Philippe Mathieu-Daudé <[email protected]> 于2020年8月19日周三 下午10:38写道:
> On 8/19/20 4:15 PM, Li Qiang wrote: > > Currently the device fuzzer find a more and more issues. > > For every fuzz case, we need not only the fixes but also > > the coressponding test case. We can analysis the reproducer > > Typo "corresponding" > Will correct in next revision. > > > for every case and find what happened in where and write > > a beautiful test case. However the raw data of reproducer is not > > friendly to analysis. It will take a very long time, even far more > > than the fixes itself. So let's create a new file to hold all of > > the fuzz test cases and just use the raw data to act as the test > > case. This way nobody will be afraid of writing a test case for > > the fuzz reproducer. > > Ahaha nice :) > > > > > This patch adds the issue LP#1878263 test case. > > > > Signed-off-by: Li Qiang <[email protected]> > > --- > > tests/qtest/Makefile.include | 2 ++ > > tests/qtest/fuzz-test.c | 45 ++++++++++++++++++++++++++++++++++++ > > 2 files changed, 47 insertions(+) > > create mode 100644 tests/qtest/fuzz-test.c > > > > diff --git a/tests/qtest/Makefile.include b/tests/qtest/Makefile.include > > index b0204e44f2..ff460179c5 100644 > > --- a/tests/qtest/Makefile.include > > +++ b/tests/qtest/Makefile.include > > @@ -7,6 +7,7 @@ check-qtest-generic-y += machine-none-test > > check-qtest-generic-y += qmp-test > > check-qtest-generic-y += qmp-cmd-test > > check-qtest-generic-y += qom-test > > +check-qtest-generic-y += fuzz-test > > Maybe name that fuzzed-reproducers-test? > This maybe be more understandable. > > > check-qtest-generic-$(CONFIG_MODULES) += modules-test > > check-qtest-generic-y += test-hmp > > > > @@ -272,6 +273,7 @@ tests/qtest/m25p80-test$(EXESUF): > tests/qtest/m25p80-test.o > > tests/qtest/i440fx-test$(EXESUF): tests/qtest/i440fx-test.o > $(libqos-pc-obj-y) > > tests/qtest/q35-test$(EXESUF): tests/qtest/q35-test.o $(libqos-pc-obj-y) > > tests/qtest/fw_cfg-test$(EXESUF): tests/qtest/fw_cfg-test.o > $(libqos-pc-obj-y) > > +tests/qtest/fuzz-test$(EXESUF): tests/qtest/fuzz-test.o > $(libqos-pc-obj-y) > > tests/qtest/rtl8139-test$(EXESUF): tests/qtest/rtl8139-test.o > $(libqos-pc-obj-y) > > tests/qtest/pnv-xscom-test$(EXESUF): tests/qtest/pnv-xscom-test.o > > tests/qtest/wdt_ib700-test$(EXESUF): tests/qtest/wdt_ib700-test.o > > diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c > > new file mode 100644 > > index 0000000000..695c6dffb9 > > --- /dev/null > > +++ b/tests/qtest/fuzz-test.c > > @@ -0,0 +1,45 @@ > > +/* > > + * QTest testcase for fuzz case > > + * > > + * Copyright (c) 2020 Li Qiang <[email protected]> > > + * > > + * This work is licensed under the terms of the GNU GPL, version 2 or > later. > > + * See the COPYING file in the top-level directory. > > + */ > > + > > + > > +#include "qemu/osdep.h" > > + > > +#include "libqtest.h" > > + > > +/* > > + * This used to trigger the assert in scsi_dma_complete > > + * https://bugs.launchpad.net/qemu/+bug/1878263 > > + */ > > +static void test_megasas_zero_iov_cnt(void) > > I'd name it test_lp1878263_megasas_zero_iov_cnt() > This seems better. > or lp1878263_megasas_zero_iov_cnt(). > > > +{ > > + QTestState *s; > > + > > + s = qtest_init("-nographic -monitor none -serial none " > > + "-M q35 -device megasas -device scsi-cd,drive=null0 " > > + "-blockdev > driver=null-co,read-zeroes=on,node-name=null0"); > > + qtest_outl(s, 0xcf8, 0x80001818); > > + qtest_outl(s, 0xcfc, 0xc101); > > + qtest_outl(s, 0xcf8, 0x8000181c); > > + qtest_outl(s, 0xcf8, 0x80001804); > > + qtest_outw(s, 0xcfc, 0x7); > > + qtest_outl(s, 0xcf8, 0x8000186a); > > + qtest_writeb(s, 0x14, 0xfe); > > + qtest_writeb(s, 0x0, 0x02); > > + qtest_outb(s, 0xc1c0, 0x17); > > + qtest_quit(s); > > Actually all the test body could be generated... Alex, can you have a look at that? > > > +} > > + > > +int main(int argc, char **argv) > > +{ > > + g_test_init(&argc, &argv, NULL); > > + > > + qtest_add_func("fuzz/megasas_zero_iov_cnt", > test_megasas_zero_iov_cnt); > > + > > + return g_test_run(); > > The problem is now the test suite will fail because this test is not > fixed. > > Yes, as Paolo queued my patch to solve this: -->https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg03712.html I think this patch should go Paolo's tree. Thanks, Li Qiang > Good idea btw :) > > > +} > > > >
