[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 10/16] fuzz: configure a sparse-mem device, by default
From: |
Paolo Bonzini |
Subject: |
[PULL 10/16] fuzz: configure a sparse-mem device, by default |
Date: |
Tue, 16 Mar 2021 17:15:25 -0400 |
From: Alexander Bulekov <alxndr@bu.edu>
The generic-fuzzer often provides randomized DMA addresses to
virtual-devices. For a 64-bit address-space, the chance of these
randomized addresses coinciding with RAM regions, is fairly small. Even
though the fuzzer's instrumentation eventually finds valid addresses,
this can take some-time, and slows-down fuzzing progress (especially,
when multiple DMA buffers are involved). To work around this, create
"fake" sparse-memory that spans all of the 64-bit address-space. Adjust
the DMA call-back to populate this sparse memory, correspondingly
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tests/qtest/fuzz/generic_fuzz.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index 387ae2020a..b5fe27aae1 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -28,6 +28,7 @@
#include "hw/pci/pci.h"
#include "hw/boards.h"
#include "generic_fuzz_configs.h"
+#include "hw/mem/sparse-mem.h"
/*
* SEPARATOR is used to separate "operations" in the fuzz input
@@ -64,6 +65,8 @@ static useconds_t timeout = DEFAULT_TIMEOUT_US;
static bool qtest_log_enabled;
+MemoryRegion *sparse_mem_mr;
+
/*
* A pattern used to populate a DMA region or perform a memwrite. This is
* useful for e.g. populating tables of unique addresses.
@@ -191,8 +194,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion
*mr)
*/
if (dma_patterns->len == 0
|| len == 0
- || mr != current_machine->ram
- || addr > current_machine->ram_size) {
+ || (mr != current_machine->ram && mr != sparse_mem_mr)) {
return;
}
@@ -238,7 +240,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion
*mr)
MEMTXATTRS_UNSPECIFIED);
if (!(memory_region_is_ram(mr1) ||
- memory_region_is_romd(mr1))) {
+ memory_region_is_romd(mr1)) && mr1 != sparse_mem_mr) {
l = memory_access_size(mr1, l, addr1);
} else {
/* ROM/RAM case */
@@ -814,6 +816,12 @@ static void generic_pre_fuzz(QTestState *s)
}
qts_global = s;
+ /*
+ * Create a special device that we can use to back DMA buffers at very
+ * high memory addresses
+ */
+ sparse_mem_mr = sparse_mem_init(0, UINT64_MAX);
+
dma_regions = g_array_new(false, false, sizeof(address_range));
dma_patterns = g_array_new(false, false, sizeof(pattern));
--
2.26.2
- [PULL 00/16] Fuzzing + bugfix patches for QEMU 6.0 soft freeze, Paolo Bonzini, 2021/03/16
- [PULL 01/16] tests/qtest: Only run fuzz-megasas-test if megasas device is available, Paolo Bonzini, 2021/03/16
- [PULL 02/16] tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is available, Paolo Bonzini, 2021/03/16
- [PULL 07/16] fuzz: add instructions for building reproducers, Paolo Bonzini, 2021/03/16
- [PULL 03/16] MAINTAINERS: Cover fuzzer reproducer tests within 'Device Fuzzing', Paolo Bonzini, 2021/03/16
- [PULL 04/16] fuzz: fix the pro100 generic-fuzzer config, Paolo Bonzini, 2021/03/16
- [PULL 06/16] fuzz: add a script to build reproducers, Paolo Bonzini, 2021/03/16
- [PULL 05/16] fuzz: don't leave orphan llvm-symbolizers around, Paolo Bonzini, 2021/03/16
- [PULL 09/16] memory: add a sparse memory device for fuzzing, Paolo Bonzini, 2021/03/16
- [PULL 08/16] fuzz: add a am53c974 generic-fuzzer config, Paolo Bonzini, 2021/03/16
- [PULL 10/16] fuzz: configure a sparse-mem device, by default,
Paolo Bonzini <=
- [PULL 13/16] Revert "accel: kvm: Add aligment assert for kvm_log_clear_one_slot", Paolo Bonzini, 2021/03/16
- [PULL 12/16] configure: add option to explicitly enable/disable libgio, Paolo Bonzini, 2021/03/16
- [PULL 11/16] fuzz: move some DMA hooks, Paolo Bonzini, 2021/03/16
- [PULL 14/16] scsi: fix sense code for EREMOTEIO, Paolo Bonzini, 2021/03/16
- [PULL 15/16] hw/i8254: fix vmstate load, Paolo Bonzini, 2021/03/16
- [PULL 16/16] qemu-timer: allow freeing a NULL timer, Paolo Bonzini, 2021/03/16
- Re: [PULL 00/16] Fuzzing + bugfix patches for QEMU 6.0 soft freeze, Peter Maydell, 2021/03/18