Re: [Qemu-devel] [RFC 09/19] fuzz: use mtree_info to find mapped addresses
On 26/07/19 15:04, Stefan Hajnoczi wrote:
> On Thu, Jul 25, 2019 at 03:23:51AM +, Oleinik, Alexander wrote:
>> Locate mmio and port i/o addresses that are mapped to devices so we can
>> limit the fuzzer to only these addresses. This should be replaced with
>> a sane way of enumaring these memory regions.
>>
>> Signed-off-by: Alexander Oleinik
>> ---
>> memory.c | 34 ++
>> 1 file changed, 34 insertions(+)
>>
>> diff --git a/memory.c b/memory.c
>> index 5d8c9a9234..fa6cbe4f1d 100644
>> --- a/memory.c
>> +++ b/memory.c
>> @@ -34,6 +34,11 @@
>> #include "hw/qdev-properties.h"
>> #include "hw/boards.h"
>> #include "migration/vmstate.h"
>> +#ifdef CONFIG_FUZZ
>> +#include "tests/fuzz/fuzz.h"
>> +#include "tests/fuzz/qos_fuzz.h"
>> +#endif
>> +
>>
>> //#define DEBUG_UNASSIGNED
>>
>> @@ -3016,12 +3021,20 @@ static void mtree_print_flatview(gpointer key,
>> gpointer value,
>> int n = view->nr;
>> int i;
>> AddressSpace *as;
>> +#ifdef CONFIG_FUZZ
>> +bool io=false;
>> +#endif
>> +
>>
>> qemu_printf("FlatView #%d\n", fvi->counter);
>> ++fvi->counter;
>>
>> for (i = 0; i < fv_address_spaces->len; ++i) {
>> as = g_array_index(fv_address_spaces, AddressSpace*, i);
>> +#ifdef CONFIG_FUZZ
>> +if(strcmp("I/O",as->name) == 0)
>> +io = true;
>> +#endif
>> qemu_printf(" AS \"%s\", root: %s",
>> as->name, memory_region_name(as->root));
>> if (as->root->alias) {
>> @@ -3062,6 +3075,27 @@ static void mtree_print_flatview(gpointer key,
>> gpointer value,
>> range->readonly ? "rom" : memory_region_type(mr),
>> memory_region_name(mr));
>> }
>> +#ifdef CONFIG_FUZZ
>> +if(strcmp("i/o", memory_region_type(mr))==0 && strcmp("io",
>> memory_region_name(mr))){
>> +fuzz_memory_region *fmr = g_new0(fuzz_memory_region, 1);
>> +if(!fuzz_memory_region_head)
>> +{
>> +fuzz_memory_region_head = fmr;
>> +fuzz_memory_region_tail = fmr;
>> +}
>> +fmr->io = io;
>> +fmr->start = int128_get64(range->addr.start);
>> +fmr->length = MR_SIZE(range->addr.size);
>> +fmr->next = fuzz_memory_region_head;
>> +fuzz_memory_region_tail->next = fmr;
>> +fuzz_memory_region_tail = fmr;
>> +if(io == true){
>> +total_io_mem += MR_SIZE(range->addr.size)+1;
>> +} else {
>> +total_ram_mem += MR_SIZE(range->addr.size)+1;
>> +}
>> +}
>> +#endif
>
> Why is this patch modifying a print function? I think the goal is to
> build the fuzz_memory_region list and calculate
> total_io_mem/total_ram_mem. This should be done by a separate function.
Yeah, this should just cut-and-paste code from mtree_print_flatview,
then you can remove the printing stuff completely from your copy.
Paolo
Re: [Qemu-devel] [RFC 09/19] fuzz: use mtree_info to find mapped addresses
On Thu, Jul 25, 2019 at 03:23:51AM +, Oleinik, Alexander wrote:
> Locate mmio and port i/o addresses that are mapped to devices so we can
> limit the fuzzer to only these addresses. This should be replaced with
> a sane way of enumaring these memory regions.
>
> Signed-off-by: Alexander Oleinik
> ---
> memory.c | 34 ++
> 1 file changed, 34 insertions(+)
>
> diff --git a/memory.c b/memory.c
> index 5d8c9a9234..fa6cbe4f1d 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -34,6 +34,11 @@
> #include "hw/qdev-properties.h"
> #include "hw/boards.h"
> #include "migration/vmstate.h"
> +#ifdef CONFIG_FUZZ
> +#include "tests/fuzz/fuzz.h"
> +#include "tests/fuzz/qos_fuzz.h"
> +#endif
> +
>
> //#define DEBUG_UNASSIGNED
>
> @@ -3016,12 +3021,20 @@ static void mtree_print_flatview(gpointer key,
> gpointer value,
> int n = view->nr;
> int i;
> AddressSpace *as;
> +#ifdef CONFIG_FUZZ
> +bool io=false;
> +#endif
> +
>
> qemu_printf("FlatView #%d\n", fvi->counter);
> ++fvi->counter;
>
> for (i = 0; i < fv_address_spaces->len; ++i) {
> as = g_array_index(fv_address_spaces, AddressSpace*, i);
> +#ifdef CONFIG_FUZZ
> +if(strcmp("I/O",as->name) == 0)
> +io = true;
> +#endif
> qemu_printf(" AS \"%s\", root: %s",
> as->name, memory_region_name(as->root));
> if (as->root->alias) {
> @@ -3062,6 +3075,27 @@ static void mtree_print_flatview(gpointer key,
> gpointer value,
> range->readonly ? "rom" : memory_region_type(mr),
> memory_region_name(mr));
> }
> +#ifdef CONFIG_FUZZ
> +if(strcmp("i/o", memory_region_type(mr))==0 && strcmp("io",
> memory_region_name(mr))){
> +fuzz_memory_region *fmr = g_new0(fuzz_memory_region, 1);
> +if(!fuzz_memory_region_head)
> +{
> +fuzz_memory_region_head = fmr;
> +fuzz_memory_region_tail = fmr;
> +}
> +fmr->io = io;
> +fmr->start = int128_get64(range->addr.start);
> +fmr->length = MR_SIZE(range->addr.size);
> +fmr->next = fuzz_memory_region_head;
> +fuzz_memory_region_tail->next = fmr;
> +fuzz_memory_region_tail = fmr;
> +if(io == true){
> +total_io_mem += MR_SIZE(range->addr.size)+1;
> +} else {
> +total_ram_mem += MR_SIZE(range->addr.size)+1;
> +}
> +}
> +#endif
Why is this patch modifying a print function? I think the goal is to
build the fuzz_memory_region list and calculate
total_io_mem/total_ram_mem. This should be done by a separate function.
Can you use memory_region_is_ram() instead of the string compares?
Stefan
signature.asc
Description: PGP signature
[Qemu-devel] [RFC 09/19] fuzz: use mtree_info to find mapped addresses
Locate mmio and port i/o addresses that are mapped to devices so we can
limit the fuzzer to only these addresses. This should be replaced with
a sane way of enumaring these memory regions.
Signed-off-by: Alexander Oleinik
---
memory.c | 34 ++
1 file changed, 34 insertions(+)
diff --git a/memory.c b/memory.c
index 5d8c9a9234..fa6cbe4f1d 100644
--- a/memory.c
+++ b/memory.c
@@ -34,6 +34,11 @@
#include "hw/qdev-properties.h"
#include "hw/boards.h"
#include "migration/vmstate.h"
+#ifdef CONFIG_FUZZ
+#include "tests/fuzz/fuzz.h"
+#include "tests/fuzz/qos_fuzz.h"
+#endif
+
//#define DEBUG_UNASSIGNED
@@ -3016,12 +3021,20 @@ static void mtree_print_flatview(gpointer key, gpointer
value,
int n = view->nr;
int i;
AddressSpace *as;
+#ifdef CONFIG_FUZZ
+bool io=false;
+#endif
+
qemu_printf("FlatView #%d\n", fvi->counter);
++fvi->counter;
for (i = 0; i < fv_address_spaces->len; ++i) {
as = g_array_index(fv_address_spaces, AddressSpace*, i);
+#ifdef CONFIG_FUZZ
+if(strcmp("I/O",as->name) == 0)
+io = true;
+#endif
qemu_printf(" AS \"%s\", root: %s",
as->name, memory_region_name(as->root));
if (as->root->alias) {
@@ -3062,6 +3075,27 @@ static void mtree_print_flatview(gpointer key, gpointer
value,
range->readonly ? "rom" : memory_region_type(mr),
memory_region_name(mr));
}
+#ifdef CONFIG_FUZZ
+if(strcmp("i/o", memory_region_type(mr))==0 && strcmp("io",
memory_region_name(mr))){
+fuzz_memory_region *fmr = g_new0(fuzz_memory_region, 1);
+if(!fuzz_memory_region_head)
+{
+fuzz_memory_region_head = fmr;
+fuzz_memory_region_tail = fmr;
+}
+fmr->io = io;
+fmr->start = int128_get64(range->addr.start);
+fmr->length = MR_SIZE(range->addr.size);
+fmr->next = fuzz_memory_region_head;
+fuzz_memory_region_tail->next = fmr;
+fuzz_memory_region_tail = fmr;
+if(io == true){
+total_io_mem += MR_SIZE(range->addr.size)+1;
+} else {
+total_ram_mem += MR_SIZE(range->addr.size)+1;
+}
+}
+#endif
if (fvi->owner) {
mtree_print_mr_owner(mr);
}
--
2.20.1
