From patchwork Thu Oct 29 17:28:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11867053 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1C8EE61C for ; Thu, 29 Oct 2020 17:31:00 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 936DA2087E for ; Thu, 29 Oct 2020 17:30:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=bushare.onmicrosoft.com header.i=@bushare.onmicrosoft.com header.b="4PxkqUaY" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 936DA2087E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bu.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:56968 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYBlK-0007gW-Cp for patchwork-qemu-devel@patchwork.kernel.org; Thu, 29 Oct 2020 13:30:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39962) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kYBkI-0006KJ-0r for qemu-devel@nongnu.org; Thu, 29 Oct 2020 13:29:54 -0400 Received: from mail-mw2nam12on2122.outbound.protection.outlook.com ([40.107.244.122]:48737 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kYBkF-00053E-MT for qemu-devel@nongnu.org; Thu, 29 Oct 2020 13:29:53 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YLxI0j8V7bNXwNpD/kyB9kwGNFJgcNlsYyzLDXh8OsjYDcic90WyHREVz1N8k8Fg0aqManMBVwOiV1aWlImrb+kjjrJz7oCZu34BaMd7TdkvWYIQ0aH+ZUql5g40c7KXIV5JO2w2JV5E2ICe7JaYP8H/cpn7mNqnI3UgfGX2RKN2x/yERq1QqfJCQTW9sSm2+TCgWIm/Zbf58FFIkhrMYEytlW5dvRo1YKcaiFZdo9mHXVVHLOCRDaDpDiR349FP8+i9uDFBjYOoKJsBYxmydH1D+pRvxQtZb6CHmrPSMeilY/KRi6e/Fr5dU8lCOQwP/stJEdOkuChD3ef1ApdwHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dnlxJ4vbkkiqTi6tl5sAB1U9Xv+D3enwmWjAjlDaTfA=; b=kyvj8V9oFjHd9h5zX7gKjG0I1OCfnijsXDak1FYVhjhCBuW0ea9Q8/Qc2N3uDmrNgh0/kM+NoZQm2M6q5a9Eee+X9eC3u+QmRhBMEXkIj3wrZ+st+bgK1ZciLy2Sy76RhP8Dk/wubW6C6Yy/ovncdjA9UFw5qqBvtvbbfx+PoFkABn9Ont8uLRz9zOtctgeT+hshtpsUJnYzlLcB9KIyvRIWArSPbanPFfTdZyGTaqgvotoZe/s4LYtFw6InXPh1SFmYb4IZRGrOnmzAQ3Ev8Bm64RYWdxMUhR/0PnGDzfgKhUDGNzAuPJcG+ZUBeCFh5cXmAqq8FbMXdHudZaPWDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dnlxJ4vbkkiqTi6tl5sAB1U9Xv+D3enwmWjAjlDaTfA=; b=4PxkqUaYOPC69gwOSanrk+sIGB4Lkd+3znMbNssgEdV29HZR0Kb0zWGU5aiidfGQQ62r3DOz9c2OchpXusSq55yBl6Zs78r1IKezgCDsoheDnTY4FWXHPpKNOWdHSEYQio4rBZX7bOcfVWb1W1cDJkS73n3PAsUCBYCZ93pDk/A= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SA0PR03MB5531.namprd03.prod.outlook.com (2603:10b6:806:bd::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Thu, 29 Oct 2020 17:29:15 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::d520:4c19:8ce6:7db2]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::d520:4c19:8ce6:7db2%2]) with mapi id 15.20.3499.027; Thu, 29 Oct 2020 17:29:15 +0000 From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH-for-5.2 1/3] fuzz: fix writing DMA patterns Date: Thu, 29 Oct 2020 13:28:58 -0400 Message-Id: <20201029172901.534442-2-alxndr@bu.edu> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201029172901.534442-1-alxndr@bu.edu> References: <20201029172901.534442-1-alxndr@bu.edu> X-Originating-IP: [72.93.72.163] X-ClientProxiedBy: BL0PR01CA0005.prod.exchangelabs.com (2603:10b6:208:71::18) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from stormtrooper.vrmnet (72.93.72.163) by BL0PR01CA0005.prod.exchangelabs.com (2603:10b6:208:71::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Thu, 29 Oct 2020 17:29:14 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0c5616e4-7f0f-487a-a14d-08d87c302864 X-MS-TrafficTypeDiagnostic: SA0PR03MB5531: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wFVbhHy4sgEqpI5wzrOxG60jCVtQPmaKrrjL9sQ0QEsDEJV/UAYV+ZgYo7+H5mTSMdycPMuwVSyBMUCerInUbg0LyAtJEGdcECLFNaltzAphgYWsN/4iFb1cbO6zCEDNFgn3vnTDUJkn4V8pKWJZ2lMVfwsnCcEqFxYXMAe5iHFerhg9CLOBI/SyGo4U/YmEicLbKh/IPHJl5TkMN2abvDQ2kMlWCgCRWF5M6bk9iOLOqJMgt8ETdVKhTvsqAOv8CY4Q4rpU0MLfSV94zfgXxrKDK4u9P5+VW7Z9LnucPHZjCiIO5/EU2EAciNLZV3FIQDsfKtZyLmzhUKIwDeMmcA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(366004)(136003)(346002)(39860400002)(1076003)(2616005)(6916009)(956004)(86362001)(786003)(316002)(54906003)(83380400001)(6512007)(36756003)(8676002)(26005)(8936002)(2906002)(4326008)(6506007)(186003)(478600001)(16526019)(52116002)(6486002)(66946007)(66476007)(66556008)(75432002)(6666004)(5660300002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: 1hEjpwVtDthLfzYnyngA8T96a3t14RYZ35Lfkw7TJUFERk2sGAIFtaYkZCCHeZrwqSIpY3bPCGP9h1iYrAEE8Iv2dPzk9Z4z+C6b5x/cHvQQAt5q0+43IZMSD0q6o6ZSZQ+hnVqpFxEwuVVmynF78D/Rb6EAZlHVONcdHYMwqzjuvpHnpQzFfJX42EjeH/kL5k3H32IiIwpHLBFkb4D2HtLT9+Kk9E9BTyE4hf8g5grHu+hCK6AgiuwXD2/NqR8THZQ7v3UsHS24DokEtT4dNmzp57NCZjd9mm0e3v/U4R60DjTBek2hviUC8TqQOtjKxf/cAakiE3Qgms6kIneqHkQTy+E8v/L2I3aBfccMD62VqcYdAy5gRpBMIOmy5PY/+wI66P8l4Gerdm7EsYHqriela0AJzHnk29IeRFkItuLCkVquap4sBNTTiiidlYCCUEBA33CibEV88rik5AnvFB7DSgFPkA2E6TEf9g5BSlOFDn00H9ehbHF8fo742y/XWrajUMnawTqplDaCyTlLH4F769YTrKmGvh9pUYU+DRL7eFjDCKKrSKzCSN3BZ2auzo+vmyYm2mVJhDIr+3DIDn97PhNOO+Y+cqmO08lxiNxoOyO1ELscqxvXIAaJniRNmvkjQP3uElxmgwvS6Zsrmg== X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 0c5616e4-7f0f-487a-a14d-08d87c302864 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Oct 2020 17:29:15.5100 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: x9pSik6vA0CCPG51C9bMZxLrPKLdVbim3T7EKnykU+rEBt7jNXcz0y2dx9glOjEz X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR03MB5531 Received-SPF: pass client-ip=40.107.244.122; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/29 13:29:50 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.021, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, stefanha@redhat.com, pbonzini@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" This code had all sorts of issues. We used a loop similar to address_space_write_rom, but I did not remove a "break" that only made sense in the context of the switch statement in the original code. Then, after the loop, we did a separate qtest_memwrite over the entire DMA access range, defeating the purpose of the loop. Additionally, we increment the buf pointer, and then try to g_free() it. Fix these problems. Reported-by: OSS-Fuzz (Issue 26725) Signed-off-by: Alexander Bulekov Reported-by: OSS-Fuzz (Issue 26691) --- tests/qtest/fuzz/generic_fuzz.c | 37 +++++++++++++++------------------ 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index a8f5864883..3e2d50feaa 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -229,10 +229,10 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write) address_range ar = {addr, len}; g_array_append_val(dma_regions, ar); pattern p = g_array_index(dma_patterns, pattern, dma_pattern_index); - void *buf = pattern_alloc(p, ar.size); + void *buf_base = pattern_alloc(p, ar.size); + void *buf = buf_base; hwaddr l, addr1; MemoryRegion *mr1; - uint8_t *ram_ptr; while (len > 0) { l = len; mr1 = address_space_translate(first_cpu->as, @@ -244,30 +244,27 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write) l = memory_access_size(mr1, l, addr1); } else { /* ROM/RAM case */ - ram_ptr = qemu_map_ram_ptr(mr1->ram_block, addr1); - memcpy(ram_ptr, buf, l); - break; + if (qtest_log_enabled) { + /* + * With QTEST_LOG, use a normal, slow QTest memwrite. Prefix the log + * that will be written by qtest.c with a DMA tag, so we can reorder + * the resulting QTest trace so the DMA fills precede the last PIO/MMIO + * command. + */ + fprintf(stderr, "[DMA] "); + if (double_fetch) { + fprintf(stderr, "[DOUBLE-FETCH] "); + } + fflush(stderr); + } + qtest_memwrite(qts_global, addr, buf, l); } len -= l; buf += l; addr += l; } - if (qtest_log_enabled) { - /* - * With QTEST_LOG, use a normal, slow QTest memwrite. Prefix the log - * that will be written by qtest.c with a DMA tag, so we can reorder - * the resulting QTest trace so the DMA fills precede the last PIO/MMIO - * command. - */ - fprintf(stderr, "[DMA] "); - if (double_fetch) { - fprintf(stderr, "[DOUBLE-FETCH] "); - } - fflush(stderr); - } - qtest_memwrite(qts_global, ar.addr, buf, ar.size); - g_free(buf); + g_free(buf_base); /* Increment the index of the pattern for the next DMA access */ dma_pattern_index = (dma_pattern_index + 1) % dma_patterns->len; From patchwork Thu Oct 29 17:28:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11867057 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5AD056A2 for ; Thu, 29 Oct 2020 17:32:22 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E84F7206CA for ; Thu, 29 Oct 2020 17:32:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=bushare.onmicrosoft.com header.i=@bushare.onmicrosoft.com header.b="Lc9txfaE" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E84F7206CA Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bu.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:59550 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYBme-0000M5-Tp for patchwork-qemu-devel@patchwork.kernel.org; Thu, 29 Oct 2020 13:32:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39974) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kYBkJ-0006MM-He for qemu-devel@nongnu.org; Thu, 29 Oct 2020 13:29:55 -0400 Received: from mail-mw2nam12on2122.outbound.protection.outlook.com ([40.107.244.122]:48737 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kYBkI-00053E-43 for qemu-devel@nongnu.org; Thu, 29 Oct 2020 13:29:55 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FwjZGJVjvWmE27ffK99Cqk2rGKMKvHAySY1Oj5LIEqZiqKw4Vy7U3gl2UJtJAHYZA2SQP0ds5F1uJBpV+ejyJfcGZlnodl42Mj+zebL/grgNyaURvKsFsuVqT+Ux4OTXhIZgJwN+E8oNS523QPB1rh058CSQ2wM92ONQK73Pnr9MlRcIWouxq2pBPh+nMHdPhToxQXIwgi+w3R5sJySLUFqLx3d5xuiUcNtXFJXt0KxGo94IUcxQNm2zfuwI/ZhkeXarihoZNI8LPFcf5ar9R4rP82BpO7FhJ7NTf6zUPyHTj3x8hpxw8HtmPlItXdjc12tfKjRr3OQbJI+CMzsQzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9voDsl/wX3BDjEUQwe4C2jvIyxKGmVVyH5HHyo1XYNA=; b=bHNGlMk8N5S+Ao0nHUIeLHN/TeMGshNTf4qtnyWAlR/gx3QYelnCWS8hP53uFC1ynYxwt2gw5Pl4OXPl8BoX9bCJ0INJizpGzxIk0FJQhUrfrkkfTGJfhIttfs3MJdrA3Hi0GAcci1j1kITXv/CoaAfNlWh2NALd0EdfWoNUbQfHT9DhrlPGPGi0HlxD4xqrHU8DzxojIJTHv7fa0gPRmbtNcJBjRARUf/9Lw+8ZlT/mAfLarmB0w5WDlM2tEBOZbsRweZcJ+xFhkxGyDD60euJ0N3AkmOsFLUB7mRruY5CePbh74lyhhnikUxEb9sUzIdQPvqq2qJ8jdb14rCcsUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9voDsl/wX3BDjEUQwe4C2jvIyxKGmVVyH5HHyo1XYNA=; b=Lc9txfaEvHSCzgHsoT0JXr80lP4O8ty7dDc8FxZsl13hl7i9uP0KjaA9toKaLcgZE9nCol3NV5JIlSmhuYBoM0UitvPYTz+HrrVO2P9IsY3FKZmfADD57W4w9JaIVqmJRdoG25KnmrLyIud2o2fD2q4tR1fHwnc8qbt42L+A9lY= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SA0PR03MB5531.namprd03.prod.outlook.com (2603:10b6:806:bd::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Thu, 29 Oct 2020 17:29:17 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::d520:4c19:8ce6:7db2]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::d520:4c19:8ce6:7db2%2]) with mapi id 15.20.3499.027; Thu, 29 Oct 2020 17:29:17 +0000 From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH-for-5.2 2/3] fuzz: check the MR in the DMA callback Date: Thu, 29 Oct 2020 13:28:59 -0400 Message-Id: <20201029172901.534442-3-alxndr@bu.edu> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201029172901.534442-1-alxndr@bu.edu> References: <20201029172901.534442-1-alxndr@bu.edu> X-Originating-IP: [72.93.72.163] X-ClientProxiedBy: BL0PR01CA0005.prod.exchangelabs.com (2603:10b6:208:71::18) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from stormtrooper.vrmnet (72.93.72.163) by BL0PR01CA0005.prod.exchangelabs.com (2603:10b6:208:71::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Thu, 29 Oct 2020 17:29:16 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2957fd58-50d6-4f0e-e3f2-08d87c30294c X-MS-TrafficTypeDiagnostic: SA0PR03MB5531: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4av53vgce0n0S7cUPc3sjvddI7GI+SUgTAtQSE6ZVfOP0MwPs40ftH+DmqiqQc04pNumyxwb2+WppjVSKfJ4hnCYosQstRMPrscnzJpbfj4cKgXVpA+oZ3GsWyNSgPTZWnVedmsXe1Ldkn2A6ZhQkvcxFDX+TIobsJC/aH6Lnquax4vEPMHQ+RSzw3qitSLPWfD5AHNAiG/E3u/z9Muh0dgwDliLY1zfYdkySYXZ7HqPrZkIPP+521Zbqb2plS7Rk7c5KHLGADJunlZ5lhKCi8F58sGpfOmb5R3gFhSD/5+y8bcgA6WnxdpTjQ5PyjbvavksvQuDlfiD0FVgGiCBUw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(366004)(136003)(346002)(39860400002)(1076003)(2616005)(6916009)(956004)(86362001)(786003)(316002)(54906003)(83380400001)(6512007)(36756003)(8676002)(26005)(8936002)(2906002)(4326008)(6506007)(186003)(478600001)(16526019)(52116002)(6486002)(4744005)(66946007)(66476007)(66556008)(75432002)(6666004)(5660300002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: SVV8pfV7Wb40fIbwOk8TcwDyldcMu3fXIAAzk7LvnW8BAWsXwukvnXitcSJSZqsnydFdpVFtUSY59e0uQLV9egfpVdbRAwCGajEUV0H1WPRW4gvpkgz4gXDP+Wm9fwRTEfyOR8WN0VYTLaxOpV0dHHrWOEMFW9YH1QND83d0BCZkS8LxIKTAXLPyPTo93b9nqtb0YdyNuCoAv4SSkyaGBvRT+srbtGBtHZ5NyepbJ67lTlz4UK833QkkuiBfjMa17ljNxiOkDwe2rPSXS4J5gQTQaZkrIlDe1oQwcrsqnkkIbCmzuBHhJ7+oRt+RMF3tIjBXz1NRuZnZZS9d+Oa0PnIFyaXD9gelXwj/ucwAnvBL0XiXHwranF/ide4V+tbHBMZsuEnmhPFQU2+GbzoGzrxzjisPW8fuQJ1E0TxGXgSQKUgtD6LrPF6yZR3TWefjl7scsGcFfobaJMRqMKyFb1WWonpUWfYBCNyR4SPCVVPqrZbjS8lyf1+TyNzMJbCIR5hOsDlt9fuLxRQwKohArZPkePTwLUUp6tTPRNHkikVjwfB5Opk5LRco5LNsDxXumCqD1LECGfo3BYISk0GxGYk/9BIIg29aw4NsgJPCl3VyrA20UPN+1G7otbATuiKDFyQXzaBjK1lWe+Lz8chmEg== X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 2957fd58-50d6-4f0e-e3f2-08d87c30294c X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Oct 2020 17:29:17.1871 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: s6S2wmG4tZsTSADEDcerK/KVQcH/8j70QWwL91vXT0o1iZFAOySIwejYdat4g5W0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR03MB5531 Received-SPF: pass client-ip=40.107.244.122; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/29 13:29:50 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.021, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, stefanha@redhat.com, pbonzini@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" We should be checking that the device is trying to read from RAM, before filling the region with data. Otherwise, we will try to populate nonsensical addresses in RAM for callbacks on PIO/MMIO reads. We did this originally, however the final version I sent had the line commented out.. Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/generic_fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index 3e2d50feaa..31f24ad06f 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -192,7 +192,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write) */ if (dma_patterns->len == 0 || len == 0 - /* || mr != MACHINE(qdev_get_machine())->ram */ + || mr != MACHINE(qdev_get_machine())->ram || is_write || addr > current_machine->ram_size) { return; From patchwork Thu Oct 29 17:29:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Bulekov X-Patchwork-Id: 11867055 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 51C9D6A2 for ; Thu, 29 Oct 2020 17:31:34 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B2C29206CA for ; Thu, 29 Oct 2020 17:31:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=bushare.onmicrosoft.com header.i=@bushare.onmicrosoft.com header.b="GEBoxEAh" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B2C29206CA Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bu.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:57344 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYBls-0007ql-3s for patchwork-qemu-devel@patchwork.kernel.org; Thu, 29 Oct 2020 13:31:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39988) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kYBkL-0006Ph-9X for qemu-devel@nongnu.org; Thu, 29 Oct 2020 13:29:57 -0400 Received: from mail-mw2nam12on2122.outbound.protection.outlook.com ([40.107.244.122]:48737 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kYBkJ-00053E-SF for qemu-devel@nongnu.org; Thu, 29 Oct 2020 13:29:57 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EwRp/dTZMo0ff6vhVXiix3soPBkfBbI9dP/ffM/oEAt2g5ExXd5KS1hgz4HHAnimxFRVaDrTXZgwY+v+MqMBv6e+7yJQ1C+/q1XlNptqu+Db4PlMRkBEGMJSoiTelWv9ha1Op7cVT4IjbUcaHTAwNvWRFyKIhr+EhSUl6IV6hu9YUtMEj2HMZvj1kuogeCNFag4vMctTdMa0vf+eexGJc1u8lUY2PKZ8vOQTQzkO1yEZt3jcDb9hBTO18cH4bKGFW9N0dcRDiRYXyk7afO9a19eTBykVRyAb1mNjN1/QdYuPnHDeQmaiQijED3pgzd129cUyYYrr5pTvfLKuSuyT6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pzq57iY6F4yPBb3QHPsfz89t93OsfxxyJVMrVQZne7M=; b=XZBPc5eKwqnn0TaxO2uVffdJKWbypZMWCGn+iWCZEw4RNrIMD3Bz6pIOh3cMEF0vO0al+qZbuRqalFJveEZFcylTxfjHDz7x5k5oe8eOSx1IAkiRAjJR52l6a6CvzFsVezax4peU8y3Rh7AfriCTWM3rvUfWO8GZqnZqI6IwXcf54ClPGHgxex1D3WlyyclSLqZjVDS03lzjN1uYz2clAvkC/zO0kn3wQngNRv5KDgj9O1/Jeys3xAjvQlTzf+CSDgKV518GtBsG0u9as6gXMWNym0Ad5PakvGzp82ZF4kC65xak1L2iUDzFz/Rgp12o/M2hooVVaskvtCs2HqhPLw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pzq57iY6F4yPBb3QHPsfz89t93OsfxxyJVMrVQZne7M=; b=GEBoxEAhoj4Kp2WyQsOJugp4IUlgou+XSxkm/E4zNnJLUJnqaiazEeYBFLNbryAN8sf29sk5x19vN5hI3OGHph3mSjsS4L+/CHGGEJW8iMHlDIph77WUiG/gg6kgcqQEY3I6VN0q62xGIdq2XYMyhY364XZDoHvHDCXiUpfdbjo= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SA0PR03MB5531.namprd03.prod.outlook.com (2603:10b6:806:bd::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Thu, 29 Oct 2020 17:29:19 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::d520:4c19:8ce6:7db2]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::d520:4c19:8ce6:7db2%2]) with mapi id 15.20.3499.027; Thu, 29 Oct 2020 17:29:19 +0000 From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH-for-5.2 3/3] fuzz: fuzz offsets within pio/mmio regions Date: Thu, 29 Oct 2020 13:29:00 -0400 Message-Id: <20201029172901.534442-4-alxndr@bu.edu> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201029172901.534442-1-alxndr@bu.edu> References: <20201029172901.534442-1-alxndr@bu.edu> X-Originating-IP: [72.93.72.163] X-ClientProxiedBy: BL0PR01CA0005.prod.exchangelabs.com (2603:10b6:208:71::18) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from stormtrooper.vrmnet (72.93.72.163) by BL0PR01CA0005.prod.exchangelabs.com (2603:10b6:208:71::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Thu, 29 Oct 2020 17:29:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 250d21d6-e781-4d0b-ff53-08d87c302ab7 X-MS-TrafficTypeDiagnostic: SA0PR03MB5531: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2043; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DLGIGkXZEVEMvzIgtpJi1/dW6i7N2V2q7p8TiPiswrDrfb3bz0Tm4ZvrDY6GMk/hrYV+/Gop2S0eSMYLO55u3+0VphVS1q94uWf8idAHafpY6JX1pNCiKQ6UiajZdWoRcNQUt4WiDSbYQEHdyWFqbvnxi+33iaGIFYps3DA9SjY4rSdNoikkULaRtykAS7mfO+shSvcd/l8v8wOF/6jlBss1UYBh6n+fup71HWl9LOuj17gy5KofDTj3LRmXsl1mLC0h9yXaaJBy/32JNTVSzQIcT2ofgHEKoqu6JUgDP+sQF0xVMp3sNoOxht8axv/rfIourqXGyPL5o8Jxss7Y8g== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(366004)(136003)(346002)(39860400002)(1076003)(2616005)(6916009)(956004)(86362001)(786003)(316002)(54906003)(6512007)(36756003)(8676002)(26005)(8936002)(2906002)(4326008)(6506007)(186003)(478600001)(16526019)(52116002)(6486002)(4744005)(66946007)(66476007)(66556008)(75432002)(6666004)(5660300002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: ed0jj2/H94dDJN8MzvKHfoNg7/TAC09NQC1N99msJakHIzVJcw/i/XF96K3bwffKWxVN8U+Ws8BiDjztVFn+izElkFSvC2KapBQ/hpw/0zuwcj6rjXAh93UmWGf+mzHUXMRhQGEcHxUzKIjHz68z3iBbq+UG+04SSKkubyvqGJu7v4FsQqU8rt2tZxL1vVcElBhoaDtqSVWYul/xBle2b+wvcLvHMwYo7n/EX+jogey9Nh0ivNKHzC4Pdr2ing+grQk0GYN8LKpUwH9A2QaIojKqSUPh9TLT4NMWQMBziJl4flBsuNTmMKuPEAkyZixI0jCvpO/bWXSuAvDdcGoxhXOTApuw6LUDygDP6qrwxljoY/182mx2x2WML4sPJmsai5v3pj6WStHGmz53SEq4htWtnFlPtMeMnZjJB8TsdgoaaBaIdhy3TqkZ5KLpUcfxgKJ7iYnb7kf0xWe+qtNrikFgL15Ktt40Rj2LshpTUwuCzi4UUiZPVDdy5vt1oCvnttWjJ+ie8taGeGY3VQM0ZwRoyBPVOsFZ9wzEiBqGnOqHMoet++qQZ5f0ZLX2smex967H7ELP1MkW9AsxTcUfXGRn79BNnjARag0Re03+KGSvYRMQXbIWp0SLuIM2o45xsfzH9/6GDjZV3OtRfVbyIA== X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 250d21d6-e781-4d0b-ff53-08d87c302ab7 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Oct 2020 17:29:19.3559 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JnOHGbj0WATN/5IBAqRs1jPjRQms+sZzhwrYyGfIr5KKBmqSF0mSl7PXLitAG2QL X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR03MB5531 Received-SPF: pass client-ip=40.107.244.122; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/29 13:29:50 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.021, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, stefanha@redhat.com, pbonzini@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" The code did not add offsets to FlatRange bases, so we did not fuzz offsets within device MemoryRegions. Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/generic_fuzz.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index 31f24ad06f..5770f86be6 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -298,6 +298,11 @@ static bool get_io_address(address_range *result, AddressSpace *as, } while (cb_info.index != index && !cb_info.found); *result = cb_info.result; + if (result->size) { + offset = offset % result->size; + result->addr += offset; + result->size -= offset; + } return cb_info.found; }