Re: [Qemu-devel] [Qemu-block] Q: Report of leaked clusters with qcow2 when disk is resized with a live VM

Kevin Wolf wrote: Am 13.09.2017 um 15:32 hat Darren Kenny geschrieben: Hi Kevin, Thanks for getting back to me so quickly. Kevin Wolf wrote: Am 13.09.2017 um 14:00 hat Darren Kenny geschrieben: [Cross-posted from qemu-devel, meant to send here first] Just keep both lists in the CC

Re: [Qemu-devel] [Qemu-block] Q: Report of leaked clusters with qcow2 when disk is resized with a live VM

Hi Kevin, Thanks for getting back to me so quickly. Kevin Wolf wrote: Am 13.09.2017 um 14:00 hat Darren Kenny geschrieben: [Cross-posted from qemu-devel, meant to send here first] Just keep both lists in the CC for the same email. Will do. There is an issue here, which is that you

[Qemu-devel] Q: Report of leaked clusters with qcow2 when disk is resized with a live VM

Hi, It was observed during some testing of Qemu 2.9 that it appeared that if you resized a qcow2 block device while the VM is running, that an qemu-img check would report that there were leaked clusters. The steps to reproduce are: - First create the test image: # /usr/bin/qemu-img create

Re: [Qemu-devel] [Qemu devel v2 PATCH] msf2: Remove dead code reported by Coverity

On Wed, Oct 18, 2017 at 03:40:38AM +, Subbaraya Sundeep wrote: Fixed incorrect frame size mask, validated maximum frame size in spi_write and removed dead code. Signed-off-by: Subbaraya Sundeep --- v2: else if -> else in set_fifodepth log guest error

Re: [Qemu-devel] [Qemu devel v2 PATCH] msf2: Remove dead code reported by Coverity

Hi Sundeep, On Wed, Oct 18, 2017 at 10:10:07AM +, sundeep subbaraya wrote: Hi Darren, On Wed, Oct 18, 2017 at 2:24 PM, Darren Kenny <darren.ke...@oracle.com> wrote: On Wed, Oct 18, 2017 at 03:40:38AM +, Subbaraya Sundeep wrote: Fixed incorrect frame size mask, validated m

Re: [Qemu-devel] [PATCH] COLO: remove the operation to clear connection list

That's consistent with the documented behaviour of g_hash_table_remove_all(). Reviewed-by: Darren Kenny <darren.ke...@oracle.com> Thanks, Darren. On Tue, Oct 24, 2017 at 03:27:59AM +0800, zhiyong...@ucloud.cn wrote: From: Zhi Yong Wu <zhiyong...@ucloud.cn> When hash tabl

Re: [Qemu-devel] [Qemu devel v3 PATCH] msf2: Remove dead code reported by Coverity

On Sun, Oct 22, 2017 at 06:58:02PM +0530, Subbaraya Sundeep wrote: Fixed incorrect frame size mask, validated maximum frame size in spi_write and removed dead code. Signed-off-by: Subbaraya Sundeep --- v3: Added comment that [31:6] bits are reserved in

Re: [Qemu-devel] [PATCH 0/4] Trivial changes in "registerfields.h"

Looks good to me, for all patches: Reviewed-by: Darren Kenny <darren.ke...@oracle.com> Thanks, Darren. On Wed, Dec 13, 2017 at 02:17:32AM -0300, Philippe Mathieu-Daudé wrote: Philippe Mathieu-Daudé (4): MAINTAINERS: add "hw/registerfields.h" in Register API entry hw/reg

Re: [Qemu-devel] [PATCH] checkpatch: warn when using volatile with a comment

Nevermind, saw that updated comment in the later patch... Thanks, Darren. On Mon, Dec 18, 2017 at 01:36:52PM +, Darren Kenny wrote: Hi Paolo, Slight nit on the subject line, did you mean to s/with/without/ - that seems to reflect the change in the patch more correctly. Thanks, Darren

Re: [Qemu-devel] [PATCH] checkpatch: warn when using volatile with a comment

Hi Paolo, Slight nit on the subject line, did you mean to s/with/without/ - that seems to reflect the change in the patch more correctly. Thanks, Darren. On Mon, Dec 18, 2017 at 01:49:52PM +0100, Paolo Bonzini wrote: On 15/12/2017 19:18, Marc-André Lureau wrote: Instead of an error, lower

Re: [Qemu-devel] [PATCH qemu v2] kvm: Add kvm_set_user_memory tracepoint

=0x%"PRIx64 " ret=%d" Should the slot not be %u?: "Slot#%u ... Otherwise, Reviewed-by: Darren Kenny <darren.ke...@oracle.com> Thanks, Darren.

Re: [Qemu-devel] [PATCH v1 00/13] Fix VNC server unbounded memory usage

Hi Daniel, For the series: Reviewed-by: Darren Kenny <darren.ke...@oracle.com> With one small nit on patch 1. Thanks, Darren. On Mon, Dec 18, 2017 at 07:12:15PM +, Daniel P. Berrange wrote: In the 2.11 release we fixed CVE-2017-15268, which allowed the VNC websockets server to c

Re: [Qemu-devel] [PATCH 19/24] console: add and use qemu_display_find_default

On Fri, Nov 17, 2017 at 11:30:41AM +0100, Gerd Hoffmann wrote: Using the new registry instead of #ifdefs in vl.c. Signed-off-by: Gerd Hoffmann --- include/ui/console.h | 1 + ui/console.c | 19 +++ vl.c | 15 +-- 3 files

Re: [Qemu-devel] [PATCH 19/24] console: add and use qemu_display_find_default

On Fri, Nov 17, 2017 at 04:03:28PM +0100, Gerd Hoffmann wrote: Hi, OK, so the odd thing then is the check for !remote_display earlier on in the function (missing from the quote above) which seems to end up initializing VNC (albeit with localhost) when CONFIG_VNC is defined, but no other local

Re: [Qemu-devel] [PATCH 19/24] console: add and use qemu_display_find_default

Hi Gerd, Thanks for clarifying things for me. On Fri, Nov 17, 2017 at 02:24:54PM +0100, Gerd Hoffmann wrote: Hi, > -dpy.type = DISPLAY_TYPE_NONE; > +if (!qemu_display_find_default()) { > +dpy.type = DISPLAY_TYPE_NONE; > +#if defined(CONFIG_VNC) > +

Re: [Qemu-devel] [PATCH] colo-compare: fix the dangerous assignment

;pbonz...@redhat.com> Fixes: 8ec14402029d783720f4312ed8a925548e1dad61 Reported-by: Peter Maydell <peter.mayd...@linaro.org> Reported-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Mao Zhongyi <maozy.f...@cn.fujitsu.com> Code-wise, this looks like a valid fix to the existing code. Reviewed-by: Dar

Re: [Qemu-devel] [Qemu-block] [PATCH for-2.11] qcow2: Fix overly broad madvise()

FWIW, Reviewed-by: Darren Kenny <darren.ke...@oracle.com> Thanks, Darren. On Tue, Nov 14, 2017 at 07:41:27PM +0100, Max Reitz wrote: @mem_size and @offset are both size_t, thus subtracting them from one another will just return a big size_t if mem_size < offset -- even more obv

Re: [Qemu-devel] [Qemu-block] [PATCH for-2.11] qcow2: Fix overly broad madvise()

Should have said that this is subject to the typo that Eric pointed out, of course. Thanks, Darren. On Wed, Nov 15, 2017 at 11:04:19AM +, Darren Kenny wrote: FWIW, Reviewed-by: Darren Kenny <darren.ke...@oracle.com> Thanks, Darren. On Tue, Nov 14, 2017 at 07:41:27PM +0100, Max

Re: [Qemu-devel] [Qemu-block] [PATCH v3 2/7] block/ssh: make compliant with coding guidelines

On Tue, Nov 07, 2017 at 05:27:19PM -0500, Jeff Cody wrote: Signed-off-by: Jeff Cody <jc...@redhat.com> Reviewed-by: Eric Blake <ebl...@redhat.com> Reviewed-by: Darren Kenny <darren.ke...@oracle.com> --- block/ssh.c | 32 ++-- 1 file changed, 18

Re: [Qemu-devel] [Qemu-block] [PATCH v3 5/7] block/curl: check error return of curl_global_init()

, for clarity - Change the name for clarity - Make it a bool Signed-off-by: Jeff Cody <jc...@redhat.com> Reviewed-by: Eric Blake <ebl...@redhat.com> Reviewed-by: Darren Kenny <darren.ke...@oracle.com> --- block/curl.c | 18 -- 1 file changed, 12 insertions(+), 6

Re: [Qemu-devel] [Qemu-block] [PATCH v3 4/7] block/sheepdog: code beautification

On Tue, Nov 07, 2017 at 05:27:21PM -0500, Jeff Cody wrote: No functional changes, just whitespace manipulation. Signed-off-by: Jeff Cody <jc...@redhat.com> Reviewed-by: Eric Blake <ebl...@redhat.com> Reviewed-by: Darren Kenny <darren.ke...@oracle.com> --- bloc

Re: [Qemu-devel] [Qemu-block] [PATCH v3 7/7] block/curl: code cleanup to comply with coding style

Hi Jeff, While I'm relatively new to this community, I do have some comments about the styling in this file. I don't see anything in the CODING_STYLE file that tells me I'm wrong here, but it's certainly possible... More inline. On Tue, Nov 07, 2017 at 05:27:24PM -0500, Jeff Cody wrote: This

Re: [Qemu-devel] [Qemu-block] [PATCH v3 3/7] block/sheepdog: remove spurious NULL check

edhat.com> Reviewed-by: Darren Kenny <darren.ke...@oracle.com> --- block/sheepdog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/sheepdog.c b/block/sheepdog.c index 696a714..459d93a 100644 --- a/block/sheepdog.c +++ b/block/sheepdog.c @@ -1632,7 +1632,7 @@

Re: [Qemu-devel] [Qemu-block] [PATCH v3 7/7] block/curl: code cleanup to comply with coding style

On Wed, Nov 08, 2017 at 08:26:57AM -0600, Eric Blake wrote: On 11/08/2017 04:47 AM, Darren Kenny wrote: Hi Jeff, While I'm relatively new to this community, I do have some comments about the styling in this file. I don't see anything in the CODING_STYLE file that tells me I'm wrong here

Re: [Qemu-devel] [PATCH] net/socket: fix coverity issue

Hi Jan, On Mon, Nov 06, 2017 at 02:28:05PM +0100, Jens Freimann wrote: This fixes coverity issue CID1005339. Make sure that saddr is not used uninitialized if the mcast parameter is NULL. Cc: qemu-sta...@nongnu.org Reported-by: Peter Maydell Signed-off-by: Jens

Re: [Qemu-devel] [PATCH] scsi: check current request object before use

Are both tests for NULL necessary, the second one would seem to suffice - but also the first check changes whether esp_dma_done() would get called or not here: 276 if (s->async_len == 0) { 277 scsi_req_continue(s->current_req); 278 /* If there is still data to be read from

Re: [Qemu-devel] [PATCH qemu v2] git-submodule.sh: Do not try writing to source directory if not necessary

Hi Alexey, On Thu, Oct 26, 2017 at 12:34:45PM +1100, Alexey Kardashevskiy wrote: The new git-submodule.sh script writes .git-submodule-status to the source directory every time no matter what. This makes it conditional. Signed-off-by: Alexey Kardashevskiy --- Changes: v2: *

Re: [Qemu-devel] [PATCH qemu v2] git-submodule.sh: Do not try writing to source directory if not necessary

On Thu, Oct 26, 2017 at 07:18:24PM +1100, Alexey Kardashevskiy wrote: On 26/10/17 18:13, Darren Kenny wrote: Hi Alexey, On Thu, Oct 26, 2017 at 12:34:45PM +1100, Alexey Kardashevskiy wrote: The new git-submodule.sh script writes .git-submodule-status to the source directory every time

Re: [Qemu-devel] [PATCH qemu v2] git-submodule.sh: Do not try writing to source directory if not necessary

On Thu, Oct 26, 2017 at 08:03:24PM +1100, Alexey Kardashevskiy wrote: On 26/10/17 19:51, Darren Kenny wrote: On Thu, Oct 26, 2017 at 07:18:24PM +1100, Alexey Kardashevskiy wrote: On 26/10/17 18:13, Darren Kenny wrote: Hi Alexey, On Thu, Oct 26, 2017 at 12:34:45PM +1100, Alexey Kardashevskiy

Re: [Qemu-devel] [Qemu devel V4 PATCH] msf2: Remove dead code reported by Coverity

LGTM now, thanks. Reviewed-by: Darren Kenny <darren.ke...@oracle.com> Thanks, Darren. On Wed, Oct 25, 2017 at 07:59:04AM +0530, Subbaraya Sundeep wrote: Fixed incorrect frame size mask, validated maximum frame size in spi_write and removed dead code. Signed-off-by: Subbaraya S

Re: [Qemu-devel] [PATCH] sockets: avoid leak of listen file descriptor

Hi Daniel, On Fri, Oct 20, 2017 at 10:28:44AM +0100, Daniel P. Berrange wrote: If we iterate over the full port range without successfully binding+listening on the socket, we'll try the next address, whereupon we overwrite the slisten file descriptor variable without closing it. Rather than

Re: [Qemu-devel] [PATCH] sockets: avoid leak of listen file descriptor

On Fri, Oct 20, 2017 at 10:54:31AM +0100, Daniel P. Berrange wrote: On Fri, Oct 20, 2017 at 10:28:44AM +0100, Daniel P. Berrange wrote: If we iterate over the full port range without successfully binding+listening on the socket, we'll try the next address, whereupon we overwrite the slisten

Re: [Qemu-devel] [PATCH v2] usb-storage: Fix share-rw option parsing

The code changes look good. Reviewed-by: Darren Kenny <darren.ke...@oracle.com> Thanks, Darren. On Wed, Jan 17, 2018 at 08:52:22AM +0800, Fam Zheng wrote: Because usb-storage creates an internal scsi device, we should propagate options. We already do so for bootindex etc, but failed t

Re: [Qemu-devel] [PATCH 1/1] block-backend: simplify blk_get_aio_context

off-by: Daniel Henrique Barboza <danie...@linux.vnet.ibm.com> Seems to make sense. Reviewed-by: Darren Kenny <darren.ke...@oracle.com> --- block/block-backend.c | 8 +--- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/block/block-backend.c b/block/block-backend.c i

Re: [Qemu-devel] [PATCH v3] scripts/checkpatch.pl: add check for `while` and `for`

t clear that it is part of the condition rather than the block. (You can see other instances of this in the file). Otherwise: Reviewed-by: Darren Kenny <darren.ke...@oracle.com> Thanks, Darren. my ($level, $endln, @chunks) =

Re: [Qemu-devel] [PATCH v2 2/2] hw: vmmouse: drop DEFINE_PROP_PTR()

On Tue, Nov 27, 2018 at 01:38:35PM +0100, Markus Armbruster wrote: Darren Kenny writes: Hi Li Qiang, This is only a suggestion, I'm sure someone else might also correct me, but I'm not sure the subject above really describes what is happening in the commit as a whole. It seems to miss

Re: [Qemu-devel] [PATCH v2 2/2] hw: vmmouse: drop DEFINE_PROP_PTR()

Hi Li Qiang, This is only a suggestion, I'm sure someone else might also correct me, but I'm not sure the subject above really describes what is happening in the commit as a whole. It seems to miss the point that the main change here is to use a link type property, so maybe it might be better

Re: [Qemu-devel] [PATCH v2 1/2] hw: pc: use TYPE_XXX instead of constant strings

On Tue, Nov 27, 2018 at 02:02:02AM -0800, Li Qiang wrote: TYPE_VMMOUSE is defined in vmmouse.c currently, move it to pc.h in order to use it in pc.c. Signed-off-by: Li Qiang Reviewed-by: Darren Kenny --- Change since v1: remove the unnecessary change hw/i386/pc.c | 6 +++--- hw

Re: [Qemu-devel] [RFC PATCH v2 09/17] fuzz: hardcode needed objects into i386 target

Hi Alexander, On Fri, Aug 09, 2019 at 10:33:59AM +0100, Stefan Hajnoczi wrote: On Mon, Aug 05, 2019 at 07:11:10AM +, Oleinik, Alexander wrote: Temporary solution until there is a better build solution for fuzzers in tests/Makefile.include Signed-off-by: Alexander Oleinik ---

Re: [Qemu-devel] [RFC PATCH v2 01/17] fuzz: Move initialization from main to qemu_init

On Mon, Aug 05, 2019 at 09:43:06AM +0200, Paolo Bonzini wrote: On 05/08/19 09:11, Oleinik, Alexander wrote: Using this, we avoid needing a special case to break out of main(), early, when initializing the fuzzer, as we can just call qemu_init. There is still a #define around main(), since it

Re: [Qemu-devel] [PATCH v3 22/22] fuzz: add documentation to docs/devel/

Hi Alexander, Some comments, and questions below... On Wed, Sep 18, 2019 at 11:19:48PM +, Oleinik, Alexander wrote: Signed-off-by: Alexander Oleinik --- docs/devel/fuzzing.txt | 114 + 1 file changed, 114 insertions(+) create mode 100644

Re: [Qemu-devel] [PATCH v3 16/22] fuzz: add fuzzer skeleton

On Wed, Sep 18, 2019 at 11:19:43PM +, Oleinik, Alexander wrote: tests/fuzz/fuzz.c serves as the entry point for the virtual-device fuzzer. Namely, libfuzzer invokes the LLVMFuzzerInitialize and LLVMFuzzerTestOneInput functions, both of which are defined in this file. This change adds a

Re: [Qemu-devel] [PATCH v3 18/22] fuzz: expose fuzz target name

On Wed, Sep 18, 2019 at 11:19:45PM +, Oleinik, Alexander wrote: This is needed for the qos-assisted fuzzers which walk the qos tree and need a way to check if the current path matches the name of the fuzz target. Signed-off-by: Alexander Oleinik --- tests/fuzz/fuzz.c | 3 +++

Re: [PATCH v4 04/20] qtest: add qtest_server_send abstraction

On Wed, Oct 30, 2019 at 02:49:51PM +, Oleinik, Alexander wrote: From: Alexander Oleinik qtest_server_send is a function pointer specifying the handler used to transmit data to the qtest client. In the standard configuration, this calls the CharBackend handler, but now it is possible for

Re: [PATCH v4 03/20] fuzz: Add FUZZ_TARGET module type

On Wed, Oct 30, 2019 at 02:49:50PM +, Oleinik, Alexander wrote: From: Alexander Oleinik Signed-off-by: Alexander Oleinik Reviewed-by: Darren Kenny --- include/qemu/module.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/qemu/module.h b/include/qemu

Re: [PATCH v4 09/20] libqos: split qos-test and libqos makefile vars

anything beside tests/qos-test against libqos. This change separates objects that are libqos-specific and ones that are qos-test specific into different variables. Signed-off-by: Alexander Oleinik Reviewed-by: Darren Kenny --- tests/Makefile.include | 71 +- 1

Re: [PATCH v4 01/20] softmmu: split off vl.c:main() into main.c

On Wed, Oct 30, 2019 at 02:49:48PM +, Oleinik, Alexander wrote: From: Alexander Oleinik A program might rely on functions implemented in vl.c, but implement its own main(). By placing main into a separate source file, there are no complaints about duplicate main()s when linking against

Re: [PATCH v4 00/20] Add virtual device fuzzing support

On Tue, Nov 05, 2019 at 11:28:59AM -0500, Alexander Oleinik wrote: On 11/5/19 8:57 AM, Darren Kenny wrote: Hi Alexander, I've been trying out these patches, and I'm seeing a high volume of crashes - where for v3, there were none in a run of over 3 weeks - so it was a bit of a surprise

Re: [PATCH v4 14/20] fuzz: Add target/fuzz makefile rules

rget/all or target/fuzz, assuming that is correct here. So with that, Reviewed-by: Darren Kenny Thanks, Darren.

Re: [PATCH v4 08/20] tests: provide test variables to other targets

and host-related objects. For example the virtual-device fuzzer relies on both libqtest/libqos objects and softmmu objects. Signed-off-by: Alexander Oleinik Reviewed-by: Darren Kenny --- tests/Makefile.include | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests

Re: [PATCH] migration: Fix the re-run check of the migrate-incoming command

On Wed, Nov 13, 2019 at 08:53:25PM +0300, Yury Kotov wrote: The current check sets an error but doesn't fail the command. This may cause a problem if new connection attempt by the same URI affects the first connection. Signed-off-by: Yury Kotov Reviewed-by: Darren Kenny --- migration

Re: [PATCH v2 1/1] ide: check DMA transfer size in ide_dma_cb() to prevent qemu DoS from quests

k the number of bytes prepared for the transfer by the prepare_buf() handler. If it is not a multiple of 512 then end the DMA transfer with an error. That also fixes the I/O stall in guests after a DMA transfer request for less than the size of a sector. Signed-off-by: Alexander Popov Rev

Re: [PATCH v4 06/20] module: check module wasn't already initialized

if attempts are made to re-init modules. In that case, this test might be more correctly belong in the module's own init() function instead. Assuming for now that it is the correct place to do it, unless someone can say otherwise: Reviewed-by: Darren Kenny --- util/module.c | 7 +++ 1 file

Re: [PATCH v4 00/20] Add virtual device fuzzing support

Hi Alexander, I've been trying out these patches, and I'm seeing a high volume of crashes - where for v3, there were none in a run of over 3 weeks - so it was a bit of a surprise :) The question is what may have changed that is causing that level of crashes - are you seeing this for the

Re: [PATCH v5 00/20] Add virtual device fuzzing support

Hi Alexander, A quick comment on the fact that you omitted any Reviewed-by's that you have received so far. Was that intentional? Thanks, Darren. On Wed, Nov 13, 2019 at 10:50:41PM +, Oleinik, Alexander wrote: This series adds a framework for coverage-guided fuzzing of virtual-devices.

Qemu/KVM fuzzing - next steps

Hi, I've been following Alexander's fuzzing changes from the GSoC project, and it's looking like an excellent start on the introduction of fuzzing into the world of Qemu/KVM. I had a couple of off-list e-mails with Stefan and Alexander, to get some idea of what the intent was going forward, and

Re: [PATCH v2 0/2] Fix spelling/formatting in fuzzing patches

For the series: Reviewed-by: Darren Kenny Thanks, Darren. On Wed, Feb 26, 2020 at 10:14:37PM -0500, Alexander Bulekov wrote: These patches fix some spelling and line-length violations introduced by the device-fuzzing changes: https://lists.gnu.org/archive/html/qemu-devel/2020-02/msg05965

Re: [PATCH] hw/i386/vmmouse: Fix crash when using the vmmouse on a machine without vmport

ftmmu/qemu-system-x86_64 -device vmmouse -M pc,vmport=off Segmentation fault (core dumped) Let's avoid the crash by checking for the vmport device first. Signed-off-by: Thomas Huth Makes sense. Reviewed-by: Darren Kenny Thanks, Darren --- hw/i386/vmmouse.c | 6 ++ 1 file changed, 6 insertion

Re: [PATCH v8 05/21] libqtest: add a layer of abstraction to send/recv

, without the standard way of writing to a file descriptor. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Reviewed-by: Stefan Hajnoczi --- tests/qtest/libqtest.c | 48 ++ 1 file changed, 39 insertions(+), 9 deletions(-) diff --git a/tests/qtest

Re: [PATCH v8 06/21] libqtest: make bufwrite rely on the TransportOps

his change replaces the socket_send calls with ops->send, maintaining the benefits of the direct socket_send call, while adding support for in-process qtest calls. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny --- tests/qtest/li

Re: [PATCH v8 07/21] qtest: add in-process incoming command handler

On Wed, Jan 29, 2020 at 05:34:17AM +, Bulekov, Alexander wrote: The handler allows a qtest client to send commands to the server by directly calling a function, rather than using a file/CharBackend Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny

Re: [PATCH v8 11/21] fuzz: add fuzzer skeleton

char* in the structure, and the most common use-case today is during init only, but it is usually safer to clone such a structure, and possibly create functions to clone, and possibly free. It's not vital, so I'm happy to give a Rb based on the current code, but something worth considering for the future. Revi

Re: [PATCH v8 03/21] fuzz: add FUZZ_TARGET module type

On Wed, Jan 29, 2020 at 05:34:13AM +, Bulekov, Alexander wrote: Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny --- include/qemu/module.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/qemu/module.h b/include/qemu

Re: [PATCH v8 04/21] qtest: add qtest_server_send abstraction

direct-function calls if the qtest client and server exist within the same process (inproc) Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Acked-by: Thomas Huth --- include/sysemu/qtest.h | 3 +++ qtest.c| 18 -- 2

Re: [PATCH v8 08/21] libqos: rename i2c_send and i2c_recv

to avoid this. Signed-off-by: Alexander Bulekov Acked-by: Thomas Huth Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny --- tests/qtest/libqos/i2c.c | 10 +- tests/qtest/libqos/i2c.h | 4 ++-- tests/qtest/pca9552-test.c | 10 +- 3 files changed, 12 insertions(+), 12

Re: [PATCH v8 12/21] exec: keep ram block across fork when using qtest

On Wed, Jan 29, 2020 at 05:34:21AM +, Bulekov, Alexander wrote: Ram blocks were marked MADV_DONTFORK breaking fuzzing-tests which execute each test-input in a forked process. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny --- exec.c | 12

Re: [PATCH v8 15/21] fuzz: add support for qos-assisted fuzz targets

On Wed, Jan 29, 2020 at 05:34:24AM +, Bulekov, Alexander wrote: Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi --- tests/qtest/fuzz/Makefile.include | 2 + tests/qtest/fuzz/qos_fuzz.c | 229 ++ tests/qtest/fuzz/qos_fuzz.h | 33 + 3

Re: [PATCH v8 17/21] fuzz: add configure flag --enable-fuzzing

On Wed, Jan 29, 2020 at 05:34:25AM +, Bulekov, Alexander wrote: Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Darren Kenny --- configure | 39 +++ 1 file changed, 39 insertions

Re: [PATCH v8 18/21] fuzz: add i440fx fuzz targets

and forking to reset state, or not resetting it at all. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny A couple of nit below w.r.t. commenting on how the fuzzed data is being processed. --- tests/qtest/fuzz/Makefile.include | 3 + tests/qtest/fuzz

Re: [PATCH v8 10/21] libqos: move useful qos-test funcs to qos_external

Hajnoczi Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Darren Kenny --- tests/qtest/Makefile.include | 1 + tests/qtest/libqos/qos_external.c | 168 ++ tests/qtest/libqos/qos_external.h | 28 + tests/qtest/qos-test.c| 132 +-- 4

Re: [PATCH v8 21/21] fuzz: add documentation to docs/devel/

On Wed, Jan 29, 2020 at 05:34:29AM +, Bulekov, Alexander wrote: Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny --- docs/devel/fuzzing.txt | 116 + 1 file changed, 116 insertions(+) create mode 100644 docs

Re: [PATCH v8 20/21] fuzz: add virtio-scsi fuzz target

Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Similar comments below here about maybe documenting how the fuzz data is being mapped into actions. --- tests/qtest/fuzz/Makefile.include | 1 + tests/qtest/fuzz/virtio_scsi_fuzz.c | 200 2 files

Re: [PATCH v8 19/21] fuzz: add virtio-net fuzz target

On Wed, Jan 29, 2020 at 05:34:27AM +, Bulekov, Alexander wrote: The virtio-net fuzz target feeds inputs to all three virtio-net virtqueues, and uses forking to avoid leaking state between fuzz runs. Signed-off-by: Alexander Bulekov --- tests/qtest/fuzz/Makefile.include | 1 +

Re: [PATCH v8 13/21] main: keep rcu_atfork callback enabled for qtest

On Wed, Jan 29, 2020 at 05:34:22AM +, Bulekov, Alexander wrote: The qtest-based fuzzer makes use of forking to reset-state between tests. Keep the callback enabled, so the call_rcu thread gets created within the child process. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny

Re: [PATCH v8 01/21] softmmu: split off vl.c:main() into main.c

.f10ceda541 --- /dev/null +++ b/main.c @@ -0,0 +1,53 @@ +/* + * QEMU System Emulator + * + * Copyright (c) 2003-2008 Fabrice Bellard I don't know the rules but, maybe that should also be extended to 2019/2020 since this is a new file. Otherwise, Reviewed-by: Darren Kenny Thanks, Darren.

Re: [PATCH v10 01/22] softmmu: move vl.c to softmmu/

On Wed, Feb 19, 2020 at 11:10:57PM -0500, Alexander Bulekov wrote: Move vl.c to a separate directory, similar to linux-user/ Update the chechpatch and get_maintainer scripts, since they relied on /vl.c for top_of_tree checks. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny

Re: [PATCH v10 16/22] fuzz: add support for qos-assisted fuzz targets

On Wed, Feb 19, 2020 at 11:11:12PM -0500, Alexander Bulekov wrote: Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny --- tests/qtest/fuzz/Makefile.include | 2 + tests/qtest/fuzz/qos_fuzz.c | 234 ++ tests/qtest/fuzz

Re: [PATCH v10 15/22] fuzz: support for fork-based fuzzing.

-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny --- tests/qtest/fuzz/Makefile.include | 5 +++ tests/qtest/fuzz/fork_fuzz.c | 55 +++ tests/qtest/fuzz/fork_fuzz.h | 23 + tests/qtest/fuzz/fork_fuzz.ld | 37

Re: [PATCH v10 20/22] fuzz: add virtio-net fuzz target

On Wed, Feb 19, 2020 at 11:11:16PM -0500, Alexander Bulekov wrote: The virtio-net fuzz target feeds inputs to all three virtio-net virtqueues, and uses forking to avoid leaking state between fuzz runs. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny

Re: [PATCH v10 21/22] fuzz: add virtio-scsi fuzz target

Bulekov Reviewed-by: Darren Kenny --- tests/qtest/fuzz/Makefile.include | 1 + tests/qtest/fuzz/virtio_scsi_fuzz.c | 213 2 files changed, 214 insertions(+) create mode 100644 tests/qtest/fuzz/virtio_scsi_fuzz.c diff --git a/tests/qtest/fuzz/Makefile.include b/tests

Re: [PATCH] fuzz: select fuzz target using executable name

uzzer. > > Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny > --- > tests/qtest/fuzz/fuzz.c | 19 +++ > 1 file changed, 11 insertions(+), 8 deletions(-) > > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c > index 0d78ac8d36..c6932cec4a 1

Re: [PATCH v2] fuzz: select fuzz target using executable name

t; Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny > --- > tests/qtest/fuzz/fuzz.c | 19 +++ > 1 file changed, 11 insertions(+), 8 deletions(-) > > This patch should be free of any changes to the slirp submodule. > > diff --git a/tests/qtest/fuzz/fuz

Re: [PATCH v3 2/2] char-file: add test for distinct path= and pathin=

Hi Alex, On Monday, 2020-05-11 at 23:47:50 -04, Alexander Bulekov wrote: > Signed-off-by: Alexander Bulekov Thanks for making those changes. Reviewed-by: Darren Kenny Thanks, Darren. > --- > tests/test-char.c | 96 +++ > 1 file

Re: [PATCH 3/4] fuzz: add mangled object name to linker script

the > region by its mangled name: *(.bss._ZN6fuzzer3TPCE); > > Signed-off-by: Alexander Bulekov FWIW, since I'm not really familiar with the syntax, but I understand what the intent is: Reviewed-by: Darren Kenny > --- > tests/qtest/fuzz/fork_fuzz.ld | 5 + > 1 file changed,

Re: [PATCH 4/4] fuzz: run the main-loop in fork-server process

nt/fork-server process runs the main-loop, while waiting on the > child, ensuring that the timer events do not pile up, over time. > > Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny > --- > tests/qtest/fuzz/i440fx_fuzz.c | 1 + > tests/qtest/fuzz/virti

Re: [PATCH 1/4] fuzz: add datadir for oss-fuzz compatability

On Monday, 2020-05-11 at 23:01:30 -04, Alexander Bulekov wrote: > This allows us to keep pc-bios in executable_dir/pc-bios, rather than > executable_dir/../pc-bios, which is incompatible with oss-fuzz' file > structure. > > Signed-off-by: Alexander Bulekov Reviewed-b

Re: [PATCH 2/4] fuzz: fix typo in i440fx-qtest-reboot arguments

On Monday, 2020-05-11 at 23:01:31 -04, Alexander Bulekov wrote: > Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny > --- > tests/qtest/fuzz/i440fx_fuzz.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tests/qtest/fuzz/i440fx_fuzz.c

Re: [PATCH v2 1/2] chardev: enable distinct input for -chardev file

gt; qemu -chardev file,id=char1,path=/out/file,pathin=/in/file > > Signed-off-by: Alexander Bulekov > Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny > --- > chardev/char-file.c | 5 + > chardev/char.c | 3 +++ > qemu-options.hx | 7 +-- >

Re: [PATCH v2 2/2] char-file: add test for distinct path= and pathin=

Hi Alex, For the most part this looks fine, but I wonder if maybe there should be a couple more assertions to be certain that things are set up correctly at first, as well as maybe being sure to confirm that things weren't modified using stat(). See below... On Thursday, 2020-05-07 at 02:24:42

Re: [PATCH v2 3/3] megasas: use unsigned type for positive numeric fields

On Thursday, 2020-05-14 at 00:55:40 +0530, P J P wrote: > From: Prasad J Pandit > > Use unsigned type for the MegasasState fields which hold positive > numeric values. > > Signed-off-by: Prasad J Pandit Reviewed-by: Darren Kenny > --- >

Re: [PATCH v2 1/3] megasas: use unsigned type for reply_queue_head and check index

Hi Prasad, On Thursday, 2020-05-14 at 00:55:38 +0530, P J P wrote: > From: Prasad J Pandit > > A guest user may set 'reply_queue_head' field of MegasasState to > a negative value. Later in 'megasas_lookup_frame' it is used to > index into s->frames[] array. Use unsigned type to avoid OOB >

Re: [PATCH v2 2/3] megasas: avoid NULL pointer dereference

e. > > Reported-by: Alexander Bulekov > Fixes: https://bugs.launchpad.net/qemu/+bug/1878259 > Signed-off-by: Prasad J Pandit Reviewed-by: Darren Kenny > --- > hw/scsi/megasas.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/scsi/megasas.c b/hw/scs

Re: [PATCH-for-5.0] ui/input-linux: Do not ignore ioctl() return value

> ui/input-linux.c:366:9: warning: Value stored to 'rc' is never read > rc = ioctl(il->fd, EVIOCGKEY(sizeof(keystate)), keystate); > ^ > > Reported-

Re: [PATCH] tests/qtest/tpm: Declare input buffers const and static

On Wednesday, 2020-09-02 at 10:09:09 +02, Philippe Mathieu-Daudé wrote: > The functions using these arrays expect a "const unsigned char *" > argument, it is safe to declare these as 'static const'. > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Darren Kenny &g

Re: [PATCH v2 02/15] fuzz: Add general virtual-device fuzzer

Hi Alex, Apologies for not taking so long to get to this. On Wednesday, 2020-08-19 at 02:10:57 -04, Alexander Bulekov wrote: > This is a generic fuzzer designed to fuzz a virtual device's > MemoryRegions, as long as they exist within the Memory or Port IO (if it > exists) AddressSpaces. The

Re: [PATCH v2 03/15] fuzz: Add PCI features to the general fuzzer

t; converted to pci_read/write commands which target specific. This means > that we can fuzz a particular device's PCI configuration space, > > Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Thanks, Darren. > --- > tests/qtest/fuzz/general_fuzz.c | 83 +++

Re: [PATCH] oss-fuzz: move linker arg to fix coverage-build

Hi Alex, I'm certainly not an expert in meson, but have some questions below... On Wednesday, 2020-09-09 at 18:05:16 -04, Alexander Bulekov wrote: > The order of the add_project_link_arguments calls impacts which > arguments are placed between --start-group and --end-group. > OSS-Fuzz coverage

Re: [PATCH] oss-fuzz: move linker arg to fix coverage-build

On Thursday, 2020-09-10 at 12:36:52 -04, Alexander Bulekov wrote: > On 200910 1645, Darren Kenny wrote: >> Hi Alex, >> >> I'm certainly not an expert in meson, but have some questions below... >> >> On Wednesday, 2020-09-09 at 18:05:16 -04, Alexan

Re: [PATCH v2 05/15] fuzz: Declare DMA Read callback function

b is > an empty, inlined function. As long as we don't call any other functions > when building the arguments, there should be no overhead. > > Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny > --- > include/exec/memory.h | 15 +++ > softmmu/memory.c

Re: [PATCH v2 09/15] fuzz: add a crossover function to generic-fuzzer

On Wednesday, 2020-08-19 at 02:11:04 -04, Alexander Bulekov wrote: > Signed-off-by: Alexander Bulekov > --- > tests/qtest/fuzz/general_fuzz.c | 81 - > 1 file changed, 80 insertions(+), 1 deletion(-) > > diff --git a/tests/qtest/fuzz/general_fuzz.c

  1   2   3   >