[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH-for-5.0 2/2] qtest: Test the Drawing Engine of the SM501 companio
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
[PATCH-for-5.0 2/2] qtest: Test the Drawing Engine of the SM501 companion |
|
Date: |
Sat, 11 Apr 2020 11:14:53 +0200 |
Run some PCI commands to call the COPY_AREA() macro in
sm501_2d_operation(), and verify that there is no more
overflow as reported in BZ#1786026 [*].
The SM501 is used by the R2D-PLUS and aCube Sam460ex
machines, but since it is a PCI card and we already have
an easy way to test PCI daughter cards on the sPAPR
machine, test it there.
[*] https://bugzilla.redhat.com/show_bug.cgi?id=1786026
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
---
tests/qtest/sm501-test.c | 106 +++++++++++++++++++++++++++++++++++
tests/qtest/Makefile.include | 2 +
2 files changed, 108 insertions(+)
create mode 100644 tests/qtest/sm501-test.c
diff --git a/tests/qtest/sm501-test.c b/tests/qtest/sm501-test.c
new file mode 100644
index 0000000000..79bf7c2c21
--- /dev/null
+++ b/tests/qtest/sm501-test.c
@@ -0,0 +1,106 @@
+/*
+ * QEMU test for the SM501 companion
+ *
+ * SPDX-FileCopyrightText: 2020 Philippe Mathieu-Daudé <address@hidden>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "qemu/osdep.h"
+#include "qemu/units.h"
+#include "qemu-common.h"
+#include "libqtest.h"
+#include "libqos/libqos-spapr.h"
+#include "hw/pci/pci_ids.h"
+
+typedef struct {
+ QOSState *qs;
+ QPCIDevice *dev;
+ QPCIBar bar;
+} PciSm501State;
+
+static void save_fn(QPCIDevice *dev, int devfn, void *data)
+{
+ *((QPCIDevice **)data) = dev;
+}
+
+static void sm501_init(PciSm501State *s)
+{
+ uint64_t barsize;
+
+ s->dev = NULL;
+ qpci_device_foreach(s->qs->pcibus, PCI_VENDOR_ID_SILICON_MOTION,
+ PCI_DEVICE_ID_SM501, save_fn, &s->dev);
+ g_assert(s->dev != NULL);
+
+ qpci_device_enable(s->dev);
+
+ /* BAR#0: VRAM, BAR#1: MMIO registers */
+ s->bar = qpci_iomap(s->dev, 1, &barsize);
+ g_assert_cmpuint(barsize, ==, 2 * MiB);
+}
+
+static void sm501_deinit(PciSm501State *s)
+{
+ g_free(s->dev);
+}
+
+static uint32_t sm501_read(PciSm501State *s, uint64_t off)
+{
+ uint32_t val;
+
+ s->dev->bus->memread(s->dev->bus, s->bar.addr + off, &val, sizeof(val));
+
+ return val;
+}
+
+static void sm501_write(PciSm501State *s, uint64_t off, uint32_t val)
+{
+ s->dev->bus->memwrite(s->dev->bus, s->bar.addr + off, &val, sizeof(val));
+}
+
+static void sm501_check_device_id(PciSm501State *s)
+{
+ g_assert_cmphex(sm501_read(s, 0x60) >> 16, ==, 0x501); /* DEVICEID reg */
+}
+
+/*
+ * Try to reproduce the heap overflow reported in
+ * https://bugzilla.redhat.com/show_bug.cgi?id=1786026
+ */
+static void test_sm501_2d_drawing_engine_op(void)
+{
+ PciSm501State s;
+
+ s.qs = qtest_spapr_boot("-machine pseries -device sm501");
+
+ sm501_init(&s);
+ sm501_check_device_id(&s);
+
+ /*
+ * Commands listed in BZ#1786026 to access
+ * COPY_AREA() in sm501_2d_operation().
+ */
+ sm501_write(&s, 0x100000, 0x0); /* src: (x, y) = (0, 0) */
+ sm501_write(&s, 0x100004, 0x0); /* dst: (x, y) = (0, 0) */
+ sm501_write(&s, 0x100008, 0x00100010); /* dim: height = width = 16 */
+ sm501_write(&s, 0x100010, 0x00100010); /* pitch: height = width = 16 */
+ sm501_write(&s, 0x10000c, 0xcc000088); /* ctrl: op = copy area, RTL */
+
+ /* If the overflow occured, the next call will fail. */
+ sm501_check_device_id(&s);
+
+ sm501_deinit(&s);
+
+ qtest_shutdown(s.qs);
+}
+
+int main(int argc, char *argv[])
+{
+ g_test_init(&argc, &argv, NULL);
+
+ if (!strcmp(qtest_get_arch(), "ppc64")) {
+ qtest_add_func("spapr/sm501_2d_op", test_sm501_2d_drawing_engine_op);
+ }
+
+ return g_test_run();
+}
diff --git a/tests/qtest/Makefile.include b/tests/qtest/Makefile.include
index 9e5a51d033..7ec894a7a9 100644
--- a/tests/qtest/Makefile.include
+++ b/tests/qtest/Makefile.include
@@ -109,6 +109,7 @@ check-qtest-ppc64-$(CONFIG_VGA) += display-vga-test
check-qtest-ppc64-y += numa-test
check-qtest-ppc64-$(CONFIG_IVSHMEM_DEVICE) += ivshmem-test
check-qtest-ppc64-y += cpu-plug-test
+check-qtest-ppc64-$(CONFIG_SM501) += sm501-test
check-qtest-sh4-$(CONFIG_ISA_TESTDEV) = endianness-test
@@ -253,6 +254,7 @@ tests/qtest/pflash-cfi02$(EXESUF):
tests/qtest/pflash-cfi02-test.o
tests/qtest/endianness-test$(EXESUF): tests/qtest/endianness-test.o
tests/qtest/prom-env-test$(EXESUF): tests/qtest/prom-env-test.o $(libqos-obj-y)
tests/qtest/rtas-test$(EXESUF): tests/qtest/rtas-test.o $(libqos-spapr-obj-y)
+tests/qtest/sm501-test$(EXESUF): tests/qtest/sm501-test.o $(libqos-spapr-obj-y)
tests/qtest/fdc-test$(EXESUF): tests/qtest/fdc-test.o
tests/qtest/ide-test$(EXESUF): tests/qtest/ide-test.o $(libqos-pc-obj-y)
tests/qtest/ahci-test$(EXESUF): tests/qtest/ahci-test.o $(libqos-pc-obj-y)
qemu-img$(EXESUF)
--
2.21.1
- [PATCH-for-5.0 0/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation(), Philippe Mathieu-Daudé, 2020/04/11
- [PATCH-for-5.0 2/2] qtest: Test the Drawing Engine of the SM501 companion,
Philippe Mathieu-Daudé <=
- [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation(), Philippe Mathieu-Daudé, 2020/04/11
- Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation(), BALATON Zoltan, 2020/04/11
- Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation(), Philippe Mathieu-Daudé, 2020/04/11
- Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation(), Peter Maydell, 2020/04/11
- Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation(), Philippe Mathieu-Daudé, 2020/04/12
- Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation(), Peter Maydell, 2020/04/12
- Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation(), Philippe Mathieu-Daudé, 2020/04/12