On Wednesday, 2020-08-19 at 02:11:03 -04, Alexander Bulekov wrote: > This new operation is used in the next commit, which concatenates two > fuzzer-generated inputs. With this operation, we can prevent the second > input from clobbering the PCI configuration performed by the first. > > Signed-off-by: Alexander Bulekov <[email protected]>
Reviewed-by: Darren Kenny <[email protected]> > --- > tests/qtest/fuzz/general_fuzz.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuzz.c > index 36d41acea0..26fcd69e45 100644 > --- a/tests/qtest/fuzz/general_fuzz.c > +++ b/tests/qtest/fuzz/general_fuzz.c > @@ -40,6 +40,7 @@ enum cmds{ > OP_WRITE, > OP_PCI_READ, > OP_PCI_WRITE, > + OP_DISABLE_PCI, > OP_ADD_DMA_PATTERN, > OP_CLEAR_DMA_PATTERNS, > OP_CLOCK_STEP, > @@ -93,6 +94,7 @@ static GArray *dma_regions; > > static GArray *dma_patterns; > static int dma_pattern_index; > +static bool pci_disabled = false; > > void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool > is_write); > > @@ -433,7 +435,7 @@ static void op_pci_read(QTestState *s, const unsigned > char * data, size_t len) > uint8_t base; > uint8_t offset; > } a; > - if (len < sizeof(a) || fuzzable_pci_devices->len == 0) { > + if (len < sizeof(a) || fuzzable_pci_devices->len == 0 || pci_disabled) { > return; > } > memcpy(&a, data, sizeof(a)); > @@ -463,7 +465,7 @@ static void op_pci_write(QTestState *s, const unsigned > char * data, size_t len) > uint8_t offset; > uint32_t value; > } a; > - if (len < sizeof(a) || fuzzable_pci_devices->len == 0) { > + if (len < sizeof(a) || fuzzable_pci_devices->len == 0 || pci_disabled) { > return; > } > memcpy(&a, data, sizeof(a)); > @@ -518,6 +520,11 @@ static void op_clock_step(QTestState *s, const unsigned > char *data, size_t len) > qtest_clock_step_next(s); > } > > +static void op_disable_pci(QTestState *s, const unsigned char *data, size_t > len) > +{ > + pci_disabled = true; > +} > + > static void handle_timeout(int sig) > { > if (getenv("QTEST_LOG")) { > @@ -559,6 +566,7 @@ static void general_fuzz(QTestState *s, const unsigned > char *Data, size_t Size) > [OP_WRITE] = op_write, > [OP_PCI_READ] = op_pci_read, > [OP_PCI_WRITE] = op_pci_write, > + [OP_DISABLE_PCI] = op_disable_pci, > [OP_ADD_DMA_PATTERN] = op_add_dma_pattern, > [OP_CLEAR_DMA_PATTERNS] = op_clear_dma_patterns, > [OP_CLOCK_STEP] = op_clock_step, > @@ -591,6 +599,7 @@ static void general_fuzz(QTestState *s, const unsigned > char *Data, size_t Size) > } > > op_clear_dma_patterns(s, NULL, 0); > + pci_disabled = false; > > while (cmd && Size) { > /* Get the length until the next command or end of input */ > -- > 2.27.0
