diff options
| author | Li Qiang <liq3ea@163.com> | 2020-09-21 09:06:05 -0700 |
|---|---|---|
| committer | Thomas Huth <thuth@redhat.com> | 2020-10-13 08:08:55 +0200 |
| commit | d8dd10950199ee4a505dc4872171dcb1b4ca6710 (patch) | |
| tree | 86f07852fe7c0f113e50014ea6c73b2ba16b8e2e | |
| parent | ec4d2feb27c5e46a69e2c2d588e982c9327e325e (diff) | |
| download | qemu-d8dd10950199ee4a505dc4872171dcb1b4ca6710.zip qemu-d8dd10950199ee4a505dc4872171dcb1b4ca6710.tar.gz qemu-d8dd10950199ee4a505dc4872171dcb1b4ca6710.tar.bz2 | |
qtest: add fuzz test case
Currently the device fuzzer finds more and more issues.
For every fuzz case, we need not only the fixes but also
the corresponding test case. We can analysis the reproducer
for every case and find what happened in where and write
a beautiful test case. However the raw data of reproducer is not
friendly to analysis. It will take a very long time, even far more
than the fixes itself. So let's create a new file to hold all of
the fuzz test cases and just use the raw data to act as the test
case. This way nobody will be afraid of writing a test case for
the fuzz reproducer.
This patch adds the issue LP#1878263 test case.
Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20200921160605.19329-1-liq3ea@163.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
[thuth: Slightly adjusted commit message, removed empty lines]
Signed-off-by: Thomas Huth <thuth@redhat.com>
| -rw-r--r-- | tests/qtest/fuzz-test.c | 49 | ||||
| -rw-r--r-- | tests/qtest/meson.build | 1 |
2 files changed, 50 insertions, 0 deletions
diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c new file mode 100644 index 0000000..2f38bb1 --- /dev/null +++ b/tests/qtest/fuzz-test.c @@ -0,0 +1,49 @@ +/* + * QTest testcase for fuzz case + * + * Copyright (c) 2020 Li Qiang <liq3ea@gmail.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "libqos/libqtest.h" + +/* + * This used to trigger the assert in scsi_dma_complete + * https://bugs.launchpad.net/qemu/+bug/1878263 + */ +static void test_lp1878263_megasas_zero_iov_cnt(void) +{ + QTestState *s; + + s = qtest_init("-nographic -monitor none -serial none " + "-M q35 -device megasas -device scsi-cd,drive=null0 " + "-blockdev driver=null-co,read-zeroes=on,node-name=null0"); + qtest_outl(s, 0xcf8, 0x80001818); + qtest_outl(s, 0xcfc, 0xc101); + qtest_outl(s, 0xcf8, 0x8000181c); + qtest_outl(s, 0xcf8, 0x80001804); + qtest_outw(s, 0xcfc, 0x7); + qtest_outl(s, 0xcf8, 0x8000186a); + qtest_writeb(s, 0x14, 0xfe); + qtest_writeb(s, 0x0, 0x02); + qtest_outb(s, 0xc1c0, 0x17); + qtest_quit(s); +} + +int main(int argc, char **argv) +{ + const char *arch = qtest_get_arch(); + + g_test_init(&argc, &argv, NULL); + + if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { + qtest_add_func("fuzz/test_lp1878263_megasas_zero_iov_cnt", + test_lp1878263_megasas_zero_iov_cnt); + } + + return g_test_run(); +} diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index 0f32ca0..6c6bfb5 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -54,6 +54,7 @@ qtests_i386 = \ 'bios-tables-test', 'rtc-test', 'i440fx-test', + 'fuzz-test', 'fw_cfg-test', 'device-plug-test', 'drive_del-test', |