Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions

From:	Alexander Bulekov
Subject:	Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions
Date:	Mon, 13 Jul 2020 07:52:40 -0400
User-agent:	NeoMutt/20180716

On 200713 1241, Stefan Hajnoczi wrote:
> On Thu, Jul 09, 2020 at 07:48:55PM -0400, Alexander Bulekov wrote:
> > On 200623 1514, Stefan Hajnoczi wrote:
> > > On Thu, Jun 11, 2020 at 01:56:51AM -0400, Alexander Bulekov wrote:
> > > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> > > > ---
> > > >  exec.c                                | 17 ++++++++++++++++-
> > > >  include/exec/memory.h                 |  8 ++++++++
> > > >  include/exec/memory_ldst_cached.inc.h |  9 +++++++++
> > > >  include/sysemu/dma.h                  |  5 ++++-
> > > >  memory_ldst.inc.c                     | 12 ++++++++++++
> > > >  5 files changed, 49 insertions(+), 2 deletions(-)
> > > 
> > > Please rename dma_read_cb() to fuzz_dma_read_cb() so the purpose of the
> > > function is clear.
> > > 
> > > The ifdefs can be avoided by defining an empty function when CONFIG_FUZZ
> > > is undefined. In a header file:
> > > 
> > >   #ifdef CONFIG_FUZZ
> > >   void fuzz_dma_read_cb(size_t addr, size_t len);
> > >   #else
> > >   static inline void fuzz_dma_read_cb(size_t addr, size_t len)
> > >   {
> > >       /* Do nothing */
> > >   }
> > >   #endif
> > > 
> > 
> > If I understand correctly, this still has the problem that normal
> > qemu-system builds under --enable-fuzzing are broken. I'm not sure if
> > there is some nice solution for this. For example, a sort-of ugly
> > solution could add this to softmmu/main.c (ie something that is linked
> > for the qemu-system build, but not for qemu-fuzz).
> > 
> > #ifdef CONFIG_FUZZ
> > #include "something.h"
> > static void fuzz_dma_read_cb(size_t addr, size_t len)
> > {
> >     /* Do nothing */
> > }
> > #endif
> 
> Another ugly solution is using weak symbols in the main code and a
> strong symbol in the fuzzer target:
> https://en.wikipedia.org/wiki/Weak_symbol

Ok - I'll try that out. I think we'll also need a check in the actual
dma_read_cb function to confirm that we are actually the general-fuzzer.
We don't want to be hooking accesses while e.g. running the non-general
virtio-net fuzzer.

-Alex

> Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions, Alexander Bulekov, 2020/07/09
- Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions, Stefan Hajnoczi, 2020/07/13
  - Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions, Alexander Bulekov <=

Prev by Date: Re: [PATCH for-5.1 1/2] block: Require aligned image size to avoid assertion failure
Next by Date: Re: [PATCH RFC 2/5] s390x: implement diag260
Previous by thread: Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions
Next by thread: [Bug 1877526] Re: KVM internal crash
Index(es):
- Date
- Thread