[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 04/16] fuzz: Add DMA support to the generic-fuzzer
|
From: |
Alexander Bulekov |
|
Subject: |
Re: [PATCH v3 04/16] fuzz: Add DMA support to the generic-fuzzer |
|
Date: |
Thu, 8 Oct 2020 09:26:11 -0400 |
On 201008 0943, Paolo Bonzini wrote:
> On 21/09/20 04:24, Alexander Bulekov wrote:
> > + if (qtest_log_enabled) {
> > + /*
> > + * With QTEST_LOG, use a normal, slow QTest memwrite. Prefix the
> > log
> > + * that will be written by qtest.c with a DMA tag, so we can
> > reorder
> > + * the resulting QTest trace so the DMA fills precede the last
> > PIO/MMIO
> > + * command.
> > + */
> > + fprintf(stderr, "[DMA] ");
> > + fflush(stderr);
> > + qtest_memwrite(qts_global, ar.addr, buf, ar.size);
> > + } else {
> > + /*
> > + * Populate the region using address_space_write_rom to avoid
> > writing to
> > + * any IO MemoryRegions
> > + */
> > + address_space_write_rom(first_cpu->as, ar.addr,
> > MEMTXATTRS_UNSPECIFIED,
> > + buf, ar.size);
> > + }
>
> I wonder if you should just copy address_space_write_rom to your own
> code. This way you can log the write just like qtest_memwrite would,
> while skipping memwrites that would access IO regions.
>
> Paolo
I took a quick look, and I think this should be possible, though I might
also need to carry over memory_access_size and invalidate_and_set_dirty.
That would certainly make things better for building reproducers, since
I have seen cases where bugs were not reproducible with QTEST_LOG=1,
because we were not using address_space_write_rom. I'll give it a shot!
Thanks