diff options
| author | Alexander Bulekov <alxndr@bu.edu> | 2020-10-29 13:28:59 -0400 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2020-11-03 13:17:27 -0500 |
| commit | cc3d99c7418925b9f252482d67055e7c3f2c4814 (patch) | |
| tree | 994472b008b94879d120291f0301dad223478b1e /tests | |
| parent | a9f67c1d51dda405bc6a406d13c8802b98df904e (diff) | |
| download | qemu-cc3d99c7418925b9f252482d67055e7c3f2c4814.zip qemu-cc3d99c7418925b9f252482d67055e7c3f2c4814.tar.gz qemu-cc3d99c7418925b9f252482d67055e7c3f2c4814.tar.bz2 | |
fuzz: check the MR in the DMA callback
We should be checking that the device is trying to read from RAM, before
filling the region with data. Otherwise, we will try to populate
nonsensical addresses in RAM for callbacks on PIO/MMIO reads. We did
this originally, however the final version I sent had the line commented
out..
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20201029172901.534442-3-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/qtest/fuzz/generic_fuzz.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c index 3e2d50f..3a5dbc3 100644 --- a/tests/qtest/fuzz/generic_fuzz.c +++ b/tests/qtest/fuzz/generic_fuzz.c @@ -192,7 +192,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write) */ if (dma_patterns->len == 0 || len == 0 - /* || mr != MACHINE(qdev_get_machine())->ram */ + || mr != current_machine->ram || is_write || addr > current_machine->ram_size) { return; |