[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 15/15] fuzz: map all BARs and enable PCI devices
From: |
Thomas Huth |
Subject: |
[PULL 15/15] fuzz: map all BARs and enable PCI devices |
Date: |
Mon, 11 Jan 2021 14:43:28 +0100 |
From: Alexander Bulekov <alxndr@bu.edu>
Prior to this patch, the fuzzer found inputs to map PCI device BARs and
enable the device. While it is nice that the fuzzer can do this, it
added significant overhead, since the fuzzer needs to map all the
BARs (regenerating the memory topology), at the start of each input.
With this patch, we do this once, before fuzzing, mitigating some of
this overhead.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20201221181203.1853-1-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
tests/qtest/fuzz/generic_fuzz.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index 07ad690683..be76d47d2d 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -16,6 +16,7 @@
#include "hw/core/cpu.h"
#include "tests/qtest/libqos/libqtest.h"
+#include "tests/qtest/libqos/pci-pc.h"
#include "fuzz.h"
#include "fork_fuzz.h"
#include "exec/address-spaces.h"
@@ -762,10 +763,29 @@ static int locate_fuzz_objects(Object *child, void
*opaque)
return 0;
}
+
+static void pci_enum(gpointer pcidev, gpointer bus)
+{
+ PCIDevice *dev = pcidev;
+ QPCIDevice *qdev;
+ int i;
+
+ qdev = qpci_device_find(bus, dev->devfn);
+ g_assert(qdev != NULL);
+ for (i = 0; i < 6; i++) {
+ if (dev->io_regions[i].size) {
+ qpci_iomap(qdev, i, NULL);
+ }
+ }
+ qpci_device_enable(qdev);
+ g_free(qdev);
+}
+
static void generic_pre_fuzz(QTestState *s)
{
GHashTableIter iter;
MemoryRegion *mr;
+ QPCIBus *pcibus;
char **result;
if (!getenv("QEMU_FUZZ_OBJECTS")) {
@@ -810,6 +830,10 @@ static void generic_pre_fuzz(QTestState *s)
exit(1);
}
+ pcibus = qpci_new_pc(s, NULL);
+ g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus);
+ qpci_free_pc(pcibus);
+
counter_shm_init();
}
--
2.27.0
- [PULL 04/15] fuzz: accelerate non-crash detection, (continued)
- [PULL 04/15] fuzz: accelerate non-crash detection, Thomas Huth, 2021/01/11
- [PULL 09/15] fuzz: add minimization options, Thomas Huth, 2021/01/11
- [PULL 08/15] fuzz: set bits in operand of write/out to zero, Thomas Huth, 2021/01/11
- [PULL 10/15] fuzz: heuristic split write based on past IOs, Thomas Huth, 2021/01/11
- [PULL 07/15] fuzz: remove IO commands iteratively, Thomas Huth, 2021/01/11
- [PULL 06/15] fuzz: split write operand using binary approach, Thomas Huth, 2021/01/11
- [PULL 11/15] bsd-user: regenerate FreeBSD's system call numbers, Thomas Huth, 2021/01/11
- [PULL 13/15] bsd-user: Update strace.list for FreeBSD's latest syscalls, Thomas Huth, 2021/01/11
- [PULL 12/15] bsd-user: move strace OS/arch dependent code to host/arch dirs, Thomas Huth, 2021/01/11
- [PULL 14/15] tests/acceptance: Fix race conditions in s390x tests & skip fedora on gitlab-CI, Thomas Huth, 2021/01/11
- [PULL 15/15] fuzz: map all BARs and enable PCI devices,
Thomas Huth <=
- Re: [PULL 00/15] Testing, CI and bsd-user patches, Peter Maydell, 2021/01/11