diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/acceptance/avocado_qemu/__init__.py | 23 | ||||
| -rw-r--r-- | tests/acceptance/multiprocess.py | 95 | ||||
| -rw-r--r-- | tests/migration/guestperf/engine.py | 7 | ||||
| -rw-r--r-- | tests/plugin/meson.build | 2 | ||||
| -rw-r--r-- | tests/plugin/syscall.c | 49 | ||||
| -rw-r--r-- | tests/qtest/fuzz-megasas-test.c | 49 | ||||
| -rw-r--r-- | tests/qtest/fuzz-test.c | 76 | ||||
| -rw-r--r-- | tests/qtest/fuzz-virtio-scsi-test.c | 75 | ||||
| -rw-r--r-- | tests/qtest/fuzz/generic_fuzz.c | 29 | ||||
| -rw-r--r-- | tests/qtest/fuzz/generic_fuzz_configs.h | 8 | ||||
| -rw-r--r-- | tests/qtest/meson.build | 5 |
11 files changed, 332 insertions, 86 deletions
diff --git a/tests/acceptance/avocado_qemu/__init__.py b/tests/acceptance/avocado_qemu/__init__.py index df167b142c..83b1741ec8 100644 --- a/tests/acceptance/avocado_qemu/__init__.py +++ b/tests/acceptance/avocado_qemu/__init__.py @@ -93,11 +93,12 @@ def _console_interaction(test, success_message, failure_message, if not msg: continue console_logger.debug(msg) - if success_message in msg: + if success_message is None or success_message in msg: break if failure_message and failure_message in msg: console.close() - fail = 'Failure message found in console: %s' % failure_message + fail = 'Failure message found in console: "%s". Expected: "%s"' % \ + (failure_message, success_message) test.fail(fail) def interrupt_interactive_console_until_pattern(test, success_message, @@ -139,6 +140,18 @@ def wait_for_console_pattern(test, success_message, failure_message=None, """ _console_interaction(test, success_message, failure_message, None, vm=vm) +def exec_command(test, command): + """ + Send a command to a console (appending CRLF characters), while logging + the content. + + :param test: an Avocado test containing a VM. + :type test: :class:`avocado_qemu.Test` + :param command: the command to send + :type command: str + """ + _console_interaction(test, None, None, command + '\r') + def exec_command_and_wait_for_pattern(test, command, success_message, failure_message=None): """ @@ -304,8 +317,10 @@ class LinuxTest(Test): try: cloudinit_iso = os.path.join(self.workdir, 'cloudinit.iso') self.phone_home_port = network.find_free_port() - with open(ssh_pubkey) as pubkey: - pubkey_content = pubkey.read() + pubkey_content = None + if ssh_pubkey: + with open(ssh_pubkey) as pubkey: + pubkey_content = pubkey.read() cloudinit.iso(cloudinit_iso, self.name, username='root', password='password', diff --git a/tests/acceptance/multiprocess.py b/tests/acceptance/multiprocess.py new file mode 100644 index 0000000000..96627f022a --- /dev/null +++ b/tests/acceptance/multiprocess.py @@ -0,0 +1,95 @@ +# Test for multiprocess qemu +# +# This work is licensed under the terms of the GNU GPL, version 2 or +# later. See the COPYING file in the top-level directory. + + +import os +import socket + +from avocado_qemu import Test +from avocado_qemu import wait_for_console_pattern +from avocado_qemu import exec_command +from avocado_qemu import exec_command_and_wait_for_pattern + +class Multiprocess(Test): + """ + :avocado: tags=multiprocess + """ + KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 ' + + def do_test(self, kernel_url, initrd_url, kernel_command_line, + machine_type): + """Main test method""" + self.require_accelerator('kvm') + + # Create socketpair to connect proxy and remote processes + proxy_sock, remote_sock = socket.socketpair(socket.AF_UNIX, + socket.SOCK_STREAM) + os.set_inheritable(proxy_sock.fileno(), True) + os.set_inheritable(remote_sock.fileno(), True) + + kernel_path = self.fetch_asset(kernel_url) + initrd_path = self.fetch_asset(initrd_url) + + # Create remote process + remote_vm = self.get_vm() + remote_vm.add_args('-machine', 'x-remote') + remote_vm.add_args('-nodefaults') + remote_vm.add_args('-device', 'lsi53c895a,id=lsi1') + remote_vm.add_args('-object', 'x-remote-object,id=robj1,' + 'devid=lsi1,fd='+str(remote_sock.fileno())) + remote_vm.launch() + + # Create proxy process + self.vm.set_console() + self.vm.add_args('-machine', machine_type) + self.vm.add_args('-accel', 'kvm') + self.vm.add_args('-cpu', 'host') + self.vm.add_args('-object', + 'memory-backend-memfd,id=sysmem-file,size=2G') + self.vm.add_args('--numa', 'node,memdev=sysmem-file') + self.vm.add_args('-m', '2048') + self.vm.add_args('-kernel', kernel_path, + '-initrd', initrd_path, + '-append', kernel_command_line) + self.vm.add_args('-device', + 'x-pci-proxy-dev,' + 'id=lsi1,fd='+str(proxy_sock.fileno())) + self.vm.launch() + wait_for_console_pattern(self, 'as init process', + 'Kernel panic - not syncing') + exec_command(self, 'mount -t sysfs sysfs /sys') + exec_command_and_wait_for_pattern(self, + 'cat /sys/bus/pci/devices/*/uevent', + 'PCI_ID=1000:0012') + + def test_multiprocess_x86_64(self): + """ + :avocado: tags=arch:x86_64 + """ + kernel_url = ('https://archives.fedoraproject.org/pub/archive/fedora' + '/linux/releases/31/Everything/x86_64/os/images' + '/pxeboot/vmlinuz') + initrd_url = ('https://archives.fedoraproject.org/pub/archive/fedora' + '/linux/releases/31/Everything/x86_64/os/images' + '/pxeboot/initrd.img') + kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE + + 'console=ttyS0 rdinit=/bin/bash') + machine_type = 'pc' + self.do_test(kernel_url, initrd_url, kernel_command_line, machine_type) + + def test_multiprocess_aarch64(self): + """ + :avocado: tags=arch:aarch64 + """ + kernel_url = ('https://archives.fedoraproject.org/pub/archive/fedora' + '/linux/releases/31/Everything/aarch64/os/images' + '/pxeboot/vmlinuz') + initrd_url = ('https://archives.fedoraproject.org/pub/archive/fedora' + '/linux/releases/31/Everything/aarch64/os/images' + '/pxeboot/initrd.img') + kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE + + 'rdinit=/bin/bash console=ttyAMA0') + machine_type = 'virt,gic-version=3' + self.do_test(kernel_url, initrd_url, kernel_command_line, machine_type) diff --git a/tests/migration/guestperf/engine.py b/tests/migration/guestperf/engine.py index 5c965140f8..e399447940 100644 --- a/tests/migration/guestperf/engine.py +++ b/tests/migration/guestperf/engine.py @@ -409,6 +409,13 @@ class Engine(object): vcpu_timings = ret[2] if uri[0:5] == "unix:": os.remove(uri[5:]) + + if os.path.exists(srcmonaddr): + os.remove(srcmonaddr) + + if self._dst_host == "localhost" and os.path.exists(dstmonaddr): + os.remove(dstmonaddr) + if self._verbose: print("Finished migration") diff --git a/tests/plugin/meson.build b/tests/plugin/meson.build index 1eacfa6e35..2bbfc4b19e 100644 --- a/tests/plugin/meson.build +++ b/tests/plugin/meson.build @@ -1,5 +1,5 @@ t = [] -foreach i : ['bb', 'empty', 'insn', 'mem'] +foreach i : ['bb', 'empty', 'insn', 'mem', 'syscall'] t += shared_module(i, files(i + '.c'), include_directories: '../../include/qemu', dependencies: glib) diff --git a/tests/plugin/syscall.c b/tests/plugin/syscall.c new file mode 100644 index 0000000000..53ee2ab6c4 --- /dev/null +++ b/tests/plugin/syscall.c @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2020, Matthias Weckbecker <matthias@weckbecker.name> + * + * License: GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ +#include <inttypes.h> +#include <assert.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <stdio.h> +#include <glib.h> + +#include <qemu-plugin.h> + +QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION; + +static void vcpu_syscall(qemu_plugin_id_t id, unsigned int vcpu_index, + int64_t num, uint64_t a1, uint64_t a2, + uint64_t a3, uint64_t a4, uint64_t a5, + uint64_t a6, uint64_t a7, uint64_t a8) +{ + g_autofree gchar *out = g_strdup_printf("syscall #%" PRIi64 "\n", num); + qemu_plugin_outs(out); +} + +static void vcpu_syscall_ret(qemu_plugin_id_t id, unsigned int vcpu_idx, + int64_t num, int64_t ret) +{ + g_autofree gchar *out; + out = g_strdup_printf("syscall #%" PRIi64 " returned -> %" PRIi64 "\n", + num, ret); + qemu_plugin_outs(out); +} + +/* ************************************************************************* */ + +static void plugin_exit(qemu_plugin_id_t id, void *p) {} + +QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id, + const qemu_info_t *info, + int argc, char **argv) +{ + qemu_plugin_register_vcpu_syscall_cb(id, vcpu_syscall); + qemu_plugin_register_vcpu_syscall_ret_cb(id, vcpu_syscall_ret); + qemu_plugin_register_atexit_cb(id, plugin_exit, NULL); + return 0; +} diff --git a/tests/qtest/fuzz-megasas-test.c b/tests/qtest/fuzz-megasas-test.c new file mode 100644 index 0000000000..940a76bf25 --- /dev/null +++ b/tests/qtest/fuzz-megasas-test.c @@ -0,0 +1,49 @@ +/* + * QTest fuzzer-generated testcase for megasas device + * + * Copyright (c) 2020 Li Qiang <liq3ea@gmail.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "libqos/libqtest.h" + +/* + * This used to trigger the assert in scsi_dma_complete + * https://bugs.launchpad.net/qemu/+bug/1878263 + */ +static void test_lp1878263_megasas_zero_iov_cnt(void) +{ + QTestState *s; + + s = qtest_init("-nographic -monitor none -serial none " + "-M q35 -device megasas -device scsi-cd,drive=null0 " + "-blockdev driver=null-co,read-zeroes=on,node-name=null0"); + qtest_outl(s, 0xcf8, 0x80001818); + qtest_outl(s, 0xcfc, 0xc101); + qtest_outl(s, 0xcf8, 0x8000181c); + qtest_outl(s, 0xcf8, 0x80001804); + qtest_outw(s, 0xcfc, 0x7); + qtest_outl(s, 0xcf8, 0x8000186a); + qtest_writeb(s, 0x14, 0xfe); + qtest_writeb(s, 0x0, 0x02); + qtest_outb(s, 0xc1c0, 0x17); + qtest_quit(s); +} + +int main(int argc, char **argv) +{ + const char *arch = qtest_get_arch(); + + g_test_init(&argc, &argv, NULL); + + if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { + qtest_add_func("fuzz/test_lp1878263_megasas_zero_iov_cnt", + test_lp1878263_megasas_zero_iov_cnt); + } + + return g_test_run(); +} diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c index 6f161c93be..00149abec7 100644 --- a/tests/qtest/fuzz-test.c +++ b/tests/qtest/fuzz-test.c @@ -11,29 +11,6 @@ #include "libqos/libqtest.h" -/* - * This used to trigger the assert in scsi_dma_complete - * https://bugs.launchpad.net/qemu/+bug/1878263 - */ -static void test_lp1878263_megasas_zero_iov_cnt(void) -{ - QTestState *s; - - s = qtest_init("-nographic -monitor none -serial none " - "-M q35 -device megasas -device scsi-cd,drive=null0 " - "-blockdev driver=null-co,read-zeroes=on,node-name=null0"); - qtest_outl(s, 0xcf8, 0x80001818); - qtest_outl(s, 0xcfc, 0xc101); - qtest_outl(s, 0xcf8, 0x8000181c); - qtest_outl(s, 0xcf8, 0x80001804); - qtest_outw(s, 0xcfc, 0x7); - qtest_outl(s, 0xcf8, 0x8000186a); - qtest_writeb(s, 0x14, 0xfe); - qtest_writeb(s, 0x0, 0x02); - qtest_outb(s, 0xc1c0, 0x17); - qtest_quit(s); -} - static void test_lp1878642_pci_bus_get_irq_level_assert(void) { QTestState *s; @@ -47,55 +24,6 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void) qtest_quit(s); } -/* - * Here a MemoryRegionCache pointed to an MMIO region but had a - * larger size than the underlying region. - */ -static void test_mmio_oob_from_memory_region_cache(void) -{ - QTestState *s; - - s = qtest_init("-M pc-q35-5.2 -display none -m 512M " - "-device virtio-scsi,num_queues=8,addr=03.0 "); - - qtest_outl(s, 0xcf8, 0x80001811); - qtest_outb(s, 0xcfc, 0x6e); - qtest_outl(s, 0xcf8, 0x80001824); - qtest_outl(s, 0xcf8, 0x80001813); - qtest_outl(s, 0xcfc, 0xa080000); - qtest_outl(s, 0xcf8, 0x80001802); - qtest_outl(s, 0xcfc, 0x5a175a63); - qtest_outb(s, 0x6e08, 0x9e); - qtest_writeb(s, 0x9f003, 0xff); - qtest_writeb(s, 0x9f004, 0x01); - qtest_writeb(s, 0x9e012, 0x0e); - qtest_writeb(s, 0x9e01b, 0x0e); - qtest_writeb(s, 0x9f006, 0x01); - qtest_writeb(s, 0x9f008, 0x01); - qtest_writeb(s, 0x9f00a, 0x01); - qtest_writeb(s, 0x9f00c, 0x01); - qtest_writeb(s, 0x9f00e, 0x01); - qtest_writeb(s, 0x9f010, 0x01); - qtest_writeb(s, 0x9f012, 0x01); - qtest_writeb(s, 0x9f014, 0x01); - qtest_writeb(s, 0x9f016, 0x01); - qtest_writeb(s, 0x9f018, 0x01); - qtest_writeb(s, 0x9f01a, 0x01); - qtest_writeb(s, 0x9f01c, 0x01); - qtest_writeb(s, 0x9f01e, 0x01); - qtest_writeb(s, 0x9f020, 0x01); - qtest_writeb(s, 0x9f022, 0x01); - qtest_writeb(s, 0x9f024, 0x01); - qtest_writeb(s, 0x9f026, 0x01); - qtest_writeb(s, 0x9f028, 0x01); - qtest_writeb(s, 0x9f02a, 0x01); - qtest_writeb(s, 0x9f02c, 0x01); - qtest_writeb(s, 0x9f02e, 0x01); - qtest_writeb(s, 0x9f030, 0x01); - qtest_outb(s, 0x6e10, 0x00); - qtest_quit(s); -} - int main(int argc, char **argv) { const char *arch = qtest_get_arch(); @@ -103,12 +31,8 @@ int main(int argc, char **argv) g_test_init(&argc, &argv, NULL); if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { - qtest_add_func("fuzz/test_lp1878263_megasas_zero_iov_cnt", - test_lp1878263_megasas_zero_iov_cnt); qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert", test_lp1878642_pci_bus_get_irq_level_assert); - qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", - test_mmio_oob_from_memory_region_cache); } return g_test_run(); diff --git a/tests/qtest/fuzz-virtio-scsi-test.c b/tests/qtest/fuzz-virtio-scsi-test.c new file mode 100644 index 0000000000..aaf6d10e18 --- /dev/null +++ b/tests/qtest/fuzz-virtio-scsi-test.c @@ -0,0 +1,75 @@ +/* + * QTest fuzzer-generated testcase for virtio-scsi device + * + * Copyright (c) 2020 Li Qiang <liq3ea@gmail.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "libqos/libqtest.h" + +/* + * Here a MemoryRegionCache pointed to an MMIO region but had a + * larger size than the underlying region. + */ +static void test_mmio_oob_from_memory_region_cache(void) +{ + QTestState *s; + + s = qtest_init("-M pc-q35-5.2 -display none -m 512M " + "-device virtio-scsi,num_queues=8,addr=03.0 "); + + qtest_outl(s, 0xcf8, 0x80001811); + qtest_outb(s, 0xcfc, 0x6e); + qtest_outl(s, 0xcf8, 0x80001824); + qtest_outl(s, 0xcf8, 0x80001813); + qtest_outl(s, 0xcfc, 0xa080000); + qtest_outl(s, 0xcf8, 0x80001802); + qtest_outl(s, 0xcfc, 0x5a175a63); + qtest_outb(s, 0x6e08, 0x9e); + qtest_writeb(s, 0x9f003, 0xff); + qtest_writeb(s, 0x9f004, 0x01); + qtest_writeb(s, 0x9e012, 0x0e); + qtest_writeb(s, 0x9e01b, 0x0e); + qtest_writeb(s, 0x9f006, 0x01); + qtest_writeb(s, 0x9f008, 0x01); + qtest_writeb(s, 0x9f00a, 0x01); + qtest_writeb(s, 0x9f00c, 0x01); + qtest_writeb(s, 0x9f00e, 0x01); + qtest_writeb(s, 0x9f010, 0x01); + qtest_writeb(s, 0x9f012, 0x01); + qtest_writeb(s, 0x9f014, 0x01); + qtest_writeb(s, 0x9f016, 0x01); + qtest_writeb(s, 0x9f018, 0x01); + qtest_writeb(s, 0x9f01a, 0x01); + qtest_writeb(s, 0x9f01c, 0x01); + qtest_writeb(s, 0x9f01e, 0x01); + qtest_writeb(s, 0x9f020, 0x01); + qtest_writeb(s, 0x9f022, 0x01); + qtest_writeb(s, 0x9f024, 0x01); + qtest_writeb(s, 0x9f026, 0x01); + qtest_writeb(s, 0x9f028, 0x01); + qtest_writeb(s, 0x9f02a, 0x01); + qtest_writeb(s, 0x9f02c, 0x01); + qtest_writeb(s, 0x9f02e, 0x01); + qtest_writeb(s, 0x9f030, 0x01); + qtest_outb(s, 0x6e10, 0x00); + qtest_quit(s); +} + +int main(int argc, char **argv) +{ + const char *arch = qtest_get_arch(); + + g_test_init(&argc, &argv, NULL); + + if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { + qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", + test_mmio_oob_from_memory_region_cache); + } + + return g_test_run(); +} diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index ee8c17a04c..b5fe27aae1 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -28,6 +28,7 @@ #include "hw/pci/pci.h" #include "hw/boards.h" #include "generic_fuzz_configs.h" +#include "hw/mem/sparse-mem.h" /* * SEPARATOR is used to separate "operations" in the fuzz input @@ -64,6 +65,8 @@ static useconds_t timeout = DEFAULT_TIMEOUT_US; static bool qtest_log_enabled; +MemoryRegion *sparse_mem_mr; + /* * A pattern used to populate a DMA region or perform a memwrite. This is * useful for e.g. populating tables of unique addresses. @@ -191,8 +194,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr) */ if (dma_patterns->len == 0 || len == 0 - || mr != current_machine->ram - || addr > current_machine->ram_size) { + || (mr != current_machine->ram && mr != sparse_mem_mr)) { return; } @@ -238,7 +240,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr) MEMTXATTRS_UNSPECIFIED); if (!(memory_region_is_ram(mr1) || - memory_region_is_romd(mr1))) { + memory_region_is_romd(mr1)) && mr1 != sparse_mem_mr) { l = memory_access_size(mr1, l, addr1); } else { /* ROM/RAM case */ @@ -583,6 +585,21 @@ static void handle_timeout(int sig) fprintf(stderr, "[Timeout]\n"); fflush(stderr); } + + /* + * If there is a crash, libfuzzer/ASAN forks a child to run an + * "llvm-symbolizer" process for printing out a pretty stacktrace. It + * communicates with this child using a pipe. If we timeout+Exit, while + * libfuzzer is still communicating with the llvm-symbolizer child, we will + * be left with an orphan llvm-symbolizer process. Sometimes, this appears + * to lead to a deadlock in the forkserver. Use waitpid to check if there + * are any waitable children. If so, exit out of the signal-handler, and + * let libfuzzer finish communicating with the child, and exit, on its own. + */ + if (waitpid(-1, NULL, WNOHANG) == 0) { + return; + } + _Exit(0); } @@ -799,6 +816,12 @@ static void generic_pre_fuzz(QTestState *s) } qts_global = s; + /* + * Create a special device that we can use to back DMA buffers at very + * high memory addresses + */ + sparse_mem_mr = sparse_mem_init(0, UINT64_MAX); + dma_regions = g_array_new(false, false, sizeof(address_range)); dma_patterns = g_array_new(false, false, sizeof(pattern)); diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h index 5d599765c4..8b8c7ac553 100644 --- a/tests/qtest/fuzz/generic_fuzz_configs.h +++ b/tests/qtest/fuzz/generic_fuzz_configs.h @@ -177,7 +177,7 @@ const generic_fuzz_config predefined_configs[] = { .name = "i82550", .args = "-machine q35 -nodefaults " "-device i82550,netdev=net0 -netdev user,id=net0", - .objects = "eepro*" + .objects = "i8255*" },{ .name = "sdhci-v3", .args = "-nodefaults -device sdhci-pci,sd-spec-version=3 " @@ -209,6 +209,12 @@ const generic_fuzz_config predefined_configs[] = { "-blockdev driver=null-co,read-zeroes=on,node-name=null0", .objects = "megasas*", },{ + .name = "am53c974", + .args = "-device am53c974,id=scsi -device scsi-hd,drive=disk0 " + "-drive id=disk0,if=none,file=null-co://,format=raw " + "-nodefaults", + .objects = "*esp* *scsi* *am53c974*", + },{ .name = "ac97", .args = "-machine q35 -nodefaults " "-device ac97,audiodev=snd0 -audiodev none,id=snd0 -nodefaults", diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index 66ee9fbf45..6e871077c1 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -17,7 +17,10 @@ slow_qtests = { 'test-hmp' : 120, } -qtests_generic = [ +qtests_generic = \ + (config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) + \ + (config_all_devices.has_key('CONFIG_VIRTIO_SCSI') ? ['fuzz-virtio-scsi-test'] : []) + \ + [ 'cdrom-test', 'device-introspect-test', 'machine-none-test', |