diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2020-12-15 21:24:31 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2020-12-15 21:24:31 +0000 |
| commit | af3f37319cb1e1ca0c42842ecdbd1bcfc64a4b6f (patch) | |
| tree | 101575a319b7c2f95e75ef44cf1483a87a564226 /tests/qtest/fuzz-test.c | |
| parent | 657ee88ef3ec55c3a6164da88c11a6640ca7507c (diff) | |
| parent | bbd2d5a8120771ec59b86a80a1f51884e0a26e53 (diff) | |
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
* New -action option and set-action QMP command (Alejandro)
* More vl.c cleanup (myself with help from Daniel and Igor)
* Remove deprecated options (Philippe, Thomas)
* Dirty bitmap fix (Zenghui)
* icount caching speedup (Pavel)
* SCSI race fix (Maxim)
* Remove pre-GCC 4.8 code (Marc-André)
# gpg: Signature made Tue 15 Dec 2020 17:53:24 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream: (45 commits)
build: -no-pie is no functional linker flag
scripts/git.orderfile: Keep files with .inc extension sorted
compiler.h: remove QEMU_GNUC_PREREQ
linux-user: remove GNUC check
compiler: remove GNUC check
xen: remove GNUC check
poison: remove GNUC check
compiler.h: explicit case for Clang printf attribute
virtiofsd: replace _Static_assert with QEMU_BUILD_BUG_ON
tests: remove GCC < 4 fallbacks
qemu-plugin.h: remove GCC < 4
compiler.h: remove GCC < 3 __builtin_expect fallback
accel/tcg: Remove special case for GCC < 4.6
qemu/atomic: Drop special case for unsupported compiler
hw/core: Restrict 'fw-path-provider.c' to system mode emulation
docs: set CONFDIR when running sphinx
vl: rename local variable in configure_accelerators
qemu-option: pass QemuOptsList to opts_accepts_any
qemu-option: simplify search for end of key
kvm: Take into account the unaligned section size when preparing bitmap
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
# Conflicts:
# softmmu/vl.c
Diffstat (limited to 'tests/qtest/fuzz-test.c')
| -rw-r--r-- | tests/qtest/fuzz-test.c | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c index 87b72307a5..cdb1100a0b 100644 --- a/tests/qtest/fuzz-test.c +++ b/tests/qtest/fuzz-test.c @@ -48,6 +48,55 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void) qtest_quit(s); } +/* + * Here a MemoryRegionCache pointed to an MMIO region but had a + * larger size than the underlying region. + */ +static void test_mmio_oob_from_memory_region_cache(void) +{ + QTestState *s; + + s = qtest_init("-M pc-q35-5.2 -display none -m 512M " + "-device virtio-scsi,num_queues=8,addr=03.0 "); + + qtest_outl(s, 0xcf8, 0x80001811); + qtest_outb(s, 0xcfc, 0x6e); + qtest_outl(s, 0xcf8, 0x80001824); + qtest_outl(s, 0xcf8, 0x80001813); + qtest_outl(s, 0xcfc, 0xa080000); + qtest_outl(s, 0xcf8, 0x80001802); + qtest_outl(s, 0xcfc, 0x5a175a63); + qtest_outb(s, 0x6e08, 0x9e); + qtest_writeb(s, 0x9f003, 0xff); + qtest_writeb(s, 0x9f004, 0x01); + qtest_writeb(s, 0x9e012, 0x0e); + qtest_writeb(s, 0x9e01b, 0x0e); + qtest_writeb(s, 0x9f006, 0x01); + qtest_writeb(s, 0x9f008, 0x01); + qtest_writeb(s, 0x9f00a, 0x01); + qtest_writeb(s, 0x9f00c, 0x01); + qtest_writeb(s, 0x9f00e, 0x01); + qtest_writeb(s, 0x9f010, 0x01); + qtest_writeb(s, 0x9f012, 0x01); + qtest_writeb(s, 0x9f014, 0x01); + qtest_writeb(s, 0x9f016, 0x01); + qtest_writeb(s, 0x9f018, 0x01); + qtest_writeb(s, 0x9f01a, 0x01); + qtest_writeb(s, 0x9f01c, 0x01); + qtest_writeb(s, 0x9f01e, 0x01); + qtest_writeb(s, 0x9f020, 0x01); + qtest_writeb(s, 0x9f022, 0x01); + qtest_writeb(s, 0x9f024, 0x01); + qtest_writeb(s, 0x9f026, 0x01); + qtest_writeb(s, 0x9f028, 0x01); + qtest_writeb(s, 0x9f02a, 0x01); + qtest_writeb(s, 0x9f02c, 0x01); + qtest_writeb(s, 0x9f02e, 0x01); + qtest_writeb(s, 0x9f030, 0x01); + qtest_outb(s, 0x6e10, 0x00); + qtest_quit(s); +} + int main(int argc, char **argv) { const char *arch = qtest_get_arch(); @@ -59,6 +108,8 @@ int main(int argc, char **argv) test_lp1878263_megasas_zero_iov_cnt); qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert", test_lp1878642_pci_bus_get_irq_level_assert); + qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", + test_mmio_oob_from_memory_region_cache); } return g_test_run(); |