[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fuzz: fuzz_dma_read_cb() may overlap with MMIO regions
|
From: |
Alexander Bulekov |
|
Subject: |
Re: fuzz: fuzz_dma_read_cb() may overlap with MMIO regions |
|
Date: |
Mon, 23 Aug 2021 09:52:37 -0400 |
On 210823 2123, Qiuhao Li wrote:
> Aha! Nice patch.
>
> My fault. I will search first next time :)
If you are interested in testing fuzzing code and you want to
automatically be cc-ed when something changes, you can send a patch
adding yourself to reviewers in the Fuzzing section of MAINTAINERS
-Alex
>
> Thanks.
> Qiuhao Li
>
> On Mon, 2021-08-23 at 08:41 -0400, Alexander Bulekov wrote:
> > On 210823 2034, Qiuhao Li wrote:
> > > I think the check in fuzz_dma_read_cb() is buggy because it doesn't
> > > consider when the write address is not in the mmio region but can
> > > overlap. For example, the mmio region is 0xe0000000 to 0xe0001000,
> > > and
> > > the write address is 0xdffff000 (not ram) and length is 0x2000. In
> > > this
> > > case, the address_space_translate() will return the sparse_mem_mr
> > > we
> > > created, thus bypassing the check and call qtest_memwrite().
> > >
> > > Perhaps we need more detailed checks to ensure that the entire
> > > write
> > > operation occurs in the ram or won't overlap with mmio regions.
> > > What do
> > > you think?
> > >
> > >
> >
> > Good catch. I think this will fix that:
> > https://lore.kernel.org/qemu-devel/20210713150037.9297-2-alxndr@bu.edu/
> >
> > I mentioned that there were some fixes waiting for the 6.1 release,
> > but
> > didn't realize you were talking about what seems to be the same
> > issue.
> > -Alex
>
>