From nobody Tue Nov 18 01:22:21 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 63.128.21.124 as permitted sender) client-ip=63.128.21.124;
 envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=philmd@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1606849852; cv=none;
	d=zohomail.com; s=zohoarc;
	b=bejYs/XUts6199Q4HQbHlmBN6w4xkICCdFo2cSNcFyDyADnCf+6FawTj0SOSAMHFBc+PzBlh7Mb2Rxo2dkphaLYegsJaTLhaFsFDCy5cn06wd2NjyyV6z2aQXjvTSC/h1MhaZXLQapfNyIcNyQJbRJAIWmWoZ2Ie6XGhHm39t0I=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1606849852;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To;
	bh=LXHlJ1LzCveRD1iPVL/bW/urLeua1wvjxYp+o+bw888=;
	b=lxYr17x1c2cuAF+R4ry7rHKXFvgy5FnLYXfgQxAEr5nYzESePm9Uh0YOceYfYUFINLzSBZkgdPyOINrpZSrzkESF3WFf6LqJChgfgO8xsxIKerg3yRnVkRTiM3opylcWmMPFpEqinm/BXo22oL6Rgtpf0Bi2LWx3NrYabnlmISY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=philmd@redhat.com;
	dmarc=pass header.from=<philmd@redhat.com> (p=none dis=none)
 header.from=<philmd@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com
	with SMTPS id 1606849852048744.7125025662224;
 Tue, 1 Dec 2020 11:10:52 -0800 (PST)
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
 [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-586-nBR19bpwP1u0pLsZCfDaDw-1; Tue, 01 Dec 2020 14:10:48 -0500
Received: by mail-wm1-f69.google.com with SMTP id o17so1294861wmd.9
        for <importer@patchew.org>; Tue, 01 Dec 2020 11:10:48 -0800 (PST)
Return-Path: <philmd@redhat.com>
Return-Path: <philmd@redhat.com>
Received: from localhost.localdomain (111.red-88-21-205.staticip.rima-tde.net.
 [88.21.205.111])
        by smtp.gmail.com with ESMTPSA id p4sm808598wrm.51.2020.12.01.11.10.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Dec 2020 11:10:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1606849850;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=LXHlJ1LzCveRD1iPVL/bW/urLeua1wvjxYp+o+bw888=;
	b=hGhRm5+fJR6aflw9emB7T1uZDF1VDmawEf+lCC2hyE6pFp+5dbrd+mzQ8TK3KMFq2asEQ1
	wP11TR1EbHWS9aC5hKWCb3sL+/FasFBLytzUAKAqhRSQh/sUkjvbed/1MKROoqq9SgQqfn
	RpV4gyNj03albg9bQL0z6wAzzOKJ5UQ=
X-MC-Unique: nBR19bpwP1u0pLsZCfDaDw-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=LXHlJ1LzCveRD1iPVL/bW/urLeua1wvjxYp+o+bw888=;
        b=JNximY9XDp4m0Bijq3qv9vjw9ukBoUvUR8IpSALcizcQjXAy/wTgymSgj/n262Dmh3
         h421M9QdurOD2F6vlBji/UPYqOAUackuxG19cJuxb8hVAkdIftIk5UbXfpI9hULJT4kR
         JE+HiKhVXNosScjIiyKU8CSya0KweCp1ZePH3suGCFxS8x3lO4wWmTDeLQofS4Fd1OVq
         k00gwazAMJGSo0Ybwlq5LIpbgfZHQSehAOwUfaZ677haMmnHMZdAp+5l+LpUy99Hai/4
         WBHRRB3hWZszf51gh0s7kMdfvfnq6Xuam/5LMHV8RxhSWI4f/BObr1sgYU8vrDx1k0+w
         8TMA==
X-Gm-Message-State: AOAM531wG09vf9QX3zfOp1c6/y62VpGZ4+yfU++k8zCjoAl+EHwjp+3X
	0xOCUc0Mu8t/+F2bqQBh6C2AKy8IU5RXLKtdEu6/oLKRbmO+kujHkm2ZcDLLhRwhYH/YMnreuEV
	sEhgJ42vwslLKbw==
X-Received: by 2002:a1c:2c8a:: with SMTP id
 s132mr4292212wms.119.1606849845893;
        Tue, 01 Dec 2020 11:10:45 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJyguvbVskkuL/r+yZY/0Mjhmu35cbiiRs8KSnpxVbQF/m8IAeMZCDY6ayVIxMEw6A3/olCeQw==
X-Received: by 2002:a1c:2c8a:: with SMTP id
 s132mr4292074wms.119.1606849844088;
        Tue, 01 Dec 2020 11:10:44 -0800 (PST)
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
To: qemu-devel@nongnu.org
Cc: Laurent Vivier <lvivier@redhat.com>,
	Thomas Huth <thuth@redhat.com>,
	Hannes Reinecke <hare@suse.com>,
	Fam Zheng <fam@euphon.net>,
	Li Qiang <liq3ea@163.com>,
	Alexander Bulekov <alxndr@bu.edu>,
	qemu-block@nongnu.org,
	Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Subject: [PATCH v2 3/4] tests/qtest/fuzz-test: Add test_megasas_cdb_len_zero()
 reproducer
Date: Tue,  1 Dec 2020 20:10:25 +0100
Message-Id: <20201201191026.4149955-4-philmd@redhat.com>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20201201191026.4149955-1-philmd@redhat.com>
References: <20201201191026.4149955-1-philmd@redhat.com>
MIME-Version: 1.0
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)

Add a reproducer which triggers (without the previous patch):

  $ make check-qtest-x86_64
  Running test qtest-x86_64/fuzz-test
  qemu-system-x86_64: hw/scsi/megasas.c:1679: megasas_handle_scsi: Assertio=
n `cdb_len > 0 && scsi_cdb_length(cdb) <=3D cdb_len' failed.
  tests/qtest/libqtest.c:181: kill_qemu() detected QEMU death from signal 6=
 (Aborted) (core dumped)
  ERROR qtest-x86_64/fuzz-test - too few tests run (expected 1, got 0)

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daud=C3=A9 <philmd@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
---
 tests/qtest/fuzz-test.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c
index 87b72307a5b..31f90cfb4fc 100644
--- a/tests/qtest/fuzz-test.c
+++ b/tests/qtest/fuzz-test.c
@@ -48,6 +48,23 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(=
void)
     qtest_quit(s);
 }
=20
+static void test_megasas_cdb_len_zero(void)
+{
+    QTestState *s;
+
+    s =3D qtest_init("-M pc -nodefaults "
+                   "-device megasas-gen2 -device scsi-cd,drive=3Dnull0 "
+                   "-blockdev driver=3Dnull-co,read-zeroes=3Don,node-name=
=3Dnull0");
+
+    qtest_outl(s, 0xcf8, 0x80001011);
+    qtest_outb(s, 0xcfc, 0xbb);
+    qtest_outl(s, 0xcf8, 0x80001002);
+    qtest_outl(s, 0xcfc, 0xf3ff2966);
+    qtest_writeb(s, 0x4600, 0x03);
+    qtest_outw(s, 0xbb40, 0x460b);
+    qtest_quit(s);
+}
+
 int main(int argc, char **argv)
 {
     const char *arch =3D qtest_get_arch();
@@ -59,6 +76,8 @@ int main(int argc, char **argv)
                        test_lp1878263_megasas_zero_iov_cnt);
         qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert",
                        test_lp1878642_pci_bus_get_irq_level_assert);
+        qtest_add_func("fuzz/test_megasas_cdb_len_zero",
+                       test_megasas_cdb_len_zero);
     }
=20
     return g_test_run();
--=20
2.26.2