mirror of https://gitee.com/openkylin/qemu.git
fuzz: map all BARs and enable PCI devices
Prior to this patch, the fuzzer found inputs to map PCI device BARs and enable the device. While it is nice that the fuzzer can do this, it added significant overhead, since the fuzzer needs to map all the BARs (regenerating the memory topology), at the start of each input. With this patch, we do this once, before fuzzing, mitigating some of this overhead. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20201221181203.1853-1-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
This commit is contained in:
parent
333168efe5
commit
b677001d70
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
#include "hw/core/cpu.h"
|
#include "hw/core/cpu.h"
|
||||||
#include "tests/qtest/libqos/libqtest.h"
|
#include "tests/qtest/libqos/libqtest.h"
|
||||||
|
#include "tests/qtest/libqos/pci-pc.h"
|
||||||
#include "fuzz.h"
|
#include "fuzz.h"
|
||||||
#include "fork_fuzz.h"
|
#include "fork_fuzz.h"
|
||||||
#include "exec/address-spaces.h"
|
#include "exec/address-spaces.h"
|
||||||
|
@ -762,10 +763,29 @@ static int locate_fuzz_objects(Object *child, void *opaque)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void pci_enum(gpointer pcidev, gpointer bus)
|
||||||
|
{
|
||||||
|
PCIDevice *dev = pcidev;
|
||||||
|
QPCIDevice *qdev;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
qdev = qpci_device_find(bus, dev->devfn);
|
||||||
|
g_assert(qdev != NULL);
|
||||||
|
for (i = 0; i < 6; i++) {
|
||||||
|
if (dev->io_regions[i].size) {
|
||||||
|
qpci_iomap(qdev, i, NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
qpci_device_enable(qdev);
|
||||||
|
g_free(qdev);
|
||||||
|
}
|
||||||
|
|
||||||
static void generic_pre_fuzz(QTestState *s)
|
static void generic_pre_fuzz(QTestState *s)
|
||||||
{
|
{
|
||||||
GHashTableIter iter;
|
GHashTableIter iter;
|
||||||
MemoryRegion *mr;
|
MemoryRegion *mr;
|
||||||
|
QPCIBus *pcibus;
|
||||||
char **result;
|
char **result;
|
||||||
|
|
||||||
if (!getenv("QEMU_FUZZ_OBJECTS")) {
|
if (!getenv("QEMU_FUZZ_OBJECTS")) {
|
||||||
|
@ -810,6 +830,10 @@ static void generic_pre_fuzz(QTestState *s)
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pcibus = qpci_new_pc(s, NULL);
|
||||||
|
g_ptr_array_foreach(fuzzable_pci_devices, pci_enum, pcibus);
|
||||||
|
qpci_free_pc(pcibus);
|
||||||
|
|
||||||
counter_shm_init();
|
counter_shm_init();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue