On Saturday, 2021-03-13 at 18:18:59 -05, Alexander Bulekov wrote:
> For the sparse-mem device, we want the fuzzer to populate entire DMA
> reads from sparse-mem, rather than hooking into the individual MMIO
> memory_region_dispatch_read operations. Otherwise, the fuzzer will treat
> each sequential read separately (and populate it with a separate
> pattern). Work around this by rearranging some DMA hooks. Since the
> fuzzer has it's own logic to skip accidentally writing to MMIO regions,
> we can call the DMA cb, outside the flatview_translate loop.
>
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
> ---
> softmmu/memory.c | 1 -
> softmmu/physmem.c | 2 +-
> 2 files changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/softmmu/memory.c b/softmmu/memory.c
> index 874a8fccde..3b8e428064 100644
> --- a/softmmu/memory.c
> +++ b/softmmu/memory.c
> @@ -1440,7 +1440,6 @@ MemTxResult memory_region_dispatch_read(MemoryRegion *mr,
> unsigned size = memop_size(op);
> MemTxResult r;
>
> - fuzz_dma_read_cb(addr, size, mr);
> if (!memory_region_access_valid(mr, addr, size, false, attrs)) {
> *pval = unassigned_mem_read(mr, addr, size);
> return MEMTX_DECODE_ERROR;
> diff --git a/softmmu/physmem.c b/softmmu/physmem.c
> index 7e8b0fab89..6a58c86750 100644
> --- a/softmmu/physmem.c
> +++ b/softmmu/physmem.c
> @@ -2831,6 +2831,7 @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
> bool release_lock = false;
> uint8_t *buf = ptr;
>
> + fuzz_dma_read_cb(addr, len, mr);
> for (;;) {
> if (!memory_access_is_direct(mr, false)) {
> /* I/O case */
> @@ -2841,7 +2842,6 @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
> stn_he_p(buf, l, val);
> } else {
> /* RAM case */
> - fuzz_dma_read_cb(addr, len, mr);
> ram_ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false);
> memcpy(buf, ram_ptr, l);
> }
> --
> 2.28.0