aboutsummaryrefslogtreecommitdiff
path: root/memory_ldst.c.inc
diff options
context:
space:
mode:
authorAlexander Bulekov <alxndr@bu.edu>2021-01-20 01:02:55 -0500
committerPaolo Bonzini <pbonzini@redhat.com>2021-02-08 14:43:54 +0100
commitfc1c8344e65807843ae8eaa25284e5277bdcd1eb (patch)
treea14b23020cf22dc265017b4f6daec6dd4de02707 /memory_ldst.c.inc
parent6f0e9c26dbae9ac18b89d359791008fe3432ca91 (diff)
downloadqemu-fc1c8344e65807843ae8eaa25284e5277bdcd1eb.zip
qemu-fc1c8344e65807843ae8eaa25284e5277bdcd1eb.tar.gz
qemu-fc1c8344e65807843ae8eaa25284e5277bdcd1eb.tar.bz2
fuzz: ignore address_space_map is_write flag
We passed an is_write flag to the fuzz_dma_read_cb function to differentiate between the mapped DMA regions that need to be populated with fuzzed data, and those that don't. We simply passed through the address_space_map is_write parameter. The goal was to cut down on unnecessarily populating mapped DMA regions, when they are not read from. Unfortunately, nothing precludes code from reading from regions mapped with is_write=true. For example, see: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04729.html This patch removes the is_write parameter to fuzz_dma_read_cb. As a result, we will fill all mapped DMA regions with fuzzed data, ignoring the specified transfer direction. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20210120060255.558535-1-alxndr@bu.edu>
Diffstat (limited to 'memory_ldst.c.inc')
-rw-r--r--memory_ldst.c.inc8
1 files changed, 4 insertions, 4 deletions
diff --git a/memory_ldst.c.inc b/memory_ldst.c.inc
index 2fed2de..b56e961 100644
--- a/memory_ldst.c.inc
+++ b/memory_ldst.c.inc
@@ -42,7 +42,7 @@ static inline uint32_t glue(address_space_ldl_internal, SUFFIX)(ARG1_DECL,
MO_32 | devend_memop(endian), attrs);
} else {
/* RAM case */
- fuzz_dma_read_cb(addr, 4, mr, false);
+ fuzz_dma_read_cb(addr, 4, mr);
ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN:
@@ -111,7 +111,7 @@ static inline uint64_t glue(address_space_ldq_internal, SUFFIX)(ARG1_DECL,
MO_64 | devend_memop(endian), attrs);
} else {
/* RAM case */
- fuzz_dma_read_cb(addr, 8, mr, false);
+ fuzz_dma_read_cb(addr, 8, mr);
ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN:
@@ -177,7 +177,7 @@ uint32_t glue(address_space_ldub, SUFFIX)(ARG1_DECL,
r = memory_region_dispatch_read(mr, addr1, &val, MO_8, attrs);
} else {
/* RAM case */
- fuzz_dma_read_cb(addr, 1, mr, false);
+ fuzz_dma_read_cb(addr, 1, mr);
ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
val = ldub_p(ptr);
r = MEMTX_OK;
@@ -215,7 +215,7 @@ static inline uint32_t glue(address_space_lduw_internal, SUFFIX)(ARG1_DECL,
MO_16 | devend_memop(endian), attrs);
} else {
/* RAM case */
- fuzz_dma_read_cb(addr, 2, mr, false);
+ fuzz_dma_read_cb(addr, 2, mr);
ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN: