On 8/19/20 4:15 PM, Li Qiang wrote: > Currently the device fuzzer find a more and more issues. > For every fuzz case, we need not only the fixes but also > the coressponding test case. We can analysis the reproducer
Typo "corresponding" > for every case and find what happened in where and write > a beautiful test case. However the raw data of reproducer is not > friendly to analysis. It will take a very long time, even far more > than the fixes itself. So let's create a new file to hold all of > the fuzz test cases and just use the raw data to act as the test > case. This way nobody will be afraid of writing a test case for > the fuzz reproducer. Ahaha nice :) > > This patch adds the issue LP#1878263 test case. > > Signed-off-by: Li Qiang <liq...@163.com> > --- > tests/qtest/Makefile.include | 2 ++ > tests/qtest/fuzz-test.c | 45 ++++++++++++++++++++++++++++++++++++ > 2 files changed, 47 insertions(+) > create mode 100644 tests/qtest/fuzz-test.c > > diff --git a/tests/qtest/Makefile.include b/tests/qtest/Makefile.include > index b0204e44f2..ff460179c5 100644 > --- a/tests/qtest/Makefile.include > +++ b/tests/qtest/Makefile.include > @@ -7,6 +7,7 @@ check-qtest-generic-y += machine-none-test > check-qtest-generic-y += qmp-test > check-qtest-generic-y += qmp-cmd-test > check-qtest-generic-y += qom-test > +check-qtest-generic-y += fuzz-test Maybe name that fuzzed-reproducers-test? > check-qtest-generic-$(CONFIG_MODULES) += modules-test > check-qtest-generic-y += test-hmp > > @@ -272,6 +273,7 @@ tests/qtest/m25p80-test$(EXESUF): > tests/qtest/m25p80-test.o > tests/qtest/i440fx-test$(EXESUF): tests/qtest/i440fx-test.o > $(libqos-pc-obj-y) > tests/qtest/q35-test$(EXESUF): tests/qtest/q35-test.o $(libqos-pc-obj-y) > tests/qtest/fw_cfg-test$(EXESUF): tests/qtest/fw_cfg-test.o > $(libqos-pc-obj-y) > +tests/qtest/fuzz-test$(EXESUF): tests/qtest/fuzz-test.o $(libqos-pc-obj-y) > tests/qtest/rtl8139-test$(EXESUF): tests/qtest/rtl8139-test.o > $(libqos-pc-obj-y) > tests/qtest/pnv-xscom-test$(EXESUF): tests/qtest/pnv-xscom-test.o > tests/qtest/wdt_ib700-test$(EXESUF): tests/qtest/wdt_ib700-test.o > diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c > new file mode 100644 > index 0000000000..695c6dffb9 > --- /dev/null > +++ b/tests/qtest/fuzz-test.c > @@ -0,0 +1,45 @@ > +/* > + * QTest testcase for fuzz case > + * > + * Copyright (c) 2020 Li Qiang <liq...@gmail.com> > + * > + * This work is licensed under the terms of the GNU GPL, version 2 or later. > + * See the COPYING file in the top-level directory. > + */ > + > + > +#include "qemu/osdep.h" > + > +#include "libqtest.h" > + > +/* > + * This used to trigger the assert in scsi_dma_complete > + * https://bugs.launchpad.net/qemu/+bug/1878263 > + */ > +static void test_megasas_zero_iov_cnt(void) I'd name it test_lp1878263_megasas_zero_iov_cnt() or lp1878263_megasas_zero_iov_cnt(). > +{ > + QTestState *s; > + > + s = qtest_init("-nographic -monitor none -serial none " > + "-M q35 -device megasas -device scsi-cd,drive=null0 " > + "-blockdev > driver=null-co,read-zeroes=on,node-name=null0"); > + qtest_outl(s, 0xcf8, 0x80001818); > + qtest_outl(s, 0xcfc, 0xc101); > + qtest_outl(s, 0xcf8, 0x8000181c); > + qtest_outl(s, 0xcf8, 0x80001804); > + qtest_outw(s, 0xcfc, 0x7); > + qtest_outl(s, 0xcf8, 0x8000186a); > + qtest_writeb(s, 0x14, 0xfe); > + qtest_writeb(s, 0x0, 0x02); > + qtest_outb(s, 0xc1c0, 0x17); > + qtest_quit(s); Actually all the test body could be generated... Alex, can you have a look at that? > +} > + > +int main(int argc, char **argv) > +{ > + g_test_init(&argc, &argv, NULL); > + > + qtest_add_func("fuzz/megasas_zero_iov_cnt", test_megasas_zero_iov_cnt); > + > + return g_test_run(); The problem is now the test suite will fail because this test is not fixed. Good idea btw :) > +} >
