diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2021-03-17 22:18:54 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-03-17 22:18:54 +0000 |
| commit | 56b89f455894e4628ad7994fe5dd348145d1a9c5 (patch) | |
| tree | 63092421a2db4aa8d6405072a74cef28f76192b4 /tests/qtest/fuzz-virtio-scsi-test.c | |
| parent | 571d413b5da6bc6f1c2aaca8484717642255ddb0 (diff) | |
| parent | 8b858f9998a9d59a9a7188f2c5c6ffb99eff6115 (diff) | |
| download | focaccia-qemu-56b89f455894e4628ad7994fe5dd348145d1a9c5.tar.gz focaccia-qemu-56b89f455894e4628ad7994fe5dd348145d1a9c5.zip | |
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
* add --enable/--disable-libgio to configure (Denis) * small fixes (Pavel, myself) * fuzzing update (Alexander) # gpg: Signature made Tue 16 Mar 2021 18:30:38 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: qemu-timer: allow freeing a NULL timer hw/i8254: fix vmstate load scsi: fix sense code for EREMOTEIO Revert "accel: kvm: Add aligment assert for kvm_log_clear_one_slot" configure: add option to explicitly enable/disable libgio fuzz: move some DMA hooks fuzz: configure a sparse-mem device, by default memory: add a sparse memory device for fuzzing fuzz: add a am53c974 generic-fuzzer config fuzz: add instructions for building reproducers fuzz: add a script to build reproducers fuzz: don't leave orphan llvm-symbolizers around fuzz: fix the pro100 generic-fuzzer config MAINTAINERS: Cover fuzzer reproducer tests within 'Device Fuzzing' tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is available tests/qtest: Only run fuzz-megasas-test if megasas device is available Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'tests/qtest/fuzz-virtio-scsi-test.c')
| -rw-r--r-- | tests/qtest/fuzz-virtio-scsi-test.c | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/tests/qtest/fuzz-virtio-scsi-test.c b/tests/qtest/fuzz-virtio-scsi-test.c new file mode 100644 index 0000000000..aaf6d10e18 --- /dev/null +++ b/tests/qtest/fuzz-virtio-scsi-test.c @@ -0,0 +1,75 @@ +/* + * QTest fuzzer-generated testcase for virtio-scsi device + * + * Copyright (c) 2020 Li Qiang <liq3ea@gmail.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "libqos/libqtest.h" + +/* + * Here a MemoryRegionCache pointed to an MMIO region but had a + * larger size than the underlying region. + */ +static void test_mmio_oob_from_memory_region_cache(void) +{ + QTestState *s; + + s = qtest_init("-M pc-q35-5.2 -display none -m 512M " + "-device virtio-scsi,num_queues=8,addr=03.0 "); + + qtest_outl(s, 0xcf8, 0x80001811); + qtest_outb(s, 0xcfc, 0x6e); + qtest_outl(s, 0xcf8, 0x80001824); + qtest_outl(s, 0xcf8, 0x80001813); + qtest_outl(s, 0xcfc, 0xa080000); + qtest_outl(s, 0xcf8, 0x80001802); + qtest_outl(s, 0xcfc, 0x5a175a63); + qtest_outb(s, 0x6e08, 0x9e); + qtest_writeb(s, 0x9f003, 0xff); + qtest_writeb(s, 0x9f004, 0x01); + qtest_writeb(s, 0x9e012, 0x0e); + qtest_writeb(s, 0x9e01b, 0x0e); + qtest_writeb(s, 0x9f006, 0x01); + qtest_writeb(s, 0x9f008, 0x01); + qtest_writeb(s, 0x9f00a, 0x01); + qtest_writeb(s, 0x9f00c, 0x01); + qtest_writeb(s, 0x9f00e, 0x01); + qtest_writeb(s, 0x9f010, 0x01); + qtest_writeb(s, 0x9f012, 0x01); + qtest_writeb(s, 0x9f014, 0x01); + qtest_writeb(s, 0x9f016, 0x01); + qtest_writeb(s, 0x9f018, 0x01); + qtest_writeb(s, 0x9f01a, 0x01); + qtest_writeb(s, 0x9f01c, 0x01); + qtest_writeb(s, 0x9f01e, 0x01); + qtest_writeb(s, 0x9f020, 0x01); + qtest_writeb(s, 0x9f022, 0x01); + qtest_writeb(s, 0x9f024, 0x01); + qtest_writeb(s, 0x9f026, 0x01); + qtest_writeb(s, 0x9f028, 0x01); + qtest_writeb(s, 0x9f02a, 0x01); + qtest_writeb(s, 0x9f02c, 0x01); + qtest_writeb(s, 0x9f02e, 0x01); + qtest_writeb(s, 0x9f030, 0x01); + qtest_outb(s, 0x6e10, 0x00); + qtest_quit(s); +} + +int main(int argc, char **argv) +{ + const char *arch = qtest_get_arch(); + + g_test_init(&argc, &argv, NULL); + + if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { + qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", + test_mmio_oob_from_memory_region_cache); + } + + return g_test_run(); +} |