From nobody Tue Feb 10 07:47:52 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=bu.edu); dmarc=fail(p=none dis=none) header.from=bu.edu ARC-Seal: i=2; a=rsa-sha256; t=1626155688; cv=pass; d=zohomail.com; s=zohoarc; b=HwPEd3hiAOi/vjFTU0MDzKRoifsj6ORMIS8uG4OUSWsVSACU7m3McTHMd3fPCXC3cy66M9dXJIteXNwGzsvIh1191o96pMBJ3qndbQgmcU9T4D4mxRjdM4YlgrjPNidYOFxu36RXYephYrpDC89W4zEHbvhTKcWOO/XocDe4L/A= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626155688; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=KF9aTRQnvRLf1kNFgJ7H+mEonbE0DzCv3qCtz16lMqc=; b=YJRpuMFunFwOnxWtNMHhCejM0HFi/ILfzotvSD7sqv+NhzaydY2YD4dY7wH5+AJoLyBWdKxl4nU93aJLizhqqs8yVOQa79QIH6jpDUHZN1GsstRuaXhEAPyyDWJXyOSzMsVKMP6YbeXSbeW6g9lpTcYHiLMsN+8DDZrfF4cDQyY= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=bu.edu); dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626155688432102.5849408274263; Mon, 12 Jul 2021 22:54:48 -0700 (PDT) Received: from localhost ([::1]:35496 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3BNW-0000Z1-5E for importer@patchew.org; Tue, 13 Jul 2021 01:54:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44014) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3BMn-0008Jg-F7 for qemu-devel@nongnu.org; Tue, 13 Jul 2021 01:54:01 -0400 Received: from mail-bn8nam11on2070d.outbound.protection.outlook.com ([2a01:111:f400:7eae::70d]:30144 helo=NAM11-BN8-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3BMl-0003DD-OU for qemu-devel@nongnu.org; Tue, 13 Jul 2021 01:54:01 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN2PR03MB2285.namprd03.prod.outlook.com (2603:10b6:804:d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Tue, 13 Jul 2021 05:48:56 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::24fc:a5d:be8d:eb3f]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::24fc:a5d:be8d:eb3f%3]) with mapi id 15.20.4308.027; Tue, 13 Jul 2021 05:48:56 +0000 Received: from stormtrooper.vrmnet (72.74.210.193) by MN2PR03CA0028.namprd03.prod.outlook.com (2603:10b6:208:23a::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Tue, 13 Jul 2021 05:48:55 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dj+g++XpCh48LpZVFMYSaeoZDriqQYVWYBR31NHJpV6DaXZnLOShiromOC4+NyDsd6LounjPzwR86D3d1rut9uRfedD/4I9Rg3bQew1k8pyBUAYgg96wk4bzvCJNWL+R4Uh7K7wW0cmNz/EzAFPfQrwRaPHpQeGL4+zPwz2hmnt8jP1CGwHZyo8yIPJmoQMpOG9cP9RoMTXywmIN9JRc3a8TUNi60kISEOoVPz1Pkz+IRttfe45Whma/tf0LTQMTBTp1/Q9gHlidf3M0f/KllqhjGs9zTaYJBbiqkhwUhAJkRhjFa8xRH9ckzrwzhDogZV8YUdXRHlcE6zy3T6oc4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KF9aTRQnvRLf1kNFgJ7H+mEonbE0DzCv3qCtz16lMqc=; b=KCYIBCsGe13pYyphFVMecfx3SvhAJCiezlCodz2o87tdTbKqBAnXJ4Hxe2Hzq5LRZi6llej9Ot2uf/4AGfI4sc28UrXniZw5SkMhTJwv4UVKxWcqw4yMtqjsLAMcHYEeHIpdYpKS0sr/I+gmZXQvwg8NpFJNyaeyTdvMczG9Y/4km243gLBF5dDMG1mJp1Ap3ZczrEZYsK6z077ukdLf8cNLOFWCTj2G3PJ17sWOq3gdAQ7HV22K1iQlasaHVXQtO6t80cm5aEDXgoJeTMBi7th7pK2e72sxh7fZmSgru9c3So0fDgFKpEhm+b9pewr3hrdMFu7QklrAjcd2d8sH5A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KF9aTRQnvRLf1kNFgJ7H+mEonbE0DzCv3qCtz16lMqc=; b=kjGbGt5vi3KsjuSjX4cAICiHV03gUI91ys16YI9lSaNQ/hGugsexftmVniPL3bEMZCWTKC4d4vBstVpQFAMulo+oK6+rBYdhhIYfZfLcYo1e33zwENzFBxmD8A2aPalhpdKdNwd7vo1xr42ikAG4LPgWLxo4HKBYX77NW9Ev3tQ= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PULL 1/3] fuzz: fix sparse memory access in the DMA callback Date: Tue, 13 Jul 2021 01:48:34 -0400 Message-Id: <20210713054836.154421-2-alxndr@bu.edu> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20210713054836.154421-1-alxndr@bu.edu> References: <20210713054836.154421-1-alxndr@bu.edu> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR03CA0028.namprd03.prod.outlook.com (2603:10b6:208:23a::33) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c79a7481-c2f7-40b2-d188-08d945c1e747 X-MS-TrafficTypeDiagnostic: SN2PR03MB2285: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +CiOPWDYnELz88Txbr/PBo9Ht0GY+UM/3AGROC42ZomAHhFdoXPU7AjMIY2pBS9md7PHWQu2eCoR0JbbfP7/C6XYLmqhedQfP6ybQz2Jx9PfqEsA6rT2vfLXh1q8lpvCuraIBjIpDgpAIo8SooskgWT5DuHXr7WWUF57+GU7ckC+SgStyikHiZZuGSTffaNma9+nG7s1cqq9xovYpEKclFFZukTKJCRp751/NoSkEIAuC8+9wEfCY0Azd1+csA/jWhsSRlI7b4AnapHRk4+hlWr6jtEEjLyycxSzzSekgFtcWgmzgWiAI1Sfc1r84baH4zFgRc/JxiRS4ESXWor/gEAYR0xKzpzg8evgO0SkxA1WjNIFXzqfKzunZYddMV+GJzkb4jJSC3MMs9YVY/+yTRfqMAK6B36VRwyMvtra+6gnaFyArP0QhIzvjUkBS9GV/EgndtTNoHzzApvgG2M97m361mhQAvvVsPxZ8iWmtPQm2zFhltuNkGZ+9njlMWqQsZln1vbqkN5Xzc5fSsV5RSM4RHJxXH1m0oOPcNr8n+nkJzQD4QV0TZedDL0vOnbtv+nx8H3/vPNeODALiRCbm6Zwp36qh+DJDZOP83cxeiTFRoY6LqEuQHM1VmRZR7KJ7gHQX/p61r1qudp5y0sPQE61xCVTSsCscYiwa1atlsjTynBkNtFfPSODKFdz5gwyl2agfiZMfKHTFUQv5GEN+g== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(366004)(39860400002)(136003)(376002)(75432002)(26005)(8676002)(36756003)(6506007)(86362001)(52116002)(6512007)(38350700002)(8936002)(316002)(786003)(38100700002)(956004)(6486002)(5660300002)(2616005)(66476007)(66946007)(66556008)(4326008)(478600001)(54906003)(1076003)(6916009)(2906002)(83380400001)(186003)(6666004); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ckhFMEZYRlZMYmlHdXYweUJPbUpPTVczczhQZ3Z2dDEvR0FxWEVyOVBJYXJx?= =?utf-8?B?YzlsSlhPWFRpSnVRWnNFc1k0T0RJclJEVjlNbnY0Q1hjVlZPNitsRkoxaUJm?= =?utf-8?B?ZDUvL1d2eFhvZHZpVUJ5MW5CL3NRN3pIalBvRkI0NVNUQy9RRHNoM3RJbjR1?= =?utf-8?B?ZVNIYk95RVVPTGVPSTZpSWYwUzRuVXYvdGNRcGFORTI1SnFRZHk1M2FxZXBj?= =?utf-8?B?Q0NIenlvZzU1a3pGQng2UmZoOVZIdzZJUEgyU28rUzEzYXRCVWlRR2MyZ25P?= =?utf-8?B?SXE3NU9VSzE0MS9YbmY1MjlvZEhSU2t0cFBOL09YQmF2ZHJPb1hVbU5uZW1O?= =?utf-8?B?S2h3Ky9oaW5KTnNiTFBUdnBIUThHd1dnRXRZd0xPYkd1ZEhpMGtGdE5TZFNF?= =?utf-8?B?RllSamE2ZnlPN3lmcDlxdTl0dGpVL2ZZdkoreVM3RnN1UGUxcVl0YXJGc1Vm?= =?utf-8?B?VmlsOW9ReCtoaUFOSG94ZUc1dmUxeDlRWXBHQTRsTWYwQ1l2NXYwb2ZzYUpv?= =?utf-8?B?MEMzMW1HR25oK3V5cVp5U1MwTGhMK29NQWNMZmYrTXBNNFppYWdyK1pRL0E3?= =?utf-8?B?TjAxd0VFSWx2dS93ZW9zdVVHais2YkhBNmlDNzhPcEF0OHZFTGNYYVBUd1c4?= =?utf-8?B?MU90OTUxS1lUcElRUGNxQkJqbUhRcHdPbkt6K3pGZERVOEV5bFM0eTdBZWNo?= =?utf-8?B?T2VpOW40ekZEMUFmNW9lWTE3SzFUaXpoV0xnWkVzRk5TOGorSDBDazQ3eHdi?= =?utf-8?B?VEtsOExlT1ZWVTNSV01xL3dxWExEMGhZOUk1TXBtbXJLTkFoQkxSV3pNM2Qy?= =?utf-8?B?Yy9UTVVsd2VOYkZ6NFRUbHBSSDl6RUpFb2JLK3F1NldjbGlCK25LTG5OaVgr?= =?utf-8?B?OW41ZG9wMzdXM2xSY21qQXB3VG1wOHptSGVicitZeVArNFV2RnZrVHRCdjIw?= =?utf-8?B?OTMwcDdSSHRGUjRlUWFLSGZRZkgyTzU4THE2OFNQV1YralVXSExxdURTMjIy?= =?utf-8?B?aFplSGZaeER0RmRjMTlqY3h5c2FJOGc2VEtZRTBvWlR1MElMMEF2d1lQK1ZO?= =?utf-8?B?R054SGtIWkpxYnVUV3FKWHRibjFGaS9NQUJ1UWw0YTlSbU9OYkRWMis4U0lR?= =?utf-8?B?VEpXZU5jbll4UXpOMHFpNFN4L3NDcmlBTUx2UnlXdnhhZGtKOEE5THh4QWtQ?= =?utf-8?B?dlAyWG1OQ0FYN3lpd0VJakJmUWhRWmZsZHl5NHBNbnVkdm5WVFpzSkplK05s?= =?utf-8?B?SnU3Z2d5NS9FL0tHZGVDVWVsQnZRYkdEdmJ6MGYrZVY3RnJ5Sm1UblJERWRz?= =?utf-8?B?Y0lZaDE4L0pNUGRBeU95RGZSNW5QZjIreS9QeVBxRFRSU2c5QUpyQW1ncVJF?= =?utf-8?B?TDdDVHkzK1BQTVdoeGFJeGpLRzdvWG9tWWM2M3dJYUFoa3NkVnZrdlFKKzRt?= =?utf-8?B?LzFxNC9YWUxvUHdiTVltZldQbnZtM2RyZDVIZlBFQjhzUm1KWVFlRGpxVzNx?= =?utf-8?B?TWtjdlBBRzRwUHJoek43R0Q2alptRytiNitnOE1iWUVqZnpUTll3UnZCRko0?= =?utf-8?B?RXc1TlluWFpLS3F3UnQvNmFBNUl2bDdad1IzZmk3bFk5SkY2QzdCZ3NoUkI5?= =?utf-8?B?NDU5K2RzRnFkT1lLRmdVYlBlU0VrZ1dwcGV5dGoxNkdXOElvNjVUaXU0ZmNT?= =?utf-8?B?aVBtdFl4emhpekZVbWt5WHZHd0Y0VXhDb0Y1N3NQQitOZ3M1SnN1djhUYTk2?= =?utf-8?Q?ZUnKSeFLs+RA7xem1I1hwdEOwkwRYNMFIxcEQ6l?= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: c79a7481-c2f7-40b2-d188-08d945c1e747 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jul 2021 05:48:56.2393 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zQ/2IZu/5IkKAvIxXlYhNMIs5eJqJu1Yqn8L0yFhg5HrMUbNZfX9kuNm5SM93cKS X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR03MB2285 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a01:111:f400:7eae::70d; envelope-from=alxndr@bu.edu; helo=NAM11-BN8-obe.outbound.protection.outlook.com X-Spam_score_int: -8 X-Spam_score: -0.9 X-Spam_bar: / X-Spam_report: (-0.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.998, MSGID_FROM_MTA_HEADER=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Darren Kenny , Alexander Bulekov Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) X-ZM-MESSAGEID: 1626155689066100001 The code mistakenly relied on address_space_translate to store the length remaining until the next memory-region. We care about this because when there is RAM or sparse-memory neighboring on an MMIO region, we should only write up to the border, to prevent inadvertently invoking MMIO handlers within the DMA callback. However address_space_translate_internal only stores the length until the end of the MemoryRegion if memory_region_is_ram(mr). Otherwise the *len is left unmodified. This caused some false-positive issues, where the fuzzer found a way to perform a nested MMIO write through a DMA callback on an [address, length] that started within sparse memory and spanned some device MMIO regions. To fix this, write to sparse memory in small chunks of memory_access_size (similar to the underlying address_space_write code), which will prevent accidentally hitting MMIO handlers through large writes. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- tests/qtest/fuzz/generic_fuzz.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuz= z.c index 6c67522717..0ea47298b7 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -240,10 +240,17 @@ void fuzz_dma_read_cb(size_t addr, size_t len, Memory= Region *mr) addr, &addr1, &l, true, MEMTXATTRS_UNSPECIFIED); =20 - if (!(memory_region_is_ram(mr1) || - memory_region_is_romd(mr1)) && mr1 !=3D sparse_mem_mr) { + /* + * If mr1 isn't RAM, address_space_translate doesn't update l. Use + * memory_access_size to identify the number of bytes that it is = safe + * to write without accidentally writing to another MemoryRegion. + */ + if (!memory_region_is_ram(mr1)) { l =3D memory_access_size(mr1, l, addr1); - } else { + } + if (memory_region_is_ram(mr1) || + memory_region_is_romd(mr1) || + mr1 =3D=3D sparse_mem_mr) { /* ROM/RAM case */ if (qtest_log_enabled) { /* --=20 2.28.0 From nobody Tue Feb 10 07:47:52 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=bu.edu); dmarc=fail(p=none dis=none) header.from=bu.edu ARC-Seal: i=2; a=rsa-sha256; t=1626155442; cv=pass; d=zohomail.com; s=zohoarc; b=TWoyNG0IosVh8VEodXW5/HMLf9IK4m5OyrCI7HakhW8iObMNeHSCxLizxpRkSj5qglAgIIEF4tCd3AINbXnFNAjRvKQofTVjKYXw8EhD7G0/ZGLTYnTQFL8Igrc6ox5RsdKgCN1VsHp7tpEEtBsgeGT/z3gDSB7hLYd9RCfBkV0= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626155442; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=gDuTuRvvyyjY/C3Rw978QPEPGrNt41qFTnQqUM9FCgE=; b=PnwaTbCkwrdymA9NFyAzZAH+HGGSChZXO16cEzEBINuExBuyvL8OWU9BI225BmZGBuhyOwrKpGhS1302ncDGnTPyAZ+CasyaFu5HU5LFO8+Pvh49VzPTbC4zzrWgfQl7Y4MzSlM7ZaPHX4e2D4lytA9m23eugFwC3N6CckdH4k8= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=bu.edu); dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1626155442204923.9962584329999; Mon, 12 Jul 2021 22:50:42 -0700 (PDT) Received: from localhost ([::1]:58316 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3BJY-0005GN-Vp for importer@patchew.org; Tue, 13 Jul 2021 01:50:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43266) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3BIS-0003Kk-Pq for qemu-devel@nongnu.org; Tue, 13 Jul 2021 01:49:32 -0400 Received: from mail-bn8nam11on2099.outbound.protection.outlook.com ([40.107.236.99]:46657 helo=NAM11-BN8-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3BIQ-0007xc-6y for qemu-devel@nongnu.org; Tue, 13 Jul 2021 01:49:31 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN2PR03MB2285.namprd03.prod.outlook.com (2603:10b6:804:d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Tue, 13 Jul 2021 05:48:57 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::24fc:a5d:be8d:eb3f]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::24fc:a5d:be8d:eb3f%3]) with mapi id 15.20.4308.027; Tue, 13 Jul 2021 05:48:57 +0000 Received: from stormtrooper.vrmnet (72.74.210.193) by MN2PR03CA0028.namprd03.prod.outlook.com (2603:10b6:208:23a::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Tue, 13 Jul 2021 05:48:56 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K8HCZWtA+LoWCcKEJHUXzj/O7A1Z9NpEeVKE48eM/f9hanj25kTEpdV8XlWBJEhjiRNsl24NMSryYZnhHalIKb08dURRAmBDt9gm05303aoayrf2Kf84Ub6LDRnWSY741F8/TzH5u9golnKSFW7jos2sG7NwuEwm25KEXhxinMjf8uXeMv0kaDPCAQtxWeFUIP1s6MeRDxvxNRq3rRa8W+AFb/4cg/HxWGw9MFy/p8nBBqYSq1p5hKGfsV3BS+X7vr/SWh20zrOTnZmrUMu3ZX6ZAFL0kNYN28THrKDMpCy4Et/gf1ek7vGqW0f4272NcjDjvQIajNSxF/kNYLaXHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gDuTuRvvyyjY/C3Rw978QPEPGrNt41qFTnQqUM9FCgE=; b=Qk/YsSlVP32L5KSDcv3sXL7L1M/1a34fdPEVB80vuQ9VCyGyrHESwBoCq2prDiQw/nltw+725Skvtneki7cogPjDDq/hhPYdX0lLd4RswrEeOdzHaELNlWlPaQ8Aw/IYpqk4ZuljrNinv5lDfU1z7pln+MgOZOC/ALgYqKpxdgJlPvMq1kzhhcWe9vPVbnQ9W8i2RDPbZm8DTW2B8a7TTRuMjA5FQU3OVQYDi+Epp6d3LAvjzEhY3e/4LjNcjhXvZq6Thim0bNqRl3YkJpGqzCt7AoNUZiWAHcxH8jFpytqMRLO8DdQ770NV/Pmt0ixrK2RpwWv1VA19nXSWF+LDCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gDuTuRvvyyjY/C3Rw978QPEPGrNt41qFTnQqUM9FCgE=; b=0YfVwUkKY6oiei1zc6UGxZijbaUr8zB9TP7O2WN77xTpZwu89XV4Z//bZAtz8GOEKzemP09bA3+6HKH3OVJAIOROCqo5pdkR1or6i1GsVld9cF0Nc9jNG0Mv6yH6TE7DQOWMEIQ2+clNQlfKbo6wLazOHspQchxhvBl3D2fB8aE= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PULL 2/3] fuzz: adjust timeout to allow for longer inputs Date: Tue, 13 Jul 2021 01:48:35 -0400 Message-Id: <20210713054836.154421-3-alxndr@bu.edu> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20210713054836.154421-1-alxndr@bu.edu> References: <20210713054836.154421-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR03CA0028.namprd03.prod.outlook.com (2603:10b6:208:23a::33) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5f3a57ce-b65a-4cfe-01eb-08d945c1e7be X-MS-TrafficTypeDiagnostic: SN2PR03MB2285: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:765; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PMpCxN+z5hMEnOlEfWICtQLObVO+HJbP6Q+y0SaWEtK+9YRv9VZsS/QIZ0j7d9kb3QU4CiXd/Ny2H3jjpCcThaQI0EXn4cc1EJaNiVLwJE+T4U1YHBgvZx5mG5kC8c3b0V+zfzEfaVNqQC3lxeOjo87wFxgBiOqTuiNuAHGkOV4z53qmwqQiSZEuqTZzCf9ysbKvGCs3VsPYPndDavT92K9mf4I+mbwmtqLxoRxAQZS5xF8uqp0SNBV5K1v2w9hBvNV0S8sFMQ10oAtIDeIxK0ks6GXmwIe6xWkpn9ZUrDqtVoR580b+AntFS/+Z8PfjaUPXjpMcYFfbzJEG8JoqCl30aNElrKK2yIJTAiNVz+eTV64yVzrWKCf61w491RqvhgX/OZe6pYTJgWGLW/tuyjdrmi3RP3fqggRo+aSlgE/79KhnHtx2IJvS2Bpymo7nk0Asdsm9yKqTMzVoaOWnDdaMETTCzGx2JB+wmJq5O2/LgSxccB1Z4KA1t6PozckF+NpY1FP4BH1PLbjloQtLXuzkSpE0uL9HiBJzR/kJ4pRqKzwSlcEfVdVZbrWOoKZl8t0u9/T61za5OwQCX0rjiDLJs6u4qg/KG0dYryb1hCp54+cVJpsfpjOZ/Cn2CtDqDyXl5cFwnUnStUDyx2BzK9/7PJYDuuDrajZiPl+B+54Ypei2xkaEoy4opNZ/r8e6nEhMdRfzA3wv9LotyydgU8sjcnZbyex+s6Xpb3n4aa0= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(366004)(39860400002)(136003)(376002)(75432002)(26005)(8676002)(36756003)(6506007)(86362001)(52116002)(6512007)(38350700002)(8936002)(316002)(786003)(38100700002)(956004)(6486002)(5660300002)(2616005)(66476007)(66946007)(66556008)(4326008)(478600001)(54906003)(1076003)(6916009)(2906002)(83380400001)(186003)(6666004)(148743002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?v8fviQpjlBSOZ1gxJwLQv/ia7w0wcmFs3+pn+/R5Lmd3HUzXxsZ20TZOWEI5?= =?us-ascii?Q?p5/MO9tmbdETC8BuXmr6XVINRucrvBrgyKM8dE99GWp4Rphs+8uSh4I72rVA?= =?us-ascii?Q?Z4EGKclSJOPs91yHrZJGLwjs3l8JhEqglNvHGdgMFGhMcKH/UrEZLMMvXnFQ?= =?us-ascii?Q?lukPdjp3NDCTfYD4pBNjHcs08Q2BjLgb1lD2cEZJXNxl9QclsebubQFiCfVj?= =?us-ascii?Q?6MLha7Bw23qnKkTJO0ofMWGJsypp/mw5+IkiQEauDZoLh9nbYhHB2V0giB27?= =?us-ascii?Q?+mxcjK6+sZAdwPTp6TgDBrlSoQVB3Gktsq5pxF+LHybtg4TtG6Of4WpJAooe?= =?us-ascii?Q?RXOjYblXxJzTzn/mtBm03JPsdiyzFaNiEKss4JZevVPP/Vj28Aj5aURF8zSp?= =?us-ascii?Q?Xjf2U1VXEOofBZ32pQpWFhkY+CQfm64rrgcr8aB3bJHMdP9t6kmXhV0cHMrD?= =?us-ascii?Q?kLgsBndAOSdfpfwSqi82jk2F0i1svhn9Svxis4uCzGxUaCFM9egOKMDKGnVJ?= =?us-ascii?Q?YH8A8P7k9agvb2wxGAO2l/ib8mb2PzOQzdsXYFFtxzox0OQf48zDIngekljL?= =?us-ascii?Q?ZgI3QvEW0aOChW/7claj0hA/4qrcB25EoyNGSJTTRflX1YMYgMjO/Pb/uOCp?= =?us-ascii?Q?hh+4swPt+5wzehUrvTiAJQNs488Z4J9AtxPltCnj8FTVLfGgGKzjGGKP6Tfi?= =?us-ascii?Q?qDXiLn7ma01bbo7GR1s3nYVdfmxO9UTf5BPUSupYPewlnlrrh71WGOejzhmL?= =?us-ascii?Q?42RAKAC8JpzlVfuGVKZNRZ6FwQrGCDcQ7Ge4DrvakNqKf5/85ZnZRURpj62Y?= =?us-ascii?Q?sJhuUIRcjx+HA0w7uuZ36qoS5Vu9txgrmpGR5VK6+vSqzk3zxwaYnhWOG2bd?= =?us-ascii?Q?BfQ+96aO4KI9DtwKf3dHhHtT1tsB4xEeeCnz8e4hOEjkNZGJ4oKedqL3N0Ur?= =?us-ascii?Q?tZgh8V8Md/dD1+QQ6YoAVZIlxCqKB/sM5Bl0uigfZZrrkLKOxTuqoTfnxkZj?= =?us-ascii?Q?U+R+V3rbbl+Pk0WJu5jQrPQ+9k3ApuIfogrhCDY1soDPImvywSC7RepU7708?= =?us-ascii?Q?QOPGikqD1XpwbmxtKBkN9JpzXiBWIe1ukYxE9MEnWi/aVjrwHu0zpKufi10Z?= =?us-ascii?Q?/wz6Epz4Qf66iawgikzxWWlPMnOdM9jNmmZ+ZYkEv8W+MzEuScL1OlrTEWUh?= =?us-ascii?Q?a2w7CD5BW1OLbaVhJWR7hcKxZpnFZbKPAqsv1Kw7R4a3K18J9rClMwR15G7M?= =?us-ascii?Q?cDdMjEYq33b6MZQSfcSXfMyULHzGcRJjln6N2zgL00HADzBBCGGZsqUpU/gR?= =?us-ascii?Q?A8hqCCyJZhVltW/jIxFUGpSg?= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 5f3a57ce-b65a-4cfe-01eb-08d945c1e7be X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jul 2021 05:48:57.0418 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BCX50VpgjY2P3u+8UfEPcx8yGIUFwomQ1jcNC5BTgwsPCDbW0XdloImYYC584Vv0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR03MB2285 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.236.99; envelope-from=alxndr@bu.edu; helo=NAM11-BN8-obe.outbound.protection.outlook.com X-Spam_score_int: -8 X-Spam_score: -0.9 X-Spam_bar: / X-Spam_report: (-0.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.998, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Darren Kenny , Alexander Bulekov Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) X-ZM-MESSAGEID: 1626155443122100002 Content-Type: text/plain; charset="utf-8" Using a custom timeout is useful to continue fuzzing complex devices, even after we run into some slow code-path. However, simply adding a fixed timeout to each input effectively caps the maximum input length/number of operations at some artificial value. There are two major problems with this: 1. Some code might only be reachable through long IO sequences. 2. Longer inputs can actually be _better_ for performance. While the raw number of fuzzer executions decreases with larger inputs, the number of MMIO/PIO/DMA operation/second actually increases, since were are speding proportionately less time fork()ing. With this change, we keep the custom-timeout, but we renew it, prior to each MMIO/PIO/DMA operation. Thus, we time-out only when a specific operation takes a long time. Reviewed-by: Darren Kenny Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/generic_fuzz.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuz= z.c index 0ea47298b7..80eb29bd2d 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -668,15 +668,16 @@ static void generic_fuzz(QTestState *s, const unsigne= d char *Data, size_t Size) uint8_t op; =20 if (fork() =3D=3D 0) { + struct sigaction sact; + struct itimerval timer; /* * Sometimes the fuzzer will find inputs that take quite a long ti= me to * process. Often times, these inputs do not result in new coverag= e. * Even if these inputs might be interesting, they can slow down t= he - * fuzzer, overall. Set a timeout to avoid hurting performance, to= o much + * fuzzer, overall. Set a timeout for each command to avoid hurting + * performance, too much */ if (timeout) { - struct sigaction sact; - struct itimerval timer; =20 sigemptyset(&sact.sa_mask); sact.sa_flags =3D SA_NODEFER; @@ -686,13 +687,17 @@ static void generic_fuzz(QTestState *s, const unsigne= d char *Data, size_t Size) memset(&timer, 0, sizeof(timer)); timer.it_value.tv_sec =3D timeout / USEC_IN_SEC; timer.it_value.tv_usec =3D timeout % USEC_IN_SEC; - setitimer(ITIMER_VIRTUAL, &timer, NULL); } =20 op_clear_dma_patterns(s, NULL, 0); pci_disabled =3D false; =20 while (cmd && Size) { + /* Reset the timeout, each time we run a new command */ + if (timeout) { + setitimer(ITIMER_VIRTUAL, &timer, NULL); + } + /* Get the length until the next command or end of input */ nextcmd =3D memmem(cmd, Size, SEPARATOR, strlen(SEPARATOR)); cmd_len =3D nextcmd ? nextcmd - cmd : Size; --=20 2.28.0 From nobody Tue Feb 10 07:47:52 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=bu.edu); dmarc=fail(p=none dis=none) header.from=bu.edu ARC-Seal: i=2; a=rsa-sha256; t=1626155445; cv=pass; d=zohomail.com; s=zohoarc; b=VO2SZ8AixCcvfL/3dxFbLQd0xOTLoyybW5MgkIQwcFQ2/6MNu7DrQDZp2K/wnBXj/ReVfby2vUy5+8kw+M+bclH1uiU53wvA7+He6Ynq1BwSLwz5L+kIActSNGusxdMLws9KtCiFY3z3o2m3GOVac5Nxnuj5Mny1h2t0s09Y+ec= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626155445; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=STAop5EeQRWZdjaIIcDmyEZvZ2r6HOsIObiX6/i4yh0=; b=UK0eoU/2/kbX8cDQlATPdoj2jIofsIKjtLkDcP+R8PhqqpMkRm2tQSfEkNT7xNNR+YR22KJ4qzQW9EAF06KKtz58vka+WnmbEXW+3hqWFK9qSIXYdmW5f0ygog1qc/tytdFI46EcogOpXZdLLD2jZqy5mgI1anumOaA6PM1STZI= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=bu.edu); dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 162615544554518.768299722867823; Mon, 12 Jul 2021 22:50:45 -0700 (PDT) Received: from localhost ([::1]:58616 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m3BJc-0005SJ-Ap for importer@patchew.org; Tue, 13 Jul 2021 01:50:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43290) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3BIV-0003Nz-FX for qemu-devel@nongnu.org; Tue, 13 Jul 2021 01:49:35 -0400 Received: from mail-bn8nam11on2099.outbound.protection.outlook.com ([40.107.236.99]:46657 helo=NAM11-BN8-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m3BIU-0007xc-01 for qemu-devel@nongnu.org; Tue, 13 Jul 2021 01:49:35 -0400 Received: from SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) by SN2PR03MB2285.namprd03.prod.outlook.com (2603:10b6:804:d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Tue, 13 Jul 2021 05:48:57 +0000 Received: from SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::24fc:a5d:be8d:eb3f]) by SN6PR03MB3871.namprd03.prod.outlook.com ([fe80::24fc:a5d:be8d:eb3f%3]) with mapi id 15.20.4308.027; Tue, 13 Jul 2021 05:48:57 +0000 Received: from stormtrooper.vrmnet (72.74.210.193) by MN2PR03CA0028.namprd03.prod.outlook.com (2603:10b6:208:23a::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Tue, 13 Jul 2021 05:48:57 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l4nHsTB9ZHocQJhMD7FirZyFzYixY5io05z58X+xRaJ56WXYuJ6pArzeCHMtpzOo6L+BTro7TTTovz6r0wMEWre6JZ3Md0uieBA7CokzcEhIBwxtiXvYYqliMajKiM0qe1RSMtmiTZrdDkHzjDcbhKUBEnLv0phk8Lo0JhNdPj5FERePRZKWk0lI0e7rtmugOUkTfr0RtO1o6U9fMDTOBUPquK9PAv8BaJl6S1iJ9KtRu/po8GE3AjxvjTt7oOZOhAq+Jl5C5MjM538O4dmpEMu9ANKsyTWZtN3UMFLbM155jKMUbeLbRIr578pzlMLezj1qBH9VfGL+rKJvAQztFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=STAop5EeQRWZdjaIIcDmyEZvZ2r6HOsIObiX6/i4yh0=; b=DIVoCGoX1Eqzym+L9NR5lRKsudN0Jn2qX4Vs/cgowpP9nApPnq4oOmHYKYqG8/xiowsEgOCEDYjCsaxBvjSS8ZtmiROQ2Z+7IM8HUVmeWkp+eLxIAzzlDfqt6+GU7wnTzlIPGWD/EHg2oZiwISQHhg08mzbxhHKM3dPleVXupI5EOl8iMg0rCzYCsXSt+n+A8bJ8DgnyocxHVdLcniLM7hQuuDF9jvM5KWrood41Jg1IUEif01N+NwGbYg0tBDLAi2GF4BtqLapByixR+TnRETcpaER8IPZzLBd+1+v5baW8SM8PGXdrYYpwEO8ML/GOCVBQnn3I5TamgE2qdgq7jA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bu.edu; dmarc=pass action=none header.from=bu.edu; dkim=pass header.d=bu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector2-bushare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=STAop5EeQRWZdjaIIcDmyEZvZ2r6HOsIObiX6/i4yh0=; b=TphIlzrZkqOiNFMxjlNk7TdObevyCDHGiyIsCruR4dIbIZJ3Ac7hIVnBe/1faDkMnkKXUV3M9RQn3U06h2ztrhqgQSNKN31KjsEyTcFPcw9x3R9hezGV55fyhi0/Amq6QvzhFaQfYekFQTmq/NJxAOEpjr2gBBzz9r7khUuBEGk= Authentication-Results: nongnu.org; dkim=none (message not signed) header.d=none;nongnu.org; dmarc=none action=none header.from=bu.edu; From: Alexander Bulekov To: qemu-devel@nongnu.org Subject: [PULL 3/3] fuzz: make object-name matching case-insensitive Date: Tue, 13 Jul 2021 01:48:36 -0400 Message-Id: <20210713054836.154421-4-alxndr@bu.edu> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20210713054836.154421-1-alxndr@bu.edu> References: <20210713054836.154421-1-alxndr@bu.edu> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR03CA0028.namprd03.prod.outlook.com (2603:10b6:208:23a::33) To SN6PR03MB3871.namprd03.prod.outlook.com (2603:10b6:805:6d::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 46c8ccc6-f8a2-4e77-d38b-08d945c1e829 X-MS-TrafficTypeDiagnostic: SN2PR03MB2285: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:323; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sYF1Lc342Gma0uYoXcx7WJhofREJdeo+IZjh02+w6LBz62zS1UlFhHZCzj6BmE72d7SYwdSI/goDx3WNhutfIiriU+B1+VfMB0AXQU8LW7GNgcl15PwEydSFkYED4hva7bTB6+Vrro3X/FxkT/m74vyUhaCa+YXI0kxOwDa6Iy8+CJ99M0YH6XRRVwq+uFmGZzYgXGb4kpB2jWdJqAoJLFr4htcP1jAeCz5od7PJPLIwqiivLDzSioYb3Uly6qCLrza82drNcHN/g4gkbXnhwhIOTF3VViRg8ZpFAo8HF2LbajuEsv2XReihSX8CbB74wf2Pk7MHUzXDmdkSCSLxiphTNsFLlbZgvVj73efD6vqUWRc0YjvI0N7zG6QVFhoAeA0lZ6bBpin5jnZhg7pHEuXVK5eV7YiQt1emcO2Negssp2oDM9ZWRfiewZgH5LQaGfrOaenZfp1pdzAwmssYemCGvDRGeD2DlLT4ww7lCveTp8PKV6eFVmK43o/ALXCNZ9Scrl9HK2LEjzCJuwlmUL9kMSCkzbvKmQNDFjN2jNRMARawPYDMW/+KNh0UUbozqkELTrtFf+esSsAU9CP1KahzDJP19gNCdAAEW0F4/QLVczjG1a0U6IVX7FiKxE2guoIm7b/wxSHa04CORANzqKWqOqFQpByLhyEXGdJvGcefUr2GBIz4Or2uchfIyeeaQDtGsrgyzlJf01kszhDTzA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR03MB3871.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(366004)(39860400002)(136003)(376002)(75432002)(26005)(8676002)(36756003)(6506007)(86362001)(52116002)(6512007)(38350700002)(8936002)(316002)(786003)(38100700002)(956004)(6486002)(5660300002)(2616005)(66476007)(66946007)(66556008)(4326008)(478600001)(54906003)(1076003)(6916009)(2906002)(83380400001)(186003)(6666004); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?dMfcf38McKvXZ9Gui/GhltTtNq2X90gpW/spgIgby7LB9EH6QJ668m2tlEeT?= =?us-ascii?Q?6jBb4UdvTXH0pIruTr2x+L6wTchn85/7oU1OhSYBK+POwfOytxr+K+GqJ7cv?= =?us-ascii?Q?cbNwc2iOyyQ6vMRpCEbIeIipbq0hp/r8LfSlUpYQAuDKG1p3l/xVEz96S28z?= =?us-ascii?Q?YTCansH/q00RMEF5LL/C+a9vpVkkuYRBCQXhPBvvB6DZYocRFksCO7QaZlnm?= =?us-ascii?Q?a+33IQatUY2KwGzXSyl0/JyVrcraY0PphsDCSIlfGK7O9iaEYoWxm8Q9AGbM?= =?us-ascii?Q?kHOpQlveLz05+ZHPugzg6XuA4wRwA4783x19TuegYK+IuLKK+F4l77cWXwVE?= =?us-ascii?Q?sRs8y/les51LWvNaXvqXZMRklZZ77y7GaP5IU5SP3nasPqbexpogPpYECdHv?= =?us-ascii?Q?y0d0di85Fxr1UNlMdXfm4976MxXRl4MqzJvDZu5SwM0g6nP1wzhJ9T13DZ1H?= =?us-ascii?Q?R1EOkLUy4VytPp02paf8G3yDecs8I/BWMmncWWWB6C2V8CORfbqzNZar8F9c?= =?us-ascii?Q?rB7NWIT/ZkC6VmIuOIZBJWO69lB76zvA28I3luVAHvJSEe8oCc/Zx23/K0Pl?= =?us-ascii?Q?yWoF3tMwAs7mLYe/mf/ucB+OOL9kmN5bgWmHeXIMR55XmLdlsKn5lFDCxOBp?= =?us-ascii?Q?6/SmfPBUkaqIfdBGp6TeDztPXoRcmFMYv70OxWz75a0xAI4w07v6mX+K7XpL?= =?us-ascii?Q?/lTBPoOii0lyA7SokvIKO01bc0bD/enwQMLpW5FE39cv6PuBS6G2r1hn1N7L?= =?us-ascii?Q?CugqT6dc2SV0zYGXsc/iukYF2KKr8EVvo3Ay4muNpjaeBllDJzCnB8UrRXZl?= =?us-ascii?Q?3BKlLQFRHTRnqK2Ut6r2l8tVYtR9r4m+mZTTwSEFuMdmX1siydTpEeWLRLnA?= =?us-ascii?Q?6GjhArqzeJ/qLn4LrNk4xNr1SHKW19IOjIRBuQG5CEmofzVB5FJxzYsg6H9k?= =?us-ascii?Q?akDStd2/ragVcnFTWL2eNNJeKB86g43+i5Z2aVKi1qDX6MrlMeLDsF02M6O+?= =?us-ascii?Q?wtPrCirh16nFzc8FiwYpcCcUTJt8TFiXqd0IwtchUfE/tLrnKwNPFdRlExi4?= =?us-ascii?Q?fFL9UM9Ps2SHxdbwrWprXj24Naaxn9d4z8E9E38oB1QOKcYiI5FR6rgvj6yp?= =?us-ascii?Q?xCWGevdx0A24mncAoCZVgKAtRzi8pNQrvlLJe/1jl3gXgYWPow+5CdT0tEUx?= =?us-ascii?Q?wGQlh/AxLld2r5LB1kwYn1APvWmesn0CddlEHtAn/kKfX6eGger4vr51ZYUm?= =?us-ascii?Q?dHVTYhddhdox4SuGstUhRJ2BoToGpJb8Pa3kzT/WnQAHfhI2rqKmAQuTK+tr?= =?us-ascii?Q?+mDk5w/EVtsiZ/DplBRxKHfP?= X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 46c8ccc6-f8a2-4e77-d38b-08d945c1e829 X-MS-Exchange-CrossTenant-AuthSource: SN6PR03MB3871.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jul 2021 05:48:57.7144 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: yUATXIoVFfR8BZ+AP1LSjcyZuIK6r2w2b00sy975q/ZaP1IAmZkEF3AOFdNrHWI8 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR03MB2285 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=40.107.236.99; envelope-from=alxndr@bu.edu; helo=NAM11-BN8-obe.outbound.protection.outlook.com X-Spam_score_int: -8 X-Spam_score: -0.9 X-Spam_bar: / X-Spam_report: (-0.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.998, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Darren Kenny , Alexander Bulekov Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @bushare.onmicrosoft.com) X-ZM-MESSAGEID: 1626155447227100001 Content-Type: text/plain; charset="utf-8" We have some configs for devices such as the AC97 and ES1370 that were not matching memory-regions correctly, because the configs provided lowercase names. To resolve these problems and prevent them from occurring again in the future, convert both the pattern and names to lower-case, prior to checking for a match. Suggested-by: Darren Kenny Reviewed-by: Darren Kenny Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/generic_fuzz.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuz= z.c index 80eb29bd2d..3e8ce29227 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -758,8 +758,13 @@ static int locate_fuzz_memory_regions(Object *child, v= oid *opaque) =20 static int locate_fuzz_objects(Object *child, void *opaque) { + GString *type_name; + GString *path_name; char *pattern =3D opaque; - if (g_pattern_match_simple(pattern, object_get_typename(child))) { + + type_name =3D g_string_new(object_get_typename(child)); + g_string_ascii_down(type_name); + if (g_pattern_match_simple(pattern, type_name->str)) { /* Find and save ptrs to any child MemoryRegions */ object_child_foreach_recursive(child, locate_fuzz_memory_regions, = NULL); =20 @@ -776,8 +781,9 @@ static int locate_fuzz_objects(Object *child, void *opa= que) g_ptr_array_add(fuzzable_pci_devices, PCI_DEVICE(child)); } } else if (object_dynamic_cast(OBJECT(child), TYPE_MEMORY_REGION)) { - if (g_pattern_match_simple(pattern, - object_get_canonical_path_component(child))) { + path_name =3D g_string_new(object_get_canonical_path_component(chi= ld)); + g_string_ascii_down(path_name); + if (g_pattern_match_simple(pattern, path_name->str)) { MemoryRegion *mr; mr =3D MEMORY_REGION(child); if ((memory_region_is_ram(mr) || @@ -786,7 +792,9 @@ static int locate_fuzz_objects(Object *child, void *opa= que) g_hash_table_insert(fuzzable_memoryregions, mr, (gpointer)= true); } } + g_string_free(path_name, true); } + g_string_free(type_name, true); return 0; } =20 @@ -814,6 +822,7 @@ static void generic_pre_fuzz(QTestState *s) MemoryRegion *mr; QPCIBus *pcibus; char **result; + GString *name_pattern; =20 if (!getenv("QEMU_FUZZ_OBJECTS")) { usage(); @@ -843,10 +852,17 @@ static void generic_pre_fuzz(QTestState *s) =20 result =3D g_strsplit(getenv("QEMU_FUZZ_OBJECTS"), " ", -1); for (int i =3D 0; result[i] !=3D NULL; i++) { + name_pattern =3D g_string_new(result[i]); + /* + * Make the pattern lowercase. We do the same for all the MemoryRe= gion + * and Type names so the configs are case-insensitive. + */ + g_string_ascii_down(name_pattern); printf("Matching objects by name %s\n", result[i]); object_child_foreach_recursive(qdev_get_machine(), locate_fuzz_objects, - result[i]); + name_pattern->str); + g_string_free(name_pattern, true); } g_strfreev(result); printf("This process will try to fuzz the following MemoryRegions:\n"); --=20 2.28.0