I'm not sure I understand. We try to avoid writing to MMIO regions in fuzz_dma_read_cb to avoid such false-positives. E.g. that's why we have code to do address_space_translate and manually walk the AddressSpace and verify that we are writing to RAM, before doing the actual qtest_memwrite. There is a fix to that code that need to be applied, but those have to wait for the 6.1 release. BTW, since this is about the generic-fuzzer rather than this bug, I cc-ed qemu-devel. Let's continue the discussion there.
-Alex On 210823 0132, 李秋豪 (@QiuhaoLi) wrote: > > > > 李秋豪 commented on a discussion: > https://gitlab.com/qemu-project/qemu/-/issues/541#note_657305687 > > Ok, I add a reply to my report about #540 and #541. > > Btw, it suddenly occurred to me that our generic-fuzzer can also make reentry > issues. For example, a device tries to read from a mmio region while being > fuzzed, but the fuzz_dma_read_cb() will write to that region, thus leading to > positive-false reentry issues. In short, we change a read action to write. > Should we add checks? > > -- > Reply to this email directly or view it on GitLab: > https://gitlab.com/qemu-project/qemu/-/issues/541#note_657305687 > You're receiving this email because of your account on gitlab.com. > >
