diff options
| -rw-r--r-- | .gitlab-ci.yml | 20 | ||||
| -rwxr-xr-x | configure | 2 | ||||
| -rw-r--r-- | qom/qom-hmp-cmds.c | 6 | ||||
| -rw-r--r-- | tests/qtest/bios-tables-test.c | 1 | ||||
| -rw-r--r-- | tests/qtest/fuzz/fuzz.c | 13 | ||||
| -rw-r--r-- | tests/qtest/fuzz/fuzz.h | 6 | ||||
| -rw-r--r-- | tests/qtest/fuzz/i440fx_fuzz.c | 4 | ||||
| -rw-r--r-- | tests/qtest/fuzz/qos_fuzz.c | 6 | ||||
| -rw-r--r-- | tests/qtest/qmp-cmd-test.c | 13 |
9 files changed, 52 insertions, 19 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5eeba2791b..41597c3603 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -161,9 +161,27 @@ build-clang: IMAGE: fedora CONFIGURE_ARGS: --cc=clang --cxx=clang++ TARGETS: alpha-softmmu arm-softmmu m68k-softmmu mips64-softmmu - ppc-softmmu s390x-softmmu x86_64-softmmu arm-linux-user + ppc-softmmu s390x-softmmu arm-linux-user MAKE_CHECK_ARGS: check +build-fuzzer: + <<: *native_build_job_definition + variables: + IMAGE: fedora + script: + - mkdir build + - cd build + - ../configure --cc=clang --cxx=clang++ --enable-fuzzing + --enable-sanitizers --target-list=x86_64-softmmu + - make -j"$JOBS" all check-build x86_64-softmmu/fuzz + - make check + - for fuzzer in i440fx-qos-fork-fuzz i440fx-qos-noreset-fuzz + i440fx-qtest-reboot-fuzz virtio-scsi-flags-fuzz virtio-scsi-fuzz ; do + echo Testing ${fuzzer} ... ; + x86_64-softmmu/qemu-fuzz-x86_64 --fuzz-target=${fuzzer} -runs=1000 + || exit 1 ; + done + build-tci: <<: *native_build_job_definition variables: diff --git a/configure b/configure index b751c853f5..e93836aaae 100755 --- a/configure +++ b/configure @@ -4198,7 +4198,7 @@ pthread_setname_np_wo_tid=no cat > $TMPC << EOF #include <pthread.h> -static void *f(void *p) { pthread_setname_np("QEMU"); } +static void *f(void *p) { pthread_setname_np("QEMU"); return NULL; } int main(void) { pthread_t thread; diff --git a/qom/qom-hmp-cmds.c b/qom/qom-hmp-cmds.c index 9ed8bb1c9f..aaacadacca 100644 --- a/qom/qom-hmp-cmds.c +++ b/qom/qom-hmp-cmds.c @@ -96,8 +96,10 @@ static void print_qom_composition(Monitor *mon, Object *obj, int indent); static int qom_composition_compare(const void *a, const void *b, void *ignore) { - return g_strcmp0(a ? object_get_canonical_path_component(a) : NULL, - b ? object_get_canonical_path_component(b) : NULL); + g_autofree char *ac = object_get_canonical_path_component(a); + g_autofree char *bc = object_get_canonical_path_component(b); + + return g_strcmp0(ac, bc); } static int insert_qom_composition_child(Object *obj, void *opaque) diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c index c315156858..d49b3988ec 100644 --- a/tests/qtest/bios-tables-test.c +++ b/tests/qtest/bios-tables-test.c @@ -924,6 +924,7 @@ static void test_acpi_tcg_tpm(const char *machine, const char *tpm_if, g_free(variant); g_free(tmp_path); g_free(tmp_dir_name); + g_free(args); free_test_data(&data); #else g_test_skip("TPM disabled"); diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index 0b66e43409..6bc17ef313 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -199,16 +199,15 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) } /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ - const char *init_cmdline = fuzz_target->get_init_cmdline(fuzz_target); - init_cmdline = g_strdup_printf("%s -qtest /dev/null -qtest-log %s", - init_cmdline, - getenv("QTEST_LOG") ? "/dev/fd/2" - : "/dev/null"); - + GString *cmd_line = fuzz_target->get_init_cmdline(fuzz_target); + g_string_append_printf(cmd_line, + " -qtest /dev/null -qtest-log %s", + getenv("QTEST_LOG") ? "/dev/fd/2" : "/dev/null"); /* Split the runcmd into an argv and argc */ wordexp_t result; - wordexp(init_cmdline, &result, 0); + wordexp(cmd_line->str, &result, 0); + g_string_free(cmd_line, true); qemu_init(result.we_wordc, result.we_wordv, NULL); diff --git a/tests/qtest/fuzz/fuzz.h b/tests/qtest/fuzz/fuzz.h index 72d5710f6c..9ca3d107c5 100644 --- a/tests/qtest/fuzz/fuzz.h +++ b/tests/qtest/fuzz/fuzz.h @@ -50,10 +50,10 @@ typedef struct FuzzTarget { /* - * returns the arg-list that is passed to qemu/softmmu init() - * Cannot be NULL + * Returns the arguments that are passed to qemu/softmmu init(). Freed by + * the caller. */ - const char* (*get_init_cmdline)(struct FuzzTarget *); + GString *(*get_init_cmdline)(struct FuzzTarget *); /* * will run once, prior to running qemu/softmmu init. diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c index e2f31e56f9..bf966d478b 100644 --- a/tests/qtest/fuzz/i440fx_fuzz.c +++ b/tests/qtest/fuzz/i440fx_fuzz.c @@ -158,9 +158,9 @@ static void i440fx_fuzz_qos_fork(QTestState *s, static const char *i440fx_qtest_argv = TARGET_NAME " -machine accel=qtest" " -m 0 -display none"; -static const char *i440fx_argv(FuzzTarget *t) +static GString *i440fx_argv(FuzzTarget *t) { - return i440fx_qtest_argv; + return g_string_new(i440fx_qtest_argv); } static void fork_init(void) diff --git a/tests/qtest/fuzz/qos_fuzz.c b/tests/qtest/fuzz/qos_fuzz.c index 0c68f5361f..d52f3ebd83 100644 --- a/tests/qtest/fuzz/qos_fuzz.c +++ b/tests/qtest/fuzz/qos_fuzz.c @@ -66,7 +66,7 @@ void *qos_allocate_objects(QTestState *qts, QGuestAllocator **p_alloc) return allocate_objects(qts, current_path + 1, p_alloc); } -static const char *qos_build_main_args(void) +static GString *qos_build_main_args(void) { char **path = fuzz_path_vec; QOSGraphNode *test_node; @@ -88,7 +88,7 @@ static const char *qos_build_main_args(void) /* Prepend the arguments that we need */ g_string_prepend(cmd_line, TARGET_NAME " -display none -machine accel=qtest -m 64 "); - return cmd_line->str; + return cmd_line; } /* @@ -189,7 +189,7 @@ static void walk_path(QOSGraphNode *orig_path, int len) g_free(path_str); } -static const char *qos_get_cmdline(FuzzTarget *t) +static GString *qos_get_cmdline(FuzzTarget *t) { /* * Set a global variable that we use to identify the qos_path for our diff --git a/tests/qtest/qmp-cmd-test.c b/tests/qtest/qmp-cmd-test.c index c68f99f659..f7b1aa7fdc 100644 --- a/tests/qtest/qmp-cmd-test.c +++ b/tests/qtest/qmp-cmd-test.c @@ -230,6 +230,8 @@ static void test_object_add_failure_modes(void) " 'props': {'size': 1048576 } } }"); g_assert_nonnull(resp); g_assert(qdict_haskey(resp, "return")); + qobject_unref(resp); + resp = qtest_qmp(qts, "{'execute': 'object-add', 'arguments':" " {'qom-type': 'memory-backend-ram', 'id': 'ram1'," " 'props': {'size': 1048576 } } }"); @@ -241,6 +243,7 @@ static void test_object_add_failure_modes(void) " {'id': 'ram1' } }"); g_assert_nonnull(resp); g_assert(qdict_haskey(resp, "return")); + qobject_unref(resp); /* attempt to create an object with a property of a wrong type */ resp = qtest_qmp(qts, "{'execute': 'object-add', 'arguments':" @@ -249,17 +252,20 @@ static void test_object_add_failure_modes(void) g_assert_nonnull(resp); /* now do it right */ qmp_assert_error_class(resp, "GenericError"); + resp = qtest_qmp(qts, "{'execute': 'object-add', 'arguments':" " {'qom-type': 'memory-backend-ram', 'id': 'ram1'," " 'props': {'size': 1048576 } } }"); g_assert_nonnull(resp); g_assert(qdict_haskey(resp, "return")); + qobject_unref(resp); /* delete ram1 object */ resp = qtest_qmp(qts, "{'execute': 'object-del', 'arguments':" " {'id': 'ram1' } }"); g_assert_nonnull(resp); g_assert(qdict_haskey(resp, "return")); + qobject_unref(resp); /* attempt to create an object without the id */ resp = qtest_qmp(qts, "{'execute': 'object-add', 'arguments':" @@ -267,18 +273,21 @@ static void test_object_add_failure_modes(void) " 'props': {'size': 1048576 } } }"); g_assert_nonnull(resp); qmp_assert_error_class(resp, "GenericError"); + /* now do it right */ resp = qtest_qmp(qts, "{'execute': 'object-add', 'arguments':" " {'qom-type': 'memory-backend-ram', 'id': 'ram1'," " 'props': {'size': 1048576 } } }"); g_assert_nonnull(resp); g_assert(qdict_haskey(resp, "return")); + qobject_unref(resp); /* delete ram1 object */ resp = qtest_qmp(qts, "{'execute': 'object-del', 'arguments':" " {'id': 'ram1' } }"); g_assert_nonnull(resp); g_assert(qdict_haskey(resp, "return")); + qobject_unref(resp); /* attempt to set a non existing property */ resp = qtest_qmp(qts, "{'execute': 'object-add', 'arguments':" @@ -286,23 +295,27 @@ static void test_object_add_failure_modes(void) " 'props': {'sized': 1048576 } } }"); g_assert_nonnull(resp); qmp_assert_error_class(resp, "GenericError"); + /* now do it right */ resp = qtest_qmp(qts, "{'execute': 'object-add', 'arguments':" " {'qom-type': 'memory-backend-ram', 'id': 'ram1'," " 'props': {'size': 1048576 } } }"); g_assert_nonnull(resp); g_assert(qdict_haskey(resp, "return")); + qobject_unref(resp); /* delete ram1 object without id */ resp = qtest_qmp(qts, "{'execute': 'object-del', 'arguments':" " {'ida': 'ram1' } }"); g_assert_nonnull(resp); + qobject_unref(resp); /* delete ram1 object */ resp = qtest_qmp(qts, "{'execute': 'object-del', 'arguments':" " {'id': 'ram1' } }"); g_assert_nonnull(resp); g_assert(qdict_haskey(resp, "return")); + qobject_unref(resp); /* delete ram1 object that does not exist anymore*/ resp = qtest_qmp(qts, "{'execute': 'object-del', 'arguments':" |