diff options
Diffstat (limited to 'tests/qtest')
| -rw-r--r-- | tests/qtest/fuzz-test.c | 51 | ||||
| -rw-r--r-- | tests/qtest/pvpanic-test.c | 26 | ||||
| -rw-r--r-- | tests/qtest/qmp-test.c | 2 |
3 files changed, 77 insertions, 2 deletions
diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c index 87b72307a5..cdb1100a0b 100644 --- a/tests/qtest/fuzz-test.c +++ b/tests/qtest/fuzz-test.c @@ -48,6 +48,55 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void) qtest_quit(s); } +/* + * Here a MemoryRegionCache pointed to an MMIO region but had a + * larger size than the underlying region. + */ +static void test_mmio_oob_from_memory_region_cache(void) +{ + QTestState *s; + + s = qtest_init("-M pc-q35-5.2 -display none -m 512M " + "-device virtio-scsi,num_queues=8,addr=03.0 "); + + qtest_outl(s, 0xcf8, 0x80001811); + qtest_outb(s, 0xcfc, 0x6e); + qtest_outl(s, 0xcf8, 0x80001824); + qtest_outl(s, 0xcf8, 0x80001813); + qtest_outl(s, 0xcfc, 0xa080000); + qtest_outl(s, 0xcf8, 0x80001802); + qtest_outl(s, 0xcfc, 0x5a175a63); + qtest_outb(s, 0x6e08, 0x9e); + qtest_writeb(s, 0x9f003, 0xff); + qtest_writeb(s, 0x9f004, 0x01); + qtest_writeb(s, 0x9e012, 0x0e); + qtest_writeb(s, 0x9e01b, 0x0e); + qtest_writeb(s, 0x9f006, 0x01); + qtest_writeb(s, 0x9f008, 0x01); + qtest_writeb(s, 0x9f00a, 0x01); + qtest_writeb(s, 0x9f00c, 0x01); + qtest_writeb(s, 0x9f00e, 0x01); + qtest_writeb(s, 0x9f010, 0x01); + qtest_writeb(s, 0x9f012, 0x01); + qtest_writeb(s, 0x9f014, 0x01); + qtest_writeb(s, 0x9f016, 0x01); + qtest_writeb(s, 0x9f018, 0x01); + qtest_writeb(s, 0x9f01a, 0x01); + qtest_writeb(s, 0x9f01c, 0x01); + qtest_writeb(s, 0x9f01e, 0x01); + qtest_writeb(s, 0x9f020, 0x01); + qtest_writeb(s, 0x9f022, 0x01); + qtest_writeb(s, 0x9f024, 0x01); + qtest_writeb(s, 0x9f026, 0x01); + qtest_writeb(s, 0x9f028, 0x01); + qtest_writeb(s, 0x9f02a, 0x01); + qtest_writeb(s, 0x9f02c, 0x01); + qtest_writeb(s, 0x9f02e, 0x01); + qtest_writeb(s, 0x9f030, 0x01); + qtest_outb(s, 0x6e10, 0x00); + qtest_quit(s); +} + int main(int argc, char **argv) { const char *arch = qtest_get_arch(); @@ -59,6 +108,8 @@ int main(int argc, char **argv) test_lp1878263_megasas_zero_iov_cnt); qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert", test_lp1878642_pci_bus_get_irq_level_assert); + qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", + test_mmio_oob_from_memory_region_cache); } return g_test_run(); diff --git a/tests/qtest/pvpanic-test.c b/tests/qtest/pvpanic-test.c index 016b32ebee..6dcad2db49 100644 --- a/tests/qtest/pvpanic-test.c +++ b/tests/qtest/pvpanic-test.c @@ -11,13 +11,36 @@ #include "libqos/libqtest.h" #include "qapi/qmp/qdict.h" +static void test_panic_nopause(void) +{ + uint8_t val; + QDict *response, *data; + QTestState *qts; + + qts = qtest_init("-device pvpanic -action panic=none"); + + val = qtest_inb(qts, 0x505); + g_assert_cmpuint(val, ==, 3); + + qtest_outb(qts, 0x505, 0x1); + + response = qtest_qmp_eventwait_ref(qts, "GUEST_PANICKED"); + g_assert(qdict_haskey(response, "data")); + data = qdict_get_qdict(response, "data"); + g_assert(qdict_haskey(data, "action")); + g_assert_cmpstr(qdict_get_str(data, "action"), ==, "run"); + qobject_unref(response); + + qtest_quit(qts); +} + static void test_panic(void) { uint8_t val; QDict *response, *data; QTestState *qts; - qts = qtest_init("-device pvpanic"); + qts = qtest_init("-device pvpanic -action panic=pause"); val = qtest_inb(qts, 0x505); g_assert_cmpuint(val, ==, 3); @@ -40,6 +63,7 @@ int main(int argc, char **argv) g_test_init(&argc, &argv, NULL); qtest_add_func("/pvpanic/panic", test_panic); + qtest_add_func("/pvpanic/panic-nopause", test_panic_nopause); ret = g_test_run(); diff --git a/tests/qtest/qmp-test.c b/tests/qtest/qmp-test.c index eb1cd8abb8..11614bf63f 100644 --- a/tests/qtest/qmp-test.c +++ b/tests/qtest/qmp-test.c @@ -295,7 +295,7 @@ static void test_qmp_preconfig(void) rsp = qtest_qmp(qs, "{ 'execute': 'query-status' }"); ret = qdict_get_qdict(rsp, "return"); g_assert(ret); - g_assert_cmpstr(qdict_get_try_str(ret, "status"), ==, "preconfig"); + g_assert_cmpstr(qdict_get_try_str(ret, "status"), ==, "prelaunch"); qobject_unref(rsp); /* exit preconfig state */ |