[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 15/20] fuzz: check the MR in the DMA callback
|
From: |
Paolo Bonzini |
|
Subject: |
[PULL 15/20] fuzz: check the MR in the DMA callback |
|
Date: |
Wed, 4 Nov 2020 10:01:48 -0500 |
From: Alexander Bulekov <alxndr@bu.edu>
We should be checking that the device is trying to read from RAM, before
filling the region with data. Otherwise, we will try to populate
nonsensical addresses in RAM for callbacks on PIO/MMIO reads. We did
this originally, however the final version I sent had the line commented
out..
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20201029172901.534442-3-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tests/qtest/fuzz/generic_fuzz.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index 3e2d50feaa..3a5dbc3ce2 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -192,7 +192,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion
*mr, bool is_write)
*/
if (dma_patterns->len == 0
|| len == 0
- /* || mr != MACHINE(qdev_get_machine())->ram */
+ || mr != current_machine->ram
|| is_write
|| addr > current_machine->ram_size) {
return;
--
2.26.2
- [PULL 09/20] tests/qtest/libqtest.c: Check for setsockopt() failure, (continued)
- [PULL 09/20] tests/qtest/libqtest.c: Check for setsockopt() failure, Paolo Bonzini, 2020/11/04
- [PULL 02/20] docs: expand sourceset documentation, Paolo Bonzini, 2020/11/04
- [PULL 07/20] meson: use b_staticpic=false for meson >=0.56.0, Paolo Bonzini, 2020/11/04
- [PULL 10/20] tests/qtest/libqos/ahci.c: Avoid NULL dereference in ahci_exec(), Paolo Bonzini, 2020/11/04
- [PULL 06/20] qtest: add a reproducer for LP#1878642, Paolo Bonzini, 2020/11/04
- [PULL 12/20] configure: fix gio_libs reference, Paolo Bonzini, 2020/11/04
- [PULL 04/20] scripts/oss-fuzz: rename bin/qemu-fuzz-i386, Paolo Bonzini, 2020/11/04
- [PULL 16/20] fuzz: fuzz offsets within pio/mmio regions, Paolo Bonzini, 2020/11/04
- [PULL 08/20] meson: vhost-user-gpu/virtiofsd: use absolute path, Paolo Bonzini, 2020/11/04
- [PULL 05/20] hw/isa/lpc_ich9: Ignore reserved/invalid SCI IRQ, Paolo Bonzini, 2020/11/04
- [PULL 15/20] fuzz: check the MR in the DMA callback,
Paolo Bonzini <=
- [PULL 11/20] meson: fix warning for bad sphinx-build, Paolo Bonzini, 2020/11/04
- [PULL 14/20] fuzz: fix writing DMA patterns, Paolo Bonzini, 2020/11/04
- [PULL 17/20] semihosting: fix order of initialization functions, Paolo Bonzini, 2020/11/04
- [PULL 13/20] tests/qtest: Fix potential NULL pointer dereference in qos_build_main_args(), Paolo Bonzini, 2020/11/04
- [PULL 18/20] qapi, qemu-options: make all parsing visitors parse boolean options the same, Paolo Bonzini, 2020/11/04
- [PULL 20/20] qtest: escape device name in device-introspect-test, Paolo Bonzini, 2020/11/04
- [PULL 19/20] ivshmem-test: do not use short-form boolean option, Paolo Bonzini, 2020/11/04