMtS/BD9/O4huWcqQdEApPUuRGKlScD3J+1jeQQyHc0azZC6iA4ANZ5lCEs3gEBRxgMvJV7CG471zMczUK2/sZe2hcjuSjgeI22ssoO6vKZuVY+KbDnkEJnuKvk09v6MlvMm2+14LG6j8cB3Ehpyc9kHY3c2EfehxHaeo3Ekv7PWrjv+RznMAjY3G7WjxTqwKMlSbrC1CxTY2VD58MITIqICObqDNesg7xhbq5o4ObIfdP6FjyqYnwiD42LxQa6eIizaStbzoKjFpsUQ/tJmYWWLFqgcCqE6/cJBkGnpiTdQmWBjVbU/DK5WxLnj1vsD59HA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EjYMqT6/BF7MLNaZv2l287+T79d1p/sIrLwutZSSeKc=; b=blkpl3QlPKojp2VNUORSJvFXs1OT/g/6rNweKKVvqTmQ8erD+qfgrV/z/xnBTLa6sPU2LTqi94xW+DdAMuySCWQu99akdJTlARhRrwjqurdv5nF1xwbQyKdt3bqKgDiJgPaXT1myrlkgmQt7JOPVZQH4xjITzFZI6p4OAxdIi9E= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:45 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:45 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 02/19] fuzz: add FUZZ_TARGET type to qemu module system Thread-Index: AQHVQphd6kl6A62vGEuoMNhMkAtTxg== Date: Thu, 25 Jul 2019 03:23:45 +0000 Message-ID: <20190725032321.12721-3-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dbcbbe70-5fa2-4065-f5f2-08d710af8026 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:229; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(4744005)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: t5qtLg0CtufJm3jUR9P702ejIDIqEe8r+rK/xucDNudEhTw/V3sliPFPL7/qDp6S/C5JEumD3bfoiVDs7hZMBvb1YRzvjWra65x1f9C3i/C4h4WWJ4Vp/J7cinqggAQeRSkrl0uVYbNkUzfCST6keqdSuQpL/KyuyjizrjqEzbz/BNP2uz5zRVN3yyiRkW7CrU21KQzZZho0avyFdrx/V2uUVsG5tCC3sigLxK7TZXV8qOTDR1PRD4cMGOXBvLXhXCmreYxK2zVU0fuenLz9Zb+/6Hm2uf9jFMpGu2VSg+tH75lzHzsX0t5jzF/HRCzLMXpuxEe45oEjQGchrehwr+2RjZExUmjnp+r9LUNZhNyfso6XIwqb1x93cnPFmt9vxYdA4+2igD6F25/7g16JO000Em+Y7odvSnEXNxPlTyk= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: dbcbbe70-5fa2-4065-f5f2-08d710af8026 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:45.3971 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.120 Subject: [Qemu-devel] [RFC 02/19] fuzz: add FUZZ_TARGET type to qemu module system X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Alexander Oleinik Reviewed-by: Stefan Hajnoczi --- include/qemu/module.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/include/qemu/module.h b/include/qemu/module.h index db3065381d..531fe7ae29 100644 --- a/include/qemu/module.h +++ b/include/qemu/module.h @@ -46,6 +46,9 @@ typedef enum { MODULE_INIT_TRACE, MODULE_INIT_XEN_BACKEND, MODULE_INIT_LIBQOS, +#ifdef CONFIG_FUZZ + MODULE_INIT_FUZZ_TARGET, +#endif MODULE_INIT_MAX } module_init_type; @@ -56,7 +59,9 @@ typedef enum { #define xen_backend_init(function) module_init(function, \ MODULE_INIT_XEN_BACKEND) #define libqos_init(function) module_init(function, MODULE_INIT_LIBQOS) - +#ifdef CONFIG_FUZZ +#define fuzz_target_init(function) module_init(function, MODULE_INIT_FUZZ_TARGET) +#endif #define block_module_load_one(lib) module_load_one("block-", lib) #define ui_module_load_one(lib) module_load_one("ui-", lib) #define audio_module_load_one(lib) module_load_one("audio-", lib) From patchwork Thu Jul 25 03:23:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057919 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E96FE138D for ; Thu, 25 Jul 2019 03:25:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DAF8528929 for ; Thu, 25 Jul 2019 03:25:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CF83E28936; Thu, 25 Jul 2019 03:25:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 84EC928929 for ; Thu, 25 Jul 2019 03:25:06 +0000 (UTC) Received: from localhost ([::1]:55472 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUNN-0000WM-2q for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:25:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40122) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMA-0003x0-Nj for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUM9-0001o4-Px for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:50 -0400 Received: from mail-eopbgr810120.outbound.protection.outlook.com ([40.107.81.120]:6127 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUM9-0001mt-Jl for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:49 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UTbZzFVhpu4bfkECvbhAB12c33eBf5KkblsXiF9tBJw2iMuEeX+8dPyF99qbJpuhY3ol+DfDjR1441HumLh3lhjld6M5GkY1MCeQdtz41jmtlyamGLdaPlzn2Gy4CgVvgRRPN9Zi+vBCZrB3Uv8kRQzfE/vzorHgr+ArRGrwwNNMKbrs3pXc5p90pLe9t33xDiXrp5xle8qrIhLiVO5WOpOx2+pGLeW82hE3FlWhx5zJ5DeZrLm2ObTptvgDnGINbhdr54ueI97JImQOBtcW4YVrvutQBnm0SyvT//Wup6CnN4s2oPTH7Peerjm3hh1Mr7lQaq1qrqCnnJEWZpis6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d9kfLVAyAtFl21JsJqAPmwX7GiqtX5TTmBvTmzjM+CM=; b=Sc4ItwnDBFkZAJ8dSLxKtqGHAiIYctcpjsMeg3i6rYR/sY6fdxN2EuFXNJyYzaXGgUgo6bzsZjM80tsX0hwmfWUdiu1xZjS0sUkffYgesEgs2+Ew/7hqjcBWStYIT1+5uPzwTZq5eFsdbBfJQNEqaF7p5+ekDlaH3fvFNP2MOPl7ieVsrpwZsSXMAr22orlrCdwlcs7wqBcTJA63U6R/Je4X86QEQRa4WXFwwKHTAcWrX3dVcKg11tWwonaVz/2UWa+AeTimUYrMj74VsfkomVuF3GA6hdSHQ/T/PQ96oueOwLcd2HrxTbqEIqrMYUbYJ/f4/5vdgrO4maxXV0xJHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d9kfLVAyAtFl21JsJqAPmwX7GiqtX5TTmBvTmzjM+CM=; b=51wPtCY2YJED0j8cfp+T3tOS3OBOUXpCFmNl7oVLsEQ+alf8YN8sYLHKYH6cIeDw6Zd4fAXZukZ+uH5WphJejfDILVP/YneVpe8+6aR4rAEC+8OWIKeMGWPikIARqzAShOHUqCnx3Z0wB2PGPs8kAKhek6qY3O+avXqNA9mWQGk= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:46 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:46 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 03/19] fuzz: add fuzz accelerator Thread-Index: AQHVQpheYFobq+cGnkitQVnD//dVtA== Date: Thu, 25 Jul 2019 03:23:46 +0000 Message-ID: <20190725032321.12721-4-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 508c9b93-9a25-462e-b3af-08d710af80ae x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1227; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(4744005)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: FtAbJ81akugZP+JrVOBHWamI34orTupz9eaXcd61gnHd6xukocJbvOPdZZK0MHtf1kwf8bvrVwdKj5BCm1qKDwF8S1AJ9RklT6I4o4hFmhChT5Eb6otvEFw+lsULBCoDJnFdoFwu5EJCwtlcG56QtCRxKrOKr8vRwZ5LiezxYY35pWZG2of8K1qmJYGyeAsLeRpsNHKBHO/99U3Y4/D8N2yXuuACKLgFz5Q4VqNW1wSQo3MfaetO8AfiWjH0UWVgdfL+l+rj2OYBIBq5InO/RRuIarDlrKL6WBWHKZRoffIceWg1fH7dcl21jKUADmmElwCUA6G4RlqaC+kJ8MgPPemhtRTGuaT4uzis0Dkkq8xi43RkvJucVTWVHyCWcAVPQ4XbKWqYtJFUWTmutF/wLnbTLpdm2MwC3BMlM6MtyFw= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 508c9b93-9a25-462e-b3af-08d710af80ae X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:46.3627 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.120 Subject: [Qemu-devel] [RFC 03/19] fuzz: add fuzz accelerator X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Much like the qtest accelerator, the fuzz accelerator skips the CPU emulation Signed-off-by: Alexander Oleinik --- include/sysemu/qtest.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/include/sysemu/qtest.h b/include/sysemu/qtest.h index cd114b8d80..adfbd10d20 100644 --- a/include/sysemu/qtest.h +++ b/include/sysemu/qtest.h @@ -23,7 +23,12 @@ static inline bool qtest_enabled(void) } bool qtest_driver(void); - +#ifdef CONFIG_FUZZ +/* Both the client and the server have qtest_init's, Rename on of them... */ +void qtest_init_server(const char *qtest_chrdev, const char *qtest_log, Error **errp); +void qtest_server_recv(GString *inbuf); /* Client sends commands using this */ +#else void qtest_init(const char *qtest_chrdev, const char *qtest_log, Error **errp); +#endif #endif From patchwork Thu Jul 25 03:23:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057921 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B986613A4 for ; Thu, 25 Jul 2019 03:25:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A7BE728929 for ; Thu, 25 Jul 2019 03:25:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9BD3B28936; Thu, 25 Jul 2019 03:25:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B172A28929 for ; Thu, 25 Jul 2019 03:25:12 +0000 (UTC) Received: from localhost ([::1]:55474 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUNT-0000zB-M5 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:25:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40160) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMC-0003xZ-4Y for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMA-0001oG-8R for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:52 -0400 Received: from mail-eopbgr810120.outbound.protection.outlook.com ([40.107.81.120]:6127 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMA-0001mt-1R for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:50 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nVQBxMyzYDvd0s/TSDtS+4b4Vf0SaDDhJVUisdy+npjSHFleIEbx6LAo7rKKdjnibqwrP5N2OGHKabRlQCAnqMZpFeNMgMzyhz7p8v1qa+B0oroz1REYRvQ7O6H3N53IDeLUnOIvNTB+oSHlmlXkCBIw5gNeJ+XOKntMwpqSvLfEjzvmrRnvumYEnXPgIKqzRhnj3BqIZcmZVLNkcWEh9scA3ziqMquQHndDPzGdmKNnoK6c6mvnZFHZ/SOZrPhzGgzytbdJyKu/XqF5sh5LvEJKdsX5mI3z/kIvD5YWOylmL1CBboqf8yN2GjgYuRbMoRXd1COHgR6473hG63nWAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kgidbaewQfCf2H4YUDCcF3On0/PUCSa44DgV7VJV9BE=; b=SUAySksbIecas85pErVSeL43BJ6ep2cgnRV0vwGK10vb0WXaTp+8XCUC/GH1Cn5X6Tceo8T1yzcswIlRGxssT02dW7VsRIPEbd2BR32zxhbUg4qO92CAtjo0K7hSAbVAUAi0nop2idGX1SYJNhNFal2M74e2E7djrs63/eXss/B8NCfjaiVy5xQSTZfTIX5843JIWHyMc3SQXMuBR92p8I5NqfQgPKXiVK+vjW27aZxyyP4QajvBwP6n1JLnoGWwzO7nDZB9cokqlDpRh9KTDN5dfD5oJqjgQb6r4J7zrLPgreV9N22rzT6GpTM1d+VGTad8xN3U8SYYLPdoy+iong== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kgidbaewQfCf2H4YUDCcF3On0/PUCSa44DgV7VJV9BE=; b=0zt0/KegQTmCyt5mBYpaEnYb9LBnhQlEpxafvjb1wGHZjvUF+rEu9OjQnVon3G+RrumBNbFz9XautKFXWrty5vX+BktcmLD3ISsLy7dvDHiJbzWumUyJdUOJm9rlYSOzELAf4ffFSZZ+uLeEXBq0Td80AgnhrY/cjkKYly/tig0= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:47 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:47 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 04/19] fuzz: Add qos support to fuzz targets Thread-Index: AQHVQpheQ2EbGD7lCUGbe2mab4yRYA== Date: Thu, 25 Jul 2019 03:23:47 +0000 Message-ID: <20190725032321.12721-5-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 35f78d3a-b0d9-4409-f2b9-08d710af814b x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:462; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(30864003)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: GKgi+F8gPsjTU0ktLL97NBwkGpEhsIGiUgfWxVMhT0jJi20mhn4p6mPnHOv/BhX0Iwk/TZDj1/KoY2qDQjL+51/MZ4mje0y/HLYcyIGEtHy6GnE5kGMemO/mPmqzkznrrVXtJjlawJ/imPYHYWZ+8u9TWbKxbinBZ4X/33vnQfLmENlogTYR/iFGd3jsxqXe7NB9HoC2Mf45mnb2Rd4iUMtU2haKWpwv9yqH8Dbi4fJRH1BvzkauKNz+zrcpTBNuS1Ptn+o88u+Uzasy6fXy/8+1s+O+2s9r6xe0nVGHbxDNh6kYqp4R5cHMcwsgGm/76i7L3e15CyjyA7XhDIEHfJbLRX8nQjJRlba1EBW4vembx3yOO/6OHlkZMTQNYfOSspa7qg6wM2vyIpm+PYm9jR2iavsxKxzuiEGDdNxv7/s= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 35f78d3a-b0d9-4409-f2b9-08d710af814b X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:47.3352 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.120 Subject: [Qemu-devel] [RFC 04/19] fuzz: Add qos support to fuzz targets X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP qos_helpers.c is largely a copy of tests/qos-test.c Signed-off-by: Alexander Oleinik --- tests/fuzz/qos_fuzz.c | 63 +++++++++ tests/fuzz/qos_fuzz.h | 29 ++++ tests/fuzz/qos_helpers.c | 295 +++++++++++++++++++++++++++++++++++++++ tests/fuzz/qos_helpers.h | 17 +++ 4 files changed, 404 insertions(+) create mode 100644 tests/fuzz/qos_fuzz.c create mode 100644 tests/fuzz/qos_fuzz.h create mode 100644 tests/fuzz/qos_helpers.c create mode 100644 tests/fuzz/qos_helpers.h diff --git a/tests/fuzz/qos_fuzz.c b/tests/fuzz/qos_fuzz.c new file mode 100644 index 0000000000..ac7bb735ac --- /dev/null +++ b/tests/fuzz/qos_fuzz.c @@ -0,0 +1,63 @@ + + +#include "qemu/osdep.h" +#include "qemu/units.h" +#include "qapi/error.h" +#include "qemu-common.h" +#include "exec/memory.h" +#include "exec/address-spaces.h" +#include "sysemu/sysemu.h" +#include "qemu/main-loop.h" + +#include "libqos/malloc.h" +#include "libqos/qgraph.h" +#include "libqos/qgraph_internal.h" + +#include "hw/virtio/virtio-net.h" +#include "hw/virtio/virtio.h" +#include "libqos/virtio-net.h" +#include "fuzz.h" +#include "qos_fuzz.h" +#include "qos_helpers.h" +#include "tests/libqos/qgraph.h" +#include "tests/libqtest.h" + + +fuzz_memory_region *fuzz_memory_region_head; +fuzz_memory_region *fuzz_memory_region_tail; + +uint64_t total_io_mem = 0; +uint64_t total_ram_mem = 0; + + +//TODO: Put arguments in a neater struct +void fuzz_add_qos_target(const char* name, + const char* description, + const char* interface, + QOSGraphTestOptions* opts, + void(*init_pre_main)(void), + void(*init_pre_save)(void), + void(*save_state)(void), + void(*reset)(void), + void(*pre_fuzz)(void), + void(*fuzz)(const unsigned char*, size_t), + void(*post_fuzz)(void)) +{ + qos_add_test(name, interface, NULL, opts); + fuzz_add_target(name, description, init_pre_main, init_pre_save, + save_state, reset, pre_fuzz, fuzz, post_fuzz, &qos_argc, &qos_argv); +} + + +// Do what is normally done in qos_test.c:main +void qos_setup(void){ + qtest_setup(); + qos_set_machines_devices_available(); + qos_graph_foreach_test_path(walk_path); + qos_build_main_args(); +} + +void qos_init_path(void) +{ + qos_obj = qos_allocate_objects(global_qtest, &qos_alloc); +} diff --git a/tests/fuzz/qos_fuzz.h b/tests/fuzz/qos_fuzz.h new file mode 100644 index 0000000000..098f81f570 --- /dev/null +++ b/tests/fuzz/qos_fuzz.h @@ -0,0 +1,29 @@ +#ifndef _QOS_FUZZ_H_ +#define _QOS_FUZZ_H_ + +#include "tests/libqos/qgraph.h" + +int qos_fuzz(const unsigned char *Data, size_t Size); +void qos_setup(void); + +extern char **fuzz_path_vec; +extern int qos_argc; +extern char **qos_argv; +extern void* qos_obj; +extern QGuestAllocator *qos_alloc; + + +void fuzz_add_qos_target(const char* name, + const char* description, + const char* interface, + QOSGraphTestOptions* opts, + void(*init_pre_main)(void), + void(*init_pre_save)(void), + void(*save_state)(void), + void(*reset)(void), + void(*pre_fuzz)(void), + void(*fuzz)(const unsigned char*, size_t), + void(*post_fuzz)(void)); + +void qos_init_path(void); +#endif diff --git a/tests/fuzz/qos_helpers.c b/tests/fuzz/qos_helpers.c new file mode 100644 index 0000000000..79523c0552 --- /dev/null +++ b/tests/fuzz/qos_helpers.c @@ -0,0 +1,295 @@ +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "qos_helpers.h" +#include "fuzz.h" +#include "qapi/qmp/qlist.h" +#include "libqtest.h" +#include "sysemu/qtest.h" +#include "libqos/qgraph.h" +#include "libqos/qgraph_internal.h" +#include "./qapi/qapi-commands-machine.h" +#include "./qapi/qapi-commands-misc.h" +#include "./qapi/qapi-commands-qom.h" +#include +#include "sysemu/sysemu.h" +#include "sysemu/cpus.h" + + +/* + * This file is almost completely copied from tests/qos-test.c + * TODO: Find a way to re-use the code in tests/qos-test.c + */ + +static void apply_to_node(const char *name, bool is_machine, bool is_abstract) +{ + char *machine_name = NULL; + if (is_machine) { + const char *arch = qtest_get_arch(); + machine_name = g_strconcat(arch, "/", name, NULL); + name = machine_name; + } + qos_graph_node_set_availability(name, true); + if (is_abstract) { + qos_delete_cmd_line(name); + } + g_free(machine_name); +} + +static void apply_to_qlist(QList *list, bool is_machine) +{ + const QListEntry *p; + const char *name; + bool abstract; + QDict *minfo; + QObject *qobj; + QString *qstr; + QBool *qbool; + + for (p = qlist_first(list); p; p = qlist_next(p)) { + minfo = qobject_to(QDict, qlist_entry_obj(p)); + qobj = qdict_get(minfo, "name"); + qstr = qobject_to(QString, qobj); + name = qstring_get_str(qstr); + + qobj = qdict_get(minfo, "abstract"); + if (qobj) { + qbool = qobject_to(QBool, qobj); + abstract = qbool_get_bool(qbool); + } else { + abstract = false; + } + + apply_to_node(name, is_machine, abstract); + qobj = qdict_get(minfo, "alias"); + if (qobj) { + qstr = qobject_to(QString, qobj); + name = qstring_get_str(qstr); + apply_to_node(name, is_machine, abstract); + } + } +} + + +/* + * Replaced the qmp commands with direct qmp_marshal calls. + * Probably there is a better way to do this + */ +void qos_set_machines_devices_available(void) +{ + QDict *req = qdict_new(); + QObject *response; + QDict *args = qdict_new(); + QList *lst; + Error *err =NULL; + + qmp_marshal_query_machines(NULL,&response, &err); + assert(!err); + lst = qobject_to(QList, response); + apply_to_qlist(lst, true); + + qobject_unref(response); + + + qdict_put_str(req, "execute", "qom-list-types" ); + qdict_put_str(args, "implements", "device" ); + qdict_put_bool(args, "abstract", true); + qdict_put_obj(req, "arguments", (QObject*) args); + + qmp_marshal_qom_list_types(args, &response, &err); + assert(!err); + lst = qobject_to(QList, response); + apply_to_qlist(lst, false); + qobject_unref(response); + qobject_unref(req); +} + +static char **current_path; + +static QGuestAllocator *get_machine_allocator(QOSGraphObject *obj) +{ + return obj->get_driver(obj, "memory"); +} + +void *qos_allocate_objects(QTestState *qts, QGuestAllocator **p_alloc) +{ + return allocate_objects(qts, current_path + 1, p_alloc); +} + +void *allocate_objects(QTestState *qts, char **path, QGuestAllocator **p_alloc) +{ + int current = 0; + QGuestAllocator *alloc; + QOSGraphObject *parent = NULL; + QOSGraphEdge *edge; + QOSGraphNode *node; + void *edge_arg; + void *obj; + + node = qos_graph_get_node(path[current]); + g_assert(node->type == QNODE_MACHINE); + + obj = qos_machine_new(node, qts); + qos_object_queue_destroy(obj); + + alloc = get_machine_allocator(obj); + if (p_alloc) { + *p_alloc = alloc; + } + + for (;;) { + if (node->type != QNODE_INTERFACE) { + qos_object_start_hw(obj); + parent = obj; + } + + /* follow edge and get object for next node constructor */ + current++; + edge = qos_graph_get_edge(path[current - 1], path[current]); + node = qos_graph_get_node(path[current]); + + if (node->type == QNODE_TEST) { + g_assert(qos_graph_edge_get_type(edge) == QEDGE_CONSUMED_BY); + return obj; + } + + switch (qos_graph_edge_get_type(edge)) { + case QEDGE_PRODUCES: + obj = parent->get_driver(parent, path[current]); + break; + + case QEDGE_CONSUMED_BY: + edge_arg = qos_graph_edge_get_arg(edge); + obj = qos_driver_new(node, obj, alloc, edge_arg); + qos_object_queue_destroy(obj); + break; + + case QEDGE_CONTAINS: + obj = parent->get_device(parent, path[current]); + break; + } + } +} + +char **fuzz_path_vec; +void* qos_obj; +QGuestAllocator *qos_alloc; + +int qos_argc; +char **qos_argv; + +void qos_build_main_args() +{ + char **path = fuzz_path_vec; + QOSGraphNode *test_node; + GString *cmd_line = g_string_new(path[0]); + void *test_arg; + + /* Before test */ + current_path = path; + test_node = qos_graph_get_node(path[(g_strv_length(path) - 1)]); + test_arg = test_node->u.test.arg; + if (test_node->u.test.before) { + test_arg = test_node->u.test.before(cmd_line, test_arg); + } + + /* Prepend the arguments that we need */ + g_string_prepend(cmd_line, "qemu-system-i386 -display none -machine accel=fuzz -m 3 "); + wordexp_t result; + wordexp (cmd_line->str, &result, 0); + qos_argc = result.we_wordc; + qos_argv = result.we_wordv; + + g_string_free(cmd_line, true); +} + + +void walk_path(QOSGraphNode *orig_path, int len) +{ + QOSGraphNode *path; + QOSGraphEdge *edge; + + /* etype set to QEDGE_CONSUMED_BY so that machine can add to the command line */ + QOSEdgeType etype = QEDGE_CONSUMED_BY; + + /* twice QOS_PATH_MAX_ELEMENT_SIZE since each edge can have its arg */ + char **path_vec = g_new0(char *, (QOS_PATH_MAX_ELEMENT_SIZE * 2)); + int path_vec_size = 0; + + char *after_cmd, *before_cmd, *after_device; + GString *after_device_str = g_string_new(""); + char *node_name = orig_path->name, *path_str; + + GString *cmd_line = g_string_new(""); + GString *cmd_line2 = g_string_new(""); + + path = qos_graph_get_node(node_name); /* root */ + node_name = qos_graph_edge_get_dest(path->path_edge); /* machine name */ + + path_vec[path_vec_size++] = node_name; + path_vec[path_vec_size++] = qos_get_machine_type(node_name); + + for (;;) { + path = qos_graph_get_node(node_name); + if (!path->path_edge) { + break; + } + + node_name = qos_graph_edge_get_dest(path->path_edge); + + /* append node command line + previous edge command line */ + if (path->command_line && etype == QEDGE_CONSUMED_BY) { + g_string_append(cmd_line, path->command_line); + g_string_append(cmd_line, after_device_str->str); + g_string_truncate(after_device_str, 0); + } + + path_vec[path_vec_size++] = qos_graph_edge_get_name(path->path_edge); + /* detect if edge has command line args */ + after_cmd = qos_graph_edge_get_after_cmd_line(path->path_edge); + after_device = qos_graph_edge_get_extra_device_opts(path->path_edge); + before_cmd = qos_graph_edge_get_before_cmd_line(path->path_edge); + edge = qos_graph_get_edge(path->name, node_name); + etype = qos_graph_edge_get_type(edge); + + if (before_cmd) { + g_string_append(cmd_line, before_cmd); + } + if (after_cmd) { + g_string_append(cmd_line2, after_cmd); + } + if (after_device) { + g_string_append(after_device_str, after_device); + } + } + + path_vec[path_vec_size++] = NULL; + g_string_append(cmd_line, after_device_str->str); + g_string_free(after_device_str, true); + + g_string_append(cmd_line, cmd_line2->str); + g_string_free(cmd_line2, true); + + /* here position 0 has /, position 1 has . + * The path must not have the , qtest_add_data_func adds it. + */ + path_str = g_strjoinv("/", path_vec + 1); + + // Check that this is the test we care about: + char *test_name = strrchr(path_str, '/')+1; + if(strcmp(test_name, fuzz_target->name->str) == 0) + { + /* put arch/machine in position 1 so run_one_test can do its work + * and add the command line at position 0. + */ + path_vec[1] = path_vec[0]; + path_vec[0] = g_string_free(cmd_line, false); + printf("path_str: %s path_vec[0]: %s [1]: %s\n", path_str, path_vec[0], path_vec[1]); + + fuzz_path_vec = path_vec; + } + else { + g_free(path_vec); + } + + g_free(path_str); +} diff --git a/tests/fuzz/qos_helpers.h b/tests/fuzz/qos_helpers.h new file mode 100644 index 0000000000..baf9b49e9c --- /dev/null +++ b/tests/fuzz/qos_helpers.h @@ -0,0 +1,17 @@ +#ifndef QOS_HELPERS_H +#define QOS_HELPERS_H + +#include "qemu/osdep.h" +#include "qapi/qmp/qdict.h" +#include "qapi/qmp/qbool.h" +#include "qapi/qmp/qstring.h" +#include "libqtest.h" +#include "qapi/qmp/qlist.h" +#include "libqos/qgraph_internal.h" + + +void qos_set_machines_devices_available(void); +void *allocate_objects(QTestState *qts, char **path, QGuestAllocator **p_alloc); +void walk_path(QOSGraphNode *orig_path, int len); +void qos_build_main_args(void); +#endif From patchwork Thu Jul 25 03:23:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057909 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2E5BC138D for ; Thu, 25 Jul 2019 03:24:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1EED328929 for ; Thu, 25 Jul 2019 03:24:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1302F28936; Thu, 25 Jul 2019 03:24:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B1CD428929 for ; Thu, 25 Jul 2019 03:24:16 +0000 (UTC) Received: from localhost ([::1]:55444 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMZ-0005Uf-FI for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:24:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40144) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMB-0003xG-Kl for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMA-0001oW-Mb for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:51 -0400 Received: from mail-eopbgr810120.outbound.protection.outlook.com ([40.107.81.120]:6127 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMA-0001mt-GE for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:50 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BwQH0dJnGCU3M2l34XC9Hs5EThy8Cw4fRmjAKe5ycxAn8LZIVi7mlqsdMD5YhghqvHpzMHP6NKXbao1FVDRwPRLz4BaO03sn6BjdtxmkNJPRLOQ21SX4KfZ6q6t1F+UyuIuSWs8clrfT+1Ni+BY80WHxCsLkaoPmevKmA7LnjBECsnT0ifuMFJlFs7RMIa1cP7JgMxD7JhesZi76Dp4El2k4RgqhxyKBO5nokaQUYd+ec18cJD0f0NbOlZ2iZ/3ljz+fmli26j7keEhXEA9ZShmDzBkGcTPR2JKE5OvlxAFwkmNnkZXucxfLawXsiChENSmuj1LEjzniDAHFzbDSRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9CkcpSdjqTQXR7KE0qSJDjyJFMc0lcnIutT7JHX6pXA=; b=Qnoph2Tgzkv9v0nfPqzE/u8v7JTLm+YK6CROJdhvgEQPFT4NszPDG0hcxYGrxFlv8FQz1Sni1t8+oSRTgu4FaTytMTXGcG5U+INUOL7+yB5hwL3E77X7Qtxfp0wrw3hCTR23nQMHhQ7x4EQR9L5YTbySbjvJHrK/bxfim2jpHuktBRfZXK9Ed4r6Y5PQusqgxPWEl/inHc3i8CA/t9a4nAcVfMg26iqUh5ktmlO5bOf3HTMlEIBLQVh92dFFzO59KgTwSIgHXfWYvbZzdBbY4NojHwAd0OKCwTS1djCHPS0mmPZEI7fTGn2SIZCW0xXPWWvDglnsoZWcFnVc/TlFoA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9CkcpSdjqTQXR7KE0qSJDjyJFMc0lcnIutT7JHX6pXA=; b=IzMetGSecOhNHt6ynAf6jLXEtSPhvfQ91hDMTkqPD28W4Wi2iY47zEgQo0TO2KcSFRa2rZOKWOMSDhk2HEnSUlqCzZuoXEzgylAVKMECum/nPM5umX5a/nw6dVVbxSq3pK0btSKvtXZGkL9JeUF5oyYvXXVjy88rnGfFYnwXxU0= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:48 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:48 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 05/19] fuzz: expose qemu_savevm_state & skip state header Thread-Index: AQHVQphf00Of8EfzIU6Dfljoa6uWtQ== Date: Thu, 25 Jul 2019 03:23:48 +0000 Message-ID: <20190725032321.12721-6-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cd61530f-c5ef-492b-17f5-08d710af81e3 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1060; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Y3s4ekXnvtvID29hT3jB1aTf9MG0yM7kpvESBWfty0k0UGvUOhzTE/xneKxHf0+hSnCE6tzRAez56CNqPU3OrLLvyir3njT7BG+H14I/Rhe+z9Su2mTYDV9w0ZZJ3Ngi1sHDuF95UgFXDoAXU9cbrEbjlBS7bz4aOSMaKKsS7J+N80W0Rvj7AnNHYS17IxJChLAipV1r4Xbwi2TJeWPyiE1h33TiU32xquAkcxyBlh9hSM66eErI9k0DyzaNxmD6zMtJ4ZKgLufjZAPjur15DAqsCTuj8wvnnp4Tq0weyrKuqJdPFzwGsYmfe0ODDiJhU7lf6J/Ebf6JQ4vYFgLOrjs4z8KMWyBi5UCyi+PtvJiYx9aIWnlzmyb794CmYHqbUEHhbbrgkO8i4ZYM9qHgv7CePU0QzwNbVoI8IhptUDA= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: cd61530f-c5ef-492b-17f5-08d710af81e3 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:48.2318 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.120 Subject: [Qemu-devel] [RFC 05/19] fuzz: expose qemu_savevm_state & skip state header X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Juan Quintela , "Dr. David Alan Gilbert" , "Oleinik, Alexander" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "pbonzini@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Alexander Oleinik --- migration/savevm.c | 8 ++++++-- migration/savevm.h | 3 +++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/migration/savevm.c b/migration/savevm.c index 79ed44d475..80c00ea560 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -1404,8 +1404,11 @@ void qemu_savevm_state_cleanup(void) } } } - +#ifdef CONFIG_FUZZ +int qemu_savevm_state(QEMUFile *f, Error **errp) +#else static int qemu_savevm_state(QEMUFile *f, Error **errp) +#endif { int ret; MigrationState *ms = migrate_get_current(); @@ -1471,11 +1474,12 @@ void qemu_savevm_live_state(QEMUFile *f) int qemu_save_device_state(QEMUFile *f) { SaveStateEntry *se; - +#ifndef CONFIG_FUZZ if (!migration_in_colo_state()) { qemu_put_be32(f, QEMU_VM_FILE_MAGIC); qemu_put_be32(f, QEMU_VM_FILE_VERSION); } +#endif cpu_synchronize_all_states(); QTAILQ_FOREACH(se, &savevm_state.handlers, entry) { diff --git a/migration/savevm.h b/migration/savevm.h index 51a4b9caa8..30315d0cfd 100644 --- a/migration/savevm.h +++ b/migration/savevm.h @@ -64,4 +64,7 @@ void qemu_loadvm_state_cleanup(void); int qemu_loadvm_state_main(QEMUFile *f, MigrationIncomingState *mis); int qemu_load_device_state(QEMUFile *f); +#ifdef CONFIG_FUZZ +int qemu_savevm_state(QEMUFile *f, Error **errp); +#endif #endif From patchwork Thu Jul 25 03:23:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057913 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C306513A4 for ; Thu, 25 Jul 2019 03:24:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B373E28929 for ; Thu, 25 Jul 2019 03:24:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A749B28936; Thu, 25 Jul 2019 03:24:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3465628929 for ; Thu, 25 Jul 2019 03:24:23 +0000 (UTC) Received: from localhost ([::1]:55448 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMg-0005wr-4m for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:24:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40171) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMC-0003y5-Fv for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMB-0001oj-4V for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:52 -0400 Received: from mail-eopbgr810120.outbound.protection.outlook.com ([40.107.81.120]:6127 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMA-0001mt-UM for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:51 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hh3+uIou8kcNeMOcumWOLUnydX2tD8JcIitTV/afkoHzGwOYAwVNj9KUWPC2ilAsc3PPbB0DEU1NlmOWSNEoqD4gmkebLdElTaNvWxQTfVmQTu3HH4G0mSi54pVj2SXzjJbZ5QGANaLZFvA/M0FUCnjGxomVkfdNXK8uIvhZqdPQDzorbhqBjA/X1lzA/vPyer8e+m+if0Ii8zeFxRe0qkYRYdAnlVGgw8KjnJHXXB3se7kdMjHck7BjEMOhESacojXMU3r9qzz8MYLcXBEeMD8vi6+ujMTWUVq8BfJ0jBZN67LgOOWj4RfUfnccwSm5WGSKpi3qsNbInTFc8YiJog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zT/a1I8FfcJ+SlA33/8Vk6Iw9ZKoCdcGurs5aoWCk3s=; b=QzfyYvtceT8tHFYVzegi34rcC5SR/xeiX0HZG5B6d07HCOOvAZ8cq34riG8ZuzVZf7YozFX0Nc0ZXnbbV7j3nYjQ5802FC9UzuLlFX6CKeKdCCe1sXeNANsS3bvzZvu3XaAClVU8b3Qo0mLnX65crIfpYCTa1/MsKUIHJB8lN0bqjOlJzinUubPBYAvIei4SXpfmJIEkK8uoZXMHVb4D64KUkCGc0g2j6lTFFbpU0ytZ5kaTHom5q5CfMCmnJkcd4XkptxeRB1W7XHp3cg51PvISFuaptC3nnKnmMygIM4cF1F0iuFES+YB39quZ4FyaS0bcEKGWvBov+Rb42/R1qg== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zT/a1I8FfcJ+SlA33/8Vk6Iw9ZKoCdcGurs5aoWCk3s=; b=BFe+fdc1N5AhCz99czk+kfGwOmo6hrP/2PlyxZ1+xJlzcEc8Ir2/Atn1kLnuEdZ0KDN8x8jEda/DT5oHPyq8+oHZT1MDilcdNOhA+MiAkxnNiGwz86FGLv+9PWKIiTVyA1XjypyCHJQjku6KI87XSwl+36fAuDmx3tSPxK6I46U= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:49 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:49 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 06/19] fuzz: Add ramfile for fast vmstate/vmload Thread-Index: AQHVQphfm5R9EtrmLUa21dtVrN4MJg== Date: Thu, 25 Jul 2019 03:23:49 +0000 Message-ID: <20190725032321.12721-7-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 44bff88f-bc20-46b6-aafc-08d710af825a x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4125; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 7kd5AG2PRCtfCgZBFI0sqrXJZ3k914woHRpmp585VIbxgVDUtNgar/8VtGMd+pgDQWUSBU0UEzeu35HR4FmMZxP/tTdbXXP155lSXcQOLF8CjvldkRTWo6aNhtQcKX8xd67xqVTTKKr4/Xp9nyWB0vd8v4Zt08ufo6gkyB99BhK+Nhd8S2J4au05zrFW554gD1HWJUEarHXuOZ5FvtaetbrMyyLPhUL9/lCLzQ+CmiNb0Hw6oW5ECZmzvIyGYyVGGR0Wov0TSi/UiNM4FYwhQ9NJ/z1N70oXO8SSR3rllPBA2KqxmOEGahKGap6+aLATlxlE8bo5SV+CGNakzs/sKE7GfOxkAqv1KWdxpFGfUMAKGamMGU8b4AaIejN2vTgTJ/i8Ox30f/XR9Vof1M7NyG1t7aCQSZxeFK7/zPHfBlA= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 44bff88f-bc20-46b6-aafc-08d710af825a X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:49.0394 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.120 Subject: [Qemu-devel] [RFC 06/19] fuzz: Add ramfile for fast vmstate/vmload X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The ramfile allows vmstate to be saved and restored directly onto the heap. Signed-off-by: Alexander Oleinik --- tests/fuzz/ramfile.c | 127 +++++++++++++++++++++++++++++++++++++++++++ tests/fuzz/ramfile.h | 20 +++++++ 2 files changed, 147 insertions(+) create mode 100644 tests/fuzz/ramfile.c create mode 100644 tests/fuzz/ramfile.h diff --git a/tests/fuzz/ramfile.c b/tests/fuzz/ramfile.c new file mode 100644 index 0000000000..8da242e9ee --- /dev/null +++ b/tests/fuzz/ramfile.c @@ -0,0 +1,127 @@ +/* + * ===================================================================================== + * + * Filename: ramfile.c + * + * Description: QEMUFile stored in dynamically allocated RAM for fast VMRestore + * + * Author: Alexander Oleinik (), alxndr@bu.edu + * Organization: + * + * ===================================================================================== + */ +#include +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "exec/memory.h" +#include "migration/qemu-file.h" +#include "migration/migration.h" +#include "migration/savevm.h" +#include "ramfile.h" + +#define INCREMENT 10240 +#define IO_BUF_SIZE 32768 +#define MAX_IOV_SIZE MIN(IOV_MAX, 64) + +struct QEMUFile { + const QEMUFileOps *ops; + const QEMUFileHooks *hooks; + void *opaque; + + int64_t bytes_xfer; + int64_t xfer_limit; + + int64_t pos; /* start of buffer when writing, end of buffer + when reading */ + int buf_index; + int buf_size; /* 0 when writing */ + uint8_t buf[IO_BUF_SIZE]; + + DECLARE_BITMAP(may_free, MAX_IOV_SIZE); + struct iovec iov[MAX_IOV_SIZE]; + unsigned int iovcnt; + + int last_error; +}; + +static ssize_t ram_writev_buffer(void *opaque, struct iovec *iov, int iovcnt, + int64_t pos) +{ + ram_disk *rd = (ram_disk*)opaque; + gsize newsize; + ssize_t total_size = 0; + int i; + if(!rd->base) { + rd->base = g_malloc(INCREMENT); + rd->len = INCREMENT; + } + for(i = 0; i< iovcnt; i++) + { + if(pos+iov[i].iov_len >= rd->len ){ + newsize = ((pos + iov[i].iov_len)/INCREMENT + 1) * INCREMENT; + rd->base = g_realloc(rd->base, newsize); + rd->len = newsize; + } + /* for(int j =0; jbase + pos, iov[i].iov_base, iov[i].iov_len); + pos += iov[i].iov_len; + total_size += iov[i].iov_len; + } + return total_size; +} + +static ssize_t ram_get_buffer(void *opaque, uint8_t *buf, int64_t pos, + size_t size) +{ + ram_disk *rd = (ram_disk*)opaque; + if(pos+size>rd->len){ + if(rd->len-pos>=0){ + memcpy(buf, rd->base + pos, rd->len-pos); + size = rd->len-pos; + } + } + else + memcpy(buf, rd->base + pos, size); + return size; +} + +static int ram_fclose(void *opaque) +{ + return 0; +} + +static const QEMUFileOps ram_read_ops = { + .get_buffer = ram_get_buffer, + .close = ram_fclose +}; + +static const QEMUFileOps ram_write_ops = { + .writev_buffer = ram_writev_buffer, + .close = ram_fclose +}; + +QEMUFile *qemu_fopen_ram(ram_disk **return_rd) { + ram_disk *rd = g_new0(ram_disk, 1); + *return_rd=rd; + return qemu_fopen_ops(rd, &ram_write_ops); +} + +QEMUFile *qemu_fopen_ro_ram(ram_disk* rd) { + return qemu_fopen_ops(rd, &ram_read_ops); +} + +void qemu_freopen_ro_ram(QEMUFile* f) { + void *rd = f->opaque; + f->bytes_xfer=0; + f->xfer_limit=0; + f->last_error=0; + f->iovcnt=0; + f->buf_index=0; + f->buf_size=0; + f->pos=0; + f->ops = &ram_read_ops; + f->opaque = rd; + return; +} diff --git a/tests/fuzz/ramfile.h b/tests/fuzz/ramfile.h new file mode 100644 index 0000000000..b51cc72950 --- /dev/null +++ b/tests/fuzz/ramfile.h @@ -0,0 +1,20 @@ +#ifndef RAMFILE_H +#define RAMFILE_H + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "qemu/iov.h" +#include "exec/memory.h" +#include "exec/address-spaces.h" +#include "migration/qemu-file.h" + +typedef struct ram_disk { + void *base; + gsize len; +} ram_disk; + +QEMUFile *qemu_fopen_ram(ram_disk **rd); +QEMUFile *qemu_fopen_ro_ram(ram_disk* rd); +void qemu_freopen_ro_ram(QEMUFile* f); + +#endif From patchwork Thu Jul 25 03:23:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057915 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C51FD13A4 for ; Thu, 25 Jul 2019 03:25:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B3B2828929 for ; Thu, 25 Jul 2019 03:25:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A79F128936; Thu, 25 Jul 2019 03:25:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3595928929 for ; Thu, 25 Jul 2019 03:25:01 +0000 (UTC) Received: from localhost ([::1]:55468 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUNH-00008Q-Q5 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:24:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40177) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMC-0003ym-Nl for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMB-0001ox-Iu for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:52 -0400 Received: from mail-eopbgr810120.outbound.protection.outlook.com ([40.107.81.120]:6127 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMB-0001mt-CF for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:51 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bDOKuFKD8L9/T239lCYSZixMHe2Z84+jFXWJAA8tpwoYRUBWWGSV3hVYfsH/k/3RIxkn0tC3vu9jDTa+bMJnshZc7hifC8NHUCr4VX77C5yXCQUWjfvm6txQ4N//Q/5PiDAmPWKvwFGHqSGLZDbgL5OPOo9Rj0LY08Erd9BfrMXazfOvT9lfYTidA9lrmnvkgdiQ3uuIBhusnpaLaOjb32G0rXkVCzt7xN800zKykxuuHdKxRj0zkbDcksik/3/szcOzC+1RltLQzW6ndJF91bVXug3I7FGy8pM7SJRKEKRgIfT+l3Rc42e63kyoqijay12xcW2nS+exw/F1MSk26Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BYp83DgzQi+Gq3/Is3+1ZwNdFWACoIiDCSqxanHxsyY=; b=Pl1MWGUtc6SpcDso58JvfYmkgzdNVHN4cdf1XiiPJYc5AobW9L7+R9I/p2z7A1eZTy95CjRl7sblHz76ENDtg9qQKTSB9ymRoYdKXiDwaCgowiQ3GFZtZ9ox5ZvSiKNvGcBmelV2lAd4wHYSh/uzXEi2uIJ3X4UpB6m8X/WdKAsNKySPRRRDKIy531ofcPw/SqvVaE+s6tDI1iCeiU73ixujEy4C50VEvkM0vUobOYmF0X5SRUEcuqKqFHb4CSFXyGf0q7ByFVHn9yr1r8Ez93gD4238mmhNpq3zeAK5eXXBPO2yWTPaZTTb+ym5zpkmx1YIxzw2Vq0DiV6WxMwk3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BYp83DgzQi+Gq3/Is3+1ZwNdFWACoIiDCSqxanHxsyY=; b=TKqFXV2VjVlXNOEbWOPueYRF/vNeHaPB2dXxG6+1cbTkf0RIAqL/bfmgY56UpNX71wZDb1vcEC3u8fIaLbe2UGPPoV8QYUU7Y9kV5YUssBczuod7Lqae8J2fIslD3bsY7riic1PODmpZYcHWj0Bux6A59WlQbzq9u7xQGhYCr2c= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:50 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:50 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 07/19] fuzz: Modify libqtest to directly invoke qtest.c Thread-Index: AQHVQphgLYpwnCOLmkuHDOxi0AT8oA== Date: Thu, 25 Jul 2019 03:23:49 +0000 Message-ID: <20190725032321.12721-8-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 058eb46d-d5d1-4228-685e-08d710af82eb x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:161; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: OQ6NVyuNhJNOOkbckfKCPUMhw1s9JlsHIg62V4ui/+hZNhmJ0xLF5A2kFq7heKoCJsgf5AbeBU/nKwnA3JY11Ta6++SHfPjhEW9Ry6mBM68et9Cq+no1Go1aDg81k7NoIcXg5oa2RQ+QHKOLkI9JyJPonF6z+zOOcGhi4OSqWuoPbmsOeW2iOIQHCotukrImukY6mDYXprpcv83y4OSb3gb0aku/dmGKUlXbWKF/Tmdjc7gmlEfzravJzXFzBuEpIpjNQ+VSU5b7hvq28Ih5Vmlx5vFJ0nGEie7mxD09acSQEc3vF7utC8CUWhKysJ+4CCeyLkU48nvvOLiOMqUcZyrjnfUEWUIOT1lblHDklHtogXNBvQbJMV/exW/6fNq+gr7mGV2SwXdFHo/4tKSeG+FvAh1qk4+f/tM3aooC1eQ= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 058eb46d-d5d1-4228-685e-08d710af82eb X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:49.9890 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.120 Subject: [Qemu-devel] [RFC 07/19] fuzz: Modify libqtest to directly invoke qtest.c X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , "Oleinik, Alexander" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "pbonzini@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP libqtest directly invokes the qtest client and exposes a function to accept responses. Signed-off-by: Alexander Oleinik --- tests/libqtest.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++- tests/libqtest.h | 6 ++++++ 2 files changed, 58 insertions(+), 1 deletion(-) diff --git a/tests/libqtest.c b/tests/libqtest.c index 3c5c3f49d8..a68a7287cb 100644 --- a/tests/libqtest.c +++ b/tests/libqtest.c @@ -30,12 +30,18 @@ #include "qapi/qmp/qjson.h" #include "qapi/qmp/qlist.h" #include "qapi/qmp/qstring.h" +#ifdef CONFIG_FUZZ +#include "sysemu/qtest.h" +#endif #define MAX_IRQ 256 #define SOCKET_TIMEOUT 50 #define SOCKET_MAX_FDS 16 QTestState *global_qtest; +#ifdef CONFIG_FUZZ +static GString *recv_str; +#endif struct QTestState { @@ -316,6 +322,20 @@ QTestState *qtest_initf(const char *fmt, ...) va_end(ap); return s; } +#ifdef CONFIG_FUZZ +QTestState *qtest_init_fuzz(const char *extra_args, int *sock_fd) +{ + QTestState *qts; + qts = g_new(QTestState, 1); + qts->wstatus = 0; + for (int i = 0; i < MAX_IRQ; i++) { + qts->irq_level[i] = false; + } + qts->big_endian = qtest_query_target_endianness(qts); + + return qts; +} +#endif QTestState *qtest_init_with_serial(const char *extra_args, int *sock_fd) { @@ -379,9 +399,18 @@ static void socket_sendf(int fd, const char *fmt, va_list ap) { gchar *str = g_strdup_vprintf(fmt, ap); size_t size = strlen(str); +#ifdef CONFIG_FUZZ + // Directly call qtest_process_inbuf in the qtest server + GString *gstr = g_string_new_len(str, size); + /* printf(">>> %s",gstr->str); */ + qtest_server_recv(gstr); + g_string_free(gstr, true); + g_free(str); +#else socket_send(fd, str, size); g_free(str); +#endif } static void GCC_FMT_ATTR(2, 3) qtest_sendf(QTestState *s, const char *fmt, ...) @@ -433,6 +462,12 @@ static GString *qtest_recv_line(QTestState *s) size_t offset; char *eol; +#ifdef CONFIG_FUZZ + eol = strchr(recv_str->str, '\n'); + offset = eol - recv_str->str; + line = g_string_new_len(recv_str->str, offset); + g_string_erase(recv_str, 0, offset + 1); +#else while ((eol = strchr(s->rx->str, '\n')) == NULL) { ssize_t len; char buffer[1024]; @@ -453,7 +488,7 @@ static GString *qtest_recv_line(QTestState *s) offset = eol - s->rx->str; line = g_string_new_len(s->rx->str, offset); g_string_erase(s->rx, 0, offset + 1); - +#endif return line; } @@ -797,6 +832,9 @@ char *qtest_hmp(QTestState *s, const char *fmt, ...) const char *qtest_get_arch(void) { +#ifdef CONFIG_FUZZ + return "i386"; +#endif const char *qemu = qtest_qemu_binary(); const char *end = strrchr(qemu, '/'); @@ -1339,3 +1377,16 @@ void qmp_assert_error_class(QDict *rsp, const char *class) qobject_unref(rsp); } +#ifdef CONFIG_FUZZ +void qtest_clear_rxbuf(QTestState *s){ + g_string_set_size(recv_str,0); +} + +void qtest_client_recv(const char *str, size_t len) +{ + if(!recv_str) + recv_str = g_string_new(NULL); + g_string_append_len(recv_str, str, len); + return; +} +#endif diff --git a/tests/libqtest.h b/tests/libqtest.h index cadf1d4a03..dca8f2c2f2 100644 --- a/tests/libqtest.h +++ b/tests/libqtest.h @@ -1001,4 +1001,10 @@ void qmp_assert_error_class(QDict *rsp, const char *class); */ bool qtest_probe_child(QTestState *s); +#ifdef CONFIG_FUZZ +QTestState *qtest_init_fuzz(const char *extra_args, int *sock_fd); +void qtest_clear_rxbuf(QTestState *s); +void qtest_client_recv(const char *str, size_t len); +#endif + #endif From patchwork Thu Jul 25 03:23:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057929 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8507E138D for ; Thu, 25 Jul 2019 03:26:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7477A28929 for ; Thu, 25 Jul 2019 03:26:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6855E28936; Thu, 25 Jul 2019 03:26:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DE12B28929 for ; Thu, 25 Jul 2019 03:26:18 +0000 (UTC) Received: from localhost ([::1]:55508 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUOX-0005O8-La for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:26:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40183) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMD-00040h-5n for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMC-0001pK-1p for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:53 -0400 Received: from mail-eopbgr810120.outbound.protection.outlook.com ([40.107.81.120]:6127 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMB-0001mt-Qa for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:51 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H6cNV58BZet46l5ZKjdaL9EZ5NXQBqP0P1W7DXdlcMl+4+Em13gVtPeg97jnSJiYcsvziDoN+wBQV/vDUIWsxAIvDhSDBzdcTBe1LjOz3aQiwOxbBFGsy3RfDY+9xCaht4pLgPdcixpuzdL8gvEinDGfyyBdvJQF3au713J4O/pdPVgydLfe99cWFONsnz2DngAAR4zU1azKP+32ylXXJ+7iQVxESw8p/UFSgJHJ1qyhn00Di/76c+UlahxQPvqKsIFF9xcFTDc0f4KcxONithqkTB44sGuZ5MYceC+M68UKdsapMYouQqAaMf7adOuefEzzjRqhISkjovoqfUA7LQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zh+WGC69WtESuVqW8k8FIXRC3KHJpnYQRf6HhUE30Iw=; b=ecdrlU6WPf59LwomOcYD03qEGKuQ14/93LaBRPO/GQLnw5XGVxcWCzNPhThmQoWMPLlk5aUDcZ+wc/FTFsv7J6peN9S7g2pxaR5UuVzzPNknX+6AnTMZ+2A43wipMXvxVqwCHXEVmnMddFqBW8UhHqXeke92DHkYl5OCyzqdbM0c16rFcDKd2aXGOA5sfL5lo8A3TdJ3kQRoZ4aZZkhUDbdMRYY+vCliGaf+8VuFgjtLNEx66/4x2yS2mVeYr5rcz/fWsNWnirvqdE/Vvsci8nEW9bq0bg1iKkIWW/devnZ57JCTJM/TKa2tmE7sAc06p9dzqEOfUurLz7NANvhrMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zh+WGC69WtESuVqW8k8FIXRC3KHJpnYQRf6HhUE30Iw=; b=xiglhz9UWZVH0erpO0Gw70VLSfFb6D7izUW+RGGgNoTqDZE8krZtyTkb3FGiJXZsMuJKRHywx4OHP3m9XMTMaDMgDBwTzstGFgun+Q5YIJEngUpcYd7vouNMLO6yQXSGMZ5KsCWLI0iifkt/AaFEcY1r9MBgNh36SFf9RY+811A= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:51 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:50 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 08/19] fuzz: add shims to intercept libfuzzer init Thread-Index: AQHVQphhJV35HGYgOESUtyqymOzCXA== Date: Thu, 25 Jul 2019 03:23:50 +0000 Message-ID: <20190725032321.12721-9-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f7556b28-500b-48f0-e9b1-08d710af836a x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: YDnt9VNfcZZ0QBEINp2Nu39Uy87EsLiCzRETVlvKwBeCuMW08MKTFgepGBwu0YbGftPHpvJsCOoIMJRbYKuUakrg60jcgJYoEnYryx7G/Yqp5zI/sK/csds/rm6mm8wVOpACXRO/l9BaYui0Xs2sznDSWc6zOUsLaRSfA56E+nI9Paic7rj2/Tgyxdmsl48RnJSdXfSY1kxA6rZZAKsJ5mu0WxHhC5k4FJtwjVSjdk0KKnzzpwloy51t7huBdOzgQc8aS2lMziQh6AYvYdmB5Fjf+uoSjsQk9RwBzR7OJjC2JNBb+BzuKSFiBK4QHIZsJn9vXnISMWUOAWhRY54DmksMeFdZNpEdSoeCl2wfdHKSSunt67ZqT5MdqfrcxT3Jpr1qIH/luE8oLrNt2S+63SkIOgIRSLz/Nm28ogAGyzI= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: f7556b28-500b-48f0-e9b1-08d710af836a X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:50.8736 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.120 Subject: [Qemu-devel] [RFC 08/19] fuzz: add shims to intercept libfuzzer init X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Intercept coverage buffer registration calls and use this information to copy them to shared memory, if using fork() to avoid resetting device state. Signed-off-by: Alexander Oleinik --- tests/fuzz/fuzzer_hooks.c | 106 ++++++++++++++++++++++++++++++++++++++ tests/fuzz/fuzzer_hooks.h | 9 ++++ 2 files changed, 115 insertions(+) create mode 100644 tests/fuzz/fuzzer_hooks.c create mode 100644 tests/fuzz/fuzzer_hooks.h diff --git a/tests/fuzz/fuzzer_hooks.c b/tests/fuzz/fuzzer_hooks.c new file mode 100644 index 0000000000..5a0bbec413 --- /dev/null +++ b/tests/fuzz/fuzzer_hooks.c @@ -0,0 +1,106 @@ +#include "qemu/osdep.h" +#include "qemu/units.h" +#include "qapi/error.h" +#include "qemu-common.h" +#include "fuzzer_hooks.h" + +#include +#include + + +extern void* _ZN6fuzzer3TPCE; +// The libfuzzer handlers +void __real___sanitizer_cov_8bit_counters_init(uint8_t*, uint8_t*); +void __real___sanitizer_cov_trace_pc_guard_init(uint8_t*, uint8_t*); + +void __wrap___sanitizer_cov_8bit_counters_init(uint8_t *Start, uint8_t *Stop); +void __wrap___sanitizer_cov_trace_pc_guard_init(uint8_t *Start, uint8_t *Stop); + + +void* counter_shm; + +typedef struct CoverageRegion { + uint8_t* start; + size_t length; + bool store; /* Set this if it needs to be copied to the forked process */ +} CoverageRegion; + +CoverageRegion regions[10]; +int region_index = 0; + +void __wrap___sanitizer_cov_8bit_counters_init(uint8_t *Start, uint8_t *Stop) +{ + regions[region_index].start = Start; + regions[region_index].length = Stop-Start; + regions[region_index].store = true; + region_index++; + __real___sanitizer_cov_8bit_counters_init(Start, Stop); +} + +void __wrap___sanitizer_cov_trace_pc_guard_init(uint8_t *Start, uint8_t *Stop) +{ + regions[region_index].start = Start; + regions[region_index++].length = Stop-Start; + regions[region_index].store = true; + region_index++; + __real___sanitizer_cov_trace_pc_guard_init(Start, Stop); +} + +static void add_tpc_region(void) +{ + /* Got symbol and length from readelf. Horrible way to do this! */ + regions[region_index].start = (uint8_t*)(&_ZN6fuzzer3TPCE); + regions[region_index].length = 0x443c00; + regions[region_index].store = true; + region_index++; +} + +void counter_shm_init(void) +{ + /* + * Add the internal libfuzzer object that gets modified by cmp, etc + * callbacks + */ + add_tpc_region(); + + size_t length = 0; + for(int i=0; i X-Patchwork-Id: 11057927 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C16A813A4 for ; Thu, 25 Jul 2019 03:26:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B0A5C28929 for ; Thu, 25 Jul 2019 03:26:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A168228936; Thu, 25 Jul 2019 03:26:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 35DE128929 for ; Thu, 25 Jul 2019 03:26:05 +0000 (UTC) Received: from localhost ([::1]:55498 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUOK-0004PI-4o for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:26:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40214) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMF-0004BD-JP for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMD-0001q6-GC for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:55 -0400 Received: from mail-eopbgr810110.outbound.protection.outlook.com ([40.107.81.110]:60544 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMD-0001pn-AC for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:53 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B6Gx78PvgKmKmQOzJrIuEANqqIiPoaL/L4a68Lfj3fVz3ujyUxXCEzsMy/Yjxroz+Xagp9KpXQglpjsSo55btlbfTBHTKRQTlujXGnmM/Gp4ECZG+ixka3Mbme78wqA0B9rGitZDTb/+KcyZ8JGxaFvYXCl/felOM+K8AL/7Q2Yh1KIokCVYJXM6HRw4316G+S98fLrClMJ3PKJWkqur77I3WcK1A7B0cui58ZIyUTpOX3TmPXiX/C+jiCaZWWI4TFVFE4ICz2ZaSbmVNE2dYY1pc6gDOvnRJhykQ0FEGFuyQGwhWblAAtV8A+sD3D3TUmaG6QUaCObrGkH1bWJHmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U1y7xLsVBAFj0PWQG4j2WzFMPCltVwNN/WItGP2H5CQ=; b=Nvpex6s4qGrd6tGXjAUnE0/FoTu0ZubbdAXCH1eys81G9CYiciTDegww2fEXAgprk60IhBH9n89d0ks+NRXDxYJD7tAuwZFLyC+PBLSu5Wpod/OuJ0i4RdPz5xur9pbniQdJXS9WdoYmZQhUKuT+uOI40hPGhPyd6FqrsQ8MkaSGcEuoJthYwz5ZGt3CScxrnVWiz8MqButYchHAZ9CqAXTJVREtd7Hsc3Djug/pQpiHFz75ORcmzW/FNL2yI0iVw6qb0XG2mme+r5xCMiYL1hGqINlrtHpt9lgiPpiUJnrikA+InfOsBQzIBcNdYooOWXVRYGCypxkoC4RI4hBJmQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U1y7xLsVBAFj0PWQG4j2WzFMPCltVwNN/WItGP2H5CQ=; b=4vdtKz4ocB2xPqxh+i+2Wgk8XlvoTxpsGquce9BW5Mfibi1awvW9fJOwEQTWKCQusyZloztLPV6xpGbHe6suCCZjfKAlzP5jwHmll9pghf+6xI7Cvvvsrbqm68czGT6ExldwxxQxkP3kS5AiZtgQT4RBgawjyeyZtY46+Y6tsMs= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:51 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:51 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 09/19] fuzz: use mtree_info to find mapped addresses Thread-Index: AQHVQphhgNmRXRes/k+6OAsxe/qRMA== Date: Thu, 25 Jul 2019 03:23:51 +0000 Message-ID: <20190725032321.12721-10-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9e63b777-b669-432e-95c9-08d710af83fa x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:125; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(37363001)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: AuG5v39EhJutU7+8gQAbhEvKUdJ+hxaHt8k1Ubz3awVUyjW0Nh1HN6J4ANRboOwsmFxp8O9c5yTJ7mPsGO7fyP7UG67JCVHFWfXg7nYn5/OZz4s0vGNGtzMNGOKVfVuiRVnd5gjvjNwFdlih3DaUD1+RuIU9urZ7QeZ0QkWYFSFwnOkfS401HqiWkjsDaAfPDxL+GjkYh9tZYozdXeZhUkNU+123gpB8ngy5Sk0W3cvAPlm+Dm0QcDczWCY06SBOUDlAJ6/f/hZWhTUNtEbWvd4kdMXwCejsNgdTR/pQ80+OCU7c/3FmACsGrfi/9/zgmeIp9AIn9cfDx9hGpU+cV9uY1n9B4shNdgAD+Aw/EbnfuDjXUMEOJ1Psch6UtcV5P/BshgU3rKSxk1GLsPakhVY0FtFdqdPmsEXTsRELDXI= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 9e63b777-b669-432e-95c9-08d710af83fa X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:51.7642 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.110 Subject: [Qemu-devel] [RFC 09/19] fuzz: use mtree_info to find mapped addresses X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Locate mmio and port i/o addresses that are mapped to devices so we can limit the fuzzer to only these addresses. This should be replaced with a sane way of enumaring these memory regions. Signed-off-by: Alexander Oleinik --- memory.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/memory.c b/memory.c index 5d8c9a9234..fa6cbe4f1d 100644 --- a/memory.c +++ b/memory.c @@ -34,6 +34,11 @@ #include "hw/qdev-properties.h" #include "hw/boards.h" #include "migration/vmstate.h" +#ifdef CONFIG_FUZZ +#include "tests/fuzz/fuzz.h" +#include "tests/fuzz/qos_fuzz.h" +#endif + //#define DEBUG_UNASSIGNED @@ -3016,12 +3021,20 @@ static void mtree_print_flatview(gpointer key, gpointer value, int n = view->nr; int i; AddressSpace *as; +#ifdef CONFIG_FUZZ + bool io=false; +#endif + qemu_printf("FlatView #%d\n", fvi->counter); ++fvi->counter; for (i = 0; i < fv_address_spaces->len; ++i) { as = g_array_index(fv_address_spaces, AddressSpace*, i); +#ifdef CONFIG_FUZZ + if(strcmp("I/O",as->name) == 0) + io = true; +#endif qemu_printf(" AS \"%s\", root: %s", as->name, memory_region_name(as->root)); if (as->root->alias) { @@ -3062,6 +3075,27 @@ static void mtree_print_flatview(gpointer key, gpointer value, range->readonly ? "rom" : memory_region_type(mr), memory_region_name(mr)); } +#ifdef CONFIG_FUZZ + if(strcmp("i/o", memory_region_type(mr))==0 && strcmp("io", memory_region_name(mr))){ + fuzz_memory_region *fmr = g_new0(fuzz_memory_region, 1); + if(!fuzz_memory_region_head) + { + fuzz_memory_region_head = fmr; + fuzz_memory_region_tail = fmr; + } + fmr->io = io; + fmr->start = int128_get64(range->addr.start); + fmr->length = MR_SIZE(range->addr.size); + fmr->next = fuzz_memory_region_head; + fuzz_memory_region_tail->next = fmr; + fuzz_memory_region_tail = fmr; + if(io == true){ + total_io_mem += MR_SIZE(range->addr.size)+1; + } else { + total_ram_mem += MR_SIZE(range->addr.size)+1; + } + } +#endif if (fvi->owner) { mtree_print_mr_owner(mr); } From patchwork Thu Jul 25 03:23:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057923 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9EAD513A4 for ; Thu, 25 Jul 2019 03:25:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 89F2528929 for ; Thu, 25 Jul 2019 03:25:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7A1DF28936; Thu, 25 Jul 2019 03:25:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1366828929 for ; Thu, 25 Jul 2019 03:25:50 +0000 (UTC) Received: from localhost ([::1]:55492 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUO4-0003SN-Sd for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:25:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40206) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUME-00048v-Vt for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMD-0001qH-UE for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:54 -0400 Received: from mail-eopbgr810110.outbound.protection.outlook.com ([40.107.81.110]:60544 helo=NAM01-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMD-0001pn-Nx for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:53 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KMgYxt2bT9RnAbdT2RHt9/IXL7TMPtic8N+YqHKb3V/jt3hp07GAG5WBlKuSs/6dt/e2aBiBrIOutdFlNIiQiNIFowOYgXSaFszmI6mcbesmsEw3iUk9IfSsyidW4lvJNycmQ4Z9CrmspklAuZ/0tEirIvV7oNxMtObS7DCyq2n/IazQfSQV9bc25qHhc7LIP98/fpYwJO2qc3yQONvNrEFupVkOejdMi53HANqEaic7thDapW9cF63YwiJEdoak9YkhO5LUdrvCMtI9l5qS61Gya3IkEHA0lsYKC0xpP3U4QGOetgAG9GrkKusIPcz4EO9RFj740NJnVloNHiPMhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0fJuvSA/j47yDGngl+9YT0F7WUnhEMH488mha91RQ+0=; b=Lac//Lrio+PgsF0k3YAyfMQxkIAwN31btdGj3mPM67Z3+oP23K+XuC2AwaEuerl3R1Lp69OZ01icR81ovnIypkx42q3ivksyUskkEGbcBeWg2uImsJDA3wNOdpUBlnsBjip/ondBGNJOgIGdoYfprs6GTEU8AAGiJwOG6yhOCFE1VbCPxQVAV/3zhDhzPCnwcfpoen4ljvg+OoMGlpx9Obiwr4FZXKPoPKqZ2aTLoTlo0AGWGXWss8+lHQwjA9Xr4HegV+QOUMIXp9V0PGM/vpMq7Me5rYULtKLaW+tiWbRB6sC6KpkQ7BMwW87qPLK5i/jF2nE7+YsCGLaak1Bu2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0fJuvSA/j47yDGngl+9YT0F7WUnhEMH488mha91RQ+0=; b=IPe6CyUGO4oHkcyVfANluraV+IelkT5raIif3tMbKsMci85c5XTDWJj0hVUJoT5OkJLm3fdJgJTdqvmBPb+eM2LHPBiCPafH+5HGUZTGXNk1kG+vFflgQ1DbmxREaLS8EnPrjSgwqGPNqWg6dQi86pZtZ1gM29nM0EWgfek9KYk= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:52 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:52 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 10/19] fuzz: expose real_main (aka regular vl.c:main) Thread-Index: AQHVQphi/ap9MbiEUkiHsVqYQtC80A== Date: Thu, 25 Jul 2019 03:23:52 +0000 Message-ID: <20190725032321.12721-11-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3a05376b-14af-4408-b752-08d710af8481 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:972; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: a3Q0nUSnzkFA6Cg8w78J0RVwelENSJelAj81rBNPbqh4DHwmostcL1N+g7lPwVvCliGRV66Xtkmdf13cXZVpEMRQwg8C8CjmuVXyYKMjhmcnCbABYPqRikKrh/7FUof/q0+kbsjmqC8sygZIy3HeN87oz+sehbic/X+iNZwHU9jsjrzHfuYfkUdlWOo/rTB/UlpTOftm8ggsCMsViJ3YD5heKAiPHj6DNLwDlLGKmLiM8R66MKicEUSPwfSGoG81AGQHEl1r2gJaVogFegAW3g4ftQ7z0wseh2Vn229zZ10Fknq8JJ82AjClbOxCwiseYM6F8/fms/kgpefmILDBwaoWDw/Z+RAZIzsKhnwxBjbVNHK5U1gLYKUnRLaZqmej9zYVsSogXebuurAnQJhSge5L67mFpFSJgiZ8TZhB04w= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 3a05376b-14af-4408-b752-08d710af8481 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:52.6088 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.81.110 Subject: [Qemu-devel] [RFC 10/19] fuzz: expose real_main (aka regular vl.c:main) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Export normal qemu-system main so it can be called from tests/fuzz/fuzz.c Signed-off-by: Alexander Oleinik --- include/sysemu/sysemu.h | 4 ++++ vl.c | 21 ++++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h index 984c439ac9..1bb8cf184c 100644 --- a/include/sysemu/sysemu.h +++ b/include/sysemu/sysemu.h @@ -184,6 +184,10 @@ QemuOpts *qemu_get_machine_opts(void); bool defaults_enabled(void); +#ifdef CONFIG_FUZZ +int real_main(int argc, char **argv, char **envp); +#endif + extern QemuOptsList qemu_legacy_drive_opts; extern QemuOptsList qemu_common_drive_opts; extern QemuOptsList qemu_drive_opts; diff --git a/vl.c b/vl.c index b426b32134..b71b99b6f8 100644 --- a/vl.c +++ b/vl.c @@ -130,6 +130,10 @@ int main(int argc, char **argv) #include "sysemu/iothread.h" #include "qemu/guest-random.h" +#ifdef CONFIG_FUZZ +#include "tests/libqtest.h" +#endif + #define MAX_VIRTIO_CONSOLES 1 static const char *data_dir[16]; @@ -2853,8 +2857,11 @@ static void user_register_global_props(void) qemu_opts_foreach(qemu_find_opts("global"), global_init_func, NULL, NULL); } - +#ifdef CONFIG_FUZZ +int real_main(int argc, char **argv, char **envp) +#else int main(int argc, char **argv, char **envp) +#endif { int i; int snapshot, linux_boot; @@ -2903,7 +2910,9 @@ int main(int argc, char **argv, char **envp) atexit(qemu_run_exit_notifiers); qemu_init_exec_dir(argv[0]); +#ifndef CONFIG_FUZZ // QOM is already set up by the fuzzer. module_call_init(MODULE_INIT_QOM); +#endif qemu_add_opts(&qemu_drive_opts); qemu_add_drive_opts(&qemu_legacy_drive_opts); @@ -4196,9 +4205,11 @@ int main(int argc, char **argv, char **envp) */ migration_object_init(); +#ifndef CONFIG_FUZZ // Already set up by the fuzzer if (qtest_chrdev) { qtest_init(qtest_chrdev, qtest_log, &error_fatal); } +#endif machine_opts = qemu_get_machine_opts(); kernel_filename = qemu_opt_get(machine_opts, "kernel"); @@ -4470,6 +4481,14 @@ int main(int argc, char **argv, char **envp) accel_setup_post(current_machine); os_setup_post(); +/* + * Return to the fuzzer since it will run qtest programs and run the + * main_loop +*/ +#ifdef CONFIG_FUZZ + return 0; +#endif + main_loop(); gdbserver_cleanup(); From patchwork Thu Jul 25 03:23:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057933 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5FC3713AC for ; Thu, 25 Jul 2019 03:26:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5016328929 for ; Thu, 25 Jul 2019 03:26:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 43F4728936; Thu, 25 Jul 2019 03:26:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E263628929 for ; Thu, 25 Jul 2019 03:26:37 +0000 (UTC) Received: from localhost ([::1]:55518 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUOq-0006n0-Pz for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:26:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40234) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMG-0004GZ-TJ for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMF-0001qs-Sq for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:56 -0400 Received: from mail-co1nam04on070e.outbound.protection.outlook.com ([2a01:111:f400:fe4d::70e]:20866 helo=NAM04-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMF-0001qN-MS for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:55 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Cjbzbe5QCAIJGBOzmBO+ZpH0bnGo3gBWIwzp7epyjIPVp0qxJv/DLKZugGE64W0y7y55lQjuQfG7tsWTHJDHuOSibx6TJU9D62GWfod46QihIgTIwqqVrKtPE8MSj7hW5gQNZvn+HMfx8Tyj4rzygDFPNNyeUR97WJlVu2NLC66Wp6oY25xDSRmobSU0IPL8WkOnZqszmNU+CaYTwzstFQzA+EjGp5iXx5RVzK8N3CbOPWmDILn+E6XOF/6/u4K1qmdoSmLw8977B7vnxF76imDEgsg6D46DuuSnYIOIir6axTXNm/stg4dxL8iq0SI9ie+GLPNOErqj8t2yps3f5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/38ezUuNsRUe47fY6wTbPadWihiYh1TxSruuZFHFbL4=; b=LITc3KUoOv5tOvQPO7nheS2Xwy9XcFeh2wLudRGBiszZkS59AcVkEIRzA9XClfPObfa0uP+g8A3taywJTZxhm+3XjhbI+kzo0tciaGBnEoznClm2nsunD3LHYcE43y1BFmx8eXEAxzAKCZnWW5Ed/BbNZUorRkvOJEb6rBXrg1Qo7/Sr7+PZrLxYIQ/GUOnSjfiFvLa5PYNlSPwrK+mtoMx1FKd+vtIGP6O5pGMlxdYqbVVm+u9mmNhYPAoyGBWT2HnPyCRtKnAHRYC40HcXLM7/lJIb/xM1aEUdldPXDWiHgc85CifVdYFU1aUMGUcjRQY2A9RV2I3NNMmpsOQFbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/38ezUuNsRUe47fY6wTbPadWihiYh1TxSruuZFHFbL4=; b=Cyl/QuNT0C2yWvqwlxEldXTL15HIUKPoMLQn5aK9Hgt0mew4E/tnpMqNn0d1FBOvOQatsPTjVl0HFxYNydipxKonyVeoJV2UbyO715Kh9QsBH6FuPiDPXq3aavCSy9Xx+8ixKbjgc1lOXaPcLlKOitPF4YBBW12TS4qNJBLxpGk= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:53 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:53 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 11/19] fuzz: add direct send/receive in qtest client Thread-Index: AQHVQphi6RX4toOzHUaVS5cIdn5Dsg== Date: Thu, 25 Jul 2019 03:23:53 +0000 Message-ID: <20190725032321.12721-12-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 66faa6e5-45d4-4006-a8ae-08d710af8515 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:346; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: HIk/EMECuwAf4BobJsXtFEjnWnqlurfFR9uYqC8fKIg34CAY4sZs0LxleSBUGH74CD8M5dTAR9wjjoFC9SU0Z138iNSXj5E68lso7t62y6QjxT6v/q5WOd3CxP6bFBIpvNpnIGdLjG8PTDHQSI9EVbUDK91JSABbvJ+K7C00HaWfTSd/EOC6vFgSx60CnP9D5lrZhbXJOGx1oHg4knZjM8nA+IkmpAigJU35UphENa5jEyECffMsL0I2kTSYj/+sxOzGD3lfnnNtL3yOV84EGkPD1w0obJUlO5XKjCDoKBpD/bV4bOHEW30zCwPXKdXxQPKWJ5cDi94nprXqdnpWmJB92frfOy2SqH8pIvohbY7NPqYXSu9Sn0WMyqF8dJ3jRGtjTdskcFFpanLintwStGS6YDV88hqWhBswCE00O50= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 66faa6e5-45d4-4006-a8ae-08d710af8515 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:53.6214 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 2a01:111:f400:fe4d::70e Subject: [Qemu-devel] [RFC 11/19] fuzz: add direct send/receive in qtest client X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , "Oleinik, Alexander" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "pbonzini@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Directly interact with tests/libqtest.c functions Signed-off-by: Alexander Oleinik --- qtest.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/qtest.c b/qtest.c index 15e27e911f..a6134d3ed0 100644 --- a/qtest.c +++ b/qtest.c @@ -31,6 +31,9 @@ #ifdef TARGET_PPC64 #include "hw/ppc/spapr_rtas.h" #endif +#ifdef CONFIG_FUZZ +#include "tests/libqtest.h" +#endif #define MAX_IRQ 256 @@ -231,10 +234,14 @@ static void GCC_FMT_ATTR(1, 2) qtest_log_send(const char *fmt, ...) static void do_qtest_send(CharBackend *chr, const char *str, size_t len) { +#ifdef CONFIG_FUZZ + qtest_client_recv(str, len); +#else qemu_chr_fe_write_all(chr, (uint8_t *)str, len); if (qtest_log_fp && qtest_opened) { fprintf(qtest_log_fp, "%s", str); } +#endif } static void qtest_send(CharBackend *chr, const char *str) @@ -748,8 +755,11 @@ static void qtest_event(void *opaque, int event) break; } } - +#ifdef CONFIG_FUZZ +void qtest_init_server(const char *qtest_chrdev, const char *qtest_log, Error **errp) +#else void qtest_init(const char *qtest_chrdev, const char *qtest_log, Error **errp) +#endif { Chardev *chr; @@ -781,3 +791,10 @@ bool qtest_driver(void) { return qtest_chr.chr != NULL; } +#ifdef CONFIG_FUZZ +void qtest_server_recv(GString *inbuf) +{ + qtest_process_inbuf(NULL, inbuf); +} +#endif + From patchwork Thu Jul 25 03:23:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057925 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 38CDC138D for ; Thu, 25 Jul 2019 03:25:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 27D1D28929 for ; Thu, 25 Jul 2019 03:25:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1AE1928936; Thu, 25 Jul 2019 03:25:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id BE65928929 for ; Thu, 25 Jul 2019 03:25:50 +0000 (UTC) Received: from localhost ([::1]:55494 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUO5-0003Uu-EI for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:25:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40240) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMH-0004Hc-6q for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMG-0001r1-9Z for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:57 -0400 Received: from mail-co1nam04on070e.outbound.protection.outlook.com ([2a01:111:f400:fe4d::70e]:20866 helo=NAM04-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMG-0001qN-3T for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:56 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RjHIqvUi++gOIGOXU2ImvENfsMMLPlJGDwrZGdGPgXYRvTfsZ/QpDm3IUWdORpuVxrQQ8xTNv/6e+kYw4+IjvL8JuawNLsb9yLqKCOXoW4Y0P4LH80wl0TCGCmsNXmLxAjSuJvn//STcyXTFbH4QmhD0Fx9k25/FcWWWGyVuwI2WqmbsPoLG34HaOcjrJTsS3828QC1Tm/XNQ8SxATis1z0va22tWVoiL7tx3hTyaMMxH8m9He0gMhB7AfZV1ngQtqnMZYMABeIzafY9eb9kwMtg7BfT6rE/3zVNe42RTgzlijZrapvAsfC3Hb4T6X2TN8SJp2JwdS2kSUdfUIa7JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GkTpUbSsjXzNmbZgIvE1yXVUG8FH2MQgzlMyNHTS22A=; b=jXe1Z2vbWU5P9DcMPss87+wCB66JN3CQbOPXbZNss/IOAY5ALvh2U1WbBY67TkSdC51t82pVBW5BpOPFncP8FRS+TxfZUd0e2dRj6YPRRZmYxPRzJCMmJ+V23ve+DUUIVXwZHcvEGwOsNcrKyqxrYagtQHkgrp6SfXJQAcLNVgHrt0xQd365m9EOvEf2YhYw3hxseTd0Es7tUu8GltixollcZJz103X4xKR0p7khHj81zZ2KHmPj3FIH3xgfgcbDvPQrrbD0ewzcCN78ug2J7b7CML3oIv4EA07iyi9PA6vj8pL8g11jzA2FJOk/0l8YZ10j3ZNJW0jbJc4hhDTegA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GkTpUbSsjXzNmbZgIvE1yXVUG8FH2MQgzlMyNHTS22A=; b=sifzW9nGrorjz49TqfXBrWZVhNxguPt+PAW4M729SVekLSD1qB1iyknI6+q6bFzEzmDJ68BDYbMO64SdzBF7ktiHXtnKNvvYZyv8vC2qaMEpoy7HyRpTOK1aeevw2c2Ya2/6lTGprMyZif8UXswlrzbMaCMh3EESQfEHz7IweDs= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:54 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:54 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 12/19] fuzz: hard-code all of the needed files for build Thread-Index: AQHVQphjtHKBYrsIkE+2gkuV9myZtw== Date: Thu, 25 Jul 2019 03:23:54 +0000 Message-ID: <20190725032321.12721-13-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9a277230-6579-44c4-b891-08d710af85a4 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1332; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(4744005)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: OHewxIiMG1UQpJWhPXf+VhB7oYNZG1MmJjVwNw7kDMsKj/wfesbnt+2r8UX7eAkeCv3T/LSeKE/ry+KOLy18ZTVL9gaOqPlMlwgjNolhgXSh/oC8MRGz664NjH2ERe+XJtiQxQf+PDP2+1lbFjdwhzZ+mhmxlAKSONcb4HNGvRnes5VrQOS+B+Xr7mSDyyQWz+HhQg9LWvNeC8O33eAUTyhZ6SO4Tiy+bp0cR63Baj9a/hxPbcWl+csNwAxCKEtWxr0NqL/K+QRTpG12MzWneXOHfQLmw2QtTe83k7WP79xhEVgsLnuA5BWKYU9Vv3EBSlUCLYFhrshp9WuwH5PJFm8CBNgl4zIckpZkBU2koEkMKS1WXHeAUud4lLnO3Qc+QdMNatR3hl3/NuOBpQlGy8IMq2JQBglRMW30IOC4ERs= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 9a277230-6579-44c4-b891-08d710af85a4 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:54.5989 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 2a01:111:f400:fe4d::70e Subject: [Qemu-devel] [RFC 12/19] fuzz: hard-code all of the needed files for build X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , "Oleinik, Alexander" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "pbonzini@redhat.com" , Richard Henderson Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Once the fuzzer is better-integrated into the build-system, this should go away Signed-off-by: Alexander Oleinik --- target/i386/Makefile.objs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs index 3d646848ef..c8834f6ad1 100644 --- a/target/i386/Makefile.objs +++ b/target/i386/Makefile.objs @@ -23,7 +23,7 @@ endif # I find a better way to integrate into the build system ifeq ($(CONFIG_FUZZ),y) obj-$(CONFIG_FUZZ) += ../../tests/fuzz/ramfile.o ../../accel/fuzz.o -obj-$(CONFIG_FUZZ) += ../../tests/fuzz/fuzz.o +obj-$(CONFIG_FUZZ) += ../../tests/fuzz/fuzz.o ../../tests/fuzz/fuzzer_hooks.o obj-$(CONFIG_FUZZ) += ../../tests/fuzz/virtio-net-fuzz.o obj-$(CONFIG_FUZZ) += ../../tests/fuzz/qtest_fuzz.o obj-$(CONFIG_FUZZ) += ../../tests/libqtest.o From patchwork Thu Jul 25 03:23:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057937 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9F729138D for ; Thu, 25 Jul 2019 03:27:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8E98628929 for ; Thu, 25 Jul 2019 03:27:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 82E642893A; Thu, 25 Jul 2019 03:27:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3606E28929 for ; Thu, 25 Jul 2019 03:27:18 +0000 (UTC) Received: from localhost ([::1]:55534 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUPV-00015I-94 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:27:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40248) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMH-0004JH-MT for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMG-0001rB-M2 for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:57 -0400 Received: from mail-co1nam04on070e.outbound.protection.outlook.com ([2a01:111:f400:fe4d::70e]:20866 helo=NAM04-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMG-0001qN-GM for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:56 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Agc3kd8Lw3ByoHO9wGDpId9tMTHrX21ZGBUwH1xku6u7Es8srBG2PGgtVC1sUymSOfZRej394XCMR1frvQ50KJb7RGXEfVOf0h2b4IROwImDu0HVIQE7gEsKAJO7f2NqJgrnniZe1z8/QX9ZAKsH+vtBVuSMyr4m1cgThffNKa64WRJlWpf5Jf3Tx+3uNt1q/bCqAl+B0CGmnykg5IU/5dk6HfJUClt3jWTVgeA+PSrhlVGL+terpHIm8//8yHt6yHnQjcWsQE89cQ1HYj5EG0zOVJBMJGVSyRUQhoVF9B6BpJmTQnf/asF2h86XWxtx1FI//RwmwFQVkTuMUltvXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gWcusC/C5GQ8HxbvHbkDa+zRpmoqoc3ymyMHSAiD9R4=; b=ePlfg9Ubp20VP/7HZrXpOio1qzvyMR/K4rNs15Ide2MvAt0V//cpXIepcX2NGXrShiEk+TSEdkxqTXbNSzbgvkGo/HJxh4NogmW52ZuVi0xjBNFcK1unOSAJdjg+TKnLJ/KgrvcLQ41qiRs9/ua4XTeiJJxpsrmKgWpDjrzMBBo7LEwzvpYkwyOo7Rh6a02ykS+7o4psuKEMYP9I/264ngfI1e22yQF4fOLrfC86P6JYAL7MvwzKDmnAgCAHkvWuaIu7ZyONlM6VtHIhxGrynd1bfhqnu/NKdSuZrFxUSl0wrDR++PKyC70a249Nz3VhoESXf+4eCuP0ex5DTINNuA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gWcusC/C5GQ8HxbvHbkDa+zRpmoqoc3ymyMHSAiD9R4=; b=v91fjWFnGiyO2aDkDohBack6QAj6rUqh6IvIwUowLpInMw5UkCgsWC0aAdaK6Rb1/STpB/tPDBWcIjnLVEIeGYk7PN0pU5mq02QCCd3nJG4H7Lbm1qXRMjCrK87rUkz8hpRkguNFbnXBSKWNTBdb8//CnjiNzrFwSZIFgJvzbEo= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:55 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:55 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 13/19] fuzz: add ctrl vq support to virtio-net in libqos Thread-Index: AQHVQphjneGWyeR1FUC3cWSGwtJT0Q== Date: Thu, 25 Jul 2019 03:23:55 +0000 Message-ID: <20190725032321.12721-14-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6b462ad1-ec55-4f92-f389-08d710af863a x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:346; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(4744005)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(14444005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: WQRyIlHQNorX9Wc2q9lN/DEq7NZgzuFSODFA3g7eHGkJ6U5zdViKoCZUJCE9jDJstbMjIJwdKxavWqUd3dznM9jP0W3j2P7a4NeuRIqdYXacGxeT9jsYIWhqQ8zKF0D3di/5mdKrZstSKK4HEHmh7Fh7APCiRZA7QmANk8MpG4vi5S7haouQDR9QSLpXwRtRBbW6NO3+O0dnYPKLaMr1O0NRtcR0FZ4lucMuJLE5aF3rLlGtS0/2FP6HjVxLMLTs9vqHLc8qisltMjssy45gM0qJZM3BTd+VxRogL+bMBfX/iOhR5k07YHj5mRtXx0YkhXS7pDMJiqiMPbLuY4TcKAjfkpUARPFo9LJfGAN/ZYoK5RzPV40ycRJF8KIUWUqxq92lxgmmgGAxjdqKTROeT04wD/WvYEvIG7HRBTIUTYw= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 6b462ad1-ec55-4f92-f389-08d710af863a X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:55.6054 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 2a01:111:f400:fe4d::70e Subject: [Qemu-devel] [RFC 13/19] fuzz: add ctrl vq support to virtio-net in libqos X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , "Oleinik, Alexander" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "pbonzini@redhat.com" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Alexander Oleinik --- tests/libqos/virtio-net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/libqos/virtio-net.c b/tests/libqos/virtio-net.c index 66405b646e..247a0a17a8 100644 --- a/tests/libqos/virtio-net.c +++ b/tests/libqos/virtio-net.c @@ -51,7 +51,7 @@ static void virtio_net_setup(QVirtioNet *interface) if (features & (1u << VIRTIO_NET_F_MQ)) { interface->n_queues = qvirtio_config_readw(vdev, 8) * 2; } else { - interface->n_queues = 2; + interface->n_queues = 3; } interface->queues = g_new(QVirtQueue *, interface->n_queues); From patchwork Thu Jul 25 03:23:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057935 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CAD06138D for ; Thu, 25 Jul 2019 03:27:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B757E28929 for ; Thu, 25 Jul 2019 03:27:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A689F28936; Thu, 25 Jul 2019 03:27:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4EEED28929 for ; Thu, 25 Jul 2019 03:27:03 +0000 (UTC) Received: from localhost ([::1]:55533 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUPF-0008Uh-39 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:27:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40268) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMJ-0004PZ-8E for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMI-0001rj-BL for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:59 -0400 Received: from mail-co1nam04on072e.outbound.protection.outlook.com ([2a01:111:f400:fe4d::72e]:55968 helo=NAM04-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMI-0001rP-5Q for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:58 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pa/Oiau3KUiCrCcR3dGKA0rBX47mYjxsKCxFBKE2aOU+KhX+e9GXw3IyDb/JQvlzmV0KDqamA6OlKtWsJOZ0A310o9oSShMwcS6p6qEfvqzNwBsfs4nuCSoSAw+b+APXmOfxLG5y3TXkImtX2kZcFbsFh8wf9KiaFaPtxKNGOgBEy757BKoI6iNs7W0QRy8RymxE/yzd3mL0h5vSHE2z70ybW3KArsuvu/YieWOPpkLLIjo4Lp+L6SM36TZrj/7KNCIpn6t48ZApD5ltGAQctv4noXQ53p2iuEgicOEZP2eJm3aqsbLYwmTONIgnS+dKP+do6B4a/ztvLM32lQEs0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pIYOjl3LbiEWLk7hFilndmx4r7yoQ+ASXVA6yOJ1QJ0=; b=ZYO4/P4aUOE1hm/SZNWRVq9WTAHmkkyavHRTpSiFvlDwDi7m8GgXsnUFreRYwD1eBnBkbCU8jjoMf5k99OyGLp6JiX/oXtNWuahqHDrjV00goVU9QN7l/qqJCYIJHOAn9/Iyrc90T8oS99zslDogTi6kwda55nYXI+JyBKBoP4Rf3GkBIiOlAT+xO2zQTal01pkTDmrWxh5X+QCglds8M0LY6KgE8DJvpwfEySN4HzD3aF4K6SXz8lwj5IMBDJYUXpkzzVyjJ9VWfMN8ABe1IHy/b9KBH4Jdfg+WL5bGjWzGqOZEeEP8812y/uamNm7yiXSq8U/p2be5Qok8Q6epSw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pIYOjl3LbiEWLk7hFilndmx4r7yoQ+ASXVA6yOJ1QJ0=; b=tw9/XZ3sqIrJyM5jlww57l0OIVvvJowLnBFhdE+F5K6DQj0bVFtkbJkxNiQLYoQmMZqukHjmR/UyftgjHhmKdYbtkTptsajYRTJmWvvVPjlqz6RPOQ7FcqeGyA6KzGGIYNTGDRPfhuboLgC1BK9EkAL/z3szkQEahjHk5owEqa0= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:56 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:56 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 14/19] fuzz: hard-code a main-loop timeout Thread-Index: AQHVQphk0S7/fKH5wUWyBBMtllhjZQ== Date: Thu, 25 Jul 2019 03:23:56 +0000 Message-ID: <20190725032321.12721-15-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 932a99d7-0cb5-4e7e-ff63-08d710af86c2 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:296; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(4744005)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: gCJOYT9o3fb1UlD2VyjpjEiYrGZyeH2dEPQgjVnFQtzRrY5wAoi8xJupmt/Aijmp5Qlro6mm6vFgSuMf3QcWExbN4nLu1Xif/Hre4GvPuee0fMEpon1pecN6XHvde0ZiD0Y/GFqZ+iAmQvw25uJo2v7bL3ESE8uZzgpAwCx5RfGqa6ibg1R7hn62wQJ5R4W+u1XTCkSbHrbF1Pfj3LxnNpZIAUUc+xOQ9iHRJJXOM65lQcWb+Xnw12/JbsfZY2Kx85QIOOpS0DVmjTGB2TsOsem9r7QMEy7QLbOWci5vKpTxZGh2DonwOXTUjAFvBhrq3iVa6E9kx8yYTxJROrdoa6wcAhGNtR7o1PGIfqsPt3OFWipM4pQfi+wZ1YEu5DYGOgumFad3h1xi4bgGaD2wRyYGexrq1UD+K1oXiGgQZMc= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 932a99d7-0cb5-4e7e-ff63-08d710af86c2 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:56.4631 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 2a01:111:f400:fe4d::72e Subject: [Qemu-devel] [RFC 14/19] fuzz: hard-code a main-loop timeout X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Alexander Oleinik --- util/main-loop.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/main-loop.c b/util/main-loop.c index e3eaa55866..708e6be5eb 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -513,6 +513,9 @@ void main_loop_wait(int nonblocking) timeout_ns = qemu_soonest_timeout(timeout_ns, timerlistgroup_deadline_ns( &main_loop_tlg)); +#ifdef CONFIG_FUZZ + timeout_ns = 50000; +#endif ret = os_host_main_loop_wait(timeout_ns); mlpoll.state = ret < 0 ? MAIN_LOOP_POLL_ERR : MAIN_LOOP_POLL_OK; From patchwork Thu Jul 25 03:23:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057931 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CB40413A4 for ; Thu, 25 Jul 2019 03:26:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B6D4828929 for ; Thu, 25 Jul 2019 03:26:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A6E0328936; Thu, 25 Jul 2019 03:26:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 49A7728929 for ; Thu, 25 Jul 2019 03:26:37 +0000 (UTC) Received: from localhost ([::1]:55516 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUOq-0006jP-4M for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:26:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40277) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMJ-0004Rm-Qb for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMI-0001rv-OH for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:59 -0400 Received: from mail-co1nam04on072e.outbound.protection.outlook.com ([2a01:111:f400:fe4d::72e]:55968 helo=NAM04-CO1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMI-0001rP-IP for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:23:58 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YhAaPyyRtUJe+bMi57NEOp8YqWTRoQ3OQqFy/orhhOqEtVSrwDke7RJ8599NUQpy4SZD84JeCaunwRwYq12Ualejsh7i0gNz/RyY+Tj6U0nMVVGeUGUG0dyb0IGEeIkVA9vZAB4vQ93UxpEXDS6un4y1E2XGwVN5JJCxcgrBKwyWj4S5V96gA6+g5iibdYlogawOoZEPdM7SME9e5Qini1/hKCUW6r//YJLk10/LNY4OR7ZOKy7Nenry+jpFBNa/DMIJn6XY8HU0b1KjMl6ClAYGu4eI1ZeBYhLGMoyT2P6GLcygcOAeksy+OsGsx94R4UZ/3frSW8/jzXIrAQg3GQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XwR+eJPjzThQ7yBp/BMa/jKg9v152biAblzTLHWG+Wo=; b=fgHvXYyrTWbsrksbfnxaeaqo3auZwaxoE/Suq06cyz0xjue+0lulZzwk5uBDoZ1iyaD2lAcfzeRI9sCkC/N/ZINSbtLv34Ag//ejxe43McPp3DyPPFHiWeJaU5MMYdt840H2PR2I9bBGVO22k5yA4q5QdSW+5FsUTvaKJqcLoIm5WrcxNewMpoKFqWjY02pJkBt19O7vpFT8UNMvUM+dNtDEYRVtlE4Y82M9suW3g5D62yTGf+WTyP+Dtb6Pj9hSDULsV2xEqAvx9WLHqdVb7ZTRDRRUxzJhjFWAMMTbsnIX2RrXgiFvDBLylL3QQxHrUZmI0VglK9zo2DZLdrfyYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XwR+eJPjzThQ7yBp/BMa/jKg9v152biAblzTLHWG+Wo=; b=5gZyvD3e9mfE0kDp7QFALnidsdLt6Jf9uNORu8Fi1+cMW0d1YSfa+9fxe0RIUW5N/7M6ucpMmjwRpvGO89aax/udprH3ksr3I9wxjKEUx2twn+UhUv49z5yA0JfwPLHN4pip7jbK1yI0MagSJrR5K+ssfi+Q/BL8gcCvFNVraWg= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2726.namprd03.prod.outlook.com (10.173.40.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:57 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:57 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 15/19] fuzz: add fuzz accelerator type Thread-Index: AQHVQphkEe3iKfVN1UGEQrxl+IyIQg== Date: Thu, 25 Jul 2019 03:23:57 +0000 Message-ID: <20190725032321.12721-16-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8b8480a6-a3b7-4be7-b449-08d710af874e x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2726; x-ms-traffictypediagnostic: CY4PR03MB2726: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:296; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(396003)(39860400002)(376002)(346002)(199004)(189003)(50226002)(3846002)(53936002)(6512007)(14454004)(66066001)(5660300002)(6116002)(25786009)(68736007)(316002)(99286004)(54906003)(1076003)(2351001)(2501003)(2616005)(75432002)(7736002)(76176011)(52116002)(305945005)(6436002)(71200400001)(6506007)(26005)(6916009)(478600001)(8936002)(5640700003)(786003)(86362001)(4326008)(256004)(88552002)(71190400001)(386003)(2906002)(476003)(66946007)(446003)(11346002)(8676002)(81156014)(81166006)(66476007)(66446008)(36756003)(6486002)(66556008)(64756008)(486006)(186003)(102836004)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2726; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: DxT3sm5JIcIbmLhkpkKUA22Q02Be6+2AYOfahtKhkxbwRyDoHVjKjzkZkcbWOOEMeFqMkJ3zoa1DQXuebdmGL1RBdxrmb4JWHdrSqjT/be+Ok9hk8opRvoP3xUOuiQ4YyN0NgImqZ9ad0i23O6kmgtRgrY2ENK2JNjF67Bkb+WdHqMyXxETEh3FSmF/C3CSsgxIb9PlaEWHcAUiWqcG6pXnMLDmuQl9uiPobRj5KmPaxDs4X/F0LARvyLL4Srv99gvT+aDi5a2QtdYgepBRuHy9kEDioWldXWL+JnG9RA2iy44q/8wSNTd7s9Rm5a69y49zF4NCSNQhq2sWl/vBe25NvipYlSBM9MCPDqmSFxuuLUz8sDgh6t4puMd60gUbont2bn6/zNuzMGGW6IfnDL3AFOtLHizg4j4ygi9kb+oU= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 8b8480a6-a3b7-4be7-b449-08d710af874e X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:57.3337 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2726 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 2a01:111:f400:fe4d::72e Subject: [Qemu-devel] [RFC 15/19] fuzz: add fuzz accelerator type X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Alexander Oleinik --- accel/fuzz.c | 47 +++++++++++++++++++++++++++++++++++++++++++ include/sysemu/fuzz.h | 15 ++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 accel/fuzz.c create mode 100644 include/sysemu/fuzz.h diff --git a/accel/fuzz.c b/accel/fuzz.c new file mode 100644 index 0000000000..1694cf46e8 --- /dev/null +++ b/accel/fuzz.c @@ -0,0 +1,47 @@ +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qemu/module.h" +#include "qemu/option.h" +#include "qemu/config-file.h" +#include "sysemu/accel.h" +#include "sysemu/fuzz.h" +#include "sysemu/cpus.h" + + +static void fuzz_setup_post(MachineState *ms, AccelState *accel) { +} + +static int fuzz_init_accel(MachineState *ms) +{ + QemuOpts *opts = qemu_opts_create(qemu_find_opts("icount"), NULL, 0, + &error_abort); + qemu_opt_set(opts, "shift", "0", &error_abort); + configure_icount(opts, &error_abort); + qemu_opts_del(opts); + return 0; +} + +static void fuzz_accel_class_init(ObjectClass *oc, void *data) +{ + AccelClass *ac = ACCEL_CLASS(oc); + ac->name = "fuzz"; + ac->init_machine = fuzz_init_accel; + ac->setup_post = fuzz_setup_post; + ac->allowed = &fuzz_allowed; +} + +#define TYPE_FUZZ_ACCEL ACCEL_CLASS_NAME("fuzz") + +static const TypeInfo fuzz_accel_type = { + .name = TYPE_FUZZ_ACCEL, + .parent = TYPE_ACCEL, + .class_init = fuzz_accel_class_init, +}; + +static void fuzz_type_init(void) +{ + type_register_static(&fuzz_accel_type); +} + +type_init(fuzz_type_init); + diff --git a/include/sysemu/fuzz.h b/include/sysemu/fuzz.h new file mode 100644 index 0000000000..09a2a9ffdf --- /dev/null +++ b/include/sysemu/fuzz.h @@ -0,0 +1,15 @@ +#ifndef FUZZ_H +#define FUZZ_H + +bool fuzz_allowed; + +static inline bool fuzz_enabled(void) +{ + return fuzz_allowed; +} + +bool fuzz_driver(void); + +void fuzz_init(const char *fuzz_chrdev, const char *fuzz_log, Error **errp); + +#endif From patchwork Thu Jul 25 03:23:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057941 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 12E1A138D for ; Thu, 25 Jul 2019 03:27:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0147A28929 for ; Thu, 25 Jul 2019 03:27:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E9B042893A; Thu, 25 Jul 2019 03:27:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 0F65F28929 for ; Thu, 25 Jul 2019 03:27:37 +0000 (UTC) Received: from localhost ([::1]:55546 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUPn-0002Q7-Cq for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:27:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40298) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMM-0004b3-77 for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMK-0001sf-GO for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:02 -0400 Received: from mail-eopbgr780120.outbound.protection.outlook.com ([40.107.78.120]:46306 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMK-0001sD-7k for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:00 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G4+0rgHDpuCMinRpXG3kpP/DP2tUafPRtkQPSuf/6NNXkXsRhHxvlIcKXMhwyKXMhzgseXHbzOnSfrfYj6olnkZHX+IdsBttSaeT+Cwr7C309Y7d19dBYSWUkVM11AG3jgLdNnMNtmcJGCbpwxav5ek1Kcbhnpz1woUYweEG4hoPDd5eHbE4IwPsn9nMYB9BFVm1ERsb/eAjfgS2ExOT3SD6kPm+iIPsm+yy0E0HXHQewTtiVamq8++/EovNmSglj+yfW09151YF/zr4rbcHh0/JB3Bz+UgslSOxAn2rn9bjVFwdMI9N2cGwkchgD4qYh9TtY70acgz/iIlnF/Mwfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uWMwWHTMUJcqMPtbEQj5oi72ooiECKQkr2WpCkDGuI4=; b=dFTMzQ8V8EUc0lPvj3h6nZhlUMZZIT6A4NPMi81jJJTb7ZGL+KnLWqlkCe5ExlRABSbqDq3iWGl7j6W6tyK8TCyAGq8cWvqO5I/FxBNbcGvuiXWEpG2maQb1Ciixp5WA76Y15moCvOBD3uJoYARkmDiAh11LuNNFVh/j80NZHplmO6kSy1i+DwScdw+MSbOmcHDq8OAw0hPGuHPfYYvs+Nls8Lncz8rpzhxysCbo0svm/A8WQHI08fFRjMwTGXjJo0XDrv2qJKQXyFvnwfbcGysYoE4VuN5l6lN6uRCIQeZSbUAmMNG9alwLWfqiOtcyB2gI+SYLyRwmlEkTgkdBqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uWMwWHTMUJcqMPtbEQj5oi72ooiECKQkr2WpCkDGuI4=; b=6ZVBcGzp2pm9SQ8ITzbAt3Y7ycsNXYh0o03z3NtD+P0oYXc75xu9ZS85QZjow/yUmv2p7tOkGvW9U+GyYQwU6ydwmnVv2IV5cxPyha7KOpAQFl5bVJOYWYsEZpU6Z0TXaIWvjlsC9LqL/wdL5VX67S3lwu3Cl3R+QS3fo0PE8ts= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2534.namprd03.prod.outlook.com (10.168.165.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:58 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:58 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 16/19] fuzz: add general fuzzer entrypoints Thread-Index: AQHVQphlQx62aD1/gEu8q68D053Ppw== Date: Thu, 25 Jul 2019 03:23:58 +0000 Message-ID: <20190725032321.12721-17-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 67f9b823-0fac-4102-d1d3-08d710af87ce x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2534; x-ms-traffictypediagnostic: CY4PR03MB2534: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:873; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(136003)(376002)(39860400002)(346002)(366004)(189003)(199004)(446003)(2501003)(186003)(86362001)(14444005)(2906002)(26005)(2616005)(3846002)(6512007)(6116002)(256004)(476003)(53936002)(4326008)(11346002)(76176011)(81156014)(102836004)(75432002)(6916009)(52116002)(88552002)(386003)(81166006)(6506007)(2351001)(14454004)(25786009)(478600001)(36756003)(8936002)(316002)(486006)(66476007)(54906003)(71190400001)(1076003)(66066001)(5640700003)(50226002)(99286004)(6486002)(305945005)(5660300002)(64756008)(7736002)(786003)(8676002)(66446008)(66556008)(66946007)(68736007)(6436002)(71200400001)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2534; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: LHXi8DCG54jUDZ4ZUAGIbOmtIprTE4zHRd+3FiQNNOFfMCmqbCC2eAnSYih9nWiOEpcWHDXzgSsteVJlXGE52c5pX6C3MWpyFm5bstifH/ZBCKVST9xr9qleyUo8M4B2ZSo9PX/OpLvSFJpZDu2AfRKJkwPMlA1Nq5xVwso3qDQ0LnmQekQe990kg+dIB8DWTBjHHQhJ/fdwwtS7BP1v1MVJAcxx8PmqSijwns/bmIuKI4i9exyQPcksg1vyTmrZtayM5B4Fmto4TOHBHMWEyLE5f1fEofTrLfFGt9vA5KSA/CyJ0cqhrH9dqo8++qOeN6UYJbIj3kUfDo1Z69Tk+d5kbHWNLwKoY5lp7vF8o9zxRYIX+YUZBmlNj/hP37n31JCJWjpgefS1+oA4gSE+aQmGwXsDAh/tMIGOgYxh/ms= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 67f9b823-0fac-4102-d1d3-08d710af87ce X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:58.1983 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2534 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.120 Subject: [Qemu-devel] [RFC 16/19] fuzz: add general fuzzer entrypoints X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Defines LLVMFuzzerInitialize and LLVMFuzzerTestOneInput Signed-off-by: Alexander Oleinik --- tests/fuzz/fuzz.c | 262 ++++++++++++++++++++++++++++++++++++++++++++++ tests/fuzz/fuzz.h | 96 +++++++++++++++++ 2 files changed, 358 insertions(+) create mode 100644 tests/fuzz/fuzz.c create mode 100644 tests/fuzz/fuzz.h diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c new file mode 100644 index 0000000000..0421b9402c --- /dev/null +++ b/tests/fuzz/fuzz.c @@ -0,0 +1,262 @@ +#include "tests/fuzz/ramfile.h" +#include "migration/qemu-file.h" +#include "migration/global_state.h" +#include "migration/savevm.h" +#include "tests/libqtest.h" +#include "exec/memory.h" +#include "migration/migration.h" +#include "fuzz.h" +#include "tests/libqos/qgraph.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +QTestState *s; + +QEMUFile *ramfile; +QEMUFile *writefile; +ram_disk *rd; +typedef QSLIST_HEAD(, FuzzTarget) FuzzTargetList; + +FuzzTargetList* fuzz_target_list; + +uint64_t total_mr_size = 0; +uint64_t mr_index = 0; + +const MemoryRegion* mrs[1000]; + + +// Save just the VMStateDescriptors +void save_device_state(void) +{ + writefile = qemu_fopen_ram(&rd); + global_state_store(); + qemu_save_device_state(writefile); + qemu_fflush(writefile); + ramfile = qemu_fopen_ro_ram(rd); +} + +// Save the entire vm state including RAM +void save_vm_state(void) +{ + writefile = qemu_fopen_ram(&rd); + vm_stop(RUN_STATE_SAVE_VM); + global_state_store(); + qemu_savevm_state(writefile, NULL); + qemu_fflush(writefile); + ramfile = qemu_fopen_ro_ram(rd); +} + +/* Reset state by rebooting */ +void reboot() +{ + qemu_system_reset(SHUTDOWN_CAUSE_NONE); +} + +/* Restore device state */ +void load_device_state() +{ + qemu_freopen_ro_ram(ramfile); + + int ret = qemu_load_device_state(ramfile); + if (ret < 0){ + printf("reset error\n"); + exit(-1); + } +} + +/* Restore full vm state */ +void load_vm_state() +{ + qemu_freopen_ro_ram(ramfile); + + vm_stop(RUN_STATE_RESTORE_VM); + /* qemu_system_reset(SHUTDOWN_CAUSE_NONE); */ + + int ret = qemu_loadvm_state(ramfile); + if (ret < 0){ + printf("reset error\n"); + exit(-1); + } + migration_incoming_state_destroy(); + vm_start(); +} + +void qtest_setup() +{ + s = qtest_init_fuzz(NULL, NULL); + global_qtest = s; +} + +void fuzz_add_target(const char* name, + const char* description, + void(*init_pre_main)(void), + void(*init_pre_save)(void), + void(*save_state)(void), + void(*reset)(void), + void(*pre_fuzz)(void), + void(*fuzz)(const unsigned char*, size_t), + void(*post_fuzz)(void), + int* main_argc, + char*** main_argv) +{ + + FuzzTarget *target; + FuzzTarget *tmp; + if(!fuzz_target_list) + fuzz_target_list = g_new0(FuzzTargetList, 1); + + QSLIST_FOREACH(tmp, fuzz_target_list, target_list) { + if (g_strcmp0(tmp->name->str, name) == 0) { + fprintf(stderr, "Error: Fuzz target name %s already in use\n", name); + abort(); + } + } + target = g_new0(FuzzTarget, 1); + target->name = g_string_new(name); + target->description = g_string_new(description); + target->init_pre_main = init_pre_main; + target->init_pre_save = init_pre_save; + target->save_state = save_state; + target->reset = reset; + target->pre_fuzz = pre_fuzz; + target->fuzz = fuzz; + target->post_fuzz = post_fuzz; + target->main_argc = main_argc; + target->main_argv = main_argv; + QSLIST_INSERT_HEAD(fuzz_target_list, target, target_list); +} + + +FuzzTarget* fuzz_get_target(char* name) +{ + FuzzTarget* tmp; + if(!fuzz_target_list){ + fprintf(stderr, "Fuzz target list not initialized"); + abort(); + } + + QSLIST_FOREACH(tmp, fuzz_target_list, target_list) { + if (g_strcmp0(tmp->name->str, name) == 0) { + break; + } + } + return tmp; +} + +FuzzTarget* fuzz_target; + + + +static void usage(void) +{ + printf("Usage: ./fuzz --FUZZ_TARGET [LIBFUZZER ARGUMENTS]\n"); + printf("where --FUZZ_TARGET is one of:\n"); + FuzzTarget* tmp; + if(!fuzz_target_list){ + fprintf(stderr, "Fuzz target list not initialized"); + abort(); + } + QSLIST_FOREACH(tmp, fuzz_target_list, target_list) { + QSLIST_FOREACH(tmp, fuzz_target_list, target_list) { + printf(" --%s : %s\n", tmp->name->str, tmp->description->str); + } + exit(0); + } +} + +// TODO: Replace this with QEMU's built-in linked list +static void enum_memory(void) +{ + mtree_info(true, true, true); + fuzz_memory_region *fmr = g_new0(fuzz_memory_region, 1); + + fmr->io = false; + fmr->start = 0x100000; + fmr->length = 0x10000; + fmr->next = fuzz_memory_region_head; + fuzz_memory_region_tail->next = fmr; + fuzz_memory_region_tail = fmr; + fmr = fuzz_memory_region_head; + + while(true){ + fmr = fmr->next; + if(fmr == fuzz_memory_region_head) + break; + } +} + +/* Executed for each fuzzing-input */ +int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) +{ + /* e.g. Device bootstrapping */ + if(fuzz_target->pre_fuzz) + fuzz_target->pre_fuzz(); + + if(fuzz_target->fuzz) + fuzz_target->fuzz(Data, Size); + + /* e.g. Copy counter bitmap to shm*/ + if(fuzz_target->post_fuzz) + fuzz_target->post_fuzz(); + + /* e.g. Reboot the machine or vmload */ + if(fuzz_target->reset) + fuzz_target->reset(); + + return 0; +} + +/* Executed once, prior to fuzzing */ +int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) +{ + + char *target_name; + + // Initialize qgraph and modules + qos_graph_init(); + module_call_init(MODULE_INIT_FUZZ_TARGET); + module_call_init(MODULE_INIT_QOM); + module_call_init(MODULE_INIT_LIBQOS); + + if(*argc <= 1) + usage(); + + + /* Identify the fuzz target */ + target_name = (*argv)[1]; + target_name+=2; + fuzz_target = fuzz_get_target(target_name); + + if(!fuzz_target) + { + fprintf(stderr, "Error: Fuzz fuzz_target name %s not found\n", target_name); + usage(); + } + + if(fuzz_target->init_pre_main) + fuzz_target->init_pre_main(); + + /* Run QEMU's regular vl.c:main */ + real_main(*(fuzz_target->main_argc), *(fuzz_target->main_argv), NULL); + + + /* Enumerate memory to identify mapped MMIO and I/O regions */ + enum_memory(); + + /* Good place to do any one-time device initialization (such as QOS init) */ + if(fuzz_target->init_pre_save) + fuzz_target->init_pre_save(); + + /* If configured, this is where we save vm or device state to ramdisk */ + if(fuzz_target->save_state) + fuzz_target->save_state(); + + return 0; +} diff --git a/tests/fuzz/fuzz.h b/tests/fuzz/fuzz.h new file mode 100644 index 0000000000..02f26752eb --- /dev/null +++ b/tests/fuzz/fuzz.h @@ -0,0 +1,96 @@ +#ifndef FUZZER_H_ +#define FUZZER_H_ + +#include "qemu/osdep.h" +#include "qemu/units.h" +#include "qapi/error.h" +#include "exec/memory.h" +#include "tests/libqtest.h" +#include "migration/qemu-file.h" +#include "ramfile.h" + +#include + + +extern QTestState *s; +extern QEMUFile *writefile; +extern QEMUFile *ramfile; +extern ram_disk *rd; + +typedef struct FuzzTarget { + GString* name; + GString* description; + void(*init_pre_main)(void); + void(*init_pre_save)(void); + void(*save_state)(void); + void(*reset)(void); + void(*pre_fuzz)(void); + void(*fuzz)(const unsigned char*, size_t); + void(*post_fuzz)(void); + int* main_argc; + char*** main_argv; + QSLIST_ENTRY(FuzzTarget) target_list; + +} FuzzTarget; + +extern void* _ZN6fuzzer3TPCE; +/* extern uint8_t __sancov_trace_pc_guard_8bit_counters; */ +/* extern uint8_t __sancov_trace_pc_pcs; */ +extern void* __prof_nms_sect_data; +extern void* __prof_vnodes_sect_data; + +#define TPC_SIZE 0x0443c00 +#define PROFILE_SIZE ( &__prof_vnodes_sect_data - &__prof_nms_sect_data) + +#define NUMPCS (1 << 21) +/* #define TPC_SIZE 0x33c00 */ + +extern uint8_t *TPCCopy; +extern uint8_t *ARGCopy; + +void save_device_state(void); +void save_vm_state(void); +void reboot(void); + +void load_device_state(void); +void load_vm_state(void); + + +void save_device_state(void); +void qtest_setup(void); +void fuzz_register_mr(const MemoryRegion *mr); + +FuzzTarget* fuzz_get_target(char* name); + +extern FuzzTarget* fuzz_target; + +typedef struct fuzz_memory_region { + bool io; + uint64_t start; + uint64_t length; + struct fuzz_memory_region* next; +} fuzz_memory_region; + +extern fuzz_memory_region *fuzz_memory_region_head; +extern fuzz_memory_region *fuzz_memory_region_tail; + +extern uint64_t total_io_mem; +extern uint64_t total_ram_mem; + +void fuzz_add_target(const char* name, + const char* description, + void(*init_pre_main)(void), + void(*init_pre_save)(void), + void(*save_state)(void), + void(*reset)(void), + void(*pre_fuzz)(void), + void(*fuzz)(const unsigned char*, size_t), + void(*post_fuzz)(void), + int* main_argc, + char*** main_argv); + +int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size); +int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp); + +#endif + From patchwork Thu Jul 25 03:23:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057943 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9D6A5138D for ; Thu, 25 Jul 2019 03:27:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8CB3528929 for ; Thu, 25 Jul 2019 03:27:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7E0C628936; Thu, 25 Jul 2019 03:27:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B568028929 for ; Thu, 25 Jul 2019 03:27:53 +0000 (UTC) Received: from localhost ([::1]:55556 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUQ5-0003Kp-43 for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:27:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40304) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMM-0004ce-Kf for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMK-0001sq-Us for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:02 -0400 Received: from mail-eopbgr780120.outbound.protection.outlook.com ([40.107.78.120]:46306 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMK-0001sD-OH for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:00 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TrlNaPta2e/pVxhRYma/rAprOsSnFw628nzU+u/SpRanNO/dQ66NnFJR0HYjrllZzB6LLXIbx1UhSloak13Z/8oWA8FYfKQ/fFHUUyFUGiRM6GciFlE9ltgkPoQg15wtqNotkDVQiC5E8twiMYFzYkNzm/jAUGRTmAOTCxsHiCyImjpC1mFji89PyH9+YzmE4eEUR6auuvXo+5Ukgvm/NjfXibpsw6SxO2K2eHcPU9fNAYOqM1eoyNo93w0jIvU07MRXIx+8Qi7O2sx4rY1ichsnDkcVCDQZqcn3HdSk21U2Kwk1iivAsrADzQnIive6wLEfxXLCKXk2dr1ibTdkAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LkjTjOQ1C2EXgxcpilxRiWmQuSFU0QmsyL59hvTlZ5Y=; b=m6GXM0EsrKhptsBhkeKEvLua6YPaskxn8NnXKGlFqmFBSz6G/6qx5yAvgysPUH8fRLziDpFiUDIg/q37pkY5mZDRB2OYPdfeUOPE0mA2R0O6zSa7n7WgEkbWO30XkcKdrZIU83qbSCKe5bz7CftQGFUdTriFkU4d4ZjjKzGIhlZkkPWzTYZJP+0bZKTN5wU7a/SzLQa2QW9QR6rMhAeCdX2uPkAshP5Er05pLRZ0fVoUkw8a/6Y/WlU4soF+BUaCGd70Mwjb1wA1H7oAlLUTBunNJSDVv/0c8/Pki0gceR1XRr8DYtly4SuA4qP4DBGQpfvHiBwqB8lKVfIjuA3WHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LkjTjOQ1C2EXgxcpilxRiWmQuSFU0QmsyL59hvTlZ5Y=; b=Z7D7x8qqaD1rW1RKUmpMS9jxUI5vv03wDlFWlOhd1asdXa08EsMeKzgvaYpT79JLrF4yw8G8X+N5oDT8yl9y5j1gyK6R25vqnhnlOO2/pXz1oc0RhRpQg6S6YnkuG2gOrLnn3x355rrB3Le8BWURaU/pAWY7MZmpKg3eWTyimjE= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2534.namprd03.prod.outlook.com (10.168.165.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:23:59 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:23:59 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 17/19] fuzz: add general qtest fuzz target Thread-Index: AQHVQphlxaHCiH7M/0W0Igu3pl7HQA== Date: Thu, 25 Jul 2019 03:23:59 +0000 Message-ID: <20190725032321.12721-18-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 39a2d05d-9142-43b3-eefe-08d710af8857 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2534; x-ms-traffictypediagnostic: CY4PR03MB2534: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:294; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(136003)(376002)(39860400002)(346002)(366004)(189003)(199004)(446003)(2501003)(186003)(86362001)(2906002)(26005)(2616005)(3846002)(6512007)(6116002)(256004)(476003)(53936002)(4326008)(11346002)(76176011)(81156014)(102836004)(75432002)(6916009)(52116002)(88552002)(386003)(81166006)(6506007)(2351001)(14454004)(25786009)(478600001)(36756003)(8936002)(316002)(486006)(66476007)(54906003)(71190400001)(1076003)(66066001)(5640700003)(50226002)(99286004)(6486002)(305945005)(5660300002)(64756008)(7736002)(786003)(8676002)(66446008)(66556008)(66946007)(68736007)(6436002)(71200400001)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2534; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: cGz8UjWYVj2gReCKrhIm8IezESC5sq5pKqSjo2SPU0IF0NCOmw2jO6MnxtyBwtPLjtzDaFG2VuOmEo+b3Ceet8+ZwOLUHBpcb2ibq4UZKQ3TrBpwwzs8AXgzMOBAgayBER952i/pp5D39quYXHA5bw3w+D3uPjHqzUyMr9xU3H5zH7ImFoRhmBfkgTnCmPLbrXQZKCEvKNSmLmD5J04pdFbSGXAKNhW0nkSd573tVYqOmWGrj+r6O185Rvp7cdNxIAoCUDZNUmXYw+OFiUvVdgDhpi93Ae/Piwn9OUQ++aNem6xaXdx0JfjgQER7/oQDTJ22mbSoHhyulW2sh+iTenUO/8w7ne7HDGEHucksBuWrJqIqhLclS58RrXaGs+GtApqtZm/nuaXqY/DC0v9ixxqrJr5NoVb/OrmfcEOR+vw= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 39a2d05d-9142-43b3-eefe-08d710af8857 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:23:59.0539 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2534 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.120 Subject: [Qemu-devel] [RFC 17/19] fuzz: add general qtest fuzz target X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP These fuzz targets perform a range of qtest operations over mmio and port i/o addresses mapped to devices. Signed-off-by: Alexander Oleinik --- tests/fuzz/qtest_fuzz.c | 261 ++++++++++++++++++++++++++++++++++++++++ tests/fuzz/qtest_fuzz.h | 38 ++++++ 2 files changed, 299 insertions(+) create mode 100644 tests/fuzz/qtest_fuzz.c create mode 100644 tests/fuzz/qtest_fuzz.h diff --git a/tests/fuzz/qtest_fuzz.c b/tests/fuzz/qtest_fuzz.c new file mode 100644 index 0000000000..6d6670838d --- /dev/null +++ b/tests/fuzz/qtest_fuzz.c @@ -0,0 +1,261 @@ +#include "qemu/osdep.h" +#include "qemu/units.h" +#include "qapi/error.h" +#include "qemu-common.h" +#include "exec/memory.h" +#include "exec/address-spaces.h" +#include "sysemu/sysemu.h" +#include "qemu/main-loop.h" +#include +#include "qemu-common.h" +#include "fuzzer_hooks.h" + + +#include "fuzz.h" +#include "qtest_fuzz.h" +#include "tests/libqtest.h" +#include "fuzz/qos_fuzz.h" + + +/* Make sure that the io_port is mapped to some device */ +static uint16_t normalize_io_port(uint64_t addr) { + addr = addr%total_io_mem; + fuzz_memory_region *fmr = fuzz_memory_region_head; + while(addr!=0) { + if(!fmr->io){ + fmr = fmr->next; + continue; + } + if(addr <= fmr->length) + { + addr= fmr->start + addr; + break; + } + addr -= fmr->length +1; + fmr = fmr->next; + } + /* Stuff that times out or hotplugs.. */ + if(addr>=0x5655 && addr<=0x565b) + return 0; + if(addr>=0x510 && addr<=0x518) + return 0; + if(addr>=0xae00 && addr<=0xae13) // PCI Hotplug + return 0; + if(addr>=0xaf00 && addr<=0xaf1f) // CPU Hotplug + return 0; + return addr; +} + +/* Make sure that the memory address is mapped to some interesting device */ +static uint16_t normalize_mem_addr(uint64_t addr) { + addr = addr%total_ram_mem; + fuzz_memory_region *fmr = fuzz_memory_region_head; + while(addr!=0) { + if(fmr->io){ + fmr = fmr->next; + continue; + } + if(addr <= fmr->length) + { + return fmr->start + addr; + } + addr -= fmr->length +1; + fmr = fmr->next; + } + return addr; +} + +static void qtest_fuzz(const unsigned char *Data, size_t Size){ + const unsigned char *pos = Data; + const unsigned char *End = Data + Size; + + qtest_cmd *cmd; + + while(pos < Data+Size) + { + /* Translate the fuzz input to a qtest command */ + cmd = &commands[(*pos)%(sizeof(commands)/sizeof(qtest_cmd))]; + pos++; + + if(strcmp(cmd->name, "clock_step") == 0){ + // TODO: This times out + /* qtest_clock_step_next(s); */ + } + else if(strcmp(cmd->name, "outb") == 0) { + if(pos + sizeof(uint16_t) + sizeof(uint8_t) < End) { + uint16_t addr = *(int16_t*)(pos); + pos += sizeof(uint16_t); + uint8_t val = *(uint16_t*)(pos); + pos += sizeof(uint8_t); + addr = normalize_io_port(addr); + qtest_outb(s, addr, val); + } + } + else if(strcmp(cmd->name, "outw") == 0) { + if(pos + sizeof(uint16_t) + sizeof(uint16_t) < End) { + uint16_t addr = *(int16_t*)(pos); + pos += sizeof(uint16_t); + uint16_t val = *(uint16_t*)(pos); + pos += sizeof(uint16_t); + addr = normalize_io_port(addr); + qtest_outw(s, addr, val); + } + } + else if(strcmp(cmd->name, "outl") == 0) { + if(pos + sizeof(uint16_t) + sizeof(uint32_t) < End) { + uint16_t addr = *(int16_t*)(pos); + pos += sizeof(uint16_t); + uint32_t val = *(uint32_t*)(pos); + pos += sizeof(uint32_t); + addr = normalize_io_port(addr); + qtest_outl(s, addr, val); + } + } + else if(strcmp(cmd->name, "inb") == 0) { + if(pos + sizeof(uint16_t) < End) { + uint16_t addr = *(int16_t*)(pos); + pos += sizeof(uint16_t); + addr = normalize_io_port(addr); + qtest_inb(s, addr); + } + } + else if(strcmp(cmd->name, "inw") == 0) { + if(pos + sizeof(uint16_t) < End) { + uint16_t addr = *(int16_t*)(pos); + pos += sizeof(uint16_t); + addr = normalize_io_port(addr); + qtest_inw(s, addr); + } + } + else if(strcmp(cmd->name, "inl") == 0) { + if(pos + sizeof(uint16_t) < End) { + uint16_t addr = *(int16_t*)(pos); + pos += sizeof(uint16_t); + addr = normalize_io_port(addr); + qtest_inl(s, addr); + } + } + else if(strcmp(cmd->name, "writeb") == 0) { + if(pos + sizeof(uint32_t) + sizeof(uint8_t) < End) { + uint32_t addr = *(int32_t*)(pos); + pos += sizeof(uint32_t); + uint8_t val = *(uint8_t*)(pos); + pos += sizeof(uint8_t); + addr = normalize_mem_addr(addr); + qtest_writeb(s, addr, val); + } + } + else if(strcmp(cmd->name, "writew") == 0) { + if(pos + sizeof(uint32_t) + sizeof(uint16_t) < End) { + uint32_t addr = *(int32_t*)(pos); + pos += sizeof(uint32_t); + uint16_t val = *(uint16_t*)(pos); + pos += sizeof(uint16_t); + addr = normalize_mem_addr(addr); + qtest_writew(s, addr, val); + } + } + else if(strcmp(cmd->name, "writel") == 0) { + if(pos + sizeof(uint32_t) + sizeof(uint32_t) < End) { + uint32_t addr = *(int32_t*)(pos); + pos += sizeof(uint32_t); + uint32_t val = *(uint32_t*)(pos); + pos += sizeof(uint32_t); + addr = normalize_mem_addr(addr); + qtest_writel(s, addr, val); + } + } + else if(strcmp(cmd->name, "readb") == 0) { + if(pos + sizeof(uint32_t) < End) { + uint32_t addr = *(int32_t*)(pos); + pos += sizeof(uint32_t); + addr = normalize_mem_addr(addr); + qtest_readb(s, addr); + } + } + else if(strcmp(cmd->name, "readw") == 0) { + if(pos + sizeof(uint32_t) < End) { + uint32_t addr = *(int32_t*)(pos); + pos += sizeof(uint32_t); + addr = normalize_mem_addr(addr); + qtest_readw(s, addr); } } + else if(strcmp(cmd->name, "readl") == 0) { + if(pos + sizeof(uint32_t) < End) { + uint32_t addr = *(int32_t*)(pos); + pos += sizeof(uint32_t); + addr = normalize_mem_addr(addr); + qtest_readl(s, addr); + } + } + else if(strcmp(cmd->name, "write_dma") == 0) { + if(pos + sizeof(uint32_t) + sizeof(uint16_t) < End) { + uint32_t addr = *(int32_t*)(pos); + pos += sizeof(uint32_t); + uint32_t val = 0x100000; + addr = normalize_mem_addr(addr); + qtest_writel(s, addr, val); + } + } + else if(strcmp(cmd->name, "out_dma") == 0) { + if(pos + sizeof(uint16_t) + sizeof(uint16_t) < End) { + uint16_t addr = *(int16_t*)(pos); + pos += sizeof(uint16_t); + uint32_t val = 0x100000; + addr = normalize_io_port(addr); + qtest_outl(s, addr, val); + } + } + main_loop_wait(false); + } +} + +static void *net_test_setup_nosocket(GString *cmd_line, void *arg) +{ + g_string_append(cmd_line, " -netdev hubport,hubid=0,id=hs0 "); + return arg; +} + +static void fuzz_fork(const unsigned char *Data, size_t Size) +{ + if (fork() == 0) { + qtest_fuzz(Data, Size); + counter_shm_store(); + _Exit(0); + } + else { + wait(NULL); + counter_shm_load(); + } +} + +static void init_fork(void) { + qos_init_path(); +} +static void fork_pre_main(void) { + qos_setup(); + counter_shm_init(); +} + +int qtest_argc; +char **qtest_argv; +static void register_qtest_fuzz_targets(void) +{ + QOSGraphTestOptions opts = { + .before = net_test_setup_nosocket, + }; + fuzz_add_qos_target("qtest-fuzz", "fuzz qtest commands and a dma buffer. Reset device state for each run", + "e1000e", &opts, &qos_setup, &qos_init_path, &save_vm_state, &load_vm_state, + NULL, &qtest_fuzz, NULL); + fuzz_add_qos_target("qtest-fork-fuzz", "fuzz qtest commands and a dma buffer. Use COW/forking to reset state", + "e1000e", &opts, &fork_pre_main, NULL, &init_fork, NULL, + NULL, &fuzz_fork, NULL); + + GString *cmd_line = g_string_new("qemu-system-i386 -display none -machine accel=fuzz -m 3"); + wordexp_t result; + wordexp (cmd_line->str, &result, 0); + qtest_argc = result.we_wordc; + qtest_argv = result.we_wordv; + g_string_free(cmd_line, true); +} + +fuzz_target_init(register_qtest_fuzz_targets); diff --git a/tests/fuzz/qtest_fuzz.h b/tests/fuzz/qtest_fuzz.h new file mode 100644 index 0000000000..bf472954e7 --- /dev/null +++ b/tests/fuzz/qtest_fuzz.h @@ -0,0 +1,38 @@ +#ifndef _QTEST_FUZZ_H_ +#define _QTEST_FUZZ_H_ + +typedef struct qtest_cmd { + char name[32]; + uint8_t size; +} qtest_cmd; + +typedef uint32_t addr_type; + +static qtest_cmd commands[] = +{ + {"clock_step", 0}, + {"clock_step", 0}, + {"clock_set", 1}, + {"outb", 2}, + {"outw", 2}, + {"outl", 2}, + {"inb", 1}, + {"inw", 1}, + {"inl", 1}, + {"writeb", 2}, + {"writew", 2}, + {"writel", 2}, + {"writeq", 2}, + {"readb", 1}, + {"readw", 1}, + {"readl", 1}, + {"readq", 1}, + {"read", 2}, + {"write", 3}, + {"b64read", 2}, + {"b64write", 10}, + {"memset", 3}, + {"write_dma", 2}, + {"out_dma", 2}, +}; +#endif From patchwork Thu Jul 25 03:24:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11057939 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1287D13A4 for ; Thu, 25 Jul 2019 03:27:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 013A328929 for ; Thu, 25 Jul 2019 03:27:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E9B2F28936; Thu, 25 Jul 2019 03:27:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4A00B28931 for ; Thu, 25 Jul 2019 03:27:18 +0000 (UTC) Received: from localhost ([::1]:55536 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUPV-00015f-5M for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:27:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40308) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMM-0004eW-U5 for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUML-0001t0-F5 for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:02 -0400 Received: from mail-eopbgr780120.outbound.protection.outlook.com ([40.107.78.120]:46306 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUML-0001sD-6I for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:01 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B9m/1Xi6taRAkWJApnqMB9Kzsonl2bQB9c0OxrBT5bMCkXZQxRo+hZ9Lv25Ad22MXBzQ3zDL2+C9O76VAmVLnXZkfaJn+TRjNII828e2khn0GqfCKeP+exv7UpFc7b+JipydR35sZSZpU9DtrvQ86z1xOPb/U5kSyh/GB+jfJ2BoZU0c31wOsmDTw+PFXLV9JFeEkobHYANJD90c0MOuS+HFmTtYpXiEE/UcFdb8z4kcqfkm9hGl4QbCFhp4131LnaRUE4MTyh7pimGbbW35IGEEiPtfqj3x+3KzoflkA5KnNzUZp8HzK2449VaLf5zoGkBZI+BZETIkVl0ab9QKMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+SWXcHWVfKdcmb4IWwTCBQT4CkyklLLX4omf0ABGBD8=; b=MMmlhkZUnokhhca5vP+kWa8Dprpah0YNwAtVHGoMkIbCE1WDuP1+4ljkYzK/BfKiO4o0GzVn1z/zdg7Z3K5TyOCdG3s7eZlGhCaN9MmbSKIuQX9a2hXt0r8SKdF8VfhkKRf07F9tv1/rbQHpoj+M+EDfyPKAqxKpMx9Y73lhbfQOmmHATfuC0T09M57215jGwSp8Xb0IWY5Mvxgo9izcwwMasf6nIwYeAUdPVw1mk972XuNHNUQFMMBcWem7PsHZ246DGuGZv1d72kruSmYzBoqCLQtkfllyFhbe4+AgELaiWw+9Qx5qZOcbeUnSKkTWi4Gpv6s/U456I2Fg9teTFA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+SWXcHWVfKdcmb4IWwTCBQT4CkyklLLX4omf0ABGBD8=; b=LNmxO85owpfpCHRMsWpCZS7CnSjC9VFQ5Pq4cCe4WpkjQPGQU72RGM8oT3+bJqpOox4r+51WSJDNQSr77RZVWFxYsQThMJRR04GJce9YZfnshg6zJBmVF1f1ZPbc9dW74pD/X0y6ncXM1O0CmvF2UOG0fMVmsByWYSBUraoWy00= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2534.namprd03.prod.outlook.com (10.168.165.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:24:00 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:24:00 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 18/19] fuzz: Add virtio-net tx and ctrl fuzz targets Thread-Index: AQHVQphm7/AFCMvx8kuoRvQC6K9ySA== Date: Thu, 25 Jul 2019 03:24:00 +0000 Message-ID: <20190725032321.12721-19-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3225a18c-4acd-4bee-f14b-08d710af88f5 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2534; x-ms-traffictypediagnostic: CY4PR03MB2534: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:56; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(136003)(376002)(39860400002)(346002)(366004)(189003)(199004)(446003)(2501003)(186003)(86362001)(2906002)(26005)(2616005)(3846002)(6512007)(6116002)(256004)(476003)(53936002)(4326008)(11346002)(76176011)(81156014)(102836004)(75432002)(6916009)(52116002)(88552002)(386003)(81166006)(6506007)(2351001)(14454004)(25786009)(478600001)(36756003)(8936002)(316002)(486006)(66476007)(54906003)(71190400001)(1076003)(66066001)(5640700003)(50226002)(99286004)(6486002)(305945005)(5660300002)(64756008)(7736002)(786003)(8676002)(66446008)(66556008)(66946007)(68736007)(6436002)(71200400001)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2534; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 7qtWVgvCJ7+s8l6GFClrQzBH1tLr4GUeElR54AJDX4Ybizk6A4LpuTtGJ/wCDuKoCYggXA6DeBnEGeggRShl/RxLjSD2hIbNCjR7uge/2C6rG4vK9SZRF4VraOdxWqWuvBU21XkR9UE0jqzMpwSBFKreU//Qx5j16IAAgr73h6xJJUSSNlXrwhYZiENRgkNDyC3AjM/G2cRdf+Gx6Zx8k+fFLAyYVmdQmu0DyTeVlUMDOn2x5RD6VX8TMNRmEkTkNZfDBGjcRig+zm1iAy3qeUnmbhPPno7HALOs9VUwiUvoGpA8pwSO6tpKMXPJqKb40fsQ70H8gSDp7KS8Vh+dGZje/zlnw2V94pxSBUrYD/gyK4f6KQ8jmegKocwofI/0Wasiga+0xv1HI4ed7DKCm9oQpFMLEJw0wo4uAVYTpNo= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 3225a18c-4acd-4bee-f14b-08d710af88f5 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:24:00.1074 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2534 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.120 Subject: [Qemu-devel] [RFC 18/19] fuzz: Add virtio-net tx and ctrl fuzz targets X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP These virtio-net fuzz targets use libqos abstractions to virtio-net virtqueues. Signed-off-by: Alexander Oleinik --- tests/fuzz/virtio-net-fuzz.c | 226 +++++++++++++++++++++++++++++++++++ 1 file changed, 226 insertions(+) create mode 100644 tests/fuzz/virtio-net-fuzz.c diff --git a/tests/fuzz/virtio-net-fuzz.c b/tests/fuzz/virtio-net-fuzz.c new file mode 100644 index 0000000000..4b6c788498 --- /dev/null +++ b/tests/fuzz/virtio-net-fuzz.c @@ -0,0 +1,226 @@ +#include "qemu/osdep.h" +#include "qemu/units.h" +#include "qapi/error.h" +#include "qemu-common.h" +#include "exec/memory.h" +#include "sysemu/sysemu.h" +#include "qemu/main-loop.h" + +#include "hw/virtio/virtio-net.h" +#include "hw/virtio/virtio.h" +#include "tests/libqos/virtio-net.h" +#include "fuzzer_hooks.h" + +#include "fuzz.h" +#include "qos_fuzz.h" + +typedef struct vq_action { + uint8_t queue; + uint8_t length; + uint8_t write; + uint8_t next; + bool kick; +} vq_action; + +static void virtio_net_ctrl_fuzz(const unsigned char *Data, size_t Size) +{ + uint64_t req_addr[10]; + int reqi =0; + uint32_t free_head; + + QGuestAllocator *t_alloc = qos_alloc; + + QVirtioNet *net_if = qos_obj; + QVirtioDevice *dev = net_if->vdev; + QVirtQueue *q; + vq_action vqa; + int iters=0; + while(true) { + if(Size < sizeof(vqa)) { + break; + } + vqa = *((vq_action*)Data); + Data += sizeof(vqa); + Size -= sizeof(vqa); + + q = net_if->queues[2]; + + vqa.length = vqa.length >= Size ? Size : vqa.length; + + req_addr[reqi] = guest_alloc(t_alloc, vqa.length); + memwrite(req_addr[reqi], Data, vqa.length); + if(iters == 0) + free_head = qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; + else + qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; + iters++; + reqi++; + if(iters==10) + break; + Data += vqa.length; + Size -= vqa.length; + } + if(iters){ + qvirtqueue_kick(dev, q, free_head); + qtest_clock_step_next(s); + main_loop_wait(false); + for(int i =0; ivdev; + QVirtQueue *q; + vq_action vqa; + int iters=0; + while(Size >= sizeof(vqa)) { + vqa = *((vq_action*)Data); + Data += sizeof(vqa); + Size -= sizeof(vqa); + if(vqa.kick && free_head) + { + qvirtqueue_kick(dev, q, free_head); + qtest_clock_step_next(s); + main_loop_wait(false); + for(int i =0; iqueues[2]; + + vqa.length = vqa.length >= Size ? Size : vqa.length; + + req_addr[reqi] = guest_alloc(t_alloc, vqa.length); + memwrite(req_addr[reqi], Data, vqa.length); + if(iters == 0) + free_head = qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; + else + qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; + iters++; + reqi++; + if(iters==10) + break; + Data += vqa.length; + Size -= vqa.length; + } + } + qtest_clear_rxbuf(s); + qos_object_queue_destroy(qos_obj); +} + +int *sv; +static void virtio_net_tx_fuzz(const unsigned char *Data, size_t Size) +{ + uint64_t req_addr[10]; + int reqi =0; + uint32_t free_head; + + QGuestAllocator *t_alloc = qos_alloc; + + QVirtioNet *net_if = qos_obj; + QVirtioDevice *dev = net_if->vdev; + QVirtQueue *q; + vq_action vqa; + int iters=0; + while(true) { + if(Size < sizeof(vqa)) { + break; + } + vqa = *((vq_action*)Data); + Data += sizeof(vqa); + Size -= sizeof(vqa); + + q = net_if->queues[1]; + + vqa.length = vqa.length >= Size ? Size : vqa.length; + + req_addr[reqi] = guest_alloc(t_alloc, vqa.length); + memwrite(req_addr[reqi], Data, vqa.length); + if(iters == 0) + free_head = qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; + else + qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; + iters++; + reqi++; + if(iters==10) + break; + Data += vqa.length; + Size -= vqa.length; + } + if(iters){ + qvirtqueue_kick(dev, q, free_head); + qtest_clock_step_next(s); + main_loop_wait(false); + for(int i =0; i X-Patchwork-Id: 11057945 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9F560138D for ; Thu, 25 Jul 2019 03:28:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8F50228931 for ; Thu, 25 Jul 2019 03:28:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 836692893A; Thu, 25 Jul 2019 03:28:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HK_RANDOM_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id BEA9028931 for ; Thu, 25 Jul 2019 03:28:10 +0000 (UTC) Received: from localhost ([::1]:55562 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUQM-0004B5-5O for patchwork-qemu-devel@patchwork.kernel.org; Wed, 24 Jul 2019 23:28:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40343) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqUMO-0004lj-Mt for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqUMN-0001tl-0F for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:04 -0400 Received: from mail-eopbgr780098.outbound.protection.outlook.com ([40.107.78.98]:31872 helo=NAM03-BY2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqUMM-0001tF-NL for qemu-devel@nongnu.org; Wed, 24 Jul 2019 23:24:02 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hAlgI4K5eejMxtRY04v3BXl1OVw+bicptuTHFv/m8SgOBRvTl8/JUB4uhMKH0OyqqOfSlo7DaMn47U8VYXBMJ20LL3EJEQ9ySuGR91qt53VqGN8uLNemvXss1oXWrB1/coblXdM0dkzWDj33I6eY+CtYSkMsvhmCyLnASjcY2F0Y1BDNQPPtJxO49hPcJLqgmyBjj20I1kTrPx/x4/S/eCXE5O0p+yIPtGQZsV6q7/PyIxWkbKFH1Mp6fEYSsB9uJl12lfrQtpyGStrzZ++Nyna1I7Ah7D2yr/kXm1NUjXYeDwEosso9wFG99v3kLw+xCme477leLmqppQ0sjUpVTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FdhwTAejz65AruqHk5MKVedvgmVs4JiMcSYl5KaHrpw=; b=eVT8VVZMp8EacTQkI8JF/lGAS37QCVqhrtw5jAxtQeoBEtdDp/bXLjpN4P2TjYGE+5WC9W8K0U3e69gwvaIFe7VQLn8u5NX30bLFMiCXjOoAAkmf8X35CV7zcro88XST2wB737XrMOuDAAyiVEN5W/eVLhWgOwOdiwZkakCDsl5EW5LASvUmasGLRiNHxmzhtgLEERyNmjuOHOKrcrNYM9WG3VPR3lcCGsbMSXzy5/aM8bx+Fa8VbjPJLlFZdgParSUuWGC2C9YF2I/LoSM4P71n0dZkG9kfKiYZ3xKRnplJb8sjGPYHzkKRmyo/E5g0QRivHRbyxKcHU5GFHJyi5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bu.edu;dmarc=pass action=none header.from=bu.edu;dkim=pass header.d=bu.edu;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FdhwTAejz65AruqHk5MKVedvgmVs4JiMcSYl5KaHrpw=; b=bcFsCVo4Q/fZqeFj+/d4lzOyUXCSivzEDZ2WcyUVUgAghbggJH95EkIMbSHdh2QlGcgt6QMzrWLX06z+svf7z/GNjKDwZ+9iQmw+bNx+B8YYNyechzLs3Y6spoUrJ6hR0NiRgO/0GuB9qz8/2GWQ5QfACmdJqtBHQaTnA2ghMD8= Received: from CY4PR03MB2872.namprd03.prod.outlook.com (10.175.118.17) by CY4PR03MB2534.namprd03.prod.outlook.com (10.168.165.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Thu, 25 Jul 2019 03:24:01 +0000 Received: from CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5]) by CY4PR03MB2872.namprd03.prod.outlook.com ([fe80::25e1:d1e3:2ad8:e6b5%5]) with mapi id 15.20.2094.013; Thu, 25 Jul 2019 03:24:01 +0000 From: "Oleinik, Alexander" To: "qemu-devel@nongnu.org" Thread-Topic: [RFC 19/19] fuzz: Add documentation about the fuzzer to docs/ Thread-Index: AQHVQphndssS1QYbsUiIR1Bu+bdplA== Date: Thu, 25 Jul 2019 03:24:00 +0000 Message-ID: <20190725032321.12721-20-alxndr@bu.edu> References: <20190725032321.12721-1-alxndr@bu.edu> In-Reply-To: <20190725032321.12721-1-alxndr@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.20.1 x-originating-ip: [128.197.127.33] x-clientproxiedby: BL0PR02CA0039.namprd02.prod.outlook.com (2603:10b6:207:3d::16) To CY4PR03MB2872.namprd03.prod.outlook.com (2603:10b6:903:134::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=alxndr@bu.edu; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 600a7588-6c7f-416f-dae1-08d710af8972 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR03MB2534; x-ms-traffictypediagnostic: CY4PR03MB2534: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(136003)(376002)(39860400002)(346002)(366004)(189003)(199004)(446003)(2501003)(186003)(86362001)(14444005)(2906002)(26005)(2616005)(3846002)(6512007)(6116002)(256004)(476003)(53936002)(4326008)(11346002)(76176011)(45080400002)(81156014)(102836004)(75432002)(6916009)(52116002)(88552002)(386003)(81166006)(6506007)(2351001)(14454004)(25786009)(478600001)(36756003)(8936002)(316002)(486006)(66476007)(54906003)(71190400001)(1076003)(66066001)(5640700003)(50226002)(99286004)(6486002)(305945005)(5660300002)(64756008)(7736002)(786003)(8676002)(66446008)(66556008)(66946007)(68736007)(6436002)(71200400001)(42522002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR03MB2534; H:CY4PR03MB2872.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 4/HFt+ghzHZIMPRNKUDC+bWEfmGa7UexNYRV83VDKt36z3XP8RQzc1XzH00NSgeqRS/RNTbatI4o5VAI51cye2CiriFFFUKKQzhgJXKYebtslWJIDcfQwASsmnq2OtvPhX1YspfO35as/ylJZkUk8M2yK7rVfbgYTwwoGf38o3bKlTOs6rFtgxLCUQPBoVRWomJ59+sMVSv8WXshtiFi6s7XKrI/z2Hc9cZXUS5fawNXVN8Kpd87pGkQRfZCy/Gvq7utOhN4Ao+cktdTrLp+U2ssMaAEAMn/I7MdTIXLViXJaUs6LVe75WBoMxfKc+eKOqmJB23+zg1amsZKl00davRAQppdqEoTKPinFeZWaM8S55IPUOrm6fgHCGmW8bKkNvA5mrKUxfAYfMmtbZ6gqpFV3O5iQucGw63w4Fa1Lgg= MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 600a7588-6c7f-416f-dae1-08d710af8972 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 03:24:00.9550 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: alxndr@bu.edu X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2534 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.78.98 Subject: [Qemu-devel] [RFC 19/19] fuzz: Add documentation about the fuzzer to docs/ X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "pbonzini@redhat.com" , "bsd@redhat.com" , "superirishdonkey@gmail.com" , "stefanha@redhat.com" , "Oleinik, Alexander" Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Alexander Oleinik --- docs/devel/fuzzing.txt | 145 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 docs/devel/fuzzing.txt diff --git a/docs/devel/fuzzing.txt b/docs/devel/fuzzing.txt new file mode 100644 index 0000000000..321e005e8c --- /dev/null +++ b/docs/devel/fuzzing.txt @@ -0,0 +1,145 @@ += Fuzzing = + +== Introduction == + +This document describes the fuzzing infrastructure in QEMU and how to use it +to add additional fuzzing targets. + +== Basics == + +Fuzzing operates by passing inputs to an entry point/target function. The +fuzzer tracks the code coverage triggered by the input. Based on these +findings, the fuzzer mutates the input and repeats the fuzzing. + +To fuzz QEMU, we rely on libfuzzer. Unlike other fuzzers such as AFL, libfuzzer +is an _in-process_ fuzzer. For the developer, this means that it is their +responsibility to ensure that state is reset between fuzzing-runs. + +libfuzzer provides its own main() and expects the developer to implement the +entrypoint "LLVMFuzzerTestOneInput". + +Currently, Fuzz targets are built out to fuzz virtual-devices from guests. The +fuzz targets can use qtest and qos functions to pass inputs to virtual devices. + +== Main Modifications required for Fuzzing == + +Fuzzing is enabled with the -enable-fuzzing flag, which adds the needed cflags +to enable Libfuzzer and AddressSanitizer. In the code, most of the changes to +existing qemu source are surrounded by #ifdef CONFIG_FUZZ statements. Here are +the key areas that are changed: + +=== General Changes === + +vl.c:main renamed to real_main to avoid conflicts when libfuzzer is linked in. +Also, real_main returns where it would normally call main_loop. + +The fuzzer adds an accelerator. The accelerator does not do anything, much +like the qtest accelerator. + +=== Changes to SaveVM === + +There aren't any particular changes to SaveVM, but the fuzzer adds a type +of file "ramfile" implemented in test/fuzz/ramfile.c which allocates a buffer +on the heap to which it saves the vmstate. + +=== Changes to QTest === + +QEMU-fuzz modifies the qtest server(qtest.c) and qtest client +(tests/libqtest.c) so that they communicate within the same QEMU process. In +the qtest server, there is a qtest_init_fuzz function to initialize the +QTestState. Normally, qtest commands are passed to socket_send which +communicates the command to the server/QEMU process over a socket. The fuzzer, +instead, directly calls the qtest server recieve function with the the command +string as an argument. The server usually responds to commands with an "OK" +command. To support this, there is an added qtest_client_recv function in +libqtest.c, which the server calls directly. + +At the moment, qtest's qmp wrapper functions are not supported. + +=== Chages to QOS === + +QOS tests are usually linked against the compiled tests/qos-test.c. The main +function in this file initializes the QOS graph and uses some QMP commands to +query the qtest server for the available devices. It also registers the tests +implemented in all of the linked qos test-case files. Then it uses a DFS walker +to iterate over QOS graph and determine the required QEMU devices/arguments and +device initialization functions to perform each test. + +The fuzzer doesn't link against qos-test, but re-uses most of the functionality +in test/fuzz/qos_helpers.c The major changes are that the walker simply saves +the last QGraph path for later use in the fuzzer. The +qos_set_machines_devices_available function is changed to directly used qmp_* +commands. Note that to populate the QGraph, the fuzzer still needs to be linked +against the devices described in test/libqos/*.o + +== The Fuzzer's Lifecycle == + +The fuzzer has two entrypoints that libfuzzer calls. + +LLVMFuzzerInitialize: called prior to fuzzing. Used to initialize all of the +necessary state + +LLVMFuzzerTestOneInput: called for each fuzzing run. Processes the input and +resets the state at the end of each run. + +In more detail: + +LLVMFuzzerInitialize parses the arguments to the fuzzer (must start with two +dashes, so they are ignored by libfuzzer main()). Currently, the arguments +select the fuzz target. Then, the qtest client is initialized. If the target +requires qos, qgraph is set up and the QOM/LIBQOS modules are initailized. +Then the QGraph is walked and the QEMU cmd_line is determined and saved. + +After this, the vl.c:real_main is called to set up the guest. After this, the +fuzzer saves the initial vm/device state to ram, after which the initilization +is complete. + +LLVMFuzzerTestOneInput: Uses qtest/qos functions to act based on the fuzz +input. It is also responsible for manually calling the main loop/main_loop_wait +to ensure that bottom halves are executed. Finally, it calls reset() which +restores state from the ramfile and/or resets the guest. + + +Since the same process is reused for many fuzzing runs, QEMU state needs to +be reset at the end of each run. There are currently three implemented +options for resetting state: +1. Reboot the guest between runs. + Pros: Straightforward and fast for simple fuzz targets. + Cons: Depending on the device, does not reset all device state. If the + device requires some initialization prior to being ready for fuzzing + (common for QOS-based targets), this initialization needs to be done after + each reboot. + Example target: --virtio-net-ctrl-fuzz +2. vmsave the state to RAM, once, and restore it after each run. + Alternatively only save the device state(savevm.c:qemu_save_device_state) + Pros: Do not need to initialize devices prior to each run. + VMStateDescriptions often specify more state the device resetting + functions called during reboots. + Cons: Restoring state is often slower than rebooting. There is + currently no way to save the QOS object state, so the objects usually + needs to be re-allocated, defeating the purpose of one-time device + initialization. + Example target: --qtest-fuzz +3. Run each test case in a separate forked process and copy the coverage + information back to the parent. This is fairly similar to AFL's "deferred" + fork-server mode [3] + Pros: Relatively fast. Devices only need to be initialized once. No need + to do slow reboots or vmloads. + Cons: Not officially supported by libfuzzer and the implementation is very + flimsy. Does not work well for devices that rely on dedicated threads. + Example target: --qtest-fork-fuzz + +== Adding new Targets == +1. Create a file : tests/fuzz/[file].c +2. Add target registration function and fuzz_target_init(FUNC) at the bottom of +the file. +3. In the registration function, register targets using fuzz_add_qos_target or +fuzz_add_target. The arguments to thes function specify the resetting method +and QOS path. +4. These functions refererence a fuzz function which should be a: +static void func(const unsigned char* Data, size_t Size) +Inside the fuzz function, translate the "Data" into qtest actions. +5. Add [file].o to target/i386/Makefile.objs + +tests/fuzz/qtest_fuzz.c and tests/fuzz/virtio-net-fuzz.c both contain examples +of fuzz targets that follow this structure.