From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475690; cv=pass; d=zohomail.com; s=zohoarc; b=hO4Y+hT1ssKAf8wh/oUHGBZyNMjOnfXGVCM67nK0BfLei97LQFAjC2fSV+gK2qCs/PRRVXFlE+8Z7ZRYMmWBWE484tC7ngFVBTOXLQCuXJmTiSc56lIF/8ZsgQMYGB0/Javxgoa4aYDQx9wjJC/FLUbCG2R/UFOCDLbmsYSVzzY= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475690; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=h6S+IHJebSGinGzPFgRA3eC+Bx1vEJjgEh3FZOQNL7s=; b=MNYWmgRV4idDderhAQub3NyFAXlzFx09bdijYFUUE39XD6XOVXYWz/oi6Cx4+l4KSIdMXRnvLDkhh4p13eD0ktokbuMUFVbZXEgo7qi+KDONFMEpKKpZU+3DkAbpiss+syHu/jy6q0XeUe0ND30uDFYm3pyE75zoOpKs9a+WziE= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475690322209.5311965351657; Wed, 22 Jul 2020 20:41:30 -0700 (PDT) Received: from localhost ([::1]:59954 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyS6q-0005hm-E1 for importer@patchew.org; Wed, 22 Jul 2020 23:41:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45840) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5j-0004Dv-Bg for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:19 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5h-0002Ew-63 for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:19 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:06 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:06 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:05 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ngZQJTHa4jJkrrfVKVEIEASWh0gsMJAYC4G1YoYBEcycEL9BNncuF60We5q4YUX4McY6LYR85tyoBVBJuZZpc1JT2p9SswJCPJbPkruWUGnuD39qGNak1gtQ7mEVB5jlXrjXNmYXnL03QpOzTbgFax7Q9QHhG9SesRujpPUekJ5N759bT//IdqblUjlNp9rDBSJMFLPgdr3dlD5rQ7cr8Pp8FFrfKSjSxQISAFnVXinVFujycMaVIcDuHZ0s6wc43YEdvCaXgGQSclqreCVB65c29nMmbN+9u6Fcw9ql+M2CUYIb4plPkMOJk1MBzbg+XoNZYkX2LSCUeT1bnqq+DQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h6S+IHJebSGinGzPFgRA3eC+Bx1vEJjgEh3FZOQNL7s=; b=Fwo4tVka/Rm1bPZYlq8s5KVBwqJnpUrW68fXWhitRVHF5pwjyXyVTB0RTScbDNMEIDOVdCVvZy5snvTWpxqrnUrQw4WT9QzYk7HWck7t043mfbEj9x5h+VF6frrdTaE3HApVOLRvPww0WWve0Nh/zdu8e45iyUo5kW6mCx7rSZ/nCTBS6cv+xZzSoFfA2z3myZ1kwuGisst4tssGDRFtW7LWtHbZjfTa6kpok+6eEHTGg0Vo/JssSv2rtGXJSATUpg3zAmhwGjbAskSY7v3FVZ/2Q1+/1ga8JIofdT59JN0h2Isym56cAIVsH6M0WS4cIIT+E79+WvVeIURI6fHusA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h6S+IHJebSGinGzPFgRA3eC+Bx1vEJjgEh3FZOQNL7s=; b=viEPld+Ze5sAhkHMqbx773KHNjrRo6pBYpGZighSGpVTR9fnR/0RaVNlrHRnxd+V2H/O8nJOn5fmck/7l3pytxG2VX6glAaYcxGK2kW6wDOSraassa/QoF9zK6UR4Cxkb4Txcqqe4Eb+wO9VBb+UulTfJOaGQqvnb9MKmxa3WWM= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 01/12] fuzz: Change the way we write qtest log to stderr Date: Wed, 22 Jul 2020 23:39:22 -0400 Message-Id: <20200723033933.21883-2-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 282cda87-fedc-42b3-19f9-08d82eba1707 X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:901; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HqHA1caXqbQHERKh1zR8tBuUBxpKywm3IGk1FoBHfpuX4wwxu/8SmFmaMQTCSLihVtP3Tcm7Mnr1scdOKi3Bfe27FxijoPcATyZnhjz/rmid2A6FpJX6myxzpAuVIi+2C2uj7KCDxP8JJOBlG4vhanfI+UierxcXKe34rZNBgrpFlWgo3q6aJlpG/o+pJmITC1DSPlX/Bkfe5zCUuLfSyXmjaBfQtcIaOTOz7zyUBVhFtZpgP8LQ3LIXtEPKPfyI1iyy+GmvEPCZ70P5/5OAmTg/FzAcky0SyRQMm2kI0HJcnYBmET40U+YlRdk8ASjb X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(83380400001)(7416002)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: MIWCiO07V60vGflxYNmWtXpXzU4se+diyJ5dvOMYmToW+Apd6Vxelu3/MzCMCdEjcR+cz+3X8CEEd+dKZJ3sO/BWEhGd7fY8LEbNIGRdWHsP0Q3ESh45iK7IFwniMd+HC71q3SY0yeBjQIiuIbMvz0F79AWdpUjgLvfeXv33Gu+DaZUwfRjgseo5hag57OzooZIjzbb7bzrN9z5D7YHwsnqG8yGyofGIGYDwBp3X7YkJc7V0/PFMdHDbAm4Ij11UM/lkscZzQs9C3DNDzg/1fnYUXkA9MMwoSv50+8Y+8d3FeBAy3L5wjJjo2sSlbk+SJs5r8HFz06Pi9MCkDvyzc7SBcrXkmxLHAqupkeLetdeyl2JMtQNe789HZ7raezcNcLOISFWTKqFDH26Rbo7jomrZU6oY1EszgITNc6+sO2DWyNKKLAcu3YS43f/GGvQiwpSUAauLifdwDtGUuGmkR1N72vByMw1TGzPGiR3joWA= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 282cda87-fedc-42b3-19f9-08d82eba1707 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:06.0759 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ht7cnedfjDjRXUDRL4eGOzQd9jmFraUC0I5LhKWOL9ANf2ah9i0sD09EnL5E1Znx X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" Telling QTest to log to /dev/fd/2, essentially results in dup(2). This is fine, if other code isn't logging to stderr. Otherwise, the order of the logs is mixed due to buffering issues, since two file-descriptors are used to write to the same file. We can avoid this, since just specifying "-qtest" sets the log fd to stderr. If we want to disable qtest logs, we can just add -qtest-log none. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/fuzz.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index 031594a686..8234b68754 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -202,9 +202,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char = ***envp) =20 /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ GString *cmd_line =3D fuzz_target->get_init_cmdline(fuzz_target); - g_string_append_printf(cmd_line, - " -qtest /dev/null -qtest-log %s", - getenv("QTEST_LOG") ? "/dev/fd/2" : "/dev/null"= ); + g_string_append_printf(cmd_line, " %s -qtest /dev/null ", + getenv("QTEST_LOG") ? "" : "-qtest-log none"); =20 /* Split the runcmd into an argv and argc */ wordexp_t result; --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475698; cv=pass; d=zohomail.com; s=zohoarc; b=Y3is5W+/md0OO2KBd7ng0e1pF7NARvWISNIAOO32rmDASitha7hVHkqqVgHLOS59SN5OPXrGDgosdvViSZL5tchIoZ+c07ZwcLDXa+tDWBn0Tf8hYRsG9ufluk/Q+fo6gH7w7d91C82QG0pRoIisskWNplkdNEp8btsMs2euOlo= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475698; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=XXakizW+sornLNmB+bBTn1Y7ufLIn3vnOfH2Ryip1Ts=; b=Z4HxA+/nkr16Ug8G7JhA3rWp3QJn02OZEGrvLuYmnP/NP8W6L+1+bF9xwBQ33FexPC0anSDhQ/0n760Gu48fn3PRIZi89kk5AnJm4Vw1ZzO6KA5DM+z7bxI5lYzLvl/3horDP3F1bfQCDwUsCbCV+tkJg6nGPzMAeQNWBDZm9kY= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475698513521.365894306826; Wed, 22 Jul 2020 20:41:38 -0700 (PDT) Received: from localhost ([::1]:60688 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyS6y-00060A-Pi for importer@patchew.org; Wed, 22 Jul 2020 23:41:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45870) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5m-0004GF-Cg for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:22 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5j-0002Ew-Mr for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:22 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:07 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:07 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:06 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bx32hdXoG7hiPYcof8ecJc4gFHmMGW3lGFi5fKHVPgN/IHgsGaay2lmDCgZzJnAQYAvS3q6QxLu1WxOCgqLYOCvc9Y9YJLB9gadTsJjnHTHjWgKO/cspP+/WqNbi8iPuG6hieDjilgoizvmN0bBVbJLLdDFu3VWc0aO+GlQPiNrqoQ9BBxNgaCSQvlsTfpiCPryf5JDt/5toEbFd6OecJgn8VkhjslNhCAy1upN/ouqENt8q5g5tb4506NUd6Tc9J+XbDN7i9VPGuYtIkUiz+wZUXmbXkKRrbYAUsWkn5uyjr2KCN9xaPQCTCEtg2fxURFIorxJYcjUN4CM5J9TKqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XXakizW+sornLNmB+bBTn1Y7ufLIn3vnOfH2Ryip1Ts=; b=Dj/ku37e5Zp/DDn52cP0LgK243ZynLCU8JlNr0HvL1jHKR7h04bfY6A12swMpOMO336s4T9YqD+T2cg3TrSEX7wS9u5o47QszXdDiQZqDbdY27SPjRJ0RmuX+7OBy61cysmoSwKi5uY/WFktIQmbCB2wiEJYOS3vOEyh51W72efi/xU87atEBW7zWyXLiA6WMN4q1b1b4lzrwHkRcCPauuOtXi05Ij0wYRX1t/XzFClpNx7qcbdTTJc97XKYdg01++aUE41bdnCX3YeBQLgWrTtZTvhFjM8JK0lmbKAUcA7l/XYoJtK/7Bce4pYl4Kba5LmtABc5mW/pEhBBhX/eKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XXakizW+sornLNmB+bBTn1Y7ufLIn3vnOfH2Ryip1Ts=; b=kpHeeZc7ImmjnHHfeQXQtAQPkmQsB0CWF4dQ2T4dY8na+VUhkkFjlIXZmQzp1Rs9VHGLAVT2HkNgTLjIPACc5Fr9PiH8DfZp/NiTtZs2/WGUx1K+GBAbw7G2w6eW2+BgBplNGYHs8beUnJe4IZmKhRWM8yZ3X+OpdWoPxjQtvWM= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 02/12] fuzz: Add general virtual-device fuzzer Date: Wed, 22 Jul 2020 23:39:23 -0400 Message-Id: <20200723033933.21883-3-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 59240827-dcd6-46c2-74e8-08d82eba17ca X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1079; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iCE2y/pRL1gWoYqz4fXf+ZOK5IuJWdo5EFbeFZcLWPWHGy7PG3dtJAIwOKq9/Pdt4jnwLpC9TUk2OnydQTnuMIrvAIFXXBDPmANiXsqytsHUkHuD89kCoL6or/PBdVpjkC1QtnW467aNmJuEvH1fmcpMUZsld6zJi47rwhTLneWwctQLPoGPqsF3xLUMTwYwx8kzbBhRf0snPT9jACnLfXmB9VUQ5m/gI+INlmId6imQkoj8knoUq6fx6eSHeBkbLAmek+pcEQMkzyL2xLDTaFMpKAdfkFVGvhxa3o078inh/+MhRx6DWTBV2Y+ivwxtxYJ5Xjz9/1yXOHOSWuSLmZ7OO9gt+BmBmhunDyWV5alHP4tJf1LC/kxVRGMsiov37Vf52DozHx15d5RAexAu/g== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(83380400001)(7416002)(5660300002)(966005)(2616005)(956004)(6666004)(30864003)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: t7JdRizLYn4eYnJ4RDoQ0Mb8JfDAsXjrZ9lutwYhd5XPXmgXUuqp7165d4u2rXhL2+lhUcOVfLnnbl5g52hmr6vCm0senrTUt+xAN4yl2sJiMqcvNOQ9m04OPEJJsSpHHwfcRq8tSrCa3zqohR3h3TkEjLY248ryPk3+gzJ9/D3P2IzsugxIoY2rmhjcMXT4WXm/Kdwy/wj1G7k2FKQdVxC6Mrqw4Szn/q6XdrAXYnhqzR0VOItfJGklZiKy19F+MykGPntVmRwK8J+eyAZu1r0znxN02jtx3akEeun7nYMka6UKO4Bep8UxKBB4umnx6ygQbf3aZp0pW4ymTU6gngA3nrk5JfZtGqcyM0cz4sqfE+DYXXUOnrr2du78eYVBiBil1ONw8daGdSoBOyWopgOUa3iyWm5SeMIinMYr8xCbrM1PrrKNICKqPDuUXEshWHzOOmht9H64Yw+nSqF9gjZVRuHNtbPLiZlSe/SZGnA= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 59240827-dcd6-46c2-74e8-08d82eba17ca X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:07.4362 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ut38AmW049PgEIGM2qVRJmX8bIHpxsPED4mLyEw8kwMuebiM5plcuqTXFQnjR3Um X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" This is a generic fuzzer designed to fuzz a virtual device's MemoryRegions, as long as they exist within the Memory or Port IO (if it exists) AddressSpaces. The fuzzer's input is interpreted into a sequence of qtest commands (outb, readw, etc). The interpreted commands are separated by a magic seaparator, which should be easy for the fuzzer to guess. Without ASan, the separator can be specified as a "dictionary value" using the -dict argument (see libFuzzer documentation). Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/Makefile.include | 1 + tests/qtest/fuzz/general_fuzz.c | 467 ++++++++++++++++++++++++++++++ 2 files changed, 468 insertions(+) create mode 100644 tests/qtest/fuzz/general_fuzz.c diff --git a/tests/qtest/fuzz/Makefile.include b/tests/qtest/fuzz/Makefile.= include index 5bde793bf2..854322efb6 100644 --- a/tests/qtest/fuzz/Makefile.include +++ b/tests/qtest/fuzz/Makefile.include @@ -11,6 +11,7 @@ fuzz-obj-y +=3D tests/qtest/fuzz/qtest_wrappers.o fuzz-obj-$(CONFIG_PCI_I440FX) +=3D tests/qtest/fuzz/i440fx_fuzz.o fuzz-obj-$(CONFIG_VIRTIO_NET) +=3D tests/qtest/fuzz/virtio_net_fuzz.o fuzz-obj-$(CONFIG_SCSI) +=3D tests/qtest/fuzz/virtio_scsi_fuzz.o +fuzz-obj-y +=3D tests/qtest/fuzz/general_fuzz.o =20 FUZZ_CFLAGS +=3D -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest =20 diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuz= z.c new file mode 100644 index 0000000000..fd92cc5bdf --- /dev/null +++ b/tests/qtest/fuzz/general_fuzz.c @@ -0,0 +1,467 @@ +/* + * General Virtual-Device Fuzzing Target + * + * Copyright Red Hat Inc., 2020 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include + +#include "cpu.h" +#include "tests/qtest/libqtest.h" +#include "fuzz.h" +#include "fork_fuzz.h" +#include "exec/address-spaces.h" +#include "string.h" +#include "exec/memory.h" +#include "exec/ramblock.h" +#include "exec/address-spaces.h" +#include "hw/qdev-core.h" + +/* + * CMD_SEP is a random 32-bit value used to separate "commands" in the fuzz + * input + */ +#define CMD_SEP "\x84\x05\x5C\x5E" +#define DEFAULT_TIMEOUT_US 100000 + +typedef struct { + size_t addr; + size_t len; /* The number of bytes until the end of the I/O region */ +} address_range; + +static useconds_t timeout =3D 100000; +/* + * List of memory regions that are children of QOM objects specified by the + * user for fuzzing. + */ +static GPtrArray *fuzzable_memoryregions; +/* + * Here we want to convert a fuzzer-provided [io-region-index, offset] to + * a physical address. To do this, we iterate over all of the matched + * MemoryRegions. Check whether each region exists within the particular io + * space. Return the absolute address of the offset within the index'th re= gion + * that is a subregion of the io_space and the distance until the end of t= he + * memory region. + */ +static bool get_io_address(address_range *result, + MemoryRegion *io_space, + uint8_t index, + uint32_t offset) { + MemoryRegion *mr, *root; + index =3D index % fuzzable_memoryregions->len; + int candidate_regions =3D 0; + int i =3D 0; + int ind =3D index; + size_t abs_addr; + + while (ind >=3D 0 && fuzzable_memoryregions->len) { + *result =3D (address_range){0, 0}; + mr =3D g_ptr_array_index(fuzzable_memoryregions, i); + if (mr->enabled) { + abs_addr =3D mr->addr; + for (root =3D mr; root->container; ) { + root =3D root->container; + abs_addr +=3D root->addr; + } + /* + * Only consider the region if it is rooted at the io_space we= want + */ + if (root =3D=3D io_space) { + ind--; + candidate_regions++; + result->addr =3D abs_addr + (offset % mr->size); + result->len =3D mr->size - (offset % mr->size); + } + } + ++i; + /* Loop around */ + if (i =3D=3D fuzzable_memoryregions->len) { + /* No enabled regions in our io_space? */ + if (candidate_regions =3D=3D 0) { + break; + } + i =3D 0; + } + } + return candidate_regions !=3D 0; +} +static bool get_pio_address(address_range *result, + uint8_t index, uint16_t offset) +{ + /* + * PIO BARs can be set past the maximum port address (0xFFFF). Thus, r= esult + * can contain an addr that extends past the PIO space. When we pass t= his + * address to qtest_in/qtest_out, it is cast to a uint16_t, so we migh= t end + * up fuzzing a completely different MemoryRegion/Device. Therefore, c= heck + * that the address here is within the PIO space limits. + */ + + bool success =3D get_io_address(result, get_system_io(), index, offset= ); + return success && result->addr <=3D 0xFFFF; +} +static bool get_mmio_address(address_range *result, + uint8_t index, uint32_t offset) +{ + return get_io_address(result, get_system_memory(), index, offset); +} + +static void op_in(QTestState *s, const unsigned char * data, size_t len) +{ + enum Sizes {Byte, Word, Long, end_sizes}; + struct { + uint8_t size; + uint8_t base; + uint16_t offset; + } a; + address_range abs; + + if (len < sizeof(a)) { + return; + } + memcpy(&a, data, sizeof(a)); + if (get_pio_address(&abs, a.base, a.offset) =3D=3D 0) { + return; + } + + switch (a.size %=3D end_sizes) { + case Byte: + qtest_inb(s, abs.addr); + break; + case Word: + if (abs.len >=3D 2) { + qtest_inw(s, abs.addr); + } + break; + case Long: + if (abs.len >=3D 4) { + qtest_inl(s, abs.addr); + } + break; + } +} + +static void op_out(QTestState *s, const unsigned char * data, size_t len) +{ + enum Sizes {Byte, Word, Long, end_sizes}; + struct { + uint8_t size; + uint8_t base; + uint16_t offset; + uint32_t value; + } a; + address_range abs; + + if (len < sizeof(a)) { + return; + } + memcpy(&a, data, sizeof(a)); + + if (get_pio_address(&abs, a.base, a.offset) =3D=3D 0) { + return; + } + + switch (a.size %=3D end_sizes) { + case Byte: + qtest_outb(s, abs.addr, a.value & 0xFF); + break; + case Word: + if (abs.len >=3D 2) { + qtest_outw(s, abs.addr, a.value & 0xFFFF); + } + break; + case Long: + if (abs.len >=3D 4) { + qtest_outl(s, abs.addr, a.value); + } + break; + } +} + +static void op_read(QTestState *s, const unsigned char * data, size_t len) +{ + enum Sizes {Byte, Word, Long, Quad, end_sizes}; + struct { + uint8_t size; + uint8_t base; + uint32_t offset; + } a; + address_range abs; + + if (len < sizeof(a)) { + return; + } + memcpy(&a, data, sizeof(a)); + + if (get_mmio_address(&abs, a.base, a.offset) =3D=3D 0) { + return; + } + + switch (a.size %=3D end_sizes) { + case Byte: + qtest_readb(s, abs.addr); + break; + case Word: + if (abs.len >=3D 2) { + qtest_readw(s, abs.addr); + } + break; + case Long: + if (abs.len >=3D 4) { + qtest_readl(s, abs.addr); + } + break; + case Quad: + if (abs.len >=3D 8) { + qtest_readq(s, abs.addr); + } + break; + } +} + +static void op_write(QTestState *s, const unsigned char * data, size_t len) +{ + enum Sizes {Byte, Word, Long, Quad, end_sizes}; + struct { + uint8_t size; + uint8_t base; + uint32_t offset; + uint64_t value; + } a; + address_range abs; + + if (len < sizeof(a)) { + return; + } + memcpy(&a, data, sizeof(a)); + + if (get_mmio_address(&abs, a.base, a.offset) =3D=3D 0) { + return; + } + + switch (a.size %=3D end_sizes) { + case Byte: + qtest_writeb(s, abs.addr, a.value & 0xFF); + break; + case Word: + if (abs.len >=3D 2) { + qtest_writew(s, abs.addr, a.value & 0xFFFF); + } + break; + case Long: + if (abs.len >=3D 4) { + qtest_writel(s, abs.addr, a.value & 0xFFFFFFFF); + } + break; + case Quad: + if (abs.len >=3D 8) { + qtest_writeq(s, abs.addr, a.value); + } + break; + } +} +static void op_clock_step(QTestState *s, const unsigned char *data, size_t= len) +{ + qtest_clock_step_next(s); +} + +static void handle_timeout(int sig) +{ + if (getenv("QTEST_LOG")) { + fprintf(stderr, "[Timeout]\n"); + fflush(stderr); + } + _Exit(0); +} + +/* + * Here, we interpret random bytes from the fuzzer, as a sequence of comma= nds. + * Our commands are variable-width, so we use a separator, CMD_SEP, to spe= cify + * the boundaries between commands. This is just a random 32-bit value, wh= ich + * is easily identified by libfuzzer+AddressSanitizer, as long as we use + * memmem. It can also be included in the fuzzer's dictionary. More details + * here: + * https://github.com/google/fuzzing/blob/master/docs/split-inputs.md + * + * As a result, the stream of bytes is converted into a sequence of comman= ds. + * In a simplified example where CMD_SEP is 0xFF: + * 00 01 02 FF 03 04 05 06 FF 01 FF ... + * becomes this sequence of commands: + * 00 01 02 -> op00 (0102) -> in (0102, 2) + * 03 04 05 06 -> op03 (040506) -> write (040506, 3) + * 01 -> op01 (-,0) -> out (-,0) + * ... + * + * Note here that it is the job of the individual opcode functions to check + * that enough data was provided. I.e. in the last command out (,0), out n= eeds + * to check that there is not enough data provided to select an address/va= lue + * for the operation. + */ +static void general_fuzz(QTestState *s, const unsigned char *Data, size_t = Size) +{ + void (*ops[]) (QTestState *s, const unsigned char* , size_t) =3D { + op_in, + op_out, + op_read, + op_write, + op_clock_step, + }; + const unsigned char *cmd =3D Data; + const unsigned char *nextcmd; + size_t cmd_len; + uint8_t op; + + if (fork() =3D=3D 0) { + /* + * Sometimes the fuzzer will find inputs that take quite a long ti= me to + * process. Often times, these inputs do not result in new coverag= e. + * Even if these inputs might be interesting, they can slow down t= he + * fuzzer, overall. Set a timeout to avoid hurting performance, to= o much + */ + if (timeout) { + struct sigaction sact; + sigemptyset(&sact.sa_mask); + sact.sa_flags =3D 0; + sact.sa_handler =3D handle_timeout; + sigaction(SIGALRM, &sact, NULL); + ualarm(timeout, 0); + } + + while (cmd && Size) { + /* Get the length until the next command or end of input */ + nextcmd =3D memmem(cmd, Size, CMD_SEP, strlen(CMD_SEP)); + cmd_len =3D nextcmd ? nextcmd - cmd : Size; + + if (cmd_len > 0) { + /* Interpret the first byte of the command as an opcode */ + op =3D *cmd % (sizeof(ops) / sizeof((ops)[0])); + ops[op](s, cmd + 1, cmd_len - 1); + + /* Run the main loop */ + flush_events(s); + } + /* Advance to the next command */ + cmd =3D nextcmd ? nextcmd + sizeof(CMD_SEP) - 1 : nextcmd; + Size =3D Size - (cmd_len + sizeof(CMD_SEP) - 1); + } + _Exit(0); + } else { + flush_events(s); + wait(NULL); + } +} + +static void usage(void) +{ + printf("Please specify the following environment variables:\n"); + printf("QEMU_FUZZ_ARGS=3D the command line arguments passed to qemu\n"= ); + printf("QEMU_FUZZ_OBJECTS=3D " + "a space separated list of QOM type names for objects to fuzz\= n"); + printf("Optionally: QEMU_FUZZ_TIMEOUT=3D Specify a custom timeout (us)= . " + "0 to disable. %d by default\n", timeout); + exit(0); +} + +static int locate_fuzz_memory_regions(Object *child, void *opaque) +{ + const char *name; + MemoryRegion *mr; + if (object_dynamic_cast(child, TYPE_MEMORY_REGION)) { + mr =3D MEMORY_REGION(child); + if ((memory_region_is_ram(mr) || + memory_region_is_ram_device(mr) || + memory_region_is_rom(mr) || + memory_region_is_romd(mr)) =3D=3D false) { + name =3D object_get_canonical_path_component(child); + /* + * We don't want duplicate pointers to the same MemoryRegion, = so + * try to remove copies of the pointer, before adding it. + */ + g_ptr_array_remove_fast(fuzzable_memoryregions, mr); + g_ptr_array_add(fuzzable_memoryregions, mr); + } + } + return 0; +} +static int locate_fuzz_objects(Object *child, void *opaque) +{ + char *pattern =3D opaque; + if (g_pattern_match_simple(pattern, object_get_typename(child))) { + printf("Matched Object by Type: %s\n", object_get_typename(child)); + /* Find and save ptrs to any child MemoryRegions */ + object_child_foreach_recursive(child, locate_fuzz_memory_regions, = NULL); + } else if (object_dynamic_cast(OBJECT(child), TYPE_MEMORY_REGION)) { + if (g_pattern_match_simple(pattern, + object_get_canonical_path_component(child))) { + MemoryRegion *mr; + mr =3D MEMORY_REGION(child); + if ((memory_region_is_ram(mr) || + memory_region_is_ram_device(mr) || + memory_region_is_rom(mr) || + memory_region_is_romd(mr)) =3D=3D false) { + g_ptr_array_remove_fast(fuzzable_memoryregions, mr); + g_ptr_array_add(fuzzable_memoryregions, mr); + } + } + } + return 0; +} + +static void general_pre_fuzz(QTestState *s) +{ + if (!getenv("QEMU_FUZZ_OBJECTS")) { + usage(); + } + if (getenv("QEMU_FUZZ_TIMEOUT")) { + timeout =3D g_ascii_strtoll(getenv("QEMU_FUZZ_TIMEOUT"), NULL, 0); + } + + fuzzable_memoryregions =3D g_ptr_array_new(); + wordexp_t result; + wordexp(getenv("QEMU_FUZZ_OBJECTS"), &result, 0); + for (int i =3D 0; i < result.we_wordc; i++) { + object_child_foreach_recursive(qdev_get_machine(), + locate_fuzz_objects, + result.we_wordv[i]); + } + + printf("This process will try to fuzz the following MemoryRegions:\n"); + for (int i =3D 0; i < fuzzable_memoryregions->len; i++) { + MemoryRegion *mr; + mr =3D g_ptr_array_index(fuzzable_memoryregions, i); + printf(" * %s (size %lx)\n", + object_get_canonical_path_component(&(mr->parent_obj)), + mr->addr); + } + counter_shm_init(); +} +static GString *general_fuzz_cmdline(FuzzTarget *t) +{ + GString *cmd_line =3D g_string_new(TARGET_NAME); + if (!getenv("QEMU_FUZZ_ARGS")) { + usage(); + } + g_string_append_printf(cmd_line, " -display none \ + -machine accel=3Dqtest, \ + -m 64 %s ", getenv("QEMU_FUZZ_ARGS")= ); + return cmd_line; +} + +static void register_general_fuzz_targets(void) +{ + fuzz_add_target(&(FuzzTarget){ + .name =3D "general-fuzz", + .description =3D "Fuzz based on any qemu command-line args. ", + .get_init_cmdline =3D general_fuzz_cmdline, + .pre_fuzz =3D general_pre_fuzz, + .fuzz =3D general_fuzz}); +} + +fuzz_target_init(register_general_fuzz_targets); --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475804; cv=pass; d=zohomail.com; s=zohoarc; b=H5gmVOn+aVVXLrCdNQ/eULXOmPF8T/ARTt7yucphlNxXDuqzJrKUGIGijFTWHUitiiLtiUNktCz2aqpCYdpilO4afVPEmt+ynx0fC8y0ohyuagC81pgRgXnZG5n/BGWtgwYOlHu1mmnoy5dlndvIYd5sQSMmkzn5h6v6l0pb7uI= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475804; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=EZOTz3AAf3FLj5AlwlbwdTpcY8aZhcGZSfE6XqSu3bw=; b=VTPatYV05FJflsgsEfxQtSdpfJDQkdTBjUqmH9cJsG3UkW/vEeUtzBrR6tgX2lf57H+7J8ywMqmCw8cuFQyO2cbZk6YoEDaH3Sz4Jp9QiS5zqwJMbCtXeiPHw7Ni/XGOQN5ul+rmfOLAzSNldE7n3qfTuD3kGAzqm0SKnJpbNJU= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475804858813.7842547945834; Wed, 22 Jul 2020 20:43:24 -0700 (PDT) Received: from localhost ([::1]:41040 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyS8h-00010o-IT for importer@patchew.org; Wed, 22 Jul 2020 23:43:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45894) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5o-0004Ii-G7 for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:24 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5m-0002Ew-Ns for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:24 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:09 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:09 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:08 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XtgxkIZBM/Hz3YP1hAYBW4lirpU3TXSJJxI3dFj/EfYzEjIThvKUDE2eq0+Qhu89FZwkwDA0V1nnTHHmdEaCe+a/OlkfHiVB2kynQRMrOdM59MrcRmHLBpEa7DsrwOWVt4UKrDOv1aF36BwslGeci0ue73raCk/Y5Gw9gljcuD0znXRR2uq52RuM3Y78ybHaqORYAyzlnORakCD9V8falliJagZI06A0chU8GI53vfXz2WWu+DLQ6cLH6178FJ1Z8fJ6iP0K1j4y9j5aSPqojOmyPGFVR+QPimDwYR4SURDWwfc6BPUidpeXai6csmWhwaF83U3sS13YUBEUjlDeqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EZOTz3AAf3FLj5AlwlbwdTpcY8aZhcGZSfE6XqSu3bw=; b=BxHya4V/46AD2wFv/ZM3iXlakT8GgZ62/+9FLc11S0XKpbTqAP0QAQH8hkCHBbJkIdqt2LIZuXs9LpP6sz+ZiWimMTR/hRoOuXHcrT/oCx/nHbygurVttCYFI+viGgIPgVPV15htaMll2FbO/yVNN5jQZrUzDcAhk8+s0aHfQdHJX3KQQF0c4i3J4jUuwXgPBzlDweznd0bJKyjzVHoPdcmzaplpRWt4A+vnPuhJd2jI3N1tDUsu51nSwQnBLosdG+WJM8fCOCUo/w3IV6ei8ZWW+gKHA2HnRLByGJWOva27c4adRqEYzvaUtixkraAPDry4iqC8SZaxkA0U27H3Hg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EZOTz3AAf3FLj5AlwlbwdTpcY8aZhcGZSfE6XqSu3bw=; b=fq8Wx1947OQwV6hIc1iJK/cA6OKcIEF3Rt2/Xppz2dYWjR7QLv0strMzroCQ121pTeIjWp8I7kkzwQe1ArSNrVtlzQ+s6/y6aNs3BYXTl6nJ5zJYQNWW2AgmctzgIZXoLQjtYOUQ5Iri2B1v2JHN+z41O/Fvk47m7lblJ8DykEM= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 03/12] fuzz: Add PCI features to the general fuzzer Date: Wed, 22 Jul 2020 23:39:24 -0400 Message-Id: <20200723033933.21883-4-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ae99cc70-a8b3-49b1-8d91-08d82eba18df X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:935; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cGjZBHRWgFXO1EJ5JuyRvEqTIwjxpLhh0EWT3aqHyoCaWFu4BqfPvW7DnC0Ixie/LtXqjGbln4sirEXDpd5/1P+v6PcmF91MQeDujvV4VIOjeKebDeUbtdt1DeAzb+f+W8IEhMYw2pO2h0/2NhMTE6ACukiw/tINk+c1guQgYXIWfCMh5mNJCcQsrlL6MTxrEFEVQaK1ltyLk3C2LF8oVlAdd3sWH9XV972OVrXghn13Sxwo0yJzDaUjtbIRXy+f8KeLvLUW7j4RVvAtXJPc6DtvQ1tTGzkqkO4WizkoaITmH54PofjShf8xAFHWQQ2VXvLhas4UzefXsu/uxYVs3g== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(83380400001)(7416002)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: Ft2i+3Zfjk5THIbfeY2ZYOou62Yoxz5nhUbnUu0ZN+d//XiJ5ESD68CcXjdty++H3ejbmiIjjQKBqtyWpGxHjTRMqW3cAovCPLPBXdjnC8mBEsvHa0ax3/BZADvf/Yj65Pdn2/Eb7ur7jkFaL3qpTwnUKU6kbafraPDr1t+GKITcYZfq/JwfmqHZdntfH3K/fHzAlWo5OKb+5f1/lDax0Ztg5rd8et7FIy+rUExEEcNy/YXh7qFvAXSyMSXnpKNyg0cEslcbvqD8Rrd2sEPyY3hyIj2qP625M/OVRsPGL99eAPeg2DMZOrQ5nm/OYPe/y/6yllfXVmdHuD4uIYEm/QFDnd/0IFUXL/8Q0y7vATW2KtUkTkUWIVayekb8uAM8FGFV0tbOCl///+TNjnVdnCCYSlvdwRiCiGHF3Z1II/F91eVYSIFHDNedxO6zW2L5BfKE37uPXTolzFA6JAWb1JcWAQDoQRg8HiYZSQNl6qM= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: ae99cc70-a8b3-49b1-8d91-08d82eba18df X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:09.3451 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NnN5xKbtnF2Hxz3r5LyU97XYnEJPGVs8wHQz0D/MAW7wsVxGGRimvdxIlcTCcJr+ X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" This patch compares TYPE_PCI_DEVICE objects against the user-provided matching pattern. If there is a match, we use some hacks and leverage QOS to map each possible BAR for that device. Now fuzzed inputs might be converted to pci_read/write commands which target specific. This means that we can fuzz a particular device's PCI configuration space, Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/general_fuzz.c | 114 ++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuz= z.c index fd92cc5bdf..e715b77d59 100644 --- a/tests/qtest/fuzz/general_fuzz.c +++ b/tests/qtest/fuzz/general_fuzz.c @@ -24,6 +24,9 @@ #include "exec/ramblock.h" #include "exec/address-spaces.h" #include "hw/qdev-core.h" +#include "tests/qtest/libqos/pci.h" +#include "tests/qtest/libqos/pci-pc.h" +#include "hw/pci/pci.h" =20 /* * CMD_SEP is a random 32-bit value used to separate "commands" in the fuzz @@ -32,6 +35,9 @@ #define CMD_SEP "\x84\x05\x5C\x5E" #define DEFAULT_TIMEOUT_US 100000 =20 +#define PCI_HOST_BRIDGE_CFG 0xcf8 +#define PCI_HOST_BRIDGE_DATA 0xcfc + typedef struct { size_t addr; size_t len; /* The number of bytes until the end of the I/O region */ @@ -43,6 +49,8 @@ static useconds_t timeout =3D 100000; * user for fuzzing. */ static GPtrArray *fuzzable_memoryregions; +static GPtrArray *fuzzable_pci_devices; + /* * Here we want to convert a fuzzer-provided [io-region-index, offset] to * a physical address. To do this, we iterate over all of the matched @@ -267,6 +275,65 @@ static void op_write(QTestState *s, const unsigned cha= r * data, size_t len) break; } } +static void op_pci_read(QTestState *s, const unsigned char * data, size_t = len) +{ + enum Sizes {Byte, Word, Long, end_sizes}; + struct { + uint8_t size; + uint8_t base; + uint8_t offset; + } a; + if (len < sizeof(a) || fuzzable_pci_devices->len =3D=3D 0) { + return; + } + memcpy(&a, data, sizeof(a)); + PCIDevice *dev =3D g_ptr_array_index(fuzzable_pci_devices, + a.base % fuzzable_pci_devices->len); + int devfn =3D dev->devfn; + qtest_outl(s, PCI_HOST_BRIDGE_CFG, (1U << 31) | (devfn << 8) | a.offse= t); + switch (a.size %=3D end_sizes) { + case Byte: + qtest_inb(s, PCI_HOST_BRIDGE_DATA); + break; + case Word: + qtest_inw(s, PCI_HOST_BRIDGE_DATA); + break; + case Long: + qtest_inl(s, PCI_HOST_BRIDGE_DATA); + break; + } +} + +static void op_pci_write(QTestState *s, const unsigned char * data, size_t= len) +{ + enum Sizes {Byte, Word, Long, end_sizes}; + struct { + uint8_t size; + uint8_t base; + uint8_t offset; + uint32_t value; + } a; + if (len < sizeof(a) || fuzzable_pci_devices->len =3D=3D 0) { + return; + } + memcpy(&a, data, sizeof(a)); + PCIDevice *dev =3D g_ptr_array_index(fuzzable_pci_devices, + a.base % fuzzable_pci_devices->len); + int devfn =3D dev->devfn; + qtest_outl(s, PCI_HOST_BRIDGE_CFG, (1U << 31) | (devfn << 8) | a.offse= t); + switch (a.size %=3D end_sizes) { + case Byte: + qtest_outb(s, PCI_HOST_BRIDGE_DATA, a.value & 0xFF); + break; + case Word: + qtest_outw(s, PCI_HOST_BRIDGE_DATA, a.value & 0xFFFF); + break; + case Long: + qtest_outl(s, PCI_HOST_BRIDGE_DATA, a.value & 0xFFFFFFFF); + break; + } +} + static void op_clock_step(QTestState *s, const unsigned char *data, size_t= len) { qtest_clock_step_next(s); @@ -311,6 +378,8 @@ static void general_fuzz(QTestState *s, const unsigned = char *Data, size_t Size) op_out, op_read, op_write, + op_pci_read, + op_pci_write, op_clock_step, }; const unsigned char *cmd =3D Data; @@ -397,6 +466,19 @@ static int locate_fuzz_objects(Object *child, void *op= aque) printf("Matched Object by Type: %s\n", object_get_typename(child)); /* Find and save ptrs to any child MemoryRegions */ object_child_foreach_recursive(child, locate_fuzz_memory_regions, = NULL); + + /* + * We matched an object. If its a PCI device, store a pointer to i= t so + * we can map BARs and fuzz its config space. + */ + if (object_dynamic_cast(OBJECT(child), TYPE_PCI_DEVICE)) { + /* + * Don't want duplicate pointers to the same PCIDevice, so rem= ove + * copies of the pointer, before adding it. + */ + g_ptr_array_remove_fast(fuzzable_pci_devices, PCI_DEVICE(child= )); + g_ptr_array_add(fuzzable_pci_devices, PCI_DEVICE(child)); + } } else if (object_dynamic_cast(OBJECT(child), TYPE_MEMORY_REGION)) { if (g_pattern_match_simple(pattern, object_get_canonical_path_component(child))) { @@ -416,6 +498,7 @@ static int locate_fuzz_objects(Object *child, void *opa= que) =20 static void general_pre_fuzz(QTestState *s) { + QPCIBus *qpci_bus; if (!getenv("QEMU_FUZZ_OBJECTS")) { usage(); } @@ -424,6 +507,7 @@ static void general_pre_fuzz(QTestState *s) } =20 fuzzable_memoryregions =3D g_ptr_array_new(); + fuzzable_pci_devices =3D g_ptr_array_new(); wordexp_t result; wordexp(getenv("QEMU_FUZZ_OBJECTS"), &result, 0); for (int i =3D 0; i < result.we_wordc; i++) { @@ -440,6 +524,36 @@ static void general_pre_fuzz(QTestState *s) object_get_canonical_path_component(&(mr->parent_obj)), mr->addr); } + +#ifdef TARGET_I386 + printf("\n.. and the following Devices in the PCI Configuration Space:= \n"); + if (fuzzable_pci_devices->len) { + /* + * qpci_new_pc can't be used for non x86... What else can we do? M= ap + * BARs, without QOS? + */ + qpci_bus =3D qpci_new_pc(s, NULL); + for (int i =3D 0; i < fuzzable_pci_devices->len; i++) { + PCIDevice *dev; + QPCIDevice *qdev; + dev =3D g_ptr_array_index(fuzzable_pci_devices, i); + qdev =3D qpci_device_find(qpci_bus, dev->devfn); + for (int j =3D 0; j < 5; j++) { + if (dev->io_regions[j].size) { + qpci_iomap(qdev, j, NULL); + } + } + qpci_device_enable(qdev); + g_free(qdev); + printf(" * %x:%x device: %x function: %x)\n", + pci_get_word(dev->config + PCI_VENDOR_ID), + pci_get_word(dev->config + PCI_DEVICE_ID), + PCI_SLOT(dev->devfn), + PCI_FUNC(dev->devfn)); + } + qpci_free_pc(qpci_bus); + } +#endif counter_shm_init(); } static GString *general_fuzz_cmdline(FuzzTarget *t) --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475897; cv=pass; d=zohomail.com; s=zohoarc; b=b83H63RY6TVOpUgCWeFUjgXINjhd/rFZvzjD81mmpjj8e/ian3lHn65p9hqz0jFJ+pfD6QXz8XMj7nURa62AtHyVN6YuimawQ9pYE+KenvBrjqNLVmQkUon6FSeLZdm1vE+3A7KB8LxteVoPOjTnN5aZrMsMjAwDMo+r5mqLz30= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475897; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=rmiix8EvCr9JdwhgaWGuVjYKqk1iZSF+8+6ho/q3ttA=; b=jHdGH38dvyyWCZh2d758nkV0CsjEf1S3MxjI7Yj0femEHPpSc8EM26kzHGGsPSg2B+0obVp1m+8oH7aJvjWWGxPKy3vus2iYYB/dTxh+mjfBiDjiLF3yhYQjk6BrmYqhi1c0P1s3iz7XG/x+dor3hwxnngde2RWpI7bM4fZd4Ik= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475897452587.7193660161464; Wed, 22 Jul 2020 20:44:57 -0700 (PDT) Received: from localhost ([::1]:49596 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jySAC-0004Rp-44 for importer@patchew.org; Wed, 22 Jul 2020 23:44:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45906) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5q-0004MM-Nv for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:26 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5o-0002Ew-Rx for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:26 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:11 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:11 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:09 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dnHvthmy9AouOsXSI9sj8g0CBWMjJ/3Y7Xauj28psOUTQQDdq9JE9uwLofdcGM9q8AmK0oO8l1TqwG++8zhy479BSZ+SEvBS5ezkaG6TmT3EDqOOiHGesI8v8cGwhpgLVO5wXLfw++6f5wvIL/JatLIGhhg0VO6g/uqrEvD9yXaXoNGZAl+AAEZHb2MBTF1dfZyHRXBSbrgcN6KY4bmmfZbZPhXICIdH4ynEXcGm3yzzblSkexlfH8MNd+hX/0ocauFdbxvs0vfzj4OgdL6KLVy5k4lPp0mn1IYaUpGLyW2gRjF9owF37NrNRDb/31uv9VmRARXwUJLb+uqE+JDMzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rmiix8EvCr9JdwhgaWGuVjYKqk1iZSF+8+6ho/q3ttA=; b=d631svDiEUfV4QMXZk1P59FXyEJbtJOVjzARyO97hz5tcYokBQSUa3JvOYl8L6Lqt8hkjCmKlfBxD2MIHVJpglw8BUpFMuH4SVzgMdNSuMWIqmfKkgPO+kP8+qyZDmb2kzLwzA2mCaBb5c+zXJtskaSs2pLcid2DAVwLGLJNk6+JdbGMcxGEQ0Yy7ALVYxJY9BMdca5PBuRGfjPZwqss7mFqbbLhworVf8R2ElfgR7mKpXA6JtOsTCsr+XMbnLQd7drfKAWIPxuXaG5h7nIE71hupz8w2E/OModKBl+Xo4FVlfChqI/W0mTT67P5AWds5TpZreS8Njbp0fvpbPSPCw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rmiix8EvCr9JdwhgaWGuVjYKqk1iZSF+8+6ho/q3ttA=; b=ywHwIwbv6CnivLcuSu7PYvQ4M03vzQIDmLFS/f+ICaAy9Q5YztHwYnbJJ89zXSv0PlpQPyOF1hX1ac9KBjayA0+AP3cq5okaWwKXynH72qCNwfWB8JPr3PYT0G+ORLi60W0NWWYvH3n1QxS2zgPizVCiykafeDxNYoastJ0V1Fw= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 04/12] fuzz: Add DMA support to the generic-fuzzer Date: Wed, 22 Jul 2020 23:39:25 -0400 Message-Id: <20200723033933.21883-5-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4ff7054e-1ae4-4cdf-1053-08d82eba19d7 X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:178; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fEWJP4x9op2eXp1WL3IZZODImfbDrQJqiM/q/itxAA/oz8gvN3AKDojAJkQ2zKOb40gzDPybg5NO62eaa3wn3mxGUJefkag5EpZvFAZ4Jx0QqM+JlFU+MaGy0VDubLqs86PjK42QWw1+sk9OOtvh+CX+G2fc1KqntRBMgH2dewGRLW0corJjXT6KPH5qXBWAg/AVnva6HVYO4C8xMQWBoqFeaiqLgz07EQUKSWq85sgtbvWeSIf2Sj6FVG/s+PfE4prZJg9KIDFxS3CfNYeIOYlyAHuEUusdqQOpqPKJQ2ZPy+PUijSQxhswfGurqA4NvXrVR2BPJg3y3IGYByHXW70K5R3qseH3gxL0GepZgJiteslENytU9uXfqsyEyRNn X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(83380400001)(7416002)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002)(41533002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: qdi8NyNRfWiTgb9Bjq3TFyAtpOMiQVT5aQxLkClX/8RwdCGCRc2cj9QEyRuaMOt9mfiYvuwHfH0gxZ3i3067pE9N8OOinGz6JN+B5//4/xmDQwkrwTH61owfIWm2++gvSQe7O6I2uf3vPP1Sh3GfZOLmQnHPKGSeL7zXt8r6M9dzr3tSH0s3Lky/pAcewAePHb5oW/WhAQnMb+pz9D6LzFtH7PYh0F7aOgy1czCzgKue8VxaaqmXUto6uxRvH8APB+gOiVMz22cQI9VF34OO3QRUdc2fA/hWKd5Pm7BhNIm4YktY6leizXlZEPI8XHafEirJfiImoEGAYbloKFxqFaeLWUrCfIP7wWom6ggqR99lqpRNy2hsEQS/Pb9T/39pfn6nCDQ40Z/WELgSAq3mhei745mCfN8euL35IXD8WxIcXYM7kCdgjVGST7NQLyMAPcVborgAUHDlXPhiyWxnGbkVSYPcgJ+LGRn9qPV82xQ= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 4ff7054e-1ae4-4cdf-1053-08d82eba19d7 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:11.4999 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ML/K1PbsB1BADjKKSLJ/Fhd4HKWAA1aQV15hbqZ0W9dMGxjVXyUimM0iKbGdJhsm X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" When a virtual-device tries to access some buffer in memory over DMA, we add call-backs into the fuzzer(next commit). The fuzzer checks verifies that the DMA request maps to a physical RAM address and fills the memory with fuzzer-provided data. The patterns that we use to fill this memory are specified using add_dma_pattern and clear_dma_patterns operations. Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/general_fuzz.c | 177 ++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuz= z.c index e715b77d59..4b6967c5d2 100644 --- a/tests/qtest/fuzz/general_fuzz.c +++ b/tests/qtest/fuzz/general_fuzz.c @@ -27,6 +27,7 @@ #include "tests/qtest/libqos/pci.h" #include "tests/qtest/libqos/pci-pc.h" #include "hw/pci/pci.h" +#include "hw/boards.h" =20 /* * CMD_SEP is a random 32-bit value used to separate "commands" in the fuzz @@ -34,6 +35,7 @@ */ #define CMD_SEP "\x84\x05\x5C\x5E" #define DEFAULT_TIMEOUT_US 100000 +#define MAX_DMA_FILL_SIZE 0x10000 =20 #define PCI_HOST_BRIDGE_CFG 0xcf8 #define PCI_HOST_BRIDGE_DATA 0xcfc @@ -44,6 +46,24 @@ typedef struct { } address_range; =20 static useconds_t timeout =3D 100000; +/* + * A pattern used to populate a DMA region or perform a memwrite. This is + * useful for e.g. populating tables of unique addresses. + * Example {.index =3D 1; .stride =3D 2; .len =3D 3; .data =3D "\x00\x01\x= 02"} + * Renders as: 00 01 02 00 03 03 00 05 03 00 07 03 ... + */ +typedef struct { + uint8_t index; /* Index of a byte to increment by stride */ + uint8_t stride; /* Increment each index'th byte by this amount */ + size_t len; + const uint8_t *data; +} pattern; + +/* Avoid filling the same DMA region between MMIO/PIO commands ? */ +static bool avoid_double_fetches; + +static QTestState *qts_global; /* Need a global for the DMA callback */ + /* * List of memory regions that are children of QOM objects specified by the * user for fuzzing. @@ -51,6 +71,122 @@ static useconds_t timeout =3D 100000; static GPtrArray *fuzzable_memoryregions; static GPtrArray *fuzzable_pci_devices; =20 +/* + * List of dma regions populated since the last fuzzing command. Used to e= nsure + * that we only write to each DMA address once, to avoid race conditions w= hen + * building reproducers. + */ +static GArray *dma_regions; + +static GArray *dma_patterns; +int dma_pattern_index; + +/* + * Allocate a block of memory and populate it with a pattern. + */ +static void *pattern_alloc(pattern p, size_t len) +{ + int i; + uint8_t *buf =3D g_malloc(len); + uint8_t sum =3D 0; + + for (i =3D 0; i < len; ++i) { + buf[i] =3D p.data[i % p.len]; + if ((i % p.len) =3D=3D p.index) { + buf[i] +=3D sum; + sum +=3D p.stride; + } + } + return buf; +} + +/* + * Call-back for functions that perform DMA reads from guest memory. Confi= rm + * that the region has not already been populated since the last loop in + * general_fuzz(), avoiding potential race-conditions, which we don't have + * a good way for reproducing right now. + */ +void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_w= rite) +{ + /* Are we in the general-fuzzer or are we using another fuzz-target? */ + if (!qts_global) { + return; + } + + /* + * If the device is trying to read from a ROM, exit early. We do not w= ant + * to fuzz devices using data that we have no control over. + */ + if (mr->readonly) { + _Exit(0); + } + + /* + * Return immediately if: + * - We have no DMA patterns defined + * - The length of the DMA read request is zero + * - The DMA read is hitting an MR other than the machine's main RAM + * - The DMA request is not a read (what happens for a address_space_m= ap + * with is_write=3DTrue? Can the device use the same pointer to do r= eads?) + * - The DMA request hits past the bounds of our RAM + */ + if (dma_patterns->len =3D=3D 0 + || len =3D=3D 0 + || mr !=3D MACHINE(qdev_get_machine())->ram + || is_write + || addr > current_machine->ram_size) { + return; + } + + /* + * If we overlap with any existing dma_regions, split the range and on= ly + * populate the non-overlapping parts. + */ + for (int i =3D 0; i < dma_regions->len && !avoid_double_fetches; ++i) { + address_range region =3D g_array_index(dma_regions, address_range,= i); + if (addr < region.addr + region.len && addr + len > region.addr) { + if (addr < region.addr) { + fuzz_dma_read_cb(addr, region.addr - addr, mr, is_write); + } + if (addr + len > region.addr + region.len) { + fuzz_dma_read_cb(region.addr + region.len, + addr + len - (region.addr + region.len), mr, is_wr= ite); + } + return; + } + } + + /* Cap the length of the DMA access to something reasonable */ + len =3D MIN(len, MAX_DMA_FILL_SIZE); + + address_range ar =3D {addr, len}; + g_array_append_val(dma_regions, ar); + pattern p =3D g_array_index(dma_patterns, pattern, dma_pattern_index); + void *buf =3D pattern_alloc(p, ar.len); + if (getenv("QTEST_LOG")) { + /* + * With QTEST_LOG, use a normal, slow QTest memwrite. Prefix the l= og + * that will be written by qtest.c with a DMA tag, so we can reord= er + * the resulting QTest trace so the DMA fills precede the last PIO= /MMIO + * command. + */ + fprintf(stderr, "[DMA] "); + fflush(stderr); + qtest_memwrite(qts_global, ar.addr, buf, ar.len); + } else { + /* + * Populate the region using address_space_write_rom to avoid writi= ng to + * any IO MemoryRegions + */ + address_space_write_rom(first_cpu->as, ar.addr, MEMTXATTRS_UNSPECI= FIED, + buf, ar.len); + } + free(buf); + + /* Increment the index of the pattern for the next DMA access */ + dma_pattern_index =3D (dma_pattern_index + 1) % dma_patterns->len; +} + /* * Here we want to convert a fuzzer-provided [io-region-index, offset] to * a physical address. To do this, we iterate over all of the matched @@ -334,6 +470,35 @@ static void op_pci_write(QTestState *s, const unsigned= char * data, size_t len) } } =20 +static void op_add_dma_pattern(QTestState *s, + const unsigned char *data, size_t len) +{ + struct { + /* + * index and stride can be used to increment the index-th byte of = the + * pattern by the value stride, for each loop of the pattern. + */ + uint8_t index; + uint8_t stride; + } a; + + if (len < sizeof(a) + 1) { + return; + } + memcpy(&a, data, sizeof(a)); + pattern p =3D {a.index, a.stride, len - sizeof(a), data + sizeof(a)}; + p.index =3D a.index % p.len; + g_array_append_val(dma_patterns, p); + return; +} + +static void op_clear_dma_patterns(QTestState *s, + const unsigned char *data, size_t len) +{ + g_array_set_size(dma_patterns, 0); + dma_pattern_index =3D 0; +} + static void op_clock_step(QTestState *s, const unsigned char *data, size_t= len) { qtest_clock_step_next(s); @@ -380,6 +545,8 @@ static void general_fuzz(QTestState *s, const unsigned = char *Data, size_t Size) op_write, op_pci_read, op_pci_write, + op_add_dma_pattern, + op_clear_dma_patterns, op_clock_step, }; const unsigned char *cmd =3D Data; @@ -433,6 +600,9 @@ static void usage(void) printf("QEMU_FUZZ_ARGS=3D the command line arguments passed to qemu\n"= ); printf("QEMU_FUZZ_OBJECTS=3D " "a space separated list of QOM type names for objects to fuzz\= n"); + printf("Optionally: QEMU_AVOID_DOUBLE_FETCH=3D " + "Try to avoid racy DMA double fetch bugs? %d by default\n", + avoid_double_fetches); printf("Optionally: QEMU_FUZZ_TIMEOUT=3D Specify a custom timeout (us)= . " "0 to disable. %d by default\n", timeout); exit(0); @@ -502,9 +672,16 @@ static void general_pre_fuzz(QTestState *s) if (!getenv("QEMU_FUZZ_OBJECTS")) { usage(); } + if (getenv("QEMU_AVOID_DOUBLE_FETCH")) { + avoid_double_fetches =3D 1; + } if (getenv("QEMU_FUZZ_TIMEOUT")) { timeout =3D g_ascii_strtoll(getenv("QEMU_FUZZ_TIMEOUT"), NULL, 0); } + qts_global =3D s; + + dma_regions =3D g_array_new(false, false, sizeof(address_range)); + dma_patterns =3D g_array_new(false, false, sizeof(pattern)); =20 fuzzable_memoryregions =3D g_ptr_array_new(); fuzzable_pci_devices =3D g_ptr_array_new(); --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475714; cv=pass; d=zohomail.com; s=zohoarc; b=ce586bNz/Ndyl3X+FhC7LauUw2AJyxteGEf+i1kooPz1O6X9Er/2HA4cOwj/B+OtIjarp8Ol4r1A113S92T/kWHnua1Cjku0dXjFF5GSAL+SvAyqYKHeJmj8ip/yR8vXYNZDkNw9sW0cZRGzUqIwkkxVsbb5rMB1XgYH09+6qRo= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475714; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Ref5m5sgPAF97HDguwHBZ7XY1CrXwWJNYyIB79SnAaM=; b=DJYV6alKHk4oC2XULKW8xsaXQCVR7FA2FE8B1AmEaHO5x9nOglSoIb8llfVeW9N7IPDBZ7Yk2xLmeNyB4JOt0MjBZif05I8QgdZ+qRyIOgoTtNWehZXbiKzqIonWTgAJ0t6kyrDCYB3hs6VcYATzxOSbAmA4Gm6FSjCgKV8UTaw= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475713977961.403512772084; Wed, 22 Jul 2020 20:41:53 -0700 (PDT) Received: from localhost ([::1]:32860 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyS7E-00069v-4Z for importer@patchew.org; Wed, 22 Jul 2020 23:41:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45920) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5s-0004Pc-HL for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:28 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5r-0002Ew-1j for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:28 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:13 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:13 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:12 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lsMR5mPwnhdXEjOV1vOlpKZOCPk0q7e8jHVWkOPDHvKHmW9CawywNBbrTxazQhdAqTAqtaCUM3T0PQSpwuvSDRfV9POYVK5MOLiSrYzay0lpxHKlsSkczGZiP5bn9IsrY9o+OoRpjWDL5HkjPI19S7QY0LdEg5LUbe4+n4SrZPVrujEx9gyEkeeAP+xaRchvSVTgf84Iv1J5x6ItZwDEujBjmrOkEME9EZtm/YVLKDqBMkH3nTj6GpVa5oxDc8BO6CmtOmMTzA2LHC4H5lAhUpmW/WTIeU9MiH6fIxZ9xcNVJUaBePEpdDKjhYVIBCAsdd83qpF4TUTbBKLiXOE6wQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ref5m5sgPAF97HDguwHBZ7XY1CrXwWJNYyIB79SnAaM=; b=bJZIyPwwau5oTpP5ORA8Z8Uc+N9XksVUoRpCdipDD/6xMiRYcahgWovQjhnFB5+xuKjXb4W45rTAbVMqFYUiQANL/Sp9Y8LVXciv1Qtv1s1zBsvXCuyO3DAjh8zyQlwHzb7oSfPkTxlh1sYcCFSNLx58WtXMWdKNZ2c3oB8DmklKokD6YI82SeA5XErrmugpSsMRntBvShD9hqc2hNbxMzah7x/DlJYdJ9FC2/AmfP7o98+d8KlVmvMCfoHai0QvsFshKY/wTOkRvjZ+zR0Tn9Q0aw78Af4WpRpxPcnvIcAYg96q+eLxETNPhnQs0HNpjlHBLhT02VWfHuv182HLpg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ref5m5sgPAF97HDguwHBZ7XY1CrXwWJNYyIB79SnAaM=; b=RSJtcN0CZ5PBXuO6R8BCFThkVFCz/haXt6/m1mR0otOMXaUgLHLW7N6kC/AnpRxG7FpWqjLBkcMREULpfDE5gdPy3VVP9bfbXb9zn9dooxCn49GZjVq+y3QggoUDqFNecxEsOS2yB8aZfsz5PrcVua4EqXfFmeWgGwbQSUMGJFk= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 05/12] fuzz: Declare DMA Read callback function Date: Wed, 22 Jul 2020 23:39:26 -0400 Message-Id: <20200723033933.21883-6-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b6a7e104-a907-4618-5554-08d82eba1b1e X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1091; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: owEgQV7wivf1ga/NHS5mXds+hpon5H3FAJyPwG/LudE6pFEw8Do+M6IjRE4jPfwK+YlcBarqQMw2OsnaAZKIEOOczUSq0PabYmPtyljR2w+LL2ioJak0RfWniqlBUfNskM3o4lMbr986Yf5wD4KfsbRQVWZrDltSkLUZtHXy71+7w/Am4+Iw3gsR0OboUVoWIz1lIIN/Tdqze+YTEztsDCX5pXOKselh3oAVvl9ujvr65AReMcron0duf7PC5ee/L5fbnEPaYv1SOZr7qxrLIF750aa/Cgvfmuvtq40e7AxJMdauMfXBVELuvatx2LfHkn1r1vCGxvsDfOeW9xMk0w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: Xyoo6+nNRjqQmF0OU84pXMI/ltDQQufDVOWaodNmQC56FYLUBht1PvL/w2tipwhrYctPEekxgqSeaTYTPgPRybE2fHnp+iDD7+BIVa2mC0qOTsua/JMB/Ml7JguFYAbdlveQUOfQGluF5KUX/klxUmOHo1gGCnp5Hki1Xi1+xqVhlt2ZhvGXS0oIvx51ImRfdldZA+7aDyJWpWZh+1j0RYaZSffnNZoE7pbesCq5Hyl6ZoorR1hNtngcSZ+8LDWQJjmtqLXZZbIb9ko/kZd1pZWQWISMG1RmGk0ccXU0krLOB8NtX1CQyfqJFwmvsRkOwkdt4Q/QidGwIyQqe6tgYVIpSOAb/oomV7KrjBjI8ZK8yY2TmveToTpZ53v4KucmYQBchAOxCnaRUK+Kx32xFCtxrR1BN39wKxPZVJjjZbJCoQaT+3qxPhg2X+NVjSSyISy9KDsTtj03gTbt5/elvRHPg90DlK4CPgBpV6Xqqoc= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: b6a7e104-a907-4618-5554-08d82eba1b1e X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:13.3598 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BFYyZ0wbF10JKIsgjlCIkz62wh0smcxM19Fp308RQrOwwxe4Xtw2V8DdWmrdpKgM X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" This patch declares the fuzz_dma_read_cb function and uses the preprocessor and linker(weak symbols) to handle these cases: When we build softmmu/all with --enable-fuzzing, there should be no strong symbol defined for fuzz_dma_read_cb, and we link against a weak stub function. When we build softmmu/fuzz with --enable-fuzzing, we link agains the strong symbol in general_fuzz.c When we build softmmu/all without --enable-fuzzing, fuzz_dma_read_cb is an empty, inlined function. As long as we don't call any other functions when building the arguments, there should be no overhead. Signed-off-by: Alexander Bulekov --- include/exec/memory.h | 15 +++++++++++++++ softmmu/memory.c | 13 +++++++++++++ 2 files changed, 28 insertions(+) diff --git a/include/exec/memory.h b/include/exec/memory.h index 307e527835..2ec3b597f1 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -47,6 +47,21 @@ OBJECT_GET_CLASS(IOMMUMemoryRegionClass, (obj), \ TYPE_IOMMU_MEMORY_REGION) =20 +#ifdef CONFIG_FUZZ +void fuzz_dma_read_cb(size_t addr, + size_t len, + MemoryRegion *mr, + bool is_write); +#else +static inline void fuzz_dma_read_cb(size_t addr, + size_t len, + MemoryRegion *mr, + bool is_write) +{ + /* Do Nothing */ +} +#endif + extern bool global_dirty_log; =20 typedef struct MemoryRegionOps MemoryRegionOps; diff --git a/softmmu/memory.c b/softmmu/memory.c index af25987518..b0c2cf2535 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -3223,6 +3223,19 @@ void memory_region_init_rom_device(MemoryRegion *mr, vmstate_register_ram(mr, owner_dev); } =20 +/* + * Support softmmu builds with CONFIG_FUZZ using a weak symbol and a stub = for + * the fuzz_dma_read_cb callback + */ +#ifdef CONFIG_FUZZ +void __attribute__((weak)) fuzz_dma_read_cb(size_t addr, + size_t len, + MemoryRegion *mr, + bool is_write) +{ +} +#endif + static const TypeInfo memory_region_info =3D { .parent =3D TYPE_OBJECT, .name =3D TYPE_MEMORY_REGION, --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475806; cv=pass; d=zohomail.com; s=zohoarc; b=UtXigR03OfozZQyMjBni3qxBa5FLOEDJBSMtA5Z+3cnGh6FN9Y3tpacKKazSt2678qnQQz8+lnMAlTaiSX0YZGRpUWDvnT19O8b4IUUTRj2PU3v8TTmTO666iayCCQraJVExjXvQaxWIsPMu8JAxj0nj1qn6rhOpZdz2qYICaH4= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475806; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Ff9MU1Kq13m6LLsmZu6ZkehKiVltjsuKRGgEge+Z9Ys=; b=eygPM6SC48YaJn2hzMaawiwlhxMDiiPbKZGd9kY4e5Vz1H4Qf30QaC4wSXzyS+dpfcfSy7H2ps6taDMTca+dmdZxgq+AmyC6Js/Fs8SGkhTHOvYEei2JeUncLxYAFaP4/DvVbdagHmOZH3H8Sn17QZEHeKrb3C+OiUV9hzvxzlc= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475806427390.0699137885314; Wed, 22 Jul 2020 20:43:26 -0700 (PDT) Received: from localhost ([::1]:41252 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyS8j-00015s-2J for importer@patchew.org; Wed, 22 Jul 2020 23:43:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45932) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5u-0004Tl-LB for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:30 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5s-0002Ew-SK for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:30 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:15 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:15 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:14 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jo7UVnzKhEtbLrJ+2lChiQG8CoYlAOD4HoVIgq52smPdPZ41L7QO9B8aewvMljyjCT+5WrBApXHQYsEXNQNO1qL7XX4hF8y055LW/yfRWluvwWbf0jamwuUl+BsKQehUrPcTG82ZRUhjy1ZVYW9/sJJmFIC+W+N13SSPt+G75cWCxjnY8Cy8jWpeHQPMHPWpkcDYGOL00XKv/LfVehxOOM5eB2KaA46SuMwbBUcLOQ26hgtpl0IchDJ1uhGXvRjVjIJHfgxPBNdxIzHosH0QIx1YiyttVdVQ7A0mTpILHGpb0VZ38/HgVE9mKcDJY9p5+uCJ6NiJ3W0vx7lEXZZnrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ff9MU1Kq13m6LLsmZu6ZkehKiVltjsuKRGgEge+Z9Ys=; b=B1RSc3b3XHtstpKKAy6qXhW+oNwgRKBHqibiuOQFWqlj36BvTGmLVoEfmhcuU7FNO1BVnt+Ay3ILhTyY2tb01li3/n3sbWD5rFpvsU2fc6+xLM5mU+w/PmKkwHAKPaodfYPrcyhm1+UHf1dQrcNyMJddmtc9HctM083KG52wOV0Slr+WPkecOurkeEuk2mXg71JeFK2/s0iKZaKEsEfcJfcRtuZywMESvnSK3IrCnEoDcRCINSPG3Z+VlwsywhwBWIWCGUUQu0R/kv69ylUjWOkCC3hD0CKkiDutARL9YI742IHcQulR4Wn8ZkLmUaLEdiGcUQLdtgpz0nfFJcYcXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ff9MU1Kq13m6LLsmZu6ZkehKiVltjsuKRGgEge+Z9Ys=; b=aO2ryo2L0BS3jKce/G0ue2jfU0cS8evglp2PCO4E+0RLjhNxv5f3EMbIqKM9e8vBl/nCodCggE0VjBWDFvBiDElPvB4IgnZJ+Lfsg5RQf1N47WzPie1vDllNtQvcNenZBjulm7w4VvCmzkdNO1tMDPMTJ3ubvZFsbS3BX4GiGe8= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 06/12] fuzz: Add fuzzer callbacks to DMA-read functions Date: Wed, 22 Jul 2020 23:39:27 -0400 Message-Id: <20200723033933.21883-7-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1ee16a09-eec5-451b-c22d-08d82eba1c99 X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:569; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kpjpqtg1x3A0qCYdX3fK/PVsKAFoXRsUnqPIMNU4/EdM6of90zOczHd8IKMlzJ/2sd1l9AfW5Fm1iYWnrAvvVNB8q3gVyrX7Fxq1lJJIdWZoqXTLP6BqOdSOg7y0N9KS3dAtX94lLlf8YrdBos2UbBkO9Y19uYOaAuk2hZZDbuKQ8eEf5sQn5s251Pz+5sWhOU0Guj5/LiMxM9VgEX5fBFzT8Vwykr0pgdqXxzDIUt+LGLiyiTkvEkuw9Qt5FuyPb3De5BuopQGLJC8W+Lo6xdgOERZbpwjFJUfN1dc7v8SuGeHqfos0Wuc0fEhZnxih X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(83380400001)(7416002)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: JntkGvadzgpe8A1/d2eFVCZCV6197ISwH6YO+EED6V5mkYeyHRB6LkehtRrNbDzmWIxpsLZUk64cTBHDsxcbzylFr3ZbZ5X7bZJ4QtObP3RAbaVwCBoHjywd0ayngGHzthEZTANvb3CzcV1gz9zpzqYBrgW5qriogOPE3IFqio0eCJ4YhG2OftY7w8OGRm9uctHBWms7bpM2ahGArAZUfM2binaC1i6teo4oFj/aVbfYBL3AEy9F/LfhToqrxa6VSPnaVbr7ZjW81S7FborN/hePJ26zDzCRmo25wWsF8u6k5i7oX0k0ufTJHfFGBQ0myU5+uLeELuxjTmdfUqlhkJXXfFO5K4A9CAeshnBNgxXM9A5Fqj3i3RYDOHwxV0+ZNXT/dgS6OM4C21uIJVXsep/8dR7AKiKyCPin6LlpEsWLmRnk2/10h3DJvgxdyESSg+UJpCgl/oGIIWUyYhZeNOYoYv6v33kBt/Hh9d9oxM8= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 1ee16a09-eec5-451b-c22d-08d82eba1c99 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:15.3427 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: i7zmAL1kbbP7D8BngUNrGDXOBILvE6DnVQIOb0EHv0YwxlY/yn+KiVATdyQFuX0N X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" We should be careful to not call any functions besides fuzz_dma_read_cb. Without --enable-fuzzing, fuzz_dma_read_cb is an empty inlined function. Signed-off-by: Alexander Bulekov --- I'd appreciate another set of eyes on this. Basically, we only care about DMA reads to RAM. This is why I assume stuff like "addr" or "cache->xlat + addr" is an absolute address. exec.c | 2 ++ include/exec/memory.h | 1 + include/exec/memory_ldst_cached.inc.h | 3 +++ memory_ldst.inc.c | 4 ++++ softmmu/memory.c | 1 + 5 files changed, 11 insertions(+) diff --git a/exec.c b/exec.c index 6f381f98e2..c81f41514d 100644 --- a/exec.c +++ b/exec.c @@ -3241,6 +3241,7 @@ MemTxResult flatview_read_continue(FlatView *fv, hwad= dr addr, stn_he_p(buf, l, val); } else { /* RAM case */ + fuzz_dma_read_cb(addr, len, mr, false); ram_ptr =3D qemu_ram_ptr_length(mr->ram_block, addr1, &l, fals= e); memcpy(buf, ram_ptr, l); } @@ -3601,6 +3602,7 @@ void *address_space_map(AddressSpace *as, memory_region_ref(mr); *plen =3D flatview_extend_translation(fv, addr, len, mr, xlat, l, is_write, attrs); + fuzz_dma_read_cb(addr, *plen, mr, is_write); ptr =3D qemu_ram_ptr_length(mr->ram_block, xlat, plen, true); =20 return ptr; diff --git a/include/exec/memory.h b/include/exec/memory.h index 2ec3b597f1..f8b943521a 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -2444,6 +2444,7 @@ address_space_read_cached(MemoryRegionCache *cache, h= waddr addr, void *buf, hwaddr len) { assert(addr < cache->len && len <=3D cache->len - addr); + fuzz_dma_read_cb(cache->xlat + addr, len, cache->mrs.mr, false); if (likely(cache->ptr)) { memcpy(buf, cache->ptr + addr, len); return MEMTX_OK; diff --git a/include/exec/memory_ldst_cached.inc.h b/include/exec/memory_ld= st_cached.inc.h index fd4bbb40e7..aff574039f 100644 --- a/include/exec/memory_ldst_cached.inc.h +++ b/include/exec/memory_ldst_cached.inc.h @@ -28,6 +28,7 @@ static inline uint32_t ADDRESS_SPACE_LD_CACHED(l)(MemoryR= egionCache *cache, hwaddr addr, MemTxAttrs attrs, MemTxResult *result) { assert(addr < cache->len && 4 <=3D cache->len - addr); + fuzz_dma_read_cb(cache->xlat + addr, 4, cache->mrs.mr, false); if (likely(cache->ptr)) { return LD_P(l)(cache->ptr + addr); } else { @@ -39,6 +40,7 @@ static inline uint64_t ADDRESS_SPACE_LD_CACHED(q)(MemoryR= egionCache *cache, hwaddr addr, MemTxAttrs attrs, MemTxResult *result) { assert(addr < cache->len && 8 <=3D cache->len - addr); + fuzz_dma_read_cb(cache->xlat + addr, 8, cache->mrs.mr, false); if (likely(cache->ptr)) { return LD_P(q)(cache->ptr + addr); } else { @@ -50,6 +52,7 @@ static inline uint32_t ADDRESS_SPACE_LD_CACHED(uw)(Memory= RegionCache *cache, hwaddr addr, MemTxAttrs attrs, MemTxResult *result) { assert(addr < cache->len && 2 <=3D cache->len - addr); + fuzz_dma_read_cb(cache->xlat + addr, 2, cache->mrs.mr, false); if (likely(cache->ptr)) { return LD_P(uw)(cache->ptr + addr); } else { diff --git a/memory_ldst.inc.c b/memory_ldst.inc.c index c54aee4a95..8d45d2eeff 100644 --- a/memory_ldst.inc.c +++ b/memory_ldst.inc.c @@ -42,6 +42,7 @@ static inline uint32_t glue(address_space_ldl_internal, S= UFFIX)(ARG1_DECL, MO_32 | devend_memop(endian), attr= s); } else { /* RAM case */ + fuzz_dma_read_cb(addr, 4, mr, false); ptr =3D qemu_map_ram_ptr(mr->ram_block, addr1); switch (endian) { case DEVICE_LITTLE_ENDIAN: @@ -110,6 +111,7 @@ static inline uint64_t glue(address_space_ldq_internal,= SUFFIX)(ARG1_DECL, MO_64 | devend_memop(endian), attr= s); } else { /* RAM case */ + fuzz_dma_read_cb(addr, 8, mr, false); ptr =3D qemu_map_ram_ptr(mr->ram_block, addr1); switch (endian) { case DEVICE_LITTLE_ENDIAN: @@ -175,6 +177,7 @@ uint32_t glue(address_space_ldub, SUFFIX)(ARG1_DECL, r =3D memory_region_dispatch_read(mr, addr1, &val, MO_8, attrs); } else { /* RAM case */ + fuzz_dma_read_cb(addr, 1, mr, false); ptr =3D qemu_map_ram_ptr(mr->ram_block, addr1); val =3D ldub_p(ptr); r =3D MEMTX_OK; @@ -212,6 +215,7 @@ static inline uint32_t glue(address_space_lduw_internal= , SUFFIX)(ARG1_DECL, MO_16 | devend_memop(endian), attr= s); } else { /* RAM case */ + fuzz_dma_read_cb(addr, 2, mr, false); ptr =3D qemu_map_ram_ptr(mr->ram_block, addr1); switch (endian) { case DEVICE_LITTLE_ENDIAN: diff --git a/softmmu/memory.c b/softmmu/memory.c index b0c2cf2535..be87044641 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -1405,6 +1405,7 @@ MemTxResult memory_region_dispatch_read(MemoryRegion = *mr, unsigned size =3D memop_size(op); MemTxResult r; =20 + fuzz_dma_read_cb(addr, size, mr, false); if (!memory_region_access_valid(mr, addr, size, false, attrs)) { *pval =3D unassigned_mem_read(mr, addr, size); return MEMTX_DECODE_ERROR; --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475794; cv=pass; d=zohomail.com; s=zohoarc; b=gn/Tb+qFkeSh1MK5cerNSnN9vcv6RxQYBZtm8d2YLVmDSst4ZOEcyI1QsP28ckgBWtfEMGo+Txl8ox3PhANnj5NNYCffePELT2u3CXgFv4mqoKgq7nTN/220JtJXSy5Xz8KOwpSEssw1WVTU7b8tF5EgLNB9oMVhBMTQJ2VF13g= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475794; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ktyxUGnYf+LmUVRdpxI0BGBhgpxPWQEYle6Jaz1ifws=; b=WBRmEjJ8tqIuBv4PKUpB2UNI182WilrtUUjySBEekfy+hT418gBqPbO1iyKsbG//8NCiZYPa39HcJPOHdgYvyJCgMwq0o9YbrRBD879L9ou51Eo0zkshXOAvdCwTG9Bns6AakEEymqXHfLJh1TTAe3zTAHetorqvw6cMR+3xKs4= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475794248867.8026218053595; Wed, 22 Jul 2020 20:43:14 -0700 (PDT) Received: from localhost ([::1]:40096 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyS8X-0000dT-2C for importer@patchew.org; Wed, 22 Jul 2020 23:43:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45944) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5w-0004WB-Cz for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:32 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5u-0002Ew-Vc for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:32 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:17 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:17 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:15 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l6VtSUIj/1uVsOxycihbNcZ4nZcF2DgX/zyiCwh26N2VlqOOVHOeRiTbrQNmnd2FzHK6w5wa+ApY+DKt1i/WHztiPkf2DUs9kWllnIBoitGSEhBjsUxqEks//V30IstQeYNi5ecXLnoZb9TX0prcfaEQn3LPa4r44sZHPm8hdb1hJ/AYjDOVuBof6OmnoV554K0qawcrKEc91WmxhAefiKT0wAWj5u23c/RTrVGHrxrsqL5cFw7t+GZW4lrMGCWaUBiGR/6dKxajhCknFBx05efm8AjCOyGoXQpfnPyzHQlyRZ/cWK+o2PAxnwghEdf1BzJxRIMUqr1p07rhs/6ahA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ktyxUGnYf+LmUVRdpxI0BGBhgpxPWQEYle6Jaz1ifws=; b=fCXrbzUv35Y2eRcTC/VT18Clhsdp1MXETbCL3F0qXhtiUO97FovOEFsMEn6G+2sScElFbZWL2itljCiY0Lh5aNr2mcJ/5FmBZIBT1ytAi1HRrqDnz8fHV4pSfzgkgetVFgZHF6lpjEt64+srdmM4TuQhD00Sy8qY02N1oFAfu77Z2jWYY+CLIFjBi1PAWdUq7Gv2yP09MUGt+0w9iAe3yfITTi89ynUR2XOXKjPAum9HbVtpWf/PNqjCjlyyYUebups3pSbCrF2dFSTeXCNLhcP3RqsTavjVxkUWEHedFvZocm3p0nioLxnYd535UoVNewRALw4420J8EMW54gZCuQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ktyxUGnYf+LmUVRdpxI0BGBhgpxPWQEYle6Jaz1ifws=; b=Eb4+5mR8ZWWiN9FCG9FC7D4bYdKVE9mWZ1NEkC36jSuln0JCf41Jd6N7dgxmplTy3ytCnfNTodaulqBkhegN20D8HW3gLCqAfPNo8l92wQslrRaC9uVbLw6bogPGfGdfdT7qDYr2kpk3vuN9NXMwekw64TW3/iQilOYsfDXV1mY= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 07/12] scripts/oss-fuzz: Add wrapper program for generic fuzzer Date: Wed, 22 Jul 2020 23:39:28 -0400 Message-Id: <20200723033933.21883-8-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ead30c39-6fac-4fff-3b2a-08d82eba1d61 X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:849; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tLxPHZcrh1YbdrijRoHz1fyWWGHEIWC1g+ktndOfKVUcqzTP2v+kmxOhdjcfSVaHl0Uapq7xk+IwhHb5q3pGgtfD+pbYcgJ0euXL2RwdSbgBkuDHAA8j8PF+Ozwh8G2NdmgU5/J17PUNKv1vPk4lszEbIdtMgljvjmQoza21VkhqJwy9G/LUXwyiEUqiQan5YPobAM/i8DP6OCTPqQADxID6zFkbGGtHr1McRhYIDzTCQY88V6KSOM1n/QsK/qXsxl18qTRmLKIHetIPROYMnbLQ+Be6yQgxLLMOo32yi5jX1YLEiW4UFhvPLsdPKkHvqR++HCPLEFEnlqWeUn7tpKYYbH6RmLIWGrKaKvbJlG2CprcmnGvrTx9rGcGEIK1V X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(83380400001)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002)(41533002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: 7bUTUSOzZVBIgWrhpl/qAqR+NFG63Jp4roohOqDRF9Qc3u/kNPQcr10vJH166vSa9sz+apmOV46Fmaj4ud/gpUN8K4014BV0X2H1OaH7RVwUbQHwc+gRf1DS7d1l+Oaz2izUmAcRcJ+hmqu6VTscckHAHbaGF+pKNm7n3uydSDA+xJE1udobA3pJ3zmVWVCyuWpu2pq3d25WRWTLBe6cnHMb9DjuDb6YJZGKIWhhS4S5qrUbiQBcuMqekXf0jUteZC135g3Rk/tkAofJC6ar1f2hymgfGk+OlC6knuWEaQpVpE80UpGqoO7BWm/C6LZPhT4S5AnnGfY1M+foJnhfAspU+1PfnJ4pxMV9yJoNbdp0CAAX5ohA9emkACVdGLlrvwayWpft9EP8Qlbe9bi+36V3h+FK/kh3mRBEg2QQhEb514/cOcA2oo6fT+kXrb6o/Hhl+3j+WsBamHReUirs/GQIiQR2JSt287Mj8nt9TiM= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: ead30c39-6fac-4fff-3b2a-08d82eba1d61 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:17.4475 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dHBcueXBFzcLNmCnTEMcR/4S//S6saPBvwPO4/VPd6LB76RQ9WR7RL4oimmDWfUm X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" On oss-fuzz we need some sort of wrapper to specify command-line arguments or environment variables. When we had a similar problem with other targets that I fixed with 05509c8e6d ("fuzz: select fuzz target using executable name") by selecting the fuzz target based on the executable's name. In the future should probably commit to one approach (wrapper binary or argv0-based target selection). Signed-off-by: Alexander Bulekov --- scripts/oss-fuzz/target.c | 40 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 scripts/oss-fuzz/target.c diff --git a/scripts/oss-fuzz/target.c b/scripts/oss-fuzz/target.c new file mode 100644 index 0000000000..4a7257412a --- /dev/null +++ b/scripts/oss-fuzz/target.c @@ -0,0 +1,40 @@ +/* + * Copyright Red Hat Inc., 2020 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include +#include +#include +#include +#include +#include + + +/* Required for oss-fuzz to consider the binary a target. */ +static const char *magic __attribute__((used)) =3D "LLVMFuzzerTestOneInput= "; +static const char args[] =3D {QEMU_FUZZ_ARGS, 0x00}; +static const char objects[] =3D {QEMU_FUZZ_OBJECTS, 0x00}; + +int main(int argc, char *argv[]) +{ + char path[PATH_MAX] =3D {0}; + char *dir =3D dirname(argv[0]); + strncpy(path, dir, PATH_MAX); + strcat(path, "/deps/qemu-fuzz-i386-target-general-fuzz"); + + setenv("QEMU_FUZZ_ARGS", args, 0); + setenv("QEMU_FUZZ_OBJECTS", objects, 0); + + argv[0] =3D path; + int ret =3D execvp(path, argv); + if (ret) { + perror("execv"); + } + return ret; +} --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475807; cv=pass; d=zohomail.com; s=zohoarc; b=jZRewgYnxf1UgXDYF2oRJba8oG/Ogp2H+F+0uFbMhOzBr/hUYrHJQ+Q2sTbxeNLJx9A9JJHUswZvlXYv43dMuoksttFg3Bh6VnR0A+ksqexySM3DoEMXDBp+Mi6de2zEUVITo/LEZsz0WC+Fx9PXrE0//r8hfP+M84i3JF95Jyk= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475807; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=NpNZNsG6MAtW9gsCEmHuXJ48bi7crbRDQgLPRi4F5tU=; b=nJo/K2vCwPKZ8LEHVJla8s1wNOpREC8gkCIkDZvpM+0SU20HdXb9m04D7S867dgfF1QBbWxW4eB9GCyI9DBBqcojnHLDjLO9BXZvCJcZwh0xo5VtkYu6NUL2bKoZYusnScgFMOLIWe8nhwfqVc337tV2iXxcGgFzPeYWCrr+wFI= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475807088256.4317506243747; Wed, 22 Jul 2020 20:43:27 -0700 (PDT) Received: from localhost ([::1]:41240 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jyS8j-00015a-R1 for importer@patchew.org; Wed, 22 Jul 2020 23:43:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45964) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5z-0004YD-Bx for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:35 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS5w-0002Ew-Up for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:34 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:19 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:19 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:18 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QyTIlUJqN8sMOd7SYN81BUhGI8K/QfgHoAFreQM4m9+wUA6ptndNXeZ1WzR0rF1bynDgUBGLyfTSR2002+u4Gn1APp7O7jB5vW+DlXTSKJhVIh3KbxtQOPe2pjCHJvZdOZuoWdrvlmTkjTJ+a9ogrShAEQjNOuzWzdZra4ym1BnL9Cl3mRZgJzQ3Ntp+nZEiV5Ym2nitVFNVSahjj+Eqh/gEjEsyb8vWoEi/QMAIcxOD1eLyJoaIdDNej/PzTwR9gXaGhpt9GGZyqY7yrwTIpuy7DmICWscyhJpgswKsuXqXtQwd1qZEbYtmtX/5wrcfqR9iz6XFD98qadju2kt21w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NpNZNsG6MAtW9gsCEmHuXJ48bi7crbRDQgLPRi4F5tU=; b=nZoBG7OibeI4DIMeWgyAGPJDDQHJUbw7r45JfatF7owpvOQbpP0s0M0mp1wHVu7kGzfjvND28c3SfBASV0i2jYDmVvHIjGfY51o/lkhEdpiSKXYVVqDZLyiwJwjf6DmfwLZXxY5liY/4Qpzwdf7qGvGITiwKAHJSPAXOxUIkxhDtyUgJgLpTB46pA5EGPayXIhCvs6VoMYU8szMnR8bXKUFUSZeQPMMK2x5mM8P1CH+RJNs0bNh4FDyUnYeO3PG6B/Bgv9x/NIcyB5wYWNXVcEr7E+17hrv1kHrXkiGPv9LTN9/bo+bb+Hjh3DTF9OskqQaFnG7UCdh1KjjVux19eg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NpNZNsG6MAtW9gsCEmHuXJ48bi7crbRDQgLPRi4F5tU=; b=q4ZFa6EVkiRbVMhFP3bVhzLvdGkcOeBxm3v4edyAf3ccToLnSxfb0sOAUxdR4NQ9jgVUrR7ODXPcA+giw3EmM69hxoOd1uemCk3dI7rzFZwi5DYNy8xnhWmpCtJF6PKcrqKnZMW/V+3gk90LXt/ntB+3azUj2Rrofe64jRiXQs4= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 08/12] scripts/oss-fuzz: Add general-fuzzer build script Date: Wed, 22 Jul 2020 23:39:29 -0400 Message-Id: <20200723033933.21883-9-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4a85f9c0-0cd8-4357-8619-08d82eba1ed1 X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:849; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HoD12aCOA8pZZkC/jrbHzn7mjPs0KGh2rQQZ8gghQnx8hI5TH4uaQIAEvthknwuk1cHDmNwlxWPCkMeXv5BKNkDqZsUc2rpyDFfNfNMWNFYNbNHs4YEd0qaQ4n2lUkn8PwBcnm+L1+CEv5xLpk9rL+oodGyL9akt5tAskVGWWdas+WbbNYC5xxnmhD0fg/mD5eU8VvCWYLkeKNP2FrzXSlL/A6MOE9EWaAoEvk+l5Jn01wBCzKQktb4DtFHjVdKKfbqUlJ85stmnPem1QwJJYArq+n2DtqP0CxqTbq9JrjL8zowfp8xjOHIDUE9Sx2pu6pejE9QiVSventp5lXi2aA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: rSnauaLlq9rIcA2xZu5DDRXFPy7bjffDdP5jK7ord+CTcrC2Qj3gL9Xn6r71PXMe+uvg1IhZ4hxOo7/Fc+epHUbGXNPUNGn5FbLpWZIh8yWziAo+FZwxETaPzzI8W1Smp2bpwVvwTJsYMUx/9YBMZ1ApWgdVPBJ0KXbX3EDY2U0dmYquD/zpiM2TC7nRq0CWg2e1jmvN9duyTY280WdDmf39jCkjc5OHwVovQ2HPEEdDm/QgHbFQnc2QNVLOBqLJjtui81R/rgCcqh4fiord4kD4PRJaOxryi/kyuwO5xT86XXV6jWdRgURi+3J22hMflO9MUlilWC3U3fWufCTUVe5NsIzZlZp090CYtigfjp+guklceIOd04mwid7Lus4f1QXitJiOK25+Blk9XY6a4p5Y3zUYfwV1z83wFkWqvP3jCOBL0UMa0d1UjZ6DQsJ24OjrdN3KMUxhRGDONDlsimXOqxz2ReZlA8ZdHE57X4U= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 4a85f9c0-0cd8-4357-8619-08d82eba1ed1 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:19.2205 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Ys1jw2/UQLH0HfboQDHqT0gHt3/aYJ9JLibPlKGrWlYVNBI+56fTQz8IcMuVFwrE X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" This parses a yaml file containing general-fuzzer configs and builds a separate oss-fuzz wrapper binary for each one, changing some preprocessor macros for each configuration. To avoid dealing with escaping and stringifying, convert each string into a byte-array representation Signed-off-by: Alexander Bulekov --- scripts/oss-fuzz/build_general_fuzzers.py | 62 +++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100755 scripts/oss-fuzz/build_general_fuzzers.py diff --git a/scripts/oss-fuzz/build_general_fuzzers.py b/scripts/oss-fuzz/b= uild_general_fuzzers.py new file mode 100755 index 0000000000..79f4664117 --- /dev/null +++ b/scripts/oss-fuzz/build_general_fuzzers.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +""" +This script creates wrapper binaries that invoke the general-device-fuzzer= with +configurations specified in a yaml config file. +""" +import sys +import os +import yaml +import tempfile + +CC =3D "" +TEMPLATE =3D "" + + +def usage(): + print("Usage: CC=3DCOMPILER {} CONFIG_PATH \ +OUTPUT_PATH_PREFIX".format(sys.argv[0])) + sys.exit(0) + + +def str_to_c_byte_array(s): + """ + Convert strings to byte-arrays so we don't worry about formatting + strings to play nicely with cc -DQEMU_FUZZARGS etc + """ + return ','.join('0x{:02x}'.format(ord(x)) for x in s) + + +def compile_wrapper(cfg, path): + os.system('$CC -DQEMU_FUZZ_ARGS=3D"{}" -DQEMU_FUZZ_OBJECTS=3D"{}" \ + {} -o {}'.format( + str_to_c_byte_array(cfg["args"].replace("\n", " ")), + str_to_c_byte_array(cfg["objects"].replace("\n", " ")), + TEMPLATE, path)) + + +def main(): + global CC + global TEMPLATE + + if len(sys.argv) !=3D 3: + usage() + + cfg_path =3D sys.argv[1] + out_path =3D sys.argv[2] + + CC =3D os.getenv("CC") + TEMPLATE =3D os.path.join(os.path.dirname(__file__), "target.c") + + with open(cfg_path, "r") as f: + configs =3D yaml.load(f)["configs"] + for cfg in configs: + assert "name" in cfg + assert "args" in cfg + assert "objects" in cfg + compile_wrapper(cfg, out_path + cfg["name"]) + + +if __name__ =3D=3D '__main__': + main() --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475886; cv=pass; d=zohomail.com; s=zohoarc; b=Hv3l0XNFSHr1A224fREOZmEZuSjpYrPLHjBDZ3WLJ1LgokH/tpvRUhruqPX5Qlc1OBF9uLP0qCmcVbP446qQOiUMWelw0MYi3ePSAEwxrRBy9xl1czyM4fqDK0KzDdlHgxYFb7+KHufeOIKtJ7X9NpN5wxPTyp9xfqeMhvZseHg= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475886; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=UzqW7uPsjLhStWhqv5CwHqpQiOHX5JqNR8rT1el2Rs0=; b=P3TQHoTGJ2lSmEOSA2kKczXcQC9G0xmDBVx+QGEeODAX0MN0tMG7SK141WJ5e+KncsI1sXUDazcwFYwAzYxcqbTxKmKXad/DE8rR3hjyCvqxPo0NKNdpmVLPLGD5+4jsnAdv8pApeDEHZMHWxYV6oJQ6OC3YINhE1z2PguQBrKs= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475886433783.1643562096693; Wed, 22 Jul 2020 20:44:46 -0700 (PDT) Received: from localhost ([::1]:48542 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jySA1-00040i-8a for importer@patchew.org; Wed, 22 Jul 2020 23:44:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45976) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS62-0004bP-R5 for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:38 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS60-0002Ew-Uw for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:38 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:20 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:20 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:19 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DGatZOt3fRqbMdK8YmLqDYgNDJVjMKc2HLJEtv4EjvWavIMdYH1bNnojqBVNQVpNhHB0+CLUgbB8WdtuKthXaFQmhTtDci3sSwI6+eeGTBlB+4mh/sNCGN9kHAPfDWeK5QFwI7fON0gIhQxeEcVb+G0u5nVFYsQ3ovP/K7Jg6fyATutcC4JS1qAqq4gx04dRa9FyWBjlFdcJU5/CnyhgtkGA4XhqN+0d8sVGNSjEtdlfObzMGJnZUw8/iSvf+t2a47+zCTjnS5NAT6bkDEywlhImE0OTw7ByJwLjzohhzxYAhuDQ5RSPRTej4PJMpnZiKuKdfSPgzWjiZijEG+kugw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UzqW7uPsjLhStWhqv5CwHqpQiOHX5JqNR8rT1el2Rs0=; b=h8fvNk29+CPr9uWZVEWSaew8PORCUVRMajPr1Q1xe79zhUScTTSbgYwmGJ4GRIkLLzhDCuv76aCzJ6ChNRpErgSDpFwWmaGrjiaOpk1mKU5Pg7RFak/qZCe2E/c3O2L5O4Q1FeLeRmjSqWIJKlCdvrriL4sl9NOHRP7EvRYCpoz7vlnZ4qVtLgRZfBp7k+663wnpFuCMPqltdWQlDDIrNFeMiDXQ3PZC9AuVL1lSR4IuanG2JhNV32dk4pdjS300u+x9Co08vQ/G7rOXsMkut0k+UWXYo0BRG+9Z99dRNDdybHkfVLadXgEzwrRWfch3c7TbNRclM1UVpxtztuU6Lg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UzqW7uPsjLhStWhqv5CwHqpQiOHX5JqNR8rT1el2Rs0=; b=E/21dgEYMLt5s5nlyoTC+7WxnttQnEaFSUauA79C5pg4cterzXgpfhYVeoedoIpXjaHXojXdj7xQWziVOzCP3Dto3HCUe+GwHVBfsxbzz3dx4UR8ObzbyeBnHDUgy5VLHqBMc+ccXd8g7pazAsh0u48oN7I1RKOXcncXcI3J91w= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 09/12] scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz Date: Wed, 22 Jul 2020 23:39:30 -0400 Message-Id: <20200723033933.21883-10-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6a2b9ef6-f7cf-4ce3-3dec-08d82eba1fba X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2582; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: URr/V7I4s4tRLDJ4QQSg2gg7dBUDkR35jI5MfelIR3EMPHrtzFgh1Cn9mjQ/XW3IbYeMJ+53oUWgjpdR0WUzRDqu35eYvxeqFrS0/jlzJVFe4bYJNdnNa5jCPcn+ORjMPDjz/u3bdSqeetT9P3AjHdTaG3SO9n+h0X8BGZzLOjb5Mymn4ox4f1Rm0jmlp4hTQ1byAmOdSKGxuNfGVn7tTvhRJPrVhg1Y4LJIziAxV2ncoqyJVk6wTWfbCqYGM1HP8AKupW19hAHRvNPZbR6IaiOJdu96GVameFvSSP3YIaPs8eNc9GxnNImeu+PZt8NB X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: yGH1vBgyOc4aYpl1C/+nAuyKI9M3jq73eTR+p8OgldPtdazDlZ1nRk3IylBkRHnHLOp6nWJfJTirT3ffUhhkkGWn3WkHSeeS/lux0n+xYIr3f4eW3G2UReDWhPJMN5tDGpn+g2m1vn20UPmFG24ILzmgvReg/IYwk3dFZPMVE0YuEQkhCTzZJv1TaGMnkU/fSiVzx0R3OQnmCfQ0TZph/oGHprW1DUSNFJdu8fxTE69dopXepZGe1uIHyYxreiUSsopnMOMN71Z5GWLJUxMx6Ma/qt+rHl82S74fW/ZfRz/FGKoRCK9w9EjAwwmGVKckPxRzNWAE1S/q5HQF/Qspet3lO7FWJk86y07R0/rXl6yF5oomT5nD52RgEZDyBXupWxKtWsiqXRWoQLHlSx4xqo/DCkaWIZvf3r1INoaw0EDNobM+bFWa/Wipd2hCzCKyvwAjSJmfTinjof+2lqIidkP2SBf1eIkGUaNWmOakeA0= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 6a2b9ef6-f7cf-4ce3-3dec-08d82eba1fba X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:20.6767 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: IdhqHey08a6UIpjqGCXhBVj1iPw/NT8tOP1H3cXE5Ca9a7OamGCg7jDCgW8zySgt X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" Each of these entries is built into a wrapper binary that sets the needed environment variables and executes the general virtual-device fuzzer. In the future, we will need additional fields, such as arch=3Darm, timeout_per_testcase=3D0, reset=3Dreboot, etc... Signed-off-by: Alexander Bulekov --- scripts/oss-fuzz/general_fuzzer_configs.yml | 103 ++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 scripts/oss-fuzz/general_fuzzer_configs.yml diff --git a/scripts/oss-fuzz/general_fuzzer_configs.yml b/scripts/oss-fuzz= /general_fuzzer_configs.yml new file mode 100644 index 0000000000..748f4db075 --- /dev/null +++ b/scripts/oss-fuzz/general_fuzzer_configs.yml @@ -0,0 +1,103 @@ +configs: + - name: virtio-net-pci-slirp + args: > + -M q35 -nodefaults + -device virtio-net,netdev=3Dnet0 -netdev user,id=3Dnet0 + objects: virtio* + + - name: virtio-blk + args: > + -machine q35 -device virtio-blk,drive=3Ddisk0 + -drive file=3Dnull-co://,id=3Ddisk0,if=3Dnone,format=3Draw + objects: virtio* + + - name: virtio-scsi + args: > + -machine q35 -device virtio-scsi,num_queues=3D8 + -device scsi-hd,drive=3Ddisk0 + -drive file=3Dnull-co://,id=3Ddisk0,if=3Dnone,format=3Draw + objects: scsi* virtio* + + - name: virtio-gpu + args: -machine q35 -nodefaults -device virtio-gpu + objects: virtio* + + - name: virtio-vga + args: -machine q35 -nodefaults -device virtio-vga + objects: virtio* + + - name: virtio-rng + args: -machine q35 -nodefaults -device virtio-rng + objects: virtio* + + - name: virtio-balloon + args: -machine q35 -nodefaults -device virtio-balloon + objects: virtio* + + - name: virtio-serial + args: -machine q35 -nodefaults -device virtio-serial + objects: virtio* + + - name: virtio-mouse + args: -machine q35 -nodefaults -device virtio-mouse + objects: virtio* + + - name: e1000 + args: > + -M q35 -nodefaults + -device e1000,netdev=3Dnet0 -netdev user,id=3Dnet0 + objects: e1000 + + - name: e1000e + args: > + -M q35 -nodefaults + -device e1000e,netdev=3Dnet0 -netdev user,id=3Dnet0 + objects: e1000e + + - name: cirrus-vga + args: -machine q35 -nodefaults -device cirrus-vga + objects: cirrus* + + - name: bochs-display + args: -machine q35 -nodefaults -device bochs-display + objects: bochs* + + - name: intel-hda + args: > + -machine q35 -nodefaults -device intel-hda,id=3Dhda0 + -device hda-output,bus=3Dhda0.0 -device hda-micro,bus=3Dhda0.0 + -device hda-duplex,bus=3Dhda0.0 + objects: intel-hda + + - name: ide-hd + args: > + -machine q35 -nodefaults + -drive file=3Dnull-co://,if=3Dnone,format=3Draw,id=3Ddisk0 + -device ide-hd,drive=3Ddisk0 + objects: ide + + - name: floppy + args: > + -machine pc -nodefaults -device floppy,id=3Dfloppy0 + -drive id=3Ddisk0,file=3Dnull-co://,file.read-zeroes=3Don,if=3Dnone + -device floppy,drive=3Ddisk0,drive-type=3D288 + objects: fd floppy* + + - name: xhci + args: > + -machine q35 -nodefaults + -drive file=3Dnull-co://,if=3Dnone,format=3Draw,id=3Ddisk0 + -device qemu-xhci,id=3Dxhci -device usb-tablet,bus=3Dxhci.0 -devic= e usb-bot + -device usb-storage,drive=3Ddisk0 -chardev null,id=3Dcd0 -chardev = null,id=3Dcd1 + -device usb-braille,chardev=3Dcd0 -device usb-ccid -device usb-ccid + -device usb-kbd -device usb-mouse -device usb-serial,chardev=3Dcd1 + -device usb-tablet -device usb-wacom-tablet -device usb-audio + objects: "*" + + - name: pc-i440fx + args: -machine pc + objects: "*" + + - name: pc-q35 + args: -machine q35 + objects: "*" --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475897; cv=pass; d=zohomail.com; s=zohoarc; b=SRP7f4F7lwh1cTq8KS3nvVWVCjkypOSZl3JY4TAoafqSMTXtm6eeCYHcbAV5G3AtJhFeHmNYuvWetdkKOIzuhTnjPUlrfxIY7j00+MkvT3EBJenCR5wYc1X0d2UnumnOT/RvVuU2NBgQblZyQt0qsRNLUaetFqqDFfM5sCyuH0I= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475897; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ILFm+jKTdjrdX8nkeEQ3xqWEJ12GQUk4+ZhBwAirD8k=; b=IIQeHClFpdyZkDMHmc1v6rtXf7lGMipcffdunVeJOu9GVc9GRwxggUQc+1NCArn/Hh2/bQmfPp4F7hVSbJXrVcoOGc4U60avhb+KZU0mnF/DcZzd/zxW9JzjHoBRklfWff2XAcaY/ozYK5eh3+5992uZ31YWBVg+gXsrx1tXa+E= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475897749584.9368275062136; Wed, 22 Jul 2020 20:44:57 -0700 (PDT) Received: from localhost ([::1]:49660 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jySAC-0004TQ-D9 for importer@patchew.org; Wed, 22 Jul 2020 23:44:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45990) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS64-0004eI-N9 for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:40 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS63-0002Ew-5t for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:40 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:22 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:22 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:20 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lnSA5iUeOvjKeoYzK8vpA8jrMl7BTwfNCmv2cIvrh80EKEAYnk1w/Dz9muAloxIIgStPlevXvChu290no1lYTta5O3mOIJZZseysjDI1biRVEwkBatXiirzjoxOsHw2UHO4e3l2LsxOUv1CMNNlACxtosDQM4tFZ76wqzak5yI+tg15lDpoDNB54i8uWYNNrn4WPTKot/f+WHkBv8UsAtPB2jw+X+VDd+zFOyod7fzJMz2zo+Zfa3kq533L+3xILTY4xWZxvWTePXSj2GmIXQWJKH/aOkvCv/EuXEyeq9DSqRGGETdZXL15ebLDFWZ80afKGLWpRvlYXgqD96gSfFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ILFm+jKTdjrdX8nkeEQ3xqWEJ12GQUk4+ZhBwAirD8k=; b=VVYIPcVFwJIVGsZXGHZKLx5H5BR0IuuWPgyLLs6TkZC21RyDf0r4xqRBnicY9dWBA76bxj6RISAYN2YdGbSkn7SAdYqab94OEGLMFYeZANaPJbTdjv1ozhrt4nJ4ZWARWRrjk88i80hcCLu6iwPgaebHoHEsd6ftqKsEJ51cLeH9JM0Z4RWhORdnoKYIHy7vl7ZKY6iZwS9PjPIUoorPopjBLEHr89opoY9M8VvZK5qPk99vlbxaj5DF3TVsaG+A0pQKtoc2ZSEDPSAGgCupqJ18yd/AN2e31XWdY+6GqjNv4eiupTSGIsOCzCQPw2FdFWmt2l/2RjTNiZ9YMbjVgQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ILFm+jKTdjrdX8nkeEQ3xqWEJ12GQUk4+ZhBwAirD8k=; b=q9Znag9RPbVMBoaDB1VMUdeO3hy0AO2u3suq5/4VA2d4+WJE5RB55eLjDUQwC8aIv/ElvG6FhCmZXSekJpAaVgnzMRN7V7v5C5di4gcKxpzxcRTXprNCDBQuhedEPPeHRa3nCoLIrWClhsPj2tX0/UpLvyszohLarbyu4mgaVNY= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 10/12] scripts/oss-fuzz: build the general-fuzzer configs Date: Wed, 22 Jul 2020 23:39:31 -0400 Message-Id: <20200723033933.21883-11-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 91a1d0af-efbf-407a-0b4f-08d82eba2065 X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PVj4S5G9bYUH3GxbNfU+rNzjh7lTN6A1gTHJNW9ZFZTVNeXQ7Nz7BZKw6zhpWM9c4EuGKUX9weV5iVBKb5KnQkZvMJhV51WEYMzjU/V0f2Gq0FePI3H9GZ9IcaSCRB7H4eGDOpombX0FrT5hNvbj4jVFLsBh01atS4eVH1WdjPKk8cxs6ADJlWpqi2RDPZ1k7vvPWcUtFk80NyyjQGi1tYgcKTHPabC5vroNzfXcxSyMkAUuGMh8wcMSe1g4ojC8LHClr+D1Qj6dX0uekP21H5SihFdiIRUGWAp6yMGBfOfsOhNEcQcxtbT8qjNVz/Di X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(83380400001)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: GbcEm2xy4bCGbmunm0crc7XxgstcLNKM5rwNPxtDvnvXMQ8fvZbuKRG6czw9zEj2BOtbdbRbdunnIJ2Vs4kJdY18hrd5gwcPzop1xM/+EaWS4IrX88QEoUqk6tdxiyRCwZ+PVrgUrdz3PPx4CdlKx5hSB8dL5uMv2jk1ZskDk/nppGj5QgvNp+S8JFn0epGM68CHZQRa0mKKVChfdTir/lbYa0TR4NBCXSNr6BMP+HSW6HEIpSN3OJjNov53sVSyn+RggBZAT6zwfdOj0RUB3sSku4/pknm6ElfDOJC1py83asfAn/Z/Aq4W4HaiargxGVNXslAwp3ZBs4lvcW0jL2lkwJM6v06mvsHcIOw5HX5VH8lr286LJ5WbGmBAwcv6pyAlWlOyBOxDtSM8bomBHbLogXSxiiU+/0iQvwoZMn1BWDlRyfkUJNe8SOuWAol4qg959MKT8f5suYXQCYL6byCcXInDhhd223E1VST/IqI= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 91a1d0af-efbf-407a-0b4f-08d82eba2065 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:22.1479 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dq4gBfPHivOaxzF9WLAFIqnYd4IVxeendFhzdmFRfbWQH3TEoPqibee/hkHeHbZQ X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" Build general-fuzzer wrappers for each configuration defined in general_fuzzer_configs.yml and move the actual general-fuzzer to a subdirectory, so oss-fuzz doesn't treat it as a standalone fuzzer. Signed-off-by: Alexander Bulekov --- scripts/oss-fuzz/build.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/oss-fuzz/build.sh b/scripts/oss-fuzz/build.sh index a07b3022e8..2071e77ac2 100755 --- a/scripts/oss-fuzz/build.sh +++ b/scripts/oss-fuzz/build.sh @@ -38,7 +38,7 @@ OSS_FUZZ_BUILD_DIR=3D"./build-oss-fuzz/" # remove it, resulting in an unresolved reference to qemu_build_not_reached # Undefine the __OPTIMIZE__ macro which compiler.h relies on to choose whe= ther # to " #define qemu_build_not_reached() g_assert_not_reached() " -EXTRA_CFLAGS=3D"$CFLAGS -U __OPTIMIZE__" +EXTRA_CFLAGS=3D"$CFLAGS -U __OPTIMIZE__ -DCONFIG_FUZZ=3Dy" =20 if ! { [ -e "./COPYING" ] && [ -e "./MAINTAINERS" ] && @@ -101,5 +101,11 @@ do cp ./i386-softmmu/qemu-fuzz-i386 "$DEST_DIR/qemu-fuzz-i386-target-$tar= get" done =20 +mkdir -p "$DEST_DIR/deps" +mv "$DEST_DIR/qemu-fuzz-i386-target-general-fuzz" "$DEST_DIR/deps/" + +./scripts/oss-fuzz/build_general_fuzzers.py \ + "./scripts/oss-fuzz/general_fuzzer_configs.yml" "$DEST_DIR/general-fuz= z-" + echo "Done. The fuzzers are located in $DEST_DIR" exit 0 --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595475896; cv=pass; d=zohomail.com; s=zohoarc; b=U+dW1TfUUuxFVeCTeZQUBHMgaDrduO6DNvWz6fpXBphd7hIQP5Ea3uiUHZn1vriqBEOfPjPdG7EHH8ZLg+sjZJj5LBuFFzAji3GgJwJrLnFiHISP2Lbue9YeXrMyGhhACAQIUr/80ZbaEro5d4i6dhllZexJMGIDmSfK/nWKvT4= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595475896; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=+KM79cPkTvUzrM+zvLY1mMAUOTr71w0mWHKq6fqwQWw=; b=dK3NebW12xgAHZxG8xz2iaAzgew8PxXSSCE3DAsu+8QLusLMD5XR0sbhDMJ/8+AJBmtu7zVwvjAccbmb/dFxKG1OgUqL1aygbsD6qZtEcKhkNmkTp7+q75ac9worqotWHRgP+nwgYjw01bT5iIyW9w392KPu3CgW2S+clPBVc70= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595475896902711.4772530764309; Wed, 22 Jul 2020 20:44:56 -0700 (PDT) Received: from localhost ([::1]:49622 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jySAB-0004SL-Hb for importer@patchew.org; Wed, 22 Jul 2020 23:44:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46002) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS66-0004gd-Pw for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:42 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS65-0002Ew-2A for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:42 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:24 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:23 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:22 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BsmjxK0AM4mjmaOopw88yYMKyCiii/alxaC9cOppgSJTZm/4eRyWXCFkou2sbOvqZw4HIVBONLzcmrf7x/cKo5h6TgOrRhMJ7WxlPHymnrvjP8vkOBU69BZMdCwRgqDpN1/YWxw9s+67YvC5sg0PfyhdWEU9XzjUgumCuL6lprTJzhghtH/jmkqiLaihUCSbJ+J2I8OwWr9uloTjuOzEcSuTz6P5SQUjQH/dXy/6q7Su0fEdCmpE5W1vZYGHLYx1d1+qnUw+yBN+ZqArq/TFANmKD254qVPhOyvyrEfW/qnqqG1fdnMNklkFkRZYwbCgtqT7i4wDR62qFaFRw4OW1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+KM79cPkTvUzrM+zvLY1mMAUOTr71w0mWHKq6fqwQWw=; b=mlj92S42YRDjsWWXA7zWL75QSn/CuvV6fm4TyylbY348YGyydoIL4Jt/k5VkyOaBwRupaNd77R/Py6x13sLhFeGAU0kAKDTIhSoT81sPsWQ0NLKgMOfSGItH3H42tK1gz82Rh8SZhxr4LVm5EQOSMjCTai0C8kfCtU309oxOZSEzH745JUgAwSRSN5lJ97mFysWDyErtr3O19YtWv0ckWhMCab3cZpxd4dL+DmdccWWpTQXGoLPzqmkuWHs0HUoOnxSzm68tjUDNSwPZaKmZsPWlwQSjbuQOfpYtscRoab7Kqi5SUpJh6QVd9dwHulp3TzfsrI9o5qAlRkS/c0P2oQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+KM79cPkTvUzrM+zvLY1mMAUOTr71w0mWHKq6fqwQWw=; b=FvR1lSH9mDmGaRvBNBzcFsuuZOGJHNYZ7gYJ9qpZlgvDjfPa6vQNLInR8Y7i9m9uAz0GuHtzhb8Vuwo6L73GAbiymxpQuqwVeXSSkchPoUAPAd3Qbx48FaNLwMcFF6cwKfvSmLYTuV7ETQ6kNMV3sEKgDlUbFThn/dAiJafG5+k= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 11/12] scripts/oss-fuzz: Add script to reorder a general-fuzzer trace Date: Wed, 22 Jul 2020 23:39:32 -0400 Message-Id: <20200723033933.21883-12-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2c240f8e-219b-488c-6ffe-08d82eba2158 X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: k/kt2h0zEIUU6If7V1DGZnhkn4FLDMTV2UyaRoCDuJOUm1Z0/cHTY/UQdWvPdrofW6MWniVLCuPqnzza+sD85A5iQH7vNulqxeLnofgK+vJxXGhUNpw7/UOQTPoJFdigqmUVhYwfT6GGqPcqrhzc6KK4bGOBq94SIGJywah1EyxzVxB+xL9Jg7GWAPYj8Dp21g37faqimc0TqlVWy0H6kDEdy7ur/PkIA0oEeh+zJi4TcK/Qe/LwlyORyLNQmcFSyA5KQopBgiRd3RcRt4BXVCK8Vy7q7OCXOZDukwHH45GHTFyQ0aGCdMl+JeTcdMHrOxvnEorvkqRcPj/VFNEoBw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(83380400001)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: qV+YQ03xWRKQ1p/RWhZtCTUnMpQphjWDQPVJeoffPDFcmwKucPu5T5PffeCQ5iArZ1sYGtLWXj6TO1HX5oJ1WuX14lWaMNDZcOf68hDdz7Kh0X34cPF4cX1HYg7gY5khvRu2G8p3ccKx1NTqiYyWwE+mWx1f/ObVTqp+Z18QZebNJxiYioirny69/sEdykdQIpT7PTfjJZZoN0K5OfkP0bOSRwS3Y5r+6QVZxBBNqZcMffFiTORYoXli4j0YhL5CJqYzWAhYGLE1jwYxEvTr4tqIC3oDmc38qNXVq2/5hTRtuHP4YGXwXuLz36eLgXxc0UMHJr3hmNGjeshcZPs0TGHMbcNelShEQ2txL2nhXR3O1mIxNHzDgjW8tIo+LyTh/mooHofL7cTiuD+E8D4OxPdSjVMYRo5c/fK6cYFJRxhE5jIT6vvVfBMmqyb5FG/aCWK2ygiIiWvNASPC5VnVlSOCAg5V2U2KLl9mCQKFh6Q= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 2c240f8e-219b-488c-6ffe-08d82eba2158 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:23.7630 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: gCd3qkVFVlexl8dqAcqxh4ExTQ5bnWXdUJ0HalBM2ftQePgR92RWolcxe8hGy7NQ X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" The general-fuzzer uses hooks to fulfill DMA requests just-in-time. This means that if we try to use QTEST_LOG=3D1 to build a reproducer, the DMA writes will be logged _after_ the in/out/read/write that triggered the DMA read. To work work around this, the general-fuzzer annotates these just-in time DMA fulfilments with a tag that we can use to discern them. This script simply iterates over a raw qtest trace (including log messages, errors, timestamps etc), filters it and re-orders it so that DMA fulfillments are placed directly _before_ the qtest command that will cause the DMA access. Signed-off-by: Alexander Bulekov --- .../oss-fuzz/reorder_fuzzer_qtest_trace.py | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100755 scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py diff --git a/scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py b/scripts/oss-f= uzz/reorder_fuzzer_qtest_trace.py new file mode 100755 index 0000000000..9fb7edb6ee --- /dev/null +++ b/scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +""" +Use this to convert qtest log info from a generic fuzzer input into a qtest +trace that you can feed into a standard qemu-system process. Example usage: + +QEMU_FUZZ_ARGS=3D"-machine q35,accel=3Dqtest" QEMU_FUZZ_OBJECTS=3D"*" \ + ./i386-softmmu/qemu-fuzz-i386 --fuzz-target=3Dgeneral-pci-fuzz +# .. Finds some crash +QTEST_LOG=3D1 FUZZ_SERIALIZE_QTEST=3D1 \ +QEMU_FUZZ_ARGS=3D"-machine q35,accel=3Dqtest" QEMU_FUZZ_OBJECTS=3D"*" \ + ./i386-softmmu/qemu-fuzz-i386 --fuzz-target=3Dgeneral-pci-fuzz + /path/to/crash 2> qtest_log_output +scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py qtest_log_output > qtest_tr= ace +./i386-softmmu/qemu-fuzz-i386 -machine q35,accel=3Dqtest \ + -qtest stdin < qtest_trace + +### Details ### + +Some fuzzer make use of hooks that allow us to populate some memory range,= just +before a DMA read from that range. This means that the fuzzer can produce +activity that looks like: + [start] read from mmio addr + [end] read from mmio addr + [start] write to pio addr + [start] fill a DMA buffer just in time + [end] fill a DMA buffer just in time + [start] fill a DMA buffer just in time + [end] fill a DMA buffer just in time + [end] write to pio addr + [start] read from mmio addr + [end] read from mmio addr + +We annotate these "nested" DMA writes, so with QTEST_LOG=3D1 the QTest tra= ce +might look something like: +[R +0.028431] readw 0x10000 +[R +0.028434] outl 0xc000 0xbeef # Triggers a DMA read from 0xbeef and 0x= bf00 +[DMA][R +0.034639] write 0xbeef 0x2 0xAAAA +[DMA][R +0.034639] write 0xbf00 0x2 0xBBBB +[R +0.028431] readw 0xfc000 + +This script would reorder the above trace so it becomes: +readw 0x10000 +write 0xbeef 0x2 0xAAAA +write 0xbf00 0x2 0xBBBB +outl 0xc000 0xbeef +readw 0xfc000 + +I.e. by the time, 0xc000 tries to read from DMA, those DMA buffers have al= ready +been set up, removing the need for the DMA hooks. We can simply provide th= is +reordered trace via -qtest stdio to reproduce the input + +Note: this won't work for traces where the device tries to read from the s= ame +DMA region twice in between MMIO/PIO commands. E.g: + [R +0.028434] outl 0xc000 0xbeef + [DMA][R +0.034639] write 0xbeef 0x2 0xAAAA + [DMA][R +0.034639] write 0xbeef 0x2 0xBBBB +""" + +import sys + +__author__ =3D "Alexander Bulekov " +__copyright__ =3D "Copyright (C) 2020, Red Hat, Inc." +__license__ =3D "GPL version 2 or (at your option) any later version" + +__maintainer__ =3D "Alexander Bulekov" +__email__ =3D "alxndr@bu.edu" + + +def usage(): + sys.exit("Usage: {} /path/to/qtest_log_output".format((sys.argv[0]))) + + +def main(filename): + with open(filename, "r") as f: + trace =3D f.readlines() + + # Leave only lines that look like logged qtest commands + trace[:] =3D [x.strip() for x in trace if "[R +" in x + or "[S +" in x and "CLOSED" not in x] + + for i in range(len(trace)): + if i+1 < len(trace): + if "[DMA]" in trace[i+1]: + trace[i], trace[i+1] =3D trace[i+1], trace[i] + for line in trace: + print(line.split("]")[-1].strip()) + + +if __name__ =3D=3D '__main__': + if len(sys.argv) =3D=3D 1: + usage() + main(sys.argv[1]) --=20 2.27.0 From nobody Sun May 19 06:50:45 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) ARC-Seal: i=2; a=rsa-sha256; t=1595476004; cv=pass; d=zohomail.com; s=zohoarc; b=eTOcyKtHxZ0vq8zWbqQJnHy4z/E5UOn3jIJOQDBxaITJoEoyam35NH1TXSQar+agTGzKoiljmfSA4pGDBYNM20DXWBdPVTwDMATrzwLW1QAQbJzymdxgodPj5wGwhLDxUgJmWJ97DbY226sTnhOQpnENeA0flIVMrEjQ+KIulzM= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595476004; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=piuHyXxbwdw425eGOf9k+yjiqN6g9rFW75SW4RFIU/0=; b=oLQ+8NIO01pGxmCgvYz9Am0J9P40ioU8efOvBulj7cGbbF0+t6ZDk6fXBPq3jHth1aYr5xI0c/LqJ5kySuxVJF7e+90WR5nH7an8kmnJlFXYEh4CRuNIlD/b4enr2YzTXWIpPF6iN5ZgF0M4V/s6fmY01UbjmcrdOzC1R6BI4GQ= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1dmarc=pass fromdomain=bu.edu) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595476004697100.50767494660249; Wed, 22 Jul 2020 20:46:44 -0700 (PDT) Received: from localhost ([::1]:55642 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jySBv-0006y6-Ai for importer@patchew.org; Wed, 22 Jul 2020 23:46:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46022) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS68-0004kC-Vr for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:45 -0400 Received: from mail-mw2nam12on2114.outbound.protection.outlook.com ([40.107.244.114]:16939 helo=NAM12-MW2-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jyS67-0002Ew-3b for qemu-devel@nongnu.org; Wed, 22 Jul 2020 23:40:44 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN6PR03MB3982.namprd03.prod.outlook.com (2603:10b6:805:67::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Thu, 23 Jul 2020 03:40:25 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::8ce:29a6:77be:c35b%7]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 03:40:25 +0000 Received: from mozz.bu.edu (128.197.127.33) by MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23 via Frontend Transport; Thu, 23 Jul 2020 03:40:24 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Dm9uO/8bd1AtRLw0zRum4+nwmO3MK7LiUXwkW4S7CWC0n34AbPb3gmCmqNCond+inwp3Ddj9Q0MCSV14b6T1sJXYKaQ6Rxdvg4U3q79IGAgYJG0TRcHhiu6KltogBlT1g0IloMrTtDbT0zBjEVYneRFkqkfXboxCWse9bdiaFa17XIwp3ZI8wD2WLrxjPKJYpc7DpuSDKLn6cxRb/f6CRw37aibKeY+K9fa7wdfYzFk/P4fKx/oL0jIWbWL5eHprW6pcnZ6JBDLeqSIVbyJ+fggAZzE2iFGyuHTuZwhKdmGNCy0+cqGSGtpNuM2q3TxZ1s8TjyBCP0fbDrD6DxF23w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=piuHyXxbwdw425eGOf9k+yjiqN6g9rFW75SW4RFIU/0=; b=aiVsqdU6VLbFqWXrUaxVyuRhhErTO+dtengPajV0TdLdSDN0ra3Ow4hOQdtUEvLJvmhnBZ58G2GA24B+HI25qYadKwlftSlQOXyEQo0g9DMUvmlTQcpGELelUGS0u8t501UND+cZ/G4wIWXvBFyGnAVp5LTqy/A3rDE2PlKkqcmrMD/fezVRSrTke1Ag9235vUXDGF6HDsPQoIdNcjjf6KZIfsQHQgL3Drd/GUM5Ce8NaSK2n9UyOmaLUGpPAktkCRsr2QKyCSYR++ELv1GVFjb6ZCwkUvi1vO8cckRxwhSNGAlGWvLSVZP768U2e04qKYq5Qd06N/LNOOkIyRTspw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=piuHyXxbwdw425eGOf9k+yjiqN6g9rFW75SW4RFIU/0=; b=3AfpBDn4l7iTqz0p3ScHvc7C4lDHd24kK/HSFGrT2YpIssN1BwSGz6+opR+YsOWIaq3uyq+y3oPsxKDCihQnkhFHJcHi/EiK35UrbH0KDTk4cFsMSVWVKQLFVSns1rraWo19YcMe6cjaGGxto7FjCCwpGeScdYPy9O9ZzRmzG54= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PATCH 12/12] scripts/oss-fuzz: Add crash trace minimization script Date: Wed, 22 Jul 2020 23:39:33 -0400 Message-Id: <20200723033933.21883-13-alxndr@bu.edu> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200723033933.21883-1-alxndr@bu.edu> References: <20200723033933.21883-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR16CA0057.namprd16.prod.outlook.com (2603:10b6:208:234::26) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [128.197.127.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: da03a4da-039f-46b5-99f2-08d82eba226e X-MS-TrafficTypeDiagnostic: SN6PR03MB3982: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3383; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PkgNP1Qu4oYY7zllAFTrp7F3FYYgp8oEVw+N8RSpOvTN5TbuJmK1IHxkePQFHL6xp+b1uNZj2tN35KxwBZKPndQwElRYh63qBPsbWZhlXDZp5pFH2OfbJ5920ZpymV3KjrrzTTEbZIjmZtcZTOLz6FFwUCs0eJh/4KOcEGrRd3pPCAcWkNoBZoVeLqiXdsgiTyHTq3J3zhLCunJ+mVkr/sBf9SFI9DuQVimENOC4ECgYgPbOUs46//axUW6Pj8BiDzbx+o7J6G5b/f2pAs9oc2kOCZc1rOtSQ6wIKbKVajXyUf1FrUSDi77egPa2M+h9vcOdaqE+yFignTryc0iwAw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(366004)(136003)(376002)(6916009)(4326008)(36756003)(478600001)(5660300002)(2616005)(956004)(6666004)(8936002)(52116002)(7696005)(66946007)(66556008)(66476007)(6486002)(75432002)(26005)(8676002)(16526019)(54906003)(86362001)(186003)(316002)(1076003)(786003)(2906002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: 7nlR2iUA03eHdEMvK35k5nf8cqyonftcp372qYf6lxy2Yk6McAE3KVWXbIa++mYrUVeDKXswvJvc6aMJGMNN35R900tWD1cHcCxvB5EbRy7iRzXQeicM3d1VF7kBVPwOQUHOz5flLhCO5JUYxrfC0Vv5WOAf5CXc1ui6MFdfBQs8i/LhREG9Clh3w7WfmbJOCPWnYMOE4i8cTwFrdc+IFIykZIZMTKPWYCkg32DLifWgw+lSrnkfAg2oIC2tKIF0AjuxCzb7yxGDEgzgmGYPVyry5hNiezzJU4XjhTO12jTYkF0PEFl8vhjuaPoNJnmcz2iNMLhLyPRoMYTPq4AExGS0vFVoH6Gg0DiUt16R1Se3TNaCYs/XCgcd2hT5D7db6FkY5+AMh9/k2AMIb4BzhZdemC1abcqOujP358tPxQAeherJ0bDXyNG3+7yPRJGsaVnNLpc8v4SkD2oPp+DrLqYrIMuw/1xKzlKWGMd8fkw= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: da03a4da-039f-46b5-99f2-08d82eba226e X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2020 03:40:25.1142 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: UqXIuSC0v1sXvWomrE3qXtqw0oHwEOUYXuOTepj1dlNrLAEIm0kEJ31FMmXZh/mr X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB3982 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.244.114; envelope-from=alxndr@bu.edu; helo=NAM12-MW2-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/22 23:40:15 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thuth@redhat.com, Alexander Bulekov , f4bug@amsat.org, darren.kenny@oracle.com, bsd@redhat.com, dstepanov.src@gmail.com, stefanha@redhat.com, andrew@coatesdev.com, Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) Content-Type: text/plain; charset="utf-8" Once we find a crash, we can convert it into a QTest trace. Usually this trace will contain many operations that are unneeded to reproduce the crash. This script tries to minimize the crashing trace, by removing operations and trimming QTest bufwrite(write addr len data...) commands. Signed-off-by: Alexander Bulekov --- I know its hard to make sense of this patch and the previous one without a real example, but I didn't want to delay sending this set. I'll try to find and old crash (maybe for one of the e1000e bugs) and show exactly how I go from binary libFuzzer blob to qtest reproducer. scripts/oss-fuzz/minimize_qtest_trace.py | 117 +++++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100755 scripts/oss-fuzz/minimize_qtest_trace.py diff --git a/scripts/oss-fuzz/minimize_qtest_trace.py b/scripts/oss-fuzz/mi= nimize_qtest_trace.py new file mode 100755 index 0000000000..c318032049 --- /dev/null +++ b/scripts/oss-fuzz/minimize_qtest_trace.py @@ -0,0 +1,117 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +""" +This takes a crashing qtest trace and tries to remove superflous operations +""" + +import sys +import os +import subprocess +import time + +QEMU_ARGS =3D None +QEMU_PATH =3D None +TIMEOUT =3D 5 +CRASH_TOKEN =3D None + + +def usage(): + sys.exit("""\ +Usage: QEMU_PATH=3D"/path/to/qemu" QEMU_ARGS=3D"args" {} input_trace outpu= t_trace +By default, will try to use the second-to-last line in the output to ident= ify +whether the crash occred. Optionally, manually set a string that idenitife= s the +crash by setting CRASH_TOKEN=3D +""".format((sys.argv[0]))) + + +def check_if_trace_crashes(trace, path): + global CRASH_TOKEN + with open(path, "w") as tracefile: + tracefile.write("".join(trace)) + rc =3D subprocess.Popen("timeout -s 9 {}s {} {} 2>&1 < {}".format(TIME= OUT, + QEMU_PATH, QEMU_ARGS, path), + shell=3DTrue, stdin=3Dsubprocess.PIPE, + stdout=3Dsubprocess.PIPE) + stdo, None =3D rc.communicate() + output =3D stdo.decode('unicode_escape') + if rc.returncode =3D=3D 137: # Timed Out + return False + if len(output.splitlines()) < 2: + return False + + if CRASH_TOKEN is None: + CRASH_TOKEN =3D output.splitlines()[-2] + + return CRASH_TOKEN in output + + +def minimize_trace(inpath, outpath): + global TIMEOUT + with open(inpath) as f: + trace =3D f.readlines() + start =3D time.time() + if not check_if_trace_crashes(trace, outpath): + sys.exit("The input qtest trace didn't cause a crash...") + end =3D time.time() + print("Crashed in {} seconds".format(end-start)) + TIMEOUT =3D (end-start)*5 + print("Setting the timeout for {} seconds".format(TIMEOUT)) + print("Identifying Crashes by this string: {}".format(CRASH_TOKEN)) + + i =3D 0 + newtrace =3D trace[:] + while i < len(newtrace): + prior =3D newtrace[i] + # Try to remove the line completely + newtrace[i] =3D "" + if check_if_trace_crashes(newtrace, outpath): + i +=3D 1 + continue + newtrace[i] =3D prior + # Try to split up writes into multiple commands, each of which can= be + # removed. + if newtrace[i].startswith("write "): + addr =3D int(newtrace[i].split()[1], 16) + length =3D int(newtrace[i].split()[2], 16) + data =3D newtrace[i].split()[3][2:] + if length > 1: + leftlength =3D int(length/2) + rightlength =3D length - leftlength + newtrace.insert(i+1, "") + while leftlength > 0: + newtrace[i] =3D "write {} {} 0x{}\n".format( + hex(addr), + hex(leftlength), + data[:leftlength*2]) + newtrace[i+1] =3D "write {} {} 0x{}\n".format( + hex(addr+leftlength), + hex(rightlength), + data[leftlength*2:]) + if check_if_trace_crashes(newtrace, outpath): + break + else: + leftlength -=3D 1 + rightlength +=3D 1 + if check_if_trace_crashes(newtrace, outpath): + i -=3D 1 + else: + newtrace[i] =3D prior + del newtrace[i+1] + i +=3D 1 + check_if_trace_crashes(newtrace, outpath) + + +if __name__ =3D=3D '__main__': + if len(sys.argv) < 3: + usage() + + QEMU_PATH =3D os.getenv("QEMU_PATH") + QEMU_ARGS =3D os.getenv("QEMU_ARGS") + if QEMU_PATH is None or QEMU_ARGS is None: + usage() + if "accel" not in QEMU_ARGS: + QEMU_ARGS +=3D " -accel qtest" + CRASH_TOKEN =3D os.getenv(CRASH_TOKEN) + QEMU_ARGS +=3D " -qtest stdio -monitor none -serial none " + minimize_trace(sys.argv[1], sys.argv[2]) --=20 2.27.0