[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions
From: |
Alexander Bulekov |
Subject: |
Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions |
Date: |
Mon, 13 Jul 2020 07:52:40 -0400 |
User-agent: |
NeoMutt/20180716 |
On 200713 1241, Stefan Hajnoczi wrote:
> On Thu, Jul 09, 2020 at 07:48:55PM -0400, Alexander Bulekov wrote:
> > On 200623 1514, Stefan Hajnoczi wrote:
> > > On Thu, Jun 11, 2020 at 01:56:51AM -0400, Alexander Bulekov wrote:
> > > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> > > > ---
> > > > exec.c | 17 ++++++++++++++++-
> > > > include/exec/memory.h | 8 ++++++++
> > > > include/exec/memory_ldst_cached.inc.h | 9 +++++++++
> > > > include/sysemu/dma.h | 5 ++++-
> > > > memory_ldst.inc.c | 12 ++++++++++++
> > > > 5 files changed, 49 insertions(+), 2 deletions(-)
> > >
> > > Please rename dma_read_cb() to fuzz_dma_read_cb() so the purpose of the
> > > function is clear.
> > >
> > > The ifdefs can be avoided by defining an empty function when CONFIG_FUZZ
> > > is undefined. In a header file:
> > >
> > > #ifdef CONFIG_FUZZ
> > > void fuzz_dma_read_cb(size_t addr, size_t len);
> > > #else
> > > static inline void fuzz_dma_read_cb(size_t addr, size_t len)
> > > {
> > > /* Do nothing */
> > > }
> > > #endif
> > >
> >
> > If I understand correctly, this still has the problem that normal
> > qemu-system builds under --enable-fuzzing are broken. I'm not sure if
> > there is some nice solution for this. For example, a sort-of ugly
> > solution could add this to softmmu/main.c (ie something that is linked
> > for the qemu-system build, but not for qemu-fuzz).
> >
> > #ifdef CONFIG_FUZZ
> > #include "something.h"
> > static void fuzz_dma_read_cb(size_t addr, size_t len)
> > {
> > /* Do nothing */
> > }
> > #endif
>
> Another ugly solution is using weak symbols in the main code and a
> strong symbol in the fuzzer target:
> https://en.wikipedia.org/wiki/Weak_symbol
Ok - I'll try that out. I think we'll also need a check in the actual
dma_read_cb function to confirm that we are actually the general-fuzzer.
We don't want to be hooking accesses while e.g. running the non-general
virtio-net fuzzer.
-Alex
> Stefan