rted-by: Thomas Huth
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> softmmu/memory.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/softmmu/memory.c b/softmmu/memory.c
> index b7b3386e9d..26424f1d78 100644
> --- a/so
On Thursday, 2023-04-27 at 17:10:12 -04, Alexander Bulekov wrote:
> As the code is designed for re-entrant calls from raven_io_ops to
> pci-conf, mark raven_io_ops as reentrancy-safe.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> hw/pci-host/raven.
On Thursday, 2023-04-27 at 09:52:33 -04, Alexander Bulekov wrote:
> As the code is designed for re-entrant calls to apic-msi, mark apic-msi
> as reentrancy-safe.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> Based-on: <20230426161951.2948996-1-a
t; MemoryRegion.
>
> Reported-by: Fiona Ebner
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> hw/scsi/lsi53c895a.c | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
> index af93557a9a..db27
On Monday, 2023-03-13 at 04:24:16 -04, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> include/exec/memory.h | 3 +++
> softmmu/memory.c | 2 +-
> 2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/in
version 12.
>
> This can be fixed by ensuring we always call g_test_init first in the
> body of main.
>
> Thanks: Daniel Berrange, for diagnosing the problem
> Signed-off-by: Richard W.M. Jones
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> tests/qtest/fuzz-lsi5
I know this is a pull request, but if you prefer to have all the patches
with and R-b, you can add mine here too, but I'll leave it up to you.
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Thursday, 2023-02-16 at 23:08:47 -05, Alexander Bulekov wrote:
> As we are converting most fu
Hi Alex,
Everything looks good to me, I don't have anything else to add:
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Saturday, 2023-02-04 at 23:07:33 -05, Alexander Bulekov wrote:
> These patches aim to solve two types of DMA-reentrancy issues:
>
> 1.) mmio -> dma ->
On Saturday, 2023-02-04 at 23:29:51 -05, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> docs/devel/fuzzing.rst | 22 ++
> 1 file changed, 2 insertions(+), 20 deletions(-)
>
> diff
lution as it depends on internal implementation details of libFuzzer
> (which is no longer in active development). Remove it in favor of other
> methods of resetting state between inputs.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Thanks,
Darre
On Saturday, 2023-02-04 at 23:29:49 -05, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> tests/qtest/fuzz/i440fx_fuzz.c | 27 +--
> 1 file changed, 1 insertion(+), 26 deletions(-)
>
>
On Saturday, 2023-02-04 at 23:29:48 -05, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> tests/qtest/fuzz/virtio_blk_fuzz.c | 51 --
> 1 file changed, 7 insertions(+), 44 deletions(-)
>
On Saturday, 2023-02-04 at 23:29:47 -05, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> tests/qtest/fuzz/virtio_net_fuzz.c | 54 +++---
> 1 file changed, 5 insertions(+), 49 deletions(-)
>
On Saturday, 2023-02-04 at 23:29:46 -05, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> tests/qtest/fuzz/virtio_scsi_fuzz.c | 51 -
> 1 file changed, 7 insertions(+), 44 deletions(-)
>
signed
> char *Data, size_t Size)
>
> op_clear_dma_patterns(s, NULL, 0);
> pci_disabled = false;
> +dma_bytes_written = 0;
>
> QPCIBus *pcibus = qpci_new_pc(s, NULL);
> g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus);
> --
> 2.39.0
While this will still consume the existing corpus, is it likely to
cause these existing corpus to be trimmed?
Otherwise, the changes look good:
Reviewed-by: Darren Kenny
Thanks,
Darren.
? nextcmd + sizeof(SEPARATOR) - 1 : nextcmd;
> -Size = Size - (cmd_len + sizeof(SEPARATOR) - 1);
> - g_array_set_size(dma_regions, 0);
> +/* Run the main loop */
> +flush_events(s);
> }
> -_Exit(0);
> -} else {
> -flush_events(s);
> -wait(0);
> +/* Advance to the next command */
> +cmd = nextcmd ? nextcmd + sizeof(SEPARATOR) - 1 : nextcmd;
> +Size = Size - (cmd_len + sizeof(SEPARATOR) - 1);
> +g_array_set_size(dma_regions, 0);
> }
> +fuzz_reboot(s);
>
Guess this should be changed too if the declared function is too.
These are only nits, so:
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Sunday, 2023-02-05 at 11:50:52 +01, Philippe Mathieu-Daudé wrote:
> On 5/2/23 05:29, Alexander Bulekov wrote:
>> As we are converting most fuzzers to rely on reboots to reset state,
>> introduce an API to make sure reboots are invoked in a consistent
>> manner.
>>
>> Signed-off-by: Alexander Bu
cated pages on system-reset.
>>
>> Signed-off-by: Alexander Bulekov
>> ---
>> hw/mem/sparse-mem.c | 13 -
>> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
Thanks,
Darren.
Hi Alex,
>From my perspective, I'm happy with the changes made, so from me at
least:
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Thursday, 2023-01-26 at 00:25:54 -05, Alexander Bulekov wrote:
> These patches aim to solve two types of DMA-reentrancy issues:
>
> 1.) mmio -&
Hi Alex,
Generally, this looks good, but I do have a comment below...
On Thursday, 2023-01-19 at 02:00:02 -05, Alexander Bulekov wrote:
> Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
> This flag is set/checked prior to calling a device's MemoryRegion
> handlers, and se
U, use bcc tool to track the latency of
> 'hmp_info_registers':
> 'info registers -a' uses about 3ms;
> 'info registers 12' uses about 150us.
>
> Cc: Darren Kenny
> Reviewed-by: Markus Armbruster
> Signed-off-by: zhenwei pi
Reviewed-by: D
On Tuesday, 2022-07-19 at 15:55:44 +08, zhenwei pi wrote:
> Originally we have to get all the vCPU registers and parse the
> specified one. To improve the performance of this usage, allow user
> specified vCPU id to query registers.
>
> Run a VM with 16 vCPU, use bcc tool to track the latency of
>
sult in a different result to:
(x ? a: b) & FLAG_TEST.
The macros should wrap each of the parameters in brackets to ensure the
correct result on expansion.
Signed-off-by: Darren Kenny
---
include/block/nvme.h | 44 ++--
1 file changed, 22 insertion
On Wednesday, 2022-06-22 at 12:28:40 -04, Alexander Bulekov wrote:
> On 220622 1703, Darren Kenny wrote:
>> Hi Alex,
>>
>> This looks good to me, so:
>>
>> Reviewed-by: Darren Kenny
>>
>> But, if it is at all possible to use Bash glob in a '
Hi Alex,
This looks good to me, so:
Reviewed-by: Darren Kenny
But, if it is at all possible to use Bash glob in a '[[ ... ]]' test
such as:
if [[ $target == generic-fuzz-* ]]; then
that might read better - but it seems the default is that we don't
assume that, or am I
Hi Alex,
I don't know this code well enough to be certain, but is a flag
sufficient here given the intent, or should it be using a more
thread-safe method like a rwlock or condition variable?
Maybe the device state structure is already protected at some level
with a mutex - just not obvious to
ue,
> &err)) {
> (gdb) p *p
> $1 = {driver = 0x56738250 "isa-fdc", property = 0x0, value = 0x0, used
> = true, optional = false}
>
> Reported-by: Thomas Huth
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/604
> Signed-off-by: Philippe Mathieu-D
For the series:
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Friday, 2021-11-19 at 21:11:39 +01, Philippe Mathieu-Daudé wrote:
> Fix issue #521 reported by Alex some months ago:
> https://gitlab.com/qemu-project/qemu/-/issues/521
>
> Philippe Mathieu-Daudé (2):
> hw/scsi
On Thursday, 2021-11-18 at 15:34:01 +01, Philippe Mathieu-Daudé wrote:
> Replace Qemu -> QEMU.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
> ---
> docs/devel/modules.rst| 2 +-
> docs/devel/multi-thread-tcg.rst | 2 +-
&g
Looks good Philippe, thanks.
So for the series:
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Thursday, 2021-11-18 at 15:57:11 +01, Philippe Mathieu-Daudé wrote:
> Various changes in docs/devel/style.rst to improve its
> rST rendering (around C types/qualifiers/functions).
>
&
On Thursday, 2021-11-18 at 15:43:17 +01, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
> ---
> docs/about/removed-features.rst| 8
> docs/devel/build-system.rst| 6 +++---
> docs/devel/mu
Hi Philippe,
A couple here too w.r.t. function/macros...
On Tuesday, 2021-11-16 at 16:13:17 +01, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> docs/devel/style.rst | 111 ++-
> 1 file changed, 56 insertions(+), 55 deletions
Hi Philippe,
There are some inconsistencies in the use of '()' when referring to
functions or macros below...
On Tuesday, 2021-11-16 at 16:13:15 +01, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> docs/devel/style.rst | 31 ---
> 1 file
Hi Philippe,
Apart from a nit on patch 1, all looks good, so:
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Thursday, 2021-11-18 at 00:24:20 +01, Philippe Mathieu-Daudé wrote:
> I'm not sure what happened to v1 from Prasad, so since we are
> at rc2 I took a simpler approach to f
On Wednesday, 2021-11-17 at 18:43:31 +01, Philippe Mathieu-Daudé wrote:
> Fixes: f5918a99283 ("microvm: add device tree support.")
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
> ---
> hw/i386/microvm-dt.c | 4 +++-
> 1 file changed, 3 insertions(+
Hi Philippe,
A small nit below, but otherwise looks good.
On Thursday, 2021-11-18 at 00:24:21 +01, Philippe Mathieu-Daudé wrote:
> Guest might select another drive on the bus by setting the
> DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR).
> The current controller model doesn't expect a Block
On Wednesday, 2021-09-08 at 08:06:27 +02, Paolo Bonzini wrote:
> On 07/09/21 13:08, Alexander Bulekov wrote:
>>
>> -if [ "$GITLAB_CI" != "true" ]; then
>> +if [ -z ${GITLAB_CI+x} ]; then
>
> I would slightly prefer to have "${GITLAB_CI+x}", since "test" in
> general doesn't like parameters that
On Tuesday, 2021-09-07 at 07:08:41 -04, Alexander Bulekov wrote:
> /src/build.sh: line 76: GITLAB_CI: unbound variable
> Fix that.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
>
> This change is in preparation to revert:
> 7602748c ("qem
Should have done this much sooner given the amount of reviewing I'm
already doing in this area.
Signed-off-by: Darren Kenny
---
MAINTAINERS | 1 +
1 file changed, 1 insertion(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 6b3697962c1b..5bef084ca173 100644
--- a/MAINTAINERS
+++ b/MAINTA
ff-by: Qiuhao Li
>
> Reviewed-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Thanks,
Darren.
/me toddles off now to add himself too, duh...
at
> the remote cost of potentially missing some cases that break oss-fuzz
> builds.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
>
> From a couple test runs it looks like this can shave off 15-20 minutes.
>
> scripts/oss-fuzz/build.sh | 24 ++
; This might cause inputs to timeout sometimes due to scheduling
> effects/ambient load, but it is better than bringing the entire fuzzing
> process to a halt.
>
> Based-on: <20210713150037.9297-1-alx...@bu.edu>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren
t;20210713150037.9297-1-alx...@bu.edu>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/generic_fuzz.c | 5 +
> 1 file changed, 5 insertions(+)
>
> diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
>
llowlist" will only instrument a subset of the
> compiled code, that is directly related to virtual-devices.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
>
> Hi,
> Resending this one, as this did not work with the OSS-Fuzz containers.
> (The
e as a generic QEMU_CFLAGS element.
I couldn't find anything that suggests it needs the be a full-path, and
all examples seem to be a simple filename, so maybe it searches up the
directory tree, but I can't find anything to say that off-hand.
If that is acceptable, and is working, t
ks of
> memory_access_size (similar to the underlying address_space_write code),
> which will prevent accidentally hitting MMIO handlers through large
> writes.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/generic_fuzz.c | 13 ++-
esolve these problems and prevent them from
>> occurring again in the future, convert both the pattern and names to
>> lower-case, prior to checking for a match.
>>
>> Suggested-by: Darren Kenny
>> Signed-off-by: Alexander Bulekov
>> ---
>> tests/qte
t; occurring again in the future, convert both the pattern and names to
> lower-case, prior to checking for a match.
>
> Suggested-by: Darren Kenny
Thanks for doing this, LGTM.
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> tests/
icaly
TYPO: s/particaly/specific/ or s/particaly/particular/ ?
> operation takes a long time.
>
> Signed-off-by: Alexander Bulekov
Otherwise,
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> tests/qtest/fuzz/generic_fuzz.c | 13 +
> 1 file changed, 9 insert
Hi Alex,
Given that 2 of the patches here are simply adding a capitalized version
of the string, I wonder if this is something that should be case
insensitive, and thus the code should change instead?
Hypothetically, how likely is it that there are unrelated objects with
the same name but differe
/configure --meson=~/.local/bin/meson
> ERROR: Meson not found. Use --meson=/path/to/meson (absolute path)
>
> Actually in this case the fix is to use $HOME, not unexpanded ~:
>
> $ ../configure --meson=$HOME/.local/bin/meson
> The Meson build system
> Version:
e a block of memory. For now, since the only user of this device
> is the fuzzer, we do not track and free zeroed blocks. The device has a
> very low priority (so it can be mapped beneath actual RAM, and virtual
> device MMIO regions).
>
> Signed-off-by: Alexander Bulekov
Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> softmmu/memory.c | 1 -
> softmmu/physmem.c | 2 +-
> 2 files changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/softmmu/memory.c b/softmmu/memory.c
> index 874a8fccde..3b8e428064 100644
> --- a/softmm
> the DMA call-back to populate this sparse memory, correspondingly
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/generic_fuzz.c | 14 +++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/tests/qtest/f
Hi Alex,
On Saturday, 2021-03-13 at 18:18:57 -05, Alexander Bulekov wrote:
> For testing, it can be useful to simulate an enormous amount of memory
> (e.g. 2^64 RAM). This adds an MMIO device that acts as sparse memory.
> When something writes a nonzero value to a sparse-mem address, we
> allocate
On Saturday, 2021-03-13 at 23:23:57 -05, Alexander Bulekov wrote:
> We have several scripts that help build reproducers, but no
> documentation for how they should be used. Add some documentation
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> docs
On Sunday, 2021-03-14 at 00:56:37 -05, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Code-wise looks fine to me:
Reviewed-by: Darren Kenny
Thanks,
Darren
> ---
>
> Fuzzing this device might lead to better coverage over the general scsi
> code.
>
&
uch as
> clang-format
>
> Signed-off-by: Alexander Bulekov
While I have a couple of comments (nits really) below, they are not
significant enough to require another review, so:
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> scripts/oss-fuzz/output_reproducer.py | 160
ash
> handlers. Because libfuzzer relies on pipe communication with an
> external child process to print out stack-traces, we shouldn't exit
> early, and leave an orphan child. Check for children in the SIGALRM
> handler to avoid this issue.
>
> Signed-off-by: Alexande
t; current_cpu is NULL because QTest accelerator does not use CPU.
>
> Fix by skipping the check and returning the first CPU index when
> QTest accelerator is used, similarly to commit c781a2cc423
> ("hw/i386/vmport: Allow QTest use without crashing").
>
> Reported-by
d
> cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
> machine types.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
>
> v2: Fix ide-hd -> ide-cd in the ahci-atapi config
>
> tests/qtest/fuzz/generic_fuzz_configs.h | 20 +++
org/archive/html/qemu-devel/2021-01/msg04729.html
>
> This patch removes the is_write parameter to fuzz_dma_read_cb. As a
> result, we will fill all mapped DMA regions with fuzzed data, ignoring
> the specified transfer direction.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
On Tuesday, 2021-01-19 at 10:12:29 -05, Alexander Bulekov wrote:
> On 210118 1540, Darren Kenny wrote:
>> On Monday, 2021-01-18 at 10:30:33 -05, Alexander Bulekov wrote:
>> > On 210118 1334, Christian Schoenebeck wrote:
>> >> On Montag, 18. Januar 2021 00:09:
On Monday, 2021-01-18 at 10:30:33 -05, Alexander Bulekov wrote:
> On 210118 1334, Christian Schoenebeck wrote:
>> On Montag, 18. Januar 2021 00:09:24 CET Alexander Bulekov wrote:
>> > virtio-9p devices are often used to expose a virtual-filesystem to the
>> > guest. There have been some bugs report
On Sunday, 2021-01-17 at 18:09:24 -05, Alexander Bulekov wrote:
> virtio-9p devices are often used to expose a virtual-filesystem to the
> guest. There have been some bugs reported in this device, such as
> CVE-2018-19364, and CVE-2021-20181. We should fuzz this device
>
> This patch adds two virti
On Sunday, 2021-01-17 at 18:09:23 -05, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> docs/devel/fuzzing.rst | 26 ++
> 1 file changed, 26 insertions(+)
>
> diff --git a/docs/devel/fuzzing.rst b/docs
Hi Alex,
On Thursday, 2021-01-14 at 17:17:48 -05, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
In general this look good, so:
Reviewed-by: Darren Kenny
but I do have a question below...
> ---
> tests/qtest/fuzz/generic_fuzz_configs.h | 12
> 1 file
he
> BARs (regenerating the memory topology), at the start of each input.
> With this patch, we do this once, before fuzzing, mitigating some of
> this overhead.
>
> Signed-off-by: Alexander Bulekov
In general this looks good, I've a small comment/nit below, but nothing
serious, s
ls.
>
> Signed-off-by: Prasad J Pandit
Reviewed-by: Darren Kenny
Thanks,
Darren
;
> Until we find a way to build nice double-fetch reproducers that
> developers are willing to look at, lets tell OSS-Fuzz to avoid
> double-fetches.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/generic_fuzz.c | 1 +
> 1 file c
On Wednesday, 2020-11-25 at 18:18:56 +0530, P J P wrote:
> Hello Darren, all
>
> +-- On Tue, 24 Nov 2020, Darren Kenny wrote --+
> | I always understood triage to be the initial steps in assessing a bug:
> |
> | - determining if it is a security bug, in this case
> | -
Hi Prasad,
Thanks for writing this up.
I have some comments below on the response steps.
On Tuesday, 2020-11-24 at 19:52:38 +0530, P J P wrote:
> From: Prasad J Pandit
>
> We are about to introduce a qemu-security mailing list to report
> and triage QEMU security issues.
>
> Update the QEMU sec
Sigh, I should have caught some of these in the last review, sorry.
For the series,
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Thursday, 2020-10-29 at 13:28:57 -04, Alexander Bulekov wrote:
> These patches fix some silly issues I found after the generic-fuzzer
> started running on OS
e a link for the generic-fuzz from the oss-fuzz build, so
> oss-fuzz does not treat it as a standalone fuzzer.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> scripts/oss-fuzz/build.sh | 10 --
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
it as an independent fuzzer and try
> to run it for fuzzing. Instead, we create a DEST_DIR/bin directory to
> store the primary copy.
>
> Suggested-by: Darren Kenny
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> scripts/oss-fuzz/build.sh | 8 +++
On Thursday, 2020-10-22 at 09:01:23 -04, Alexander Bulekov wrote:
> On 201022 1032, Darren Kenny wrote:
>> Hi Alex,
>>
>> On Wednesday, 2020-10-21 at 17:09:22 -04, Alexander Bulekov wrote:
>> > generic-fuzz is not a standalone fuzzer - it requires some env variabl
Hi Alex,
On Wednesday, 2020-10-21 at 17:09:22 -04, Alexander Bulekov wrote:
> generic-fuzz is not a standalone fuzzer - it requires some env variables
> to be set. On oss-fuzz, we set these with some predefined
> generic-fuzz-{...} targets, that are thin wrappers around generic-fuzz.
> Remove gene
ECTS} to the corresponding predefined values.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/generic_fuzz.c | 32
> 1 file changed, 32 insertions(+)
>
> diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/
On Wednesday, 2020-10-21 at 17:09:20 -04, Alexander Bulekov wrote:
> Predefine some generic-fuzz configs. For each of these, we will create a
> separate FuzzTarget that can be selected through argv0 and, therefore,
> fuzzed on oss-fuzz.
>
> Signed-off-by: Alexander Bulekov
Revi
t struct, so that FuzzTargets can hold some data, useful for
> storing target-specific configuration options, that can be read by the
> get_init_cmdline function.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/fuzz.h | 1 +
> 1 file
umentation).
>
> Signed-off-by: Alexander Bulekov
Just a couple of very minor nits below (spacing between functions),
which are not vital, so otherwise:
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/generic_fuzz.c | 512
> tests/qtest/fuzz/m
e a developer does something silly...
> +FOR_EACH_FLAT_RANGE(fr, fv) {
> +if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
> +break;
> +}
> +}
> +
> static MemoryRegion *memory_region_get_flatview_root(MemoryRegion *mr)
> {
> while (mr->enabled) {
Otherwise, all looks good, so:
Reviewed-by: Darren Kenny
Thanks,
Darren.
nly stopping the disposable fuzzer "VM", this patch uninstalls
> QEMU's signal handlers. Thus, we can stop the fuzzer with
> SIG{INT,HUP,TERM} and the fuzzing code can optionally use atexit() to
> clean up temporary files/resources.
>
> Reviewed-by: Darren Kenny
&
On Tuesday, 2020-10-13 at 17:52:46 +01, Daniel P. Berrangé wrote:
> On Tue, Oct 13, 2020 at 05:50:37PM +0100, Darren Kenny wrote:
>> Hi Alex,
>>
>> This mentions the use of atexit() to perform some cleanup, but I'm not
>> seeing that being added here, should it be
Hi Dima,
On Wednesday, 2020-10-14 at 10:39:01 +03, Dima Stepanov wrote:
> On Wed, Oct 14, 2020 at 10:29:41AM +0300, Dima Stepanov wrote:
>> On Tue, Oct 13, 2020 at 11:30:52AM -0400, Alexander Bulekov wrote:
>> > On 201007 1647, Dima Stepanov wrote:
...
>> >
>> > I sent a patch to disable QEMU's
Hi Alex,
This mentions the use of atexit() to perform some cleanup, but I'm not
seeing that being added here, should it be?
Thanks,
Darren.
On Tuesday, 2020-10-13 at 11:29:20 -04, Alexander Bulekov wrote:
> With the fuzzer, we never call main_loop_should_exit, since we manually
> call main_loop
On Wednesday, 2020-10-07 at 09:39:32 -04, Alexander Bulekov wrote:
> On 201001 1629, Darren Kenny wrote:
...
>>
>> It might make sense to put the definition of SEPARATOR and some variant
>> of the above the comments in patch 9 where you're adding this related
>>
ss-fuzz. For these purposes, only running one input should be
> sufficient.
>
> Signed-off-by: Alexander Bulekov
> Suggested-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
> ---
> .gitlab-ci.yml | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff
The Fuzzer's Lifecycle ==
Not this patch, but this text file is partially written in Restructured
Text format, but not completely. Should it be converted to RsT format
properly - doesn't have to be now, but something we could consider.
Otherwise, it looks find to me, so:
Reviewed-by: Darren Kenny
Thanks,
Darren.
Hi Alex,
On Sunday, 2020-09-20 at 22:25:01 -04, Alexander Bulekov wrote:
> This parses a yaml file containing general-fuzzer configs and builds a
> separate oss-fuzz wrapper binary for each one, changing some
> preprocessor macros for each configuration. To avoid dealing with
> escaping and string
Hi Alex,
On Monday, 2020-09-21 at 10:34:05 -04, Alexander Bulekov wrote:
> On 200921 0743, Philippe Mathieu-Daudé wrote:
>> Hi Alexander,
>>
>> On 9/21/20 4:24 AM, Alexander Bulekov wrote:
>> > This is a generic fuzzer designed to fuzz a virtual device's
>> > MemoryRegions, as long as they exist
As mentioned in an earlier patch, maybe the definition of SEPARATOR
should be here as well as some of the comments you provided in the
replies to it.
Otherwise, this looks good,
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Sunday, 2020-09-20 at 22:24:59 -04, Alexander Bulekov wrote:
> Sig
On Thursday, 2020-10-01 at 16:05:58 +0530, P J P wrote:
> Hello Darren,
>
> +-- On Wed, 30 Sep 2020, Darren Kenny wrote --+
> | While that is true, some aliases have managed to do something here by
> having
> | a single key for the alias, and behind the scenes that re-encryp
Hi Prasad,
Just my 2c as someone working on a downstream distro with Qemu...
On Friday, 2020-09-18 at 12:32:23 +0530, P J P wrote:
> Hello all,
>
> +-- On Wed, 16 Sep 2020, Stefan Hajnoczi wrote --+
> | I'm surprised the lack of encryption doesn't bother you. The security bug
> | reporting pro
On Thursday, 2020-09-10 at 12:36:52 -04, Alexander Bulekov wrote:
> On 200910 1645, Darren Kenny wrote:
>> Hi Alex,
>>
>> I'm certainly not an expert in meson, but have some questions below...
>>
>> On Wednesday, 2020-09-09 at 18:05:16 -04, Alexande
Hi Alex,
I'm certainly not an expert in meson, but have some questions below...
On Wednesday, 2020-09-09 at 18:05:16 -04, Alexander Bulekov wrote:
> The order of the add_project_link_arguments calls impacts which
> arguments are placed between --start-group and --end-group.
> OSS-Fuzz coverage bu
On Monday, 2020-09-07 at 11:39:32 -04, Alexander Bulekov wrote:
> On 200902 1103, Darren Kenny wrote:
...
>> > +
>> > +while (ind >= 0 && fuzzable_memoryregions->len) {
>> > +*result = (address_range){0, 0};
>> > +
leftlength -= 1
> +rightlength += 1
> +if check_if_trace_crashes(newtrace, outpath):
> +i -= 1
> +else:
> +newtrace[i] = prior
> + del newtrace
so that DMA fulfillments are placed directly _before_ the
> qtest command that will cause the DMA access.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> .../oss-fuzz/reorder_fuzzer_qtest_trace.py| 94 +++
> 1 file changed, 94 insertions
't mention the removeal of *uhci* from the config below, should
probably be at least referenced.
>
> Signed-off-by: Alexander Bulekov
With that,
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> scripts/oss-fuzz/build.sh | 8 +++-
> scripts/oss-f
1 - 100 of 214 matches
Mail list logo
