[v3,00/16] Add a General Virtual Device Fuzzer

Message ID	20200921022506.873303-1-alxndr@bu.edu
Headers	show Return-Path: <SRS0=MAm8=C6=nongnu.org=qemu-devel-bounces+qemu-devel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 560F52078E From: Alexander Bulekov <alxndr@bu.edu> To: qemu-devel@nongnu.org Subject: [PATCH v3 00/16] Add a General Virtual Device Fuzzer Date: Sun, 20 Sep 2020 22:24:50 -0400 Message-Id: <20200921022506.873303-1-alxndr@bu.edu> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received-SPF: pass client-ip=40.107.220.133; envelope-from=alxndr@bu.edu; helo=NAM11-CO1-obe.outbound.protection.outlook.com Precedence: list Cc: darren.kenny@oracle.com, bsd@redhat.com, philmd@redhat.com, stefanha@redhat.com, Alexander Bulekov <alxndr@bu.edu> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>
Series	Add a General Virtual Device Fuzzer \| expand [v3,00/16] Add a General Virtual Device Fuzzer [v3,01/16] memory: Add FlatView foreach function [v3,02/16] fuzz: Add general virtual-device fuzzer [v3,03/16] fuzz: Add PCI features to the general fuzzer [v3,04/16] fuzz: Add DMA support to the generic-fuzzer [v3,05/16] fuzz: Declare DMA Read callback function [v3,06/16] fuzz: Add fuzzer callbacks to DMA-read functions [v3,07/16] fuzz: Add support for custom crossover functions [v3,08/16] fuzz: add a DISABLE_PCI op to general-fuzzer [v3,09/16] fuzz: add a crossover function to generic-fuzzer [v3,10/16] scripts/oss-fuzz: Add wrapper program for generic fuzzer [v3,11/16] scripts/oss-fuzz: Add general-fuzzer build script [v3,12/16] scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz [v3,13/16] scripts/oss-fuzz: build the general-fuzzer configs [v3,14/16] scripts/oss-fuzz: Add script to reorder a general-fuzzer trace [v3,15/16] scripts/oss-fuzz: Add crash trace minimization script [v3,16/16] fuzz: Add instructions for using general-fuzz

Alexander Bulekov Sept. 21, 2020, 2:24 a.m. UTC

v3:
	- Use flatviews to help select regions for fuzzing 
	- Meson-related changes
    - Add some documentation
	- Improve minimalization script to trim write{bwlq} commands
v2:
	- Remove QOS dependency.
	- Add a custom crossover function
	- Fix broken minimization scripts
	- Fixes to the IO region and DMA handling code

This is a general virtual-device fuzzer, designed to fuzz devices over Port IO,
MMIO, and DMA.

To get started with this:
 1. Build the fuzzers (see docs/devel/fuzzing.txt)
    Note: Build with --enable-sanitizers, or create a "dictionary file":
    echo kw1=\"FUZZ\" > dict
    and pass it as an argument to libFuzzer with -dict=./dict
    This magic value is a command separator that lets the fuzzer perform
    multiple IO actions with a single input.

 2. Pick the qemu arguments you wish to fuzz:
    export QEMU_FUZZ_ARGS="-M q35 -device virtio-balloon"

 3. Tell the fuzzer which QOM objects or MemoryRegion names to fuzz. I find the
 "info qom-tree", "info qtree" and "info mtree" commands useful for identifying
 these. Supports globbing. Here I will try to simultaneously fuzz(for no good
 reason) virtio-balloon and e1000e, which is included by default in the q35:
    export QEMU_FUZZ_OBJECTS='virtio* e1000*'
    You can also try to fuzz the whole machine:
    export QEMU_FUZZ_OBJECTS='*'

 4. Run the fuzzer for 0 inputs. The fuzzer should output a list of
 MemoryRegions/PCI Devices it will try to fuzz. Confirm that these match your
 expectations.
    ./i386-softmmu/qemu-fuzz-i386 --fuzz-target=general-fuzz -runs=0

 5. Run the fuzzer:
    ./i386-softmmu/qemu-fuzz-i386 --fuzz-target=general-fuzz 


Basically, at the core, this fuzzer is an interpreter that splits the input
into a series of commands, such as mmio_write, pio_write, etc. We structure
these commands to hit only MemoryRegions that are associated with the devices
specified in QEMU_FUZZ_OBJECTS. Additionally, these patches add "hooks" to
functions that are typically used by virtual-devices to read from RAM (DMA).
These hooks attempt to populate these DMA regions with fuzzed data, just in
time.

Some of the issues I have found or reproduced with this fuzzer:
https://bugs.launchpad.net/bugs/1525123
https://bugs.launchpad.net/bugs/1681439
https://bugs.launchpad.net/bugs/1777315
https://bugs.launchpad.net/bugs/1878034
https://bugs.launchpad.net/bugs/1878043
https://bugs.launchpad.net/bugs/1878054
https://bugs.launchpad.net/bugs/1878057
https://bugs.launchpad.net/bugs/1878067
https://bugs.launchpad.net/bugs/1878134
https://bugs.launchpad.net/bugs/1878136
https://bugs.launchpad.net/bugs/1878253
https://bugs.launchpad.net/bugs/1878255
https://bugs.launchpad.net/bugs/1878259
https://bugs.launchpad.net/bugs/1878263
https://bugs.launchpad.net/bugs/1878323
https://bugs.launchpad.net/bugs/1878641
https://bugs.launchpad.net/bugs/1878642
https://bugs.launchpad.net/bugs/1878645
https://bugs.launchpad.net/bugs/1878651
https://bugs.launchpad.net/bugs/1879223
https://bugs.launchpad.net/bugs/1879227
https://bugs.launchpad.net/bugs/1879531
https://bugs.launchpad.net/bugs/1880355
https://bugs.launchpad.net/bugs/1880539
https://bugs.launchpad.net/bugs/1884693
https://bugs.launchpad.net/bugs/1886362
https://bugs.launchpad.net/bugs/1887303
https://bugs.launchpad.net/bugs/1887309
https://bugs.launchpad.net/bugs/697510

Alexander Bulekov (16):
  memory: Add FlatView foreach function
  fuzz: Add general virtual-device fuzzer
  fuzz: Add PCI features to the general fuzzer
  fuzz: Add DMA support to the generic-fuzzer
  fuzz: Declare DMA Read callback function
  fuzz: Add fuzzer callbacks to DMA-read functions
  fuzz: Add support for custom crossover functions
  fuzz: add a DISABLE_PCI op to general-fuzzer
  fuzz: add a crossover function to generic-fuzzer
  scripts/oss-fuzz: Add wrapper program for generic fuzzer
  scripts/oss-fuzz: Add general-fuzzer build script
  scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz
  scripts/oss-fuzz: build the general-fuzzer configs
  scripts/oss-fuzz: Add script to reorder a general-fuzzer trace
  scripts/oss-fuzz: Add crash trace minimization script
  fuzz: Add instructions for using general-fuzz

 docs/devel/fuzzing.txt                        |  38 +
 exec.c                                        |   2 +
 include/exec/memory.h                         |  21 +
 include/exec/memory_ldst_cached.h.inc         |   3 +
 memory_ldst.c.inc                             |   4 +
 scripts/oss-fuzz/build.sh                     |   7 +
 scripts/oss-fuzz/build_general_fuzzers.py     |  69 ++
 scripts/oss-fuzz/general_fuzzer_configs.yml   | 103 +++
 scripts/oss-fuzz/minimize_qtest_trace.py      | 157 ++++
 .../oss-fuzz/reorder_fuzzer_qtest_trace.py    |  94 ++
 scripts/oss-fuzz/target_template.c            |  40 +
 softmmu/memory.c                              |  23 +
 tests/qtest/fuzz/fuzz.c                       |  13 +
 tests/qtest/fuzz/fuzz.h                       |  27 +
 tests/qtest/fuzz/general_fuzz.c               | 854 ++++++++++++++++++
 tests/qtest/fuzz/meson.build                  |   1 +
 16 files changed, 1456 insertions(+)
 create mode 100755 scripts/oss-fuzz/build_general_fuzzers.py
 create mode 100644 scripts/oss-fuzz/general_fuzzer_configs.yml
 create mode 100755 scripts/oss-fuzz/minimize_qtest_trace.py
 create mode 100755 scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py
 create mode 100644 scripts/oss-fuzz/target_template.c
 create mode 100644 tests/qtest/fuzz/general_fuzz.c

no-reply@patchew.org Sept. 21, 2020, 2:45 a.m. UTC | #1

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20200921022506.873303-1-alxndr@bu.edu
Subject: [PATCH v3 00/16] Add a General Virtual Device Fuzzer

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]      patchew/20200920114416.353277-1-f4bug@amsat.org -> patchew/20200920114416.353277-1-f4bug@amsat.org
 - [tag update]      patchew/20200920155042.400737-1-f4bug@amsat.org -> patchew/20200920155042.400737-1-f4bug@amsat.org
 * [new tag]         patchew/20200921022506.873303-1-alxndr@bu.edu -> patchew/20200921022506.873303-1-alxndr@bu.edu
Switched to a new branch 'test'
885f529 fuzz: Add instructions for using general-fuzz
c60146b scripts/oss-fuzz: Add crash trace minimization script
a8bc368 scripts/oss-fuzz: Add script to reorder a general-fuzzer trace
316bf46 scripts/oss-fuzz: build the general-fuzzer configs
9a97bb7 scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz
23556b7 scripts/oss-fuzz: Add general-fuzzer build script
245e070 scripts/oss-fuzz: Add wrapper program for generic fuzzer
891a00a fuzz: add a crossover function to generic-fuzzer
f814247 fuzz: add a DISABLE_PCI op to general-fuzzer
5c574ed fuzz: Add support for custom crossover functions
11ed4b4 fuzz: Add fuzzer callbacks to DMA-read functions
6613942 fuzz: Declare DMA Read callback function
ec2c675 fuzz: Add DMA support to the generic-fuzzer
6eb92b4 fuzz: Add PCI features to the general fuzzer
d0d5046 fuzz: Add general virtual-device fuzzer
c925032 memory: Add FlatView foreach function

=== OUTPUT BEGIN ===
1/16 Checking commit c925032667fa (memory: Add FlatView foreach function)
2/16 Checking commit d0d5046ad116 (fuzz: Add general virtual-device fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#19: 
new file mode 100644

total: 0 errors, 1 warnings, 505 lines checked

Patch 2/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/16 Checking commit 6eb92b44834e (fuzz: Add PCI features to the general fuzzer)
4/16 Checking commit ec2c675d3c66 (fuzz: Add DMA support to the generic-fuzzer)
ERROR: externs should be avoided in .c files
#84: FILE: tests/qtest/fuzz/general_fuzz.c:120:
+void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write);

total: 1 errors, 0 warnings, 247 lines checked

Patch 4/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/16 Checking commit 6613942d235c (fuzz: Declare DMA Read callback function)
6/16 Checking commit 11ed4b463abe (fuzz: Add fuzzer callbacks to DMA-read functions)
7/16 Checking commit 5c574ed8159a (fuzz: Add support for custom crossover functions)
8/16 Checking commit f8142473c0f9 (fuzz: add a DISABLE_PCI op to general-fuzzer)
9/16 Checking commit 891a00a3410a (fuzz: add a crossover function to generic-fuzzer)
10/16 Checking commit 245e07058f48 (scripts/oss-fuzz: Add wrapper program for generic fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 40 lines checked

Patch 10/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
11/16 Checking commit 23556b7712cd (scripts/oss-fuzz: Add general-fuzzer build script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

WARNING: line over 80 characters
#57: FILE: scripts/oss-fuzz/build_general_fuzzers.py:36:
+                   fuzz_args=str_to_c_byte_array(cfg["args"].replace("\n", " ")),

WARNING: line over 80 characters
#58: FILE: scripts/oss-fuzz/build_general_fuzzers.py:37:
+                   fuzz_objs=str_to_c_byte_array(cfg["objects"].replace("\n", " ")),

total: 0 errors, 3 warnings, 69 lines checked

Patch 11/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/16 Checking commit 9a97bb7982d2 (scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100644

total: 0 errors, 1 warnings, 103 lines checked

Patch 12/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
13/16 Checking commit 316bf46fb3a7 (scripts/oss-fuzz: build the general-fuzzer configs)
14/16 Checking commit a8bc368fc111 (scripts/oss-fuzz: Add script to reorder a general-fuzzer trace)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#22: 
new file mode 100755

total: 0 errors, 1 warnings, 94 lines checked

Patch 14/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
15/16 Checking commit c60146b50a2b (scripts/oss-fuzz: Add crash trace minimization script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

total: 0 errors, 1 warnings, 157 lines checked

Patch 15/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
16/16 Checking commit 885f5295ce5f (fuzz: Add instructions for using general-fuzz)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 2:58 a.m. UTC | #2

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

Host machine cpu: x86_64
Target machine cpu family: x86
Target machine cpu: x86_64
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/tmp/qemu-test/src/slirp'
Generating nsis with a custom command
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
make[1]: Entering directory '/tmp/qemu-test/build'
make[2]: Entering directory '/tmp/qemu-test/src/slirp'
make[2]: Nothing to be done for 'all'.
---
Host machine cpu: i386
Target machine cpu family: x86
Target machine cpu: i386
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
Compiling C object libqemu-x86_64-softmmu.fa.p/meson-generated_.._qapi_qapi-introspect.c.obj
Compiling C object libqemu-x86_64-softmmu.fa.p/meson-generated_.._qapi_qapi-types-misc-target.c.obj
../src/softmmu/memory.c: In function 'flatview_for_each_range':
../src/softmmu/memory.c:662:24: error: incompatible type for argument 1 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                ~~~~~~~~^~~~~~
      |                        |
      |                        Int128 {aka struct Int128}
../src/softmmu/memory.c:662:24: note: expected 'ram_addr_t' {aka 'unsigned int'} but argument is of type 'Int128' {aka 'struct Int128'}
../src/softmmu/memory.c:662:40: error: incompatible type for argument 2 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                                ~~~~~~~~^~~~~
      |                                        |
      |                                        Int128 {aka struct Int128}
../src/softmmu/memory.c:662:40: note: expected 'ram_addr_t' {aka 'unsigned int'} but argument is of type 'Int128' {aka 'struct Int128'}
Compiling C object libqemu-x86_64-softmmu.fa.p/meson-generated_.._qapi_qapi-init-commands.c.obj
make: *** [Makefile.ninja:1642: libqemu-x86_64-softmmu.fa.p/softmmu_memory.c.obj] Error 1
make: *** Waiting for unfinished jobs....
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 709, in <module>
---
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--rm', '--label', 'com.qemu.instance.uuid=a0ab34f4ceae48228c5f799018992ddf', '-u', '1001', '--security-opt', 'seccomp=unconfined', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-5y5gpn49/src/docker-src.2020-09-20-22.46.26.4071:/var/tmp/qemu:z,ro', 'qemu/fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=a0ab34f4ceae48228c5f799018992ddf
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-5y5gpn49/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real    12m30.289s
user    0m20.383s


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 3:30 a.m. UTC | #3

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20200921022506.873303-1-alxndr@bu.edu
Subject: [PATCH v3 00/16] Add a General Virtual Device Fuzzer

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 - [tag update]      patchew/20200921022506.873303-1-alxndr@bu.edu -> patchew/20200921022506.873303-1-alxndr@bu.edu
Switched to a new branch 'test'
d7cd74b fuzz: Add instructions for using general-fuzz
3134005 scripts/oss-fuzz: Add crash trace minimization script
21ca1ac scripts/oss-fuzz: Add script to reorder a general-fuzzer trace
78e1a44 scripts/oss-fuzz: build the general-fuzzer configs
c4d54eb scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz
d1d8bf7 scripts/oss-fuzz: Add general-fuzzer build script
775f979 scripts/oss-fuzz: Add wrapper program for generic fuzzer
9a0bb4d fuzz: add a crossover function to generic-fuzzer
023fcf2 fuzz: add a DISABLE_PCI op to general-fuzzer
d47550a fuzz: Add support for custom crossover functions
4280a71 fuzz: Add fuzzer callbacks to DMA-read functions
620fc01 fuzz: Declare DMA Read callback function
051fb28 fuzz: Add DMA support to the generic-fuzzer
b154f43 fuzz: Add PCI features to the general fuzzer
dc4ebfd fuzz: Add general virtual-device fuzzer
8136cd1 memory: Add FlatView foreach function

=== OUTPUT BEGIN ===
1/16 Checking commit 8136cd116e64 (memory: Add FlatView foreach function)
2/16 Checking commit dc4ebfd71ea9 (fuzz: Add general virtual-device fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#19: 
new file mode 100644

total: 0 errors, 1 warnings, 505 lines checked

Patch 2/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/16 Checking commit b154f4362734 (fuzz: Add PCI features to the general fuzzer)
4/16 Checking commit 051fb28424cd (fuzz: Add DMA support to the generic-fuzzer)
ERROR: externs should be avoided in .c files
#84: FILE: tests/qtest/fuzz/general_fuzz.c:120:
+void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write);

total: 1 errors, 0 warnings, 247 lines checked

Patch 4/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/16 Checking commit 620fc01dff92 (fuzz: Declare DMA Read callback function)
6/16 Checking commit 4280a71ba60b (fuzz: Add fuzzer callbacks to DMA-read functions)
7/16 Checking commit d47550afc30c (fuzz: Add support for custom crossover functions)
8/16 Checking commit 023fcf2cdeae (fuzz: add a DISABLE_PCI op to general-fuzzer)
9/16 Checking commit 9a0bb4de7516 (fuzz: add a crossover function to generic-fuzzer)
10/16 Checking commit 775f9797c7f2 (scripts/oss-fuzz: Add wrapper program for generic fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 40 lines checked

Patch 10/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
11/16 Checking commit d1d8bf728884 (scripts/oss-fuzz: Add general-fuzzer build script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

WARNING: line over 80 characters
#57: FILE: scripts/oss-fuzz/build_general_fuzzers.py:36:
+                   fuzz_args=str_to_c_byte_array(cfg["args"].replace("\n", " ")),

WARNING: line over 80 characters
#58: FILE: scripts/oss-fuzz/build_general_fuzzers.py:37:
+                   fuzz_objs=str_to_c_byte_array(cfg["objects"].replace("\n", " ")),

total: 0 errors, 3 warnings, 69 lines checked

Patch 11/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/16 Checking commit c4d54ebe8ed2 (scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100644

total: 0 errors, 1 warnings, 103 lines checked

Patch 12/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
13/16 Checking commit 78e1a443f0df (scripts/oss-fuzz: build the general-fuzzer configs)
14/16 Checking commit 21ca1ac3dc9e (scripts/oss-fuzz: Add script to reorder a general-fuzzer trace)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#22: 
new file mode 100755

total: 0 errors, 1 warnings, 94 lines checked

Patch 14/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
15/16 Checking commit 313400585806 (scripts/oss-fuzz: Add crash trace minimization script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

total: 0 errors, 1 warnings, 157 lines checked

Patch 15/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
16/16 Checking commit d7cd74b8caec (fuzz: Add instructions for using general-fuzz)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 3:43 a.m. UTC | #4

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

Host machine cpu: x86_64
Target machine cpu family: x86
Target machine cpu: x86_64
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/tmp/qemu-test/src/slirp'
Generating nsis with a custom command
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
make[1]: Entering directory '/tmp/qemu-test/build'
make[2]: Entering directory '/tmp/qemu-test/src/slirp'
make[2]: Nothing to be done for 'all'.
---
Host machine cpu: i386
Target machine cpu family: x86
Target machine cpu: i386
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
Compiling C object migration/libmigration.fa.p/qemu-file-channel.c.obj
Compiling C object migration/libmigration.fa.p/qemu-file.c.obj
../src/softmmu/memory.c: In function 'flatview_for_each_range':
../src/softmmu/memory.c:662:24: error: incompatible type for argument 1 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                ~~~~~~~~^~~~~~
      |                        |
      |                        Int128 {aka struct Int128}
../src/softmmu/memory.c:662:24: note: expected 'ram_addr_t' {aka 'unsigned int'} but argument is of type 'Int128' {aka 'struct Int128'}
../src/softmmu/memory.c:662:40: error: incompatible type for argument 2 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                                ~~~~~~~~^~~~~
      |                                        |
      |                                        Int128 {aka struct Int128}
../src/softmmu/memory.c:662:40: note: expected 'ram_addr_t' {aka 'unsigned int'} but argument is of type 'Int128' {aka 'struct Int128'}
make: *** [Makefile.ninja:1640: libqemu-x86_64-softmmu.fa.p/softmmu_memory.c.obj] Error 1
make: *** Waiting for unfinished jobs....
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 709, in <module>
---
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--rm', '--label', 'com.qemu.instance.uuid=72afe850b45249cb90682d80e1fe24de', '-u', '1003', '--security-opt', 'seccomp=unconfined', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-ly488yk7/src/docker-src.2020-09-20-23.31.12.24444:/var/tmp/qemu:z,ro', 'qemu/fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=72afe850b45249cb90682d80e1fe24de
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-ly488yk7/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real    12m33.413s
user    0m22.763s


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 3:46 a.m. UTC | #5

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20200921022506.873303-1-alxndr@bu.edu
Subject: [PATCH v3 00/16] Add a General Virtual Device Fuzzer

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]      patchew/20200921022506.873303-1-alxndr@bu.edu -> patchew/20200921022506.873303-1-alxndr@bu.edu
Switched to a new branch 'test'
08f9672 fuzz: Add instructions for using general-fuzz
410c8be scripts/oss-fuzz: Add crash trace minimization script
8e0abed scripts/oss-fuzz: Add script to reorder a general-fuzzer trace
7513795 scripts/oss-fuzz: build the general-fuzzer configs
05353cf scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz
7abda11 scripts/oss-fuzz: Add general-fuzzer build script
6261e77 scripts/oss-fuzz: Add wrapper program for generic fuzzer
29fd853 fuzz: add a crossover function to generic-fuzzer
f69413a fuzz: add a DISABLE_PCI op to general-fuzzer
7013ef0 fuzz: Add support for custom crossover functions
230a7bd fuzz: Add fuzzer callbacks to DMA-read functions
e713ca2 fuzz: Declare DMA Read callback function
0fb3331 fuzz: Add DMA support to the generic-fuzzer
585e6f0 fuzz: Add PCI features to the general fuzzer
44bac90 fuzz: Add general virtual-device fuzzer
d68075b memory: Add FlatView foreach function

=== OUTPUT BEGIN ===
1/16 Checking commit d68075b23fc3 (memory: Add FlatView foreach function)
2/16 Checking commit 44bac90b4413 (fuzz: Add general virtual-device fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#19: 
new file mode 100644

total: 0 errors, 1 warnings, 505 lines checked

Patch 2/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/16 Checking commit 585e6f0153b5 (fuzz: Add PCI features to the general fuzzer)
4/16 Checking commit 0fb3331d35db (fuzz: Add DMA support to the generic-fuzzer)
ERROR: externs should be avoided in .c files
#84: FILE: tests/qtest/fuzz/general_fuzz.c:120:
+void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write);

total: 1 errors, 0 warnings, 247 lines checked

Patch 4/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/16 Checking commit e713ca2fcd7d (fuzz: Declare DMA Read callback function)
6/16 Checking commit 230a7bdf81ad (fuzz: Add fuzzer callbacks to DMA-read functions)
7/16 Checking commit 7013ef029b3d (fuzz: Add support for custom crossover functions)
8/16 Checking commit f69413a4bf8f (fuzz: add a DISABLE_PCI op to general-fuzzer)
9/16 Checking commit 29fd85365df7 (fuzz: add a crossover function to generic-fuzzer)
10/16 Checking commit 6261e7752953 (scripts/oss-fuzz: Add wrapper program for generic fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 40 lines checked

Patch 10/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
11/16 Checking commit 7abda1159bd0 (scripts/oss-fuzz: Add general-fuzzer build script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

WARNING: line over 80 characters
#57: FILE: scripts/oss-fuzz/build_general_fuzzers.py:36:
+                   fuzz_args=str_to_c_byte_array(cfg["args"].replace("\n", " ")),

WARNING: line over 80 characters
#58: FILE: scripts/oss-fuzz/build_general_fuzzers.py:37:
+                   fuzz_objs=str_to_c_byte_array(cfg["objects"].replace("\n", " ")),

total: 0 errors, 3 warnings, 69 lines checked

Patch 11/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/16 Checking commit 05353cfded4a (scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100644

total: 0 errors, 1 warnings, 103 lines checked

Patch 12/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
13/16 Checking commit 7513795c708f (scripts/oss-fuzz: build the general-fuzzer configs)
14/16 Checking commit 8e0abed9fb55 (scripts/oss-fuzz: Add script to reorder a general-fuzzer trace)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#22: 
new file mode 100755

total: 0 errors, 1 warnings, 94 lines checked

Patch 14/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
15/16 Checking commit 410c8be1d76e (scripts/oss-fuzz: Add crash trace minimization script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

total: 0 errors, 1 warnings, 157 lines checked

Patch 15/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
16/16 Checking commit 08f967285a5d (fuzz: Add instructions for using general-fuzz)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 4:30 a.m. UTC | #6

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20200921022506.873303-1-alxndr@bu.edu
Subject: [PATCH v3 00/16] Add a General Virtual Device Fuzzer

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 - [tag update]      patchew/20200921022506.873303-1-alxndr@bu.edu -> patchew/20200921022506.873303-1-alxndr@bu.edu
Switched to a new branch 'test'
c5a12c5 fuzz: Add instructions for using general-fuzz
c891dcf scripts/oss-fuzz: Add crash trace minimization script
b407f74 scripts/oss-fuzz: Add script to reorder a general-fuzzer trace
6b4a6ed scripts/oss-fuzz: build the general-fuzzer configs
f3d8717 scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz
4f27ac9 scripts/oss-fuzz: Add general-fuzzer build script
12d3cc3 scripts/oss-fuzz: Add wrapper program for generic fuzzer
4757c0c fuzz: add a crossover function to generic-fuzzer
f6dea40 fuzz: add a DISABLE_PCI op to general-fuzzer
78c0bba fuzz: Add support for custom crossover functions
7622426 fuzz: Add fuzzer callbacks to DMA-read functions
172f58e fuzz: Declare DMA Read callback function
e69d9d2 fuzz: Add DMA support to the generic-fuzzer
f318099 fuzz: Add PCI features to the general fuzzer
b158f12 fuzz: Add general virtual-device fuzzer
bb981ec memory: Add FlatView foreach function

=== OUTPUT BEGIN ===
1/16 Checking commit bb981ecfaec7 (memory: Add FlatView foreach function)
2/16 Checking commit b158f12ff17a (fuzz: Add general virtual-device fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#19: 
new file mode 100644

total: 0 errors, 1 warnings, 505 lines checked

Patch 2/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/16 Checking commit f31809900b15 (fuzz: Add PCI features to the general fuzzer)
4/16 Checking commit e69d9d2d1eff (fuzz: Add DMA support to the generic-fuzzer)
ERROR: externs should be avoided in .c files
#84: FILE: tests/qtest/fuzz/general_fuzz.c:120:
+void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write);

total: 1 errors, 0 warnings, 247 lines checked

Patch 4/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/16 Checking commit 172f58e72b9f (fuzz: Declare DMA Read callback function)
6/16 Checking commit 7622426e63a6 (fuzz: Add fuzzer callbacks to DMA-read functions)
7/16 Checking commit 78c0bba4f019 (fuzz: Add support for custom crossover functions)
8/16 Checking commit f6dea40297ff (fuzz: add a DISABLE_PCI op to general-fuzzer)
9/16 Checking commit 4757c0ce2ff6 (fuzz: add a crossover function to generic-fuzzer)
10/16 Checking commit 12d3cc318c7b (scripts/oss-fuzz: Add wrapper program for generic fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 40 lines checked

Patch 10/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
11/16 Checking commit 4f27ac983f0c (scripts/oss-fuzz: Add general-fuzzer build script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

WARNING: line over 80 characters
#57: FILE: scripts/oss-fuzz/build_general_fuzzers.py:36:
+                   fuzz_args=str_to_c_byte_array(cfg["args"].replace("\n", " ")),

WARNING: line over 80 characters
#58: FILE: scripts/oss-fuzz/build_general_fuzzers.py:37:
+                   fuzz_objs=str_to_c_byte_array(cfg["objects"].replace("\n", " ")),

total: 0 errors, 3 warnings, 69 lines checked

Patch 11/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/16 Checking commit f3d87177b8a8 (scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100644

total: 0 errors, 1 warnings, 103 lines checked

Patch 12/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
13/16 Checking commit 6b4a6ede3e7c (scripts/oss-fuzz: build the general-fuzzer configs)
14/16 Checking commit b407f741be78 (scripts/oss-fuzz: Add script to reorder a general-fuzzer trace)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#22: 
new file mode 100755

total: 0 errors, 1 warnings, 94 lines checked

Patch 14/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
15/16 Checking commit c891dcf25dc8 (scripts/oss-fuzz: Add crash trace minimization script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

total: 0 errors, 1 warnings, 157 lines checked

Patch 15/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
16/16 Checking commit c5a12c542fe1 (fuzz: Add instructions for using general-fuzz)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 4:39 a.m. UTC | #7

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

Host machine cpu: x86_64
Target machine cpu family: x86
Target machine cpu: x86_64
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/tmp/qemu-test/src/slirp'
Generating nsis with a custom command
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
make[1]: Entering directory '/tmp/qemu-test/build'
make[2]: Entering directory '/tmp/qemu-test/src/slirp'
make[2]: Nothing to be done for 'all'.
---
Host machine cpu: i386
Target machine cpu family: x86
Target machine cpu: i386
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
Compiling C object libqemu-x86_64-softmmu.fa.p/meson-generated_.._qapi_qapi-commands-misc-target.c.obj
Compiling C object libqemu-x86_64-softmmu.fa.p/meson-generated_.._qapi_qapi-introspect.c.obj
../src/softmmu/memory.c: In function 'flatview_for_each_range':
../src/softmmu/memory.c:662:24: error: incompatible type for argument 1 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                ~~~~~~~~^~~~~~
      |                        |
      |                        Int128 {aka struct Int128}
../src/softmmu/memory.c:662:24: note: expected 'ram_addr_t' {aka 'unsigned int'} but argument is of type 'Int128' {aka 'struct Int128'}
../src/softmmu/memory.c:662:40: error: incompatible type for argument 2 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                                ~~~~~~~~^~~~~
      |                                        |
---
Compiling C object libqemu-x86_64-softmmu.fa.p/meson-generated_.._qapi_qapi-commands-machine-target.c.obj
Compiling C object libqemu-x86_64-softmmu.fa.p/meson-generated_.._qapi_qapi-events-machine-target.c.obj
Compiling C object libqemu-x86_64-softmmu.fa.p/meson-generated_.._qapi_qapi-visit.c.obj
make: *** [Makefile.ninja:1614: libqemu-x86_64-softmmu.fa.p/softmmu_memory.c.obj] Error 1
make: *** Waiting for unfinished jobs....
writing output... [ 63%] quickstart
writing output... [ 65%] s390x/3270
---
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--rm', '--label', 'com.qemu.instance.uuid=4fd88488a3e949c5bfcb744e06e6e10b', '-u', '1003', '--security-opt', 'seccomp=unconfined', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-g98bmkoq/src/docker-src.2020-09-21-00.30.50.13082:/var/tmp/qemu:z,ro', 'qemu/fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=4fd88488a3e949c5bfcb744e06e6e10b
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-g98bmkoq/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real    8m48.046s
user    0m21.161s


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 5:22 a.m. UTC | #8

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20200921022506.873303-1-alxndr@bu.edu
Subject: [PATCH v3 00/16] Add a General Virtual Device Fuzzer

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]      patchew/20200921022506.873303-1-alxndr@bu.edu -> patchew/20200921022506.873303-1-alxndr@bu.edu
 - [tag update]      patchew/20200921040231.437653-1-f4bug@amsat.org -> patchew/20200921040231.437653-1-f4bug@amsat.org
Switched to a new branch 'test'
ac49b50 fuzz: Add instructions for using general-fuzz
03cfb56 scripts/oss-fuzz: Add crash trace minimization script
4a95274 scripts/oss-fuzz: Add script to reorder a general-fuzzer trace
7b5df76 scripts/oss-fuzz: build the general-fuzzer configs
f0600bf scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz
c749add scripts/oss-fuzz: Add general-fuzzer build script
b477a48 scripts/oss-fuzz: Add wrapper program for generic fuzzer
1afef40 fuzz: add a crossover function to generic-fuzzer
0336e30 fuzz: add a DISABLE_PCI op to general-fuzzer
466bdd9 fuzz: Add support for custom crossover functions
7aeb4d9 fuzz: Add fuzzer callbacks to DMA-read functions
0d8a3cf fuzz: Declare DMA Read callback function
5181305 fuzz: Add DMA support to the generic-fuzzer
2d31fe3 fuzz: Add PCI features to the general fuzzer
163ca9e fuzz: Add general virtual-device fuzzer
ebe51bc memory: Add FlatView foreach function

=== OUTPUT BEGIN ===
1/16 Checking commit ebe51bc5fd2f (memory: Add FlatView foreach function)
2/16 Checking commit 163ca9ee783f (fuzz: Add general virtual-device fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#19: 
new file mode 100644

total: 0 errors, 1 warnings, 505 lines checked

Patch 2/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/16 Checking commit 2d31fe390ee1 (fuzz: Add PCI features to the general fuzzer)
4/16 Checking commit 5181305b5987 (fuzz: Add DMA support to the generic-fuzzer)
ERROR: externs should be avoided in .c files
#84: FILE: tests/qtest/fuzz/general_fuzz.c:120:
+void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write);

total: 1 errors, 0 warnings, 247 lines checked

Patch 4/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/16 Checking commit 0d8a3cf19a0a (fuzz: Declare DMA Read callback function)
6/16 Checking commit 7aeb4d97aa66 (fuzz: Add fuzzer callbacks to DMA-read functions)
7/16 Checking commit 466bdd9666a5 (fuzz: Add support for custom crossover functions)
8/16 Checking commit 0336e304bd66 (fuzz: add a DISABLE_PCI op to general-fuzzer)
9/16 Checking commit 1afef402ddef (fuzz: add a crossover function to generic-fuzzer)
10/16 Checking commit b477a487ad70 (scripts/oss-fuzz: Add wrapper program for generic fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 40 lines checked

Patch 10/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
11/16 Checking commit c749addcaa6b (scripts/oss-fuzz: Add general-fuzzer build script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

WARNING: line over 80 characters
#57: FILE: scripts/oss-fuzz/build_general_fuzzers.py:36:
+                   fuzz_args=str_to_c_byte_array(cfg["args"].replace("\n", " ")),

WARNING: line over 80 characters
#58: FILE: scripts/oss-fuzz/build_general_fuzzers.py:37:
+                   fuzz_objs=str_to_c_byte_array(cfg["objects"].replace("\n", " ")),

total: 0 errors, 3 warnings, 69 lines checked

Patch 11/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/16 Checking commit f0600bfb96db (scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100644

total: 0 errors, 1 warnings, 103 lines checked

Patch 12/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
13/16 Checking commit 7b5df76f494b (scripts/oss-fuzz: build the general-fuzzer configs)
14/16 Checking commit 4a9527426d38 (scripts/oss-fuzz: Add script to reorder a general-fuzzer trace)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#22: 
new file mode 100755

total: 0 errors, 1 warnings, 94 lines checked

Patch 14/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
15/16 Checking commit 03cfb56d5c0c (scripts/oss-fuzz: Add crash trace minimization script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

total: 0 errors, 1 warnings, 157 lines checked

Patch 15/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
16/16 Checking commit ac49b50e7b45 (fuzz: Add instructions for using general-fuzz)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 5:31 a.m. UTC | #9

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

Host machine cpu: x86_64
Target machine cpu family: x86
Target machine cpu: x86_64
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/tmp/qemu-test/src/slirp'
Generating nsis with a custom command
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
make[1]: Entering directory '/tmp/qemu-test/build'
make[2]: Entering directory '/tmp/qemu-test/src/slirp'
make[2]: Nothing to be done for 'all'.
---
Host machine cpu: i386
Target machine cpu family: x86
Target machine cpu: i386
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
Compiling C object libblock.fa.p/nbd_client.c.obj
Compiling C object libblock.fa.p/block_backup-top.c.obj
../src/softmmu/memory.c: In function 'flatview_for_each_range':
../src/softmmu/memory.c:662:24: error: incompatible type for argument 1 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                ~~~~~~~~^~~~~~
      |                        |
      |                        Int128 {aka struct Int128}
../src/softmmu/memory.c:662:24: note: expected 'ram_addr_t' {aka 'unsigned int'} but argument is of type 'Int128' {aka 'struct Int128'}
../src/softmmu/memory.c:662:40: error: incompatible type for argument 2 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                                ~~~~~~~~^~~~~
      |                                        |
      |                                        Int128 {aka struct Int128}
../src/softmmu/memory.c:662:40: note: expected 'ram_addr_t' {aka 'unsigned int'} but argument is of type 'Int128' {aka 'struct Int128'}
make: *** [Makefile.ninja:1619: libqemu-x86_64-softmmu.fa.p/softmmu_memory.c.obj] Error 1
make: *** Waiting for unfinished jobs....
writing output... [ 72%] s390x/vfio-ap
writing output... [ 73%] s390x/vfio-ccw
---
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--rm', '--label', 'com.qemu.instance.uuid=65ea885b2e8140d5b330f237b0927fc7', '-u', '1001', '--security-opt', 'seccomp=unconfined', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-3iv7vq71/src/docker-src.2020-09-21-01.23.02.30031:/var/tmp/qemu:z,ro', 'qemu/fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=65ea885b2e8140d5b330f237b0927fc7
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-3iv7vq71/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real    8m48.240s
user    0m20.729s


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 6:17 a.m. UTC | #10

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20200921022506.873303-1-alxndr@bu.edu
Subject: [PATCH v3 00/16] Add a General Virtual Device Fuzzer

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]      patchew/20200921022506.873303-1-alxndr@bu.edu -> patchew/20200921022506.873303-1-alxndr@bu.edu
Switched to a new branch 'test'
d9d0265 fuzz: Add instructions for using general-fuzz
d950d49 scripts/oss-fuzz: Add crash trace minimization script
168befa scripts/oss-fuzz: Add script to reorder a general-fuzzer trace
ef2230a scripts/oss-fuzz: build the general-fuzzer configs
1888cf5 scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz
c715a72 scripts/oss-fuzz: Add general-fuzzer build script
091fb32 scripts/oss-fuzz: Add wrapper program for generic fuzzer
64f57dd fuzz: add a crossover function to generic-fuzzer
c403f95 fuzz: add a DISABLE_PCI op to general-fuzzer
c8f8177 fuzz: Add support for custom crossover functions
3ea40a4 fuzz: Add fuzzer callbacks to DMA-read functions
8a42707 fuzz: Declare DMA Read callback function
2cc6034 fuzz: Add DMA support to the generic-fuzzer
39e32b1 fuzz: Add PCI features to the general fuzzer
d451370 fuzz: Add general virtual-device fuzzer
5c8d0e4 memory: Add FlatView foreach function

=== OUTPUT BEGIN ===
1/16 Checking commit 5c8d0e4bae0b (memory: Add FlatView foreach function)
2/16 Checking commit d451370ff085 (fuzz: Add general virtual-device fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#19: 
new file mode 100644

total: 0 errors, 1 warnings, 505 lines checked

Patch 2/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/16 Checking commit 39e32b1703bc (fuzz: Add PCI features to the general fuzzer)
4/16 Checking commit 2cc603435c94 (fuzz: Add DMA support to the generic-fuzzer)
ERROR: externs should be avoided in .c files
#84: FILE: tests/qtest/fuzz/general_fuzz.c:120:
+void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write);

total: 1 errors, 0 warnings, 247 lines checked

Patch 4/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/16 Checking commit 8a42707161e0 (fuzz: Declare DMA Read callback function)
6/16 Checking commit 3ea40a4d49b0 (fuzz: Add fuzzer callbacks to DMA-read functions)
7/16 Checking commit c8f8177fdacf (fuzz: Add support for custom crossover functions)
8/16 Checking commit c403f9555371 (fuzz: add a DISABLE_PCI op to general-fuzzer)
9/16 Checking commit 64f57ddcf7e6 (fuzz: add a crossover function to generic-fuzzer)
10/16 Checking commit 091fb32210ca (scripts/oss-fuzz: Add wrapper program for generic fuzzer)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 40 lines checked

Patch 10/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
11/16 Checking commit c715a727b0a4 (scripts/oss-fuzz: Add general-fuzzer build script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

WARNING: line over 80 characters
#57: FILE: scripts/oss-fuzz/build_general_fuzzers.py:36:
+                   fuzz_args=str_to_c_byte_array(cfg["args"].replace("\n", " ")),

WARNING: line over 80 characters
#58: FILE: scripts/oss-fuzz/build_general_fuzzers.py:37:
+                   fuzz_objs=str_to_c_byte_array(cfg["objects"].replace("\n", " ")),

total: 0 errors, 3 warnings, 69 lines checked

Patch 11/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/16 Checking commit 1888cf57cb94 (scripts/oss-fuzz: Add general-fuzzer configs for oss-fuzz)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100644

total: 0 errors, 1 warnings, 103 lines checked

Patch 12/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
13/16 Checking commit ef2230afae0a (scripts/oss-fuzz: build the general-fuzzer configs)
14/16 Checking commit 168befa7c4fc (scripts/oss-fuzz: Add script to reorder a general-fuzzer trace)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#22: 
new file mode 100755

total: 0 errors, 1 warnings, 94 lines checked

Patch 14/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
15/16 Checking commit d950d4983bf8 (scripts/oss-fuzz: Add crash trace minimization script)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#17: 
new file mode 100755

total: 0 errors, 1 warnings, 157 lines checked

Patch 15/16 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
16/16 Checking commit d9d02650fb57 (fuzz: Add instructions for using general-fuzz)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

no-reply@patchew.org Sept. 21, 2020, 6:26 a.m. UTC | #11

Patchew URL: https://patchew.org/QEMU/20200921022506.873303-1-alxndr@bu.edu/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

Host machine cpu: x86_64
Target machine cpu family: x86
Target machine cpu: x86_64
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/tmp/qemu-test/src/slirp'
Generating nsis with a custom command
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
make[1]: Entering directory '/tmp/qemu-test/build'
make[2]: Entering directory '/tmp/qemu-test/src/slirp'
make[2]: Nothing to be done for 'all'.
---
Host machine cpu: i386
Target machine cpu family: x86
Target machine cpu: i386
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
Configuring ninjatool using configuration
---
Compiling C object libblock.fa.p/block_crypto.c.obj
Compiling C object libblock.fa.p/nbd_client.c.obj
../src/softmmu/memory.c: In function 'flatview_for_each_range':
../src/softmmu/memory.c:662:24: error: incompatible type for argument 1 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                ~~~~~~~~^~~~~~
      |                        |
      |                        Int128 {aka struct Int128}
../src/softmmu/memory.c:662:24: note: expected 'ram_addr_t' {aka 'unsigned int'} but argument is of type 'Int128' {aka 'struct Int128'}
../src/softmmu/memory.c:662:40: error: incompatible type for argument 2 of 'cb'
  662 |         if (cb(fr->addr.start, fr->addr.size, fr->mr, opaque))
      |                                ~~~~~~~~^~~~~
      |                                        |
      |                                        Int128 {aka struct Int128}
../src/softmmu/memory.c:662:40: note: expected 'ram_addr_t' {aka 'unsigned int'} but argument is of type 'Int128' {aka 'struct Int128'}
Compiling C object libblock.fa.p/block_blkreplay.c.obj
make: *** [Makefile.ninja:1631: libqemu-x86_64-softmmu.fa.p/softmmu_memory.c.obj] Error 1
make: *** Waiting for unfinished jobs....
writing output... [ 91%] target-sparc64
writing output... [ 93%] target-xtensa
---
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--rm', '--label', 'com.qemu.instance.uuid=cdc507cddaae436bb961ff51ce93414a', '-u', '1001', '--security-opt', 'seccomp=unconfined', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-7s3xp4k6/src/docker-src.2020-09-21-02.18.35.17865:/var/tmp/qemu:z,ro', 'qemu/fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=cdc507cddaae436bb961ff51ce93414a
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-7s3xp4k6/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real    7m26.992s
user    0m22.230s


The full log is available at
http://patchew.org/logs/20200921022506.873303-1-alxndr@bu.edu/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Darren Kenny Oct. 1, 2020, 3:31 p.m. UTC | #12

As mentioned in an earlier patch, maybe the definition of SEPARATOR
should be here as well as some of the comments you provided in the
replies to it.

Otherwise, this looks good,

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>

Thanks,

Darren.

On Sunday, 2020-09-20 at 22:24:59 -04, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
>  tests/qtest/fuzz/general_fuzz.c | 90 ++++++++++++++++++++++++++++++++-
>  1 file changed, 89 insertions(+), 1 deletion(-)
>
> diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuzz.c
> index 656ec7fd55..3833b505c8 100644
> --- a/tests/qtest/fuzz/general_fuzz.c
> +++ b/tests/qtest/fuzz/general_fuzz.c
> @@ -741,6 +741,92 @@ static void general_pre_fuzz(QTestState *s)
>  
>      counter_shm_init();
>  }
> +
> +/*
> + * When libfuzzer gives us two inputs to combine, return a new input with the
> + * following structure:
> + *
> + * Input 1 (data1)
> + * SEPARATOR
> + * Clear out the DMA Patterns
> + * SEPARATOR
> + * Disable the pci_read/write instructions
> + * SEPARATOR
> + * Input 2 (data2)
> + *
> + * The idea is to collate the core behaviors of the two inputs.
> + * For example:
> + * Input 1: maps a device's BARs, sets up three DMA patterns, and triggers
> + *          device functionality A
> + * Input 2: maps a device's BARs, sets up one DMA pattern, and triggers device
> + *          functionality B
> + *
> + * This function attempts to produce an input that:
> + * Ouptut: maps a device's BARs, set up three DMA patterns, triggers
> + *          functionality A device, replaces the DMA patterns with a single
> + *          patten, and triggers device functionality B.
> + */
> +static size_t general_fuzz_crossover(const uint8_t *data1, size_t size1, const
> +                                     uint8_t *data2, size_t size2, uint8_t *out,
> +                                     size_t max_out_size, unsigned int seed)
> +{
> +    size_t copy_len = 0, size = 0;
> +
> +    /* Check that we have enough space for data1 and at least part of data2 */
> +    if (max_out_size <= size + strlen(SEPARATOR) * 3 + 2) {
> +        return 0;
> +    }
> +
> +    /* Copy_Len in the first input */
> +    copy_len = size1;
> +    memcpy(out + size, data1, copy_len);
> +    size += copy_len;
> +    max_out_size -= copy_len;
> +
> +    /* Append a separator */
> +    copy_len = strlen(SEPARATOR);
> +    memcpy(out + size, SEPARATOR, copy_len);
> +    size += copy_len;
> +    max_out_size -= copy_len;
> +
> +    /* Clear out the DMA Patterns */
> +    copy_len = 1;
> +    if (copy_len) {
> +        out[size] = OP_CLEAR_DMA_PATTERNS;
> +    }
> +    size += copy_len;
> +    max_out_size -= copy_len;
> +
> +    /* Append a separator */
> +    copy_len = strlen(SEPARATOR);
> +    memcpy(out + size, SEPARATOR, copy_len);
> +    size += copy_len;
> +    max_out_size -= copy_len;
> +
> +    /* Disable PCI ops. Assume data1 took care of setting up PCI */
> +    copy_len = 1;
> +    if (copy_len) {
> +        out[size] = OP_DISABLE_PCI;
> +    }
> +    size += copy_len;
> +    max_out_size -= copy_len;
> +
> +    /* Append a separator */
> +    copy_len = strlen(SEPARATOR);
> +    memcpy(out + size, SEPARATOR, copy_len);
> +    size += copy_len;
> +    max_out_size -= copy_len;
> +
> +    /* Copy_Len over the second input */
> +    copy_len = MIN(size2, max_out_size);
> +    memcpy(out + size, data2, copy_len);
> +    size += copy_len;
> +    max_out_size -= copy_len;
> +
> +    return  size;
> +}
> +
> +
>  static GString *general_fuzz_cmdline(FuzzTarget *t)
>  {
>      GString *cmd_line = g_string_new(TARGET_NAME);
> @@ -760,7 +846,9 @@ static void register_general_fuzz_targets(void)
>              .description = "Fuzz based on any qemu command-line args. ",
>              .get_init_cmdline = general_fuzz_cmdline,
>              .pre_fuzz = general_pre_fuzz,
> -            .fuzz = general_fuzz});
> +            .fuzz = general_fuzz,
> +            .crossover = general_fuzz_crossover
> +    });
>  }
>  
>  fuzz_target_init(register_general_fuzz_targets);
> -- 
> 2.28.0

Paolo Bonzini Oct. 8, 2020, 7:42 a.m. UTC | #13

On 21/09/20 04:25, Alexander Bulekov wrote:
> +
> +Note: this won't work for traces where the device tries to read from the same
> +DMA region twice in between MMIO/PIO commands. E.g:
> +    [R +0.028434] outl 0xc000 0xbeef
> +    [DMA][R +0.034639] write 0xbeef 0x2 0xAAAA
> +    [DMA][R +0.034639] write 0xbeef 0x2 0xBBBB

Can you detect this and print an error?

Paolo

Alexander Bulekov Oct. 15, 2020, 1:43 p.m. UTC | #14

Thanks, I added some clarifications, but I added them to 02/16 (where I
first define and use SEPARATOR).

On 201001 1631, Darren Kenny wrote:
> As mentioned in an earlier patch, maybe the definition of SEPARATOR

> should be here as well as some of the comments you provided in the

> replies to it.

> 

> Otherwise, this looks good,

> 

> Reviewed-by: Darren Kenny <darren.kenny@oracle.com>

> 

> Thanks,

> 

> Darren.

> 

> On Sunday, 2020-09-20 at 22:24:59 -04, Alexander Bulekov wrote:

> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>

> > ---

> >  tests/qtest/fuzz/general_fuzz.c | 90 ++++++++++++++++++++++++++++++++-

> >  1 file changed, 89 insertions(+), 1 deletion(-)

> >

> > diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuzz.c

> > index 656ec7fd55..3833b505c8 100644

> > --- a/tests/qtest/fuzz/general_fuzz.c

> > +++ b/tests/qtest/fuzz/general_fuzz.c

> > @@ -741,6 +741,92 @@ static void general_pre_fuzz(QTestState *s)

> >  

> >      counter_shm_init();

> >  }

> > +

> > +/*

> > + * When libfuzzer gives us two inputs to combine, return a new input with the

> > + * following structure:

> > + *

> > + * Input 1 (data1)

> > + * SEPARATOR

> > + * Clear out the DMA Patterns

> > + * SEPARATOR

> > + * Disable the pci_read/write instructions

> > + * SEPARATOR

> > + * Input 2 (data2)

> > + *

> > + * The idea is to collate the core behaviors of the two inputs.

> > + * For example:

> > + * Input 1: maps a device's BARs, sets up three DMA patterns, and triggers

> > + *          device functionality A

> > + * Input 2: maps a device's BARs, sets up one DMA pattern, and triggers device

> > + *          functionality B

> > + *

> > + * This function attempts to produce an input that:

> > + * Ouptut: maps a device's BARs, set up three DMA patterns, triggers

> > + *          functionality A device, replaces the DMA patterns with a single

> > + *          patten, and triggers device functionality B.

> > + */

> > +static size_t general_fuzz_crossover(const uint8_t *data1, size_t size1, const

> > +                                     uint8_t *data2, size_t size2, uint8_t *out,

> > +                                     size_t max_out_size, unsigned int seed)

> > +{

> > +    size_t copy_len = 0, size = 0;

> > +

> > +    /* Check that we have enough space for data1 and at least part of data2 */

> > +    if (max_out_size <= size + strlen(SEPARATOR) * 3 + 2) {

> > +        return 0;

> > +    }

> > +

> > +    /* Copy_Len in the first input */

> > +    copy_len = size1;

> > +    memcpy(out + size, data1, copy_len);

> > +    size += copy_len;

> > +    max_out_size -= copy_len;

> > +

> > +    /* Append a separator */

> > +    copy_len = strlen(SEPARATOR);

> > +    memcpy(out + size, SEPARATOR, copy_len);

> > +    size += copy_len;

> > +    max_out_size -= copy_len;

> > +

> > +    /* Clear out the DMA Patterns */

> > +    copy_len = 1;

> > +    if (copy_len) {

> > +        out[size] = OP_CLEAR_DMA_PATTERNS;

> > +    }

> > +    size += copy_len;

> > +    max_out_size -= copy_len;

> > +

> > +    /* Append a separator */

> > +    copy_len = strlen(SEPARATOR);

> > +    memcpy(out + size, SEPARATOR, copy_len);

> > +    size += copy_len;

> > +    max_out_size -= copy_len;

> > +

> > +    /* Disable PCI ops. Assume data1 took care of setting up PCI */

> > +    copy_len = 1;

> > +    if (copy_len) {

> > +        out[size] = OP_DISABLE_PCI;

> > +    }

> > +    size += copy_len;

> > +    max_out_size -= copy_len;

> > +

> > +    /* Append a separator */

> > +    copy_len = strlen(SEPARATOR);

> > +    memcpy(out + size, SEPARATOR, copy_len);

> > +    size += copy_len;

> > +    max_out_size -= copy_len;

> > +

> > +    /* Copy_Len over the second input */

> > +    copy_len = MIN(size2, max_out_size);

> > +    memcpy(out + size, data2, copy_len);

> > +    size += copy_len;

> > +    max_out_size -= copy_len;

> > +

> > +    return  size;

> > +}

> > +

> > +

> >  static GString *general_fuzz_cmdline(FuzzTarget *t)

> >  {

> >      GString *cmd_line = g_string_new(TARGET_NAME);

> > @@ -760,7 +846,9 @@ static void register_general_fuzz_targets(void)

> >              .description = "Fuzz based on any qemu command-line args. ",

> >              .get_init_cmdline = general_fuzz_cmdline,

> >              .pre_fuzz = general_pre_fuzz,

> > -            .fuzz = general_fuzz});

> > +            .fuzz = general_fuzz,

> > +            .crossover = general_fuzz_crossover

> > +    });

> >  }

> >  

> >  fuzz_target_init(register_general_fuzz_targets);

> > -- 

> > 2.28.0

[v3,00/16] Add a General Virtual Device Fuzzer

Message

Comments