diff options
author | Alexander Bulekov <alxndr@bu.edu> | 2021-01-20 01:02:55 -0500 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2021-02-08 14:43:54 +0100 |
commit | fc1c8344e65807843ae8eaa25284e5277bdcd1eb (patch) | |
tree | a14b23020cf22dc265017b4f6daec6dd4de02707 /softmmu | |
parent | 6f0e9c26dbae9ac18b89d359791008fe3432ca91 (diff) | |
download | qemu-fc1c8344e65807843ae8eaa25284e5277bdcd1eb.zip qemu-fc1c8344e65807843ae8eaa25284e5277bdcd1eb.tar.gz qemu-fc1c8344e65807843ae8eaa25284e5277bdcd1eb.tar.bz2 |
fuzz: ignore address_space_map is_write flag
We passed an is_write flag to the fuzz_dma_read_cb function to
differentiate between the mapped DMA regions that need to be populated
with fuzzed data, and those that don't. We simply passed through the
address_space_map is_write parameter. The goal was to cut down on
unnecessarily populating mapped DMA regions, when they are not read
from.
Unfortunately, nothing precludes code from reading from regions mapped
with is_write=true. For example, see:
https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04729.html
This patch removes the is_write parameter to fuzz_dma_read_cb. As a
result, we will fill all mapped DMA regions with fuzzed data, ignoring
the specified transfer direction.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20210120060255.558535-1-alxndr@bu.edu>
Diffstat (limited to 'softmmu')
-rw-r--r-- | softmmu/memory.c | 5 | ||||
-rw-r--r-- | softmmu/physmem.c | 4 |
2 files changed, 4 insertions, 5 deletions
diff --git a/softmmu/memory.c b/softmmu/memory.c index c0c814f..23e8e33 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -1440,7 +1440,7 @@ MemTxResult memory_region_dispatch_read(MemoryRegion *mr, unsigned size = memop_size(op); MemTxResult r; - fuzz_dma_read_cb(addr, size, mr, false); + fuzz_dma_read_cb(addr, size, mr); if (!memory_region_access_valid(mr, addr, size, false, attrs)) { *pval = unassigned_mem_read(mr, addr, size); return MEMTX_DECODE_ERROR; @@ -3285,8 +3285,7 @@ void memory_region_init_rom_device(MemoryRegion *mr, #ifdef CONFIG_FUZZ void __attribute__((weak)) fuzz_dma_read_cb(size_t addr, size_t len, - MemoryRegion *mr, - bool is_write) + MemoryRegion *mr) { } #endif diff --git a/softmmu/physmem.c b/softmmu/physmem.c index 243c309..96efaef 100644 --- a/softmmu/physmem.c +++ b/softmmu/physmem.c @@ -2839,7 +2839,7 @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr, stn_he_p(buf, l, val); } else { /* RAM case */ - fuzz_dma_read_cb(addr, len, mr, false); + fuzz_dma_read_cb(addr, len, mr); ram_ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false); memcpy(buf, ram_ptr, l); } @@ -3200,7 +3200,7 @@ void *address_space_map(AddressSpace *as, memory_region_ref(mr); *plen = flatview_extend_translation(fv, addr, len, mr, xlat, l, is_write, attrs); - fuzz_dma_read_cb(addr, *plen, mr, is_write); + fuzz_dma_read_cb(addr, *plen, mr); ptr = qemu_ram_ptr_length(mr->ram_block, xlat, plen, true); return ptr; |