Kevin Wolf wrote:
Am 13.09.2017 um 15:32 hat Darren Kenny geschrieben:
Hi Kevin,
Thanks for getting back to me so quickly.
Kevin Wolf wrote:
Am 13.09.2017 um 14:00 hat Darren Kenny geschrieben:
[Cross-posted from qemu-devel, meant to send here first]
Just keep both lists in the CC
Hi Kevin,
Thanks for getting back to me so quickly.
Kevin Wolf wrote:
Am 13.09.2017 um 14:00 hat Darren Kenny geschrieben:
[Cross-posted from qemu-devel, meant to send here first]
Just keep both lists in the CC for the same email.
Will do.
There is an issue here, which is that you
Hi,
It was observed during some testing of Qemu 2.9 that it appeared that if you
resized a qcow2 block device while the VM is running, that an qemu-img check
would report that there were leaked clusters.
The steps to reproduce are:
- First create the test image:
# /usr/bin/qemu-img create
On Wed, Oct 18, 2017 at 03:40:38AM +, Subbaraya Sundeep wrote:
Fixed incorrect frame size mask, validated maximum frame
size in spi_write and removed dead code.
Signed-off-by: Subbaraya Sundeep
---
v2:
else if -> else in set_fifodepth
log guest error
Hi Sundeep,
On Wed, Oct 18, 2017 at 10:10:07AM +, sundeep subbaraya wrote:
Hi Darren,
On Wed, Oct 18, 2017 at 2:24 PM, Darren Kenny <darren.ke...@oracle.com>
wrote:
On Wed, Oct 18, 2017 at 03:40:38AM +, Subbaraya Sundeep wrote:
Fixed incorrect frame size mask, validated m
That's consistent with the documented behaviour of
g_hash_table_remove_all().
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Thanks,
Darren.
On Tue, Oct 24, 2017 at 03:27:59AM +0800, zhiyong...@ucloud.cn wrote:
From: Zhi Yong Wu <zhiyong...@ucloud.cn>
When hash tabl
On Sun, Oct 22, 2017 at 06:58:02PM +0530, Subbaraya Sundeep wrote:
Fixed incorrect frame size mask, validated maximum frame
size in spi_write and removed dead code.
Signed-off-by: Subbaraya Sundeep
---
v3:
Added comment that [31:6] bits are reserved in
Looks good to me, for all patches:
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Thanks,
Darren.
On Wed, Dec 13, 2017 at 02:17:32AM -0300, Philippe Mathieu-Daudé wrote:
Philippe Mathieu-Daudé (4):
MAINTAINERS: add "hw/registerfields.h" in Register API entry
hw/reg
Nevermind, saw that updated comment in the later patch...
Thanks,
Darren.
On Mon, Dec 18, 2017 at 01:36:52PM +, Darren Kenny wrote:
Hi Paolo,
Slight nit on the subject line, did you mean to s/with/without/ -
that seems to reflect the change in the patch more correctly.
Thanks,
Darren
Hi Paolo,
Slight nit on the subject line, did you mean to s/with/without/ -
that seems to reflect the change in the patch more correctly.
Thanks,
Darren.
On Mon, Dec 18, 2017 at 01:49:52PM +0100, Paolo Bonzini wrote:
On 15/12/2017 19:18, Marc-André Lureau wrote:
Instead of an error, lower
=0x%"PRIx64 " ret=%d"
Should the slot not be %u?:
"Slot#%u ...
Otherwise,
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Thanks,
Darren.
Hi Daniel,
For the series:
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
With one small nit on patch 1.
Thanks,
Darren.
On Mon, Dec 18, 2017 at 07:12:15PM +, Daniel P. Berrange wrote:
In the 2.11 release we fixed CVE-2017-15268, which allowed the VNC websockets
server to c
On Fri, Nov 17, 2017 at 11:30:41AM +0100, Gerd Hoffmann wrote:
Using the new registry instead of #ifdefs in vl.c.
Signed-off-by: Gerd Hoffmann
---
include/ui/console.h | 1 +
ui/console.c | 19 +++
vl.c | 15 +--
3 files
On Fri, Nov 17, 2017 at 04:03:28PM +0100, Gerd Hoffmann wrote:
Hi,
OK, so the odd thing then is the check for !remote_display earlier
on in the function (missing from the quote above) which seems to end
up initializing VNC (albeit with localhost) when CONFIG_VNC is
defined, but no other local
Hi Gerd,
Thanks for clarifying things for me.
On Fri, Nov 17, 2017 at 02:24:54PM +0100, Gerd Hoffmann wrote:
Hi,
> -dpy.type = DISPLAY_TYPE_NONE;
> +if (!qemu_display_find_default()) {
> +dpy.type = DISPLAY_TYPE_NONE;
> +#if defined(CONFIG_VNC)
> +
;pbonz...@redhat.com>
Fixes: 8ec14402029d783720f4312ed8a925548e1dad61
Reported-by: Peter Maydell <peter.mayd...@linaro.org>
Reported-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Mao Zhongyi <maozy.f...@cn.fujitsu.com>
Code-wise, this looks like a valid fix to the existing code.
Reviewed-by: Dar
FWIW,
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Thanks,
Darren.
On Tue, Nov 14, 2017 at 07:41:27PM +0100, Max Reitz wrote:
@mem_size and @offset are both size_t, thus subtracting them from one
another will just return a big size_t if mem_size < offset -- even more
obv
Should have said that this is subject to the typo that Eric pointed
out, of course.
Thanks,
Darren.
On Wed, Nov 15, 2017 at 11:04:19AM +, Darren Kenny wrote:
FWIW,
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Thanks,
Darren.
On Tue, Nov 14, 2017 at 07:41:27PM +0100, Max
On Tue, Nov 07, 2017 at 05:27:19PM -0500, Jeff Cody wrote:
Signed-off-by: Jeff Cody <jc...@redhat.com>
Reviewed-by: Eric Blake <ebl...@redhat.com>
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
---
block/ssh.c | 32 ++--
1 file changed, 18
, for clarity
- Change the name for clarity
- Make it a bool
Signed-off-by: Jeff Cody <jc...@redhat.com>
Reviewed-by: Eric Blake <ebl...@redhat.com>
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
---
block/curl.c | 18 --
1 file changed, 12 insertions(+), 6
On Tue, Nov 07, 2017 at 05:27:21PM -0500, Jeff Cody wrote:
No functional changes, just whitespace manipulation.
Signed-off-by: Jeff Cody <jc...@redhat.com>
Reviewed-by: Eric Blake <ebl...@redhat.com>
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
---
bloc
Hi Jeff,
While I'm relatively new to this community, I do have some comments
about the styling in this file.
I don't see anything in the CODING_STYLE file that tells me I'm
wrong here, but it's certainly possible...
More inline.
On Tue, Nov 07, 2017 at 05:27:24PM -0500, Jeff Cody wrote:
This
edhat.com>
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
---
block/sheepdog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/sheepdog.c b/block/sheepdog.c
index 696a714..459d93a 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -1632,7 +1632,7 @@
On Wed, Nov 08, 2017 at 08:26:57AM -0600, Eric Blake wrote:
On 11/08/2017 04:47 AM, Darren Kenny wrote:
Hi Jeff,
While I'm relatively new to this community, I do have some comments
about the styling in this file.
I don't see anything in the CODING_STYLE file that tells me I'm
wrong here
Hi Jan,
On Mon, Nov 06, 2017 at 02:28:05PM +0100, Jens Freimann wrote:
This fixes coverity issue CID1005339.
Make sure that saddr is not used uninitialized if the
mcast parameter is NULL.
Cc: qemu-sta...@nongnu.org
Reported-by: Peter Maydell
Signed-off-by: Jens
Are both tests for NULL necessary, the second one would seem to
suffice - but also the first check changes whether esp_dma_done()
would get called or not here:
276 if (s->async_len == 0) {
277 scsi_req_continue(s->current_req);
278 /* If there is still data to be read from
Hi Alexey,
On Thu, Oct 26, 2017 at 12:34:45PM +1100, Alexey Kardashevskiy wrote:
The new git-submodule.sh script writes .git-submodule-status to
the source directory every time no matter what. This makes it conditional.
Signed-off-by: Alexey Kardashevskiy
---
Changes:
v2:
*
On Thu, Oct 26, 2017 at 07:18:24PM +1100, Alexey Kardashevskiy wrote:
On 26/10/17 18:13, Darren Kenny wrote:
Hi Alexey,
On Thu, Oct 26, 2017 at 12:34:45PM +1100, Alexey Kardashevskiy wrote:
The new git-submodule.sh script writes .git-submodule-status to
the source directory every time
On Thu, Oct 26, 2017 at 08:03:24PM +1100, Alexey Kardashevskiy wrote:
On 26/10/17 19:51, Darren Kenny wrote:
On Thu, Oct 26, 2017 at 07:18:24PM +1100, Alexey Kardashevskiy wrote:
On 26/10/17 18:13, Darren Kenny wrote:
Hi Alexey,
On Thu, Oct 26, 2017 at 12:34:45PM +1100, Alexey Kardashevskiy
LGTM now, thanks.
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Thanks,
Darren.
On Wed, Oct 25, 2017 at 07:59:04AM +0530, Subbaraya Sundeep wrote:
Fixed incorrect frame size mask, validated maximum frame
size in spi_write and removed dead code.
Signed-off-by: Subbaraya S
Hi Daniel,
On Fri, Oct 20, 2017 at 10:28:44AM +0100, Daniel P. Berrange wrote:
If we iterate over the full port range without successfully binding+listening
on the socket, we'll try the next address, whereupon we overwrite the slisten
file descriptor variable without closing it.
Rather than
On Fri, Oct 20, 2017 at 10:54:31AM +0100, Daniel P. Berrange wrote:
On Fri, Oct 20, 2017 at 10:28:44AM +0100, Daniel P. Berrange wrote:
If we iterate over the full port range without successfully binding+listening
on the socket, we'll try the next address, whereupon we overwrite the slisten
The code changes look good.
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Thanks,
Darren.
On Wed, Jan 17, 2018 at 08:52:22AM +0800, Fam Zheng wrote:
Because usb-storage creates an internal scsi device, we should propagate
options. We already do so for bootindex etc, but failed t
off-by: Daniel Henrique Barboza <danie...@linux.vnet.ibm.com>
Seems to make sense.
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
---
block/block-backend.c | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
i
t clear that it is part of the
condition rather than the block. (You can see other instances of
this in the file).
Otherwise:
Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Thanks,
Darren.
my ($level, $endln, @chunks) =
On Tue, Nov 27, 2018 at 01:38:35PM +0100, Markus Armbruster wrote:
Darren Kenny writes:
Hi Li Qiang,
This is only a suggestion, I'm sure someone else might also correct
me, but I'm not sure the subject above really describes what is
happening in the commit as a whole.
It seems to miss
Hi Li Qiang,
This is only a suggestion, I'm sure someone else might also correct
me, but I'm not sure the subject above really describes what is
happening in the commit as a whole.
It seems to miss the point that the main change here is to use a
link type property, so maybe it might be better
On Tue, Nov 27, 2018 at 02:02:02AM -0800, Li Qiang wrote:
TYPE_VMMOUSE is defined in vmmouse.c currently, move it
to pc.h in order to use it in pc.c.
Signed-off-by: Li Qiang
Reviewed-by: Darren Kenny
---
Change since v1: remove the unnecessary change
hw/i386/pc.c | 6 +++---
hw
Hi Alexander,
On Fri, Aug 09, 2019 at 10:33:59AM +0100, Stefan Hajnoczi wrote:
On Mon, Aug 05, 2019 at 07:11:10AM +, Oleinik, Alexander wrote:
Temporary solution until there is a better build solution for fuzzers in
tests/Makefile.include
Signed-off-by: Alexander Oleinik
---
On Mon, Aug 05, 2019 at 09:43:06AM +0200, Paolo Bonzini wrote:
On 05/08/19 09:11, Oleinik, Alexander wrote:
Using this, we avoid needing a special case to break out of main(),
early, when initializing the fuzzer, as we can just call qemu_init.
There is still a #define around main(), since it
Hi Alexander,
Some comments, and questions below...
On Wed, Sep 18, 2019 at 11:19:48PM +, Oleinik, Alexander wrote:
Signed-off-by: Alexander Oleinik
---
docs/devel/fuzzing.txt | 114 +
1 file changed, 114 insertions(+)
create mode 100644
On Wed, Sep 18, 2019 at 11:19:43PM +, Oleinik, Alexander wrote:
tests/fuzz/fuzz.c serves as the entry point for the virtual-device
fuzzer. Namely, libfuzzer invokes the LLVMFuzzerInitialize and
LLVMFuzzerTestOneInput functions, both of which are defined in this
file. This change adds a
On Wed, Sep 18, 2019 at 11:19:45PM +, Oleinik, Alexander wrote:
This is needed for the qos-assisted fuzzers which walk the qos tree and
need a way to check if the current path matches the name of the fuzz
target.
Signed-off-by: Alexander Oleinik
---
tests/fuzz/fuzz.c | 3 +++
On Wed, Oct 30, 2019 at 02:49:51PM +, Oleinik, Alexander wrote:
From: Alexander Oleinik
qtest_server_send is a function pointer specifying the handler used to
transmit data to the qtest client. In the standard configuration, this
calls the CharBackend handler, but now it is possible for
On Wed, Oct 30, 2019 at 02:49:50PM +, Oleinik, Alexander wrote:
From: Alexander Oleinik
Signed-off-by: Alexander Oleinik
Reviewed-by: Darren Kenny
---
include/qemu/module.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/qemu/module.h b/include/qemu
anything
beside tests/qos-test against libqos. This change separates objects that
are libqos-specific and ones that are qos-test specific into different
variables.
Signed-off-by: Alexander Oleinik
Reviewed-by: Darren Kenny
---
tests/Makefile.include | 71 +-
1
On Wed, Oct 30, 2019 at 02:49:48PM +, Oleinik, Alexander wrote:
From: Alexander Oleinik
A program might rely on functions implemented in vl.c, but implement its
own main(). By placing main into a separate source file, there are no
complaints about duplicate main()s when linking against
On Tue, Nov 05, 2019 at 11:28:59AM -0500, Alexander Oleinik wrote:
On 11/5/19 8:57 AM, Darren Kenny wrote:
Hi Alexander,
I've been trying out these patches, and I'm seeing a high volume of
crashes - where for v3, there were none in a run of over 3 weeks -
so it was a bit of a surprise
rget/all or target/fuzz,
assuming that is correct here.
So with that,
Reviewed-by: Darren Kenny
Thanks,
Darren.
and host-related
objects. For example the virtual-device fuzzer relies on both
libqtest/libqos objects and softmmu objects.
Signed-off-by: Alexander Oleinik
Reviewed-by: Darren Kenny
---
tests/Makefile.include | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests
On Wed, Nov 13, 2019 at 08:53:25PM +0300, Yury Kotov wrote:
The current check sets an error but doesn't fail the command.
This may cause a problem if new connection attempt by the same URI
affects the first connection.
Signed-off-by: Yury Kotov
Reviewed-by: Darren Kenny
---
migration
k the number of bytes prepared for the transfer
by the prepare_buf() handler. If it is not a multiple of 512 then end
the DMA transfer with an error.
That also fixes the I/O stall in guests after a DMA transfer request
for less than the size of a sector.
Signed-off-by: Alexander Popov
Rev
if attempts are made to re-init modules.
In that case, this test might be more correctly belong in the
module's own init() function instead.
Assuming for now that it is the correct place to do it, unless
someone can say otherwise:
Reviewed-by: Darren Kenny
---
util/module.c | 7 +++
1 file
Hi Alexander,
I've been trying out these patches, and I'm seeing a high volume of
crashes - where for v3, there were none in a run of over 3 weeks -
so it was a bit of a surprise :)
The question is what may have changed that is causing that level of
crashes - are you seeing this for the
Hi Alexander,
A quick comment on the fact that you omitted any Reviewed-by's that
you have received so far.
Was that intentional?
Thanks,
Darren.
On Wed, Nov 13, 2019 at 10:50:41PM +, Oleinik, Alexander wrote:
This series adds a framework for coverage-guided fuzzing of
virtual-devices.
Hi,
I've been following Alexander's fuzzing changes from the GSoC
project, and it's looking like an excellent start on the
introduction of fuzzing into the world of Qemu/KVM.
I had a couple of off-list e-mails with Stefan and Alexander, to get
some idea of what the intent was going forward, and
For the series:
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Wed, Feb 26, 2020 at 10:14:37PM -0500, Alexander Bulekov wrote:
These patches fix some spelling and line-length violations introduced by
the device-fuzzing changes:
https://lists.gnu.org/archive/html/qemu-devel/2020-02/msg05965
ftmmu/qemu-system-x86_64 -device vmmouse -M pc,vmport=off
Segmentation fault (core dumped)
Let's avoid the crash by checking for the vmport device first.
Signed-off-by: Thomas Huth
Makes sense.
Reviewed-by: Darren Kenny
Thanks,
Darren
---
hw/i386/vmmouse.c | 6 ++
1 file changed, 6 insertion
, without the standard way of writing to a file descriptor.
Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Reviewed-by: Stefan Hajnoczi
---
tests/qtest/libqtest.c | 48 ++
1 file changed, 39 insertions(+), 9 deletions(-)
diff --git a/tests/qtest
his change replaces the socket_send calls with ops->send,
maintaining the benefits of the direct socket_send call, while adding
support for in-process qtest calls.
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
---
tests/qtest/li
On Wed, Jan 29, 2020 at 05:34:17AM +, Bulekov, Alexander wrote:
The handler allows a qtest client to send commands to the server by
directly calling a function, rather than using a file/CharBackend
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
char* in the structure, and the
most common use-case today is during init only, but it is usually
safer to clone such a structure, and possibly create functions to
clone, and possibly free.
It's not vital, so I'm happy to give a Rb based on the current
code, but something worth considering for the future.
Revi
On Wed, Jan 29, 2020 at 05:34:13AM +, Bulekov, Alexander wrote:
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
---
include/qemu/module.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/qemu/module.h b/include/qemu
direct-function calls if the qtest client and server
exist within the same process (inproc)
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
Acked-by: Thomas Huth
---
include/sysemu/qtest.h | 3 +++
qtest.c| 18 --
2
to avoid this.
Signed-off-by: Alexander Bulekov
Acked-by: Thomas Huth
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
---
tests/qtest/libqos/i2c.c | 10 +-
tests/qtest/libqos/i2c.h | 4 ++--
tests/qtest/pca9552-test.c | 10 +-
3 files changed, 12 insertions(+), 12
On Wed, Jan 29, 2020 at 05:34:21AM +, Bulekov, Alexander wrote:
Ram blocks were marked MADV_DONTFORK breaking fuzzing-tests which
execute each test-input in a forked process.
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
---
exec.c | 12
On Wed, Jan 29, 2020 at 05:34:24AM +, Bulekov, Alexander wrote:
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
---
tests/qtest/fuzz/Makefile.include | 2 +
tests/qtest/fuzz/qos_fuzz.c | 229 ++
tests/qtest/fuzz/qos_fuzz.h | 33 +
3
On Wed, Jan 29, 2020 at 05:34:25AM +, Bulekov, Alexander wrote:
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
---
configure | 39 +++
1 file changed, 39 insertions
and forking to reset state, or not resetting it at all.
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
A couple of nit below w.r.t. commenting on how the fuzzed data is
being processed.
---
tests/qtest/fuzz/Makefile.include | 3 +
tests/qtest/fuzz
Hajnoczi
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
---
tests/qtest/Makefile.include | 1 +
tests/qtest/libqos/qos_external.c | 168 ++
tests/qtest/libqos/qos_external.h | 28 +
tests/qtest/qos-test.c| 132 +--
4
On Wed, Jan 29, 2020 at 05:34:29AM +, Bulekov, Alexander wrote:
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
---
docs/devel/fuzzing.txt | 116 +
1 file changed, 116 insertions(+)
create mode 100644 docs
Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
Similar comments below here about maybe documenting how the fuzz
data is being mapped into actions.
---
tests/qtest/fuzz/Makefile.include | 1 +
tests/qtest/fuzz/virtio_scsi_fuzz.c | 200
2 files
On Wed, Jan 29, 2020 at 05:34:27AM +, Bulekov, Alexander wrote:
The virtio-net fuzz target feeds inputs to all three virtio-net
virtqueues, and uses forking to avoid leaking state between fuzz runs.
Signed-off-by: Alexander Bulekov
---
tests/qtest/fuzz/Makefile.include | 1 +
On Wed, Jan 29, 2020 at 05:34:22AM +, Bulekov, Alexander wrote:
The qtest-based fuzzer makes use of forking to reset-state between
tests. Keep the callback enabled, so the call_rcu thread gets created
within the child process.
Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
.f10ceda541
--- /dev/null
+++ b/main.c
@@ -0,0 +1,53 @@
+/*
+ * QEMU System Emulator
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
I don't know the rules but, maybe that should also be extended to
2019/2020 since this is a new file.
Otherwise,
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Wed, Feb 19, 2020 at 11:10:57PM -0500, Alexander Bulekov wrote:
Move vl.c to a separate directory, similar to linux-user/
Update the chechpatch and get_maintainer scripts, since they relied on
/vl.c for top_of_tree checks.
Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
On Wed, Feb 19, 2020 at 11:11:12PM -0500, Alexander Bulekov wrote:
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
---
tests/qtest/fuzz/Makefile.include | 2 +
tests/qtest/fuzz/qos_fuzz.c | 234 ++
tests/qtest/fuzz
-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
---
tests/qtest/fuzz/Makefile.include | 5 +++
tests/qtest/fuzz/fork_fuzz.c | 55 +++
tests/qtest/fuzz/fork_fuzz.h | 23 +
tests/qtest/fuzz/fork_fuzz.ld | 37
On Wed, Feb 19, 2020 at 11:11:16PM -0500, Alexander Bulekov wrote:
The virtio-net fuzz target feeds inputs to all three virtio-net
virtqueues, and uses forking to avoid leaking state between fuzz runs.
Signed-off-by: Alexander Bulekov
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
Bulekov
Reviewed-by: Darren Kenny
---
tests/qtest/fuzz/Makefile.include | 1 +
tests/qtest/fuzz/virtio_scsi_fuzz.c | 213
2 files changed, 214 insertions(+)
create mode 100644 tests/qtest/fuzz/virtio_scsi_fuzz.c
diff --git a/tests/qtest/fuzz/Makefile.include
b/tests
uzzer.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/fuzz.c | 19 +++
> 1 file changed, 11 insertions(+), 8 deletions(-)
>
> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> index 0d78ac8d36..c6932cec4a 1
t; Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/fuzz.c | 19 +++
> 1 file changed, 11 insertions(+), 8 deletions(-)
>
> This patch should be free of any changes to the slirp submodule.
>
> diff --git a/tests/qtest/fuzz/fuz
Hi Alex,
On Monday, 2020-05-11 at 23:47:50 -04, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Thanks for making those changes.
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> tests/test-char.c | 96 +++
> 1 file
the
> region by its mangled name: *(.bss._ZN6fuzzer3TPCE);
>
> Signed-off-by: Alexander Bulekov
FWIW, since I'm not really familiar with the syntax, but I understand
what the intent is:
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/fork_fuzz.ld | 5 +
> 1 file changed,
nt/fork-server process runs the main-loop, while waiting on the
> child, ensuring that the timer events do not pile up, over time.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/i440fx_fuzz.c | 1 +
> tests/qtest/fuzz/virti
On Monday, 2020-05-11 at 23:01:30 -04, Alexander Bulekov wrote:
> This allows us to keep pc-bios in executable_dir/pc-bios, rather than
> executable_dir/../pc-bios, which is incompatible with oss-fuzz' file
> structure.
>
> Signed-off-by: Alexander Bulekov
Reviewed-b
On Monday, 2020-05-11 at 23:01:31 -04, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> tests/qtest/fuzz/i440fx_fuzz.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tests/qtest/fuzz/i440fx_fuzz.c
gt; qemu -chardev file,id=char1,path=/out/file,pathin=/in/file
>
> Signed-off-by: Alexander Bulekov
> Reviewed-by: Stefan Hajnoczi
Reviewed-by: Darren Kenny
> ---
> chardev/char-file.c | 5 +
> chardev/char.c | 3 +++
> qemu-options.hx | 7 +--
>
Hi Alex,
For the most part this looks fine, but I wonder if maybe there should be
a couple more assertions to be certain that things are set up correctly
at first, as well as maybe being sure to confirm that things weren't
modified using stat().
See below...
On Thursday, 2020-05-07 at 02:24:42
On Thursday, 2020-05-14 at 00:55:40 +0530, P J P wrote:
> From: Prasad J Pandit
>
> Use unsigned type for the MegasasState fields which hold positive
> numeric values.
>
> Signed-off-by: Prasad J Pandit
Reviewed-by: Darren Kenny
> ---
>
Hi Prasad,
On Thursday, 2020-05-14 at 00:55:38 +0530, P J P wrote:
> From: Prasad J Pandit
>
> A guest user may set 'reply_queue_head' field of MegasasState to
> a negative value. Later in 'megasas_lookup_frame' it is used to
> index into s->frames[] array. Use unsigned type to avoid OOB
>
e.
>
> Reported-by: Alexander Bulekov
> Fixes: https://bugs.launchpad.net/qemu/+bug/1878259
> Signed-off-by: Prasad J Pandit
Reviewed-by: Darren Kenny
> ---
> hw/scsi/megasas.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/scsi/megasas.c b/hw/scs
> ui/input-linux.c:366:9: warning: Value stored to 'rc' is never read
> rc = ioctl(il->fd, EVIOCGKEY(sizeof(keystate)), keystate);
> ^
>
> Reported-
On Wednesday, 2020-09-02 at 10:09:09 +02, Philippe Mathieu-Daudé wrote:
> The functions using these arrays expect a "const unsigned char *"
> argument, it is safe to declare these as 'static const'.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
&g
Hi Alex,
Apologies for not taking so long to get to this.
On Wednesday, 2020-08-19 at 02:10:57 -04, Alexander Bulekov wrote:
> This is a generic fuzzer designed to fuzz a virtual device's
> MemoryRegions, as long as they exist within the Memory or Port IO (if it
> exists) AddressSpaces. The
t; converted to pci_read/write commands which target specific. This means
> that we can fuzz a particular device's PCI configuration space,
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
Thanks,
Darren.
> ---
> tests/qtest/fuzz/general_fuzz.c | 83 +++
Hi Alex,
I'm certainly not an expert in meson, but have some questions below...
On Wednesday, 2020-09-09 at 18:05:16 -04, Alexander Bulekov wrote:
> The order of the add_project_link_arguments calls impacts which
> arguments are placed between --start-group and --end-group.
> OSS-Fuzz coverage
On Thursday, 2020-09-10 at 12:36:52 -04, Alexander Bulekov wrote:
> On 200910 1645, Darren Kenny wrote:
>> Hi Alex,
>>
>> I'm certainly not an expert in meson, but have some questions below...
>>
>> On Wednesday, 2020-09-09 at 18:05:16 -04, Alexan
b is
> an empty, inlined function. As long as we don't call any other functions
> when building the arguments, there should be no overhead.
>
> Signed-off-by: Alexander Bulekov
Reviewed-by: Darren Kenny
> ---
> include/exec/memory.h | 15 +++
> softmmu/memory.c
On Wednesday, 2020-08-19 at 02:11:04 -04, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov
> ---
> tests/qtest/fuzz/general_fuzz.c | 81 -
> 1 file changed, 80 insertions(+), 1 deletion(-)
>
> diff --git a/tests/qtest/fuzz/general_fuzz.c
1 - 100 of 214 matches
Mail list logo