[v1] fuzz: Add a sparse-memory device to accelerate fuzzing

[PATCH 0/3] fuzz: Add a sparse-memory device to accelerate fuzzing

Alexander Bulekov posted 3 patches 3 years, 1 month ago

Diff against v2 v3
Download series mbox

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210311053614.940352-1-alxndr@bu.edu

Maintainers: Stefan Hajnoczi <stefanha@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Thomas Huth <thuth@redhat.com>, Alexander Bulekov <alxndr@bu.edu>, Igor Mammedov <imammedo@redhat.com>, Bandan Das <bsd@redhat.com>, Laurent Vivier <lvivier@redhat.com>

There is a newer version of this series

MAINTAINERS                     |   2 +
hw/mem/meson.build              |   1 +
hw/mem/sparse-mem.c             | 154 ++++++++++++++++++++++++++++++++
tests/qtest/fuzz/generic_fuzz.c |   2 +-
tests/qtest/meson.build         |   3 +-
tests/qtest/sparse-mem-test.c   |  88 ++++++++++++++++++
6 files changed, 248 insertions(+), 2 deletions(-)
create mode 100644 hw/mem/sparse-mem.c
create mode 100644 tests/qtest/sparse-mem-test.c

Expand all Fold all

[PATCH 0/3] fuzz: Add a sparse-memory device to accelerate fuzzing

Posted by Alexander Bulekov 3 years, 1 month ago

Hello,

The generic-fuzzer often provides virtual-devices with bogus DMA
addresses (e.g. 0x4141414141414141). The probability that these fuzzed
addresses actually land within RAM is quite small. The fuzzer eventually
finds valid addresses, however, this takes some time, and this problem is
compounded when the device accesses multiple DMA regions. This series
adds a "sparse" memory device, and configures it for the generic-fuzzer.
This allows us to simulate 16 EB ram (only a tiny portion actually
populated). Thus, almost any randomly generated 64-bit address will land
in memory that the fuzzer can populate with data.

Patch 1 adds the sparse-mem device
Patch 2 adds tests for the device
Patch 3 configures the generic-fuzzer to use the sparse-mem device

-Alex

Alexander Bulekov (3):
  memory: add a sparse memory device
  memory: add tests for the sparse-mem device
  fuzz: configure a sparse-mem device, by default

 MAINTAINERS                     |   2 +
 hw/mem/meson.build              |   1 +
 hw/mem/sparse-mem.c             | 154 ++++++++++++++++++++++++++++++++
 tests/qtest/fuzz/generic_fuzz.c |   2 +-
 tests/qtest/meson.build         |   3 +-
 tests/qtest/sparse-mem-test.c   |  88 ++++++++++++++++++
 6 files changed, 248 insertions(+), 2 deletions(-)
 create mode 100644 hw/mem/sparse-mem.c
 create mode 100644 tests/qtest/sparse-mem-test.c

-- 
2.28.0