diff options
author | John Levon <john.levon@nutanix.com> | 2021-11-24 23:59:24 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-24 23:59:24 +0000 |
commit | 02174878b1f7a70d3ac09c50c12799df0a1f9406 (patch) | |
tree | 62cdd8b99de889d310a65ddbdf2ad5b5257f403d /test/unit-tests.c | |
parent | d8a08f1a18370bcad4fa99a16bdbfc63dbbd35ad (diff) | |
download | libvfio-user-02174878b1f7a70d3ac09c50c12799df0a1f9406.zip libvfio-user-02174878b1f7a70d3ac09c50c12799df0a1f9406.tar.gz libvfio-user-02174878b1f7a70d3ac09c50c12799df0a1f9406.tar.bz2 |
verify region is mapped before acquiring dirty bitmap (#627)
DMA regions not mapped by the server are not dirty tracked (the client must
track changes via handling VFIO_USER_DMA_WRITE), but we weren't correctly
enforcing this, which could segfault when ->dirty_bitmap was NULL.
Found via AFL++.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
Diffstat (limited to 'test/unit-tests.c')
-rw-r--r-- | test/unit-tests.c | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/test/unit-tests.c b/test/unit-tests.c index 9dc222e..cab3fed 100644 --- a/test/unit-tests.c +++ b/test/unit-tests.c @@ -248,50 +248,6 @@ test_handle_dma_unmap(void **state UNUSED) } static void -test_handle_dma_unmap_dirty(void **state UNUSED) -{ - uint64_t bitmap = 0xdeadbeef; - size_t size = sizeof(struct vfio_user_dma_unmap) + sizeof(struct vfio_user_bitmap); - struct vfio_user_dma_unmap *dma_unmap = alloca(size); - dma_unmap->argsz = size + sizeof(bitmap); - dma_unmap->addr = 0x0; - dma_unmap->size = 0x1000; - dma_unmap->flags = VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP; - dma_unmap->bitmap->pgsize = 0x1000; - dma_unmap->bitmap->size = sizeof(bitmap); - - vfu_ctx.dma->nregions = 1; - vfu_ctx.dma->regions[0].info.iova.iov_base = (void *)0x0; - vfu_ctx.dma->regions[0].info.iova.iov_len = 0x1000; - vfu_ctx.dma->regions[0].fd = -1; - - /* - * TODO Hack to avoid mocking dma_controller_dirty_page_get since we're - * moving testing to Python. - */ - vfu_ctx.dma->dirty_pgsize = 0x1000; - vfu_ctx.dma->regions[0].dirty_bitmap = (void *)&bitmap; - - vfu_ctx.dma_unregister = mock_dma_unregister; - - expect_value(mock_dma_unregister, vfu_ctx, &vfu_ctx); - expect_check(mock_dma_unregister, info, check_dma_info, - &vfu_ctx.dma->regions[0].info); - will_return(mock_dma_unregister, 0); - - ret = handle_dma_unmap(&vfu_ctx, - mkmsg(VFIO_USER_DMA_UNMAP, &dma_unmap, size), - dma_unmap); - - assert_int_equal(0, ret); - assert_int_equal(0, vfu_ctx.dma->nregions); - assert_int_equal(size + sizeof(bitmap), msg.out_size); - assert_int_equal(0xdeadbeef, *(uint64_t *)(msg.out_data + size)); - free(msg.out_data); -} - - -static void test_dma_controller_add_region_no_fd(void **state UNUSED) { vfu_dma_addr_t dma_addr = (void *)0xdeadbeef; @@ -717,7 +673,6 @@ main(void) cmocka_unit_test_setup(test_dma_map_without_fd, setup), cmocka_unit_test_setup(test_dma_map_return_value, setup), cmocka_unit_test_setup(test_handle_dma_unmap, setup), - cmocka_unit_test_setup(test_handle_dma_unmap_dirty, setup), cmocka_unit_test_setup(test_dma_controller_add_region_no_fd, setup), cmocka_unit_test_setup(test_dma_controller_remove_region_mapped, setup), cmocka_unit_test_setup(test_dma_controller_remove_region_unmapped, setup), |