From fc1c8344e65807843ae8eaa25284e5277bdcd1eb Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 20 Jan 2021 01:02:55 -0500 Subject: fuzz: ignore address_space_map is_write flag We passed an is_write flag to the fuzz_dma_read_cb function to differentiate between the mapped DMA regions that need to be populated with fuzzed data, and those that don't. We simply passed through the address_space_map is_write parameter. The goal was to cut down on unnecessarily populating mapped DMA regions, when they are not read from. Unfortunately, nothing precludes code from reading from regions mapped with is_write=true. For example, see: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04729.html This patch removes the is_write parameter to fuzz_dma_read_cb. As a result, we will fill all mapped DMA regions with fuzzed data, ignoring the specified transfer direction. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Message-Id: <20210120060255.558535-1-alxndr@bu.edu> --- softmmu/memory.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'softmmu/memory.c') diff --git a/softmmu/memory.c b/softmmu/memory.c index c0c814fbb9..23e8e33001 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -1440,7 +1440,7 @@ MemTxResult memory_region_dispatch_read(MemoryRegion *mr, unsigned size = memop_size(op); MemTxResult r; - fuzz_dma_read_cb(addr, size, mr, false); + fuzz_dma_read_cb(addr, size, mr); if (!memory_region_access_valid(mr, addr, size, false, attrs)) { *pval = unassigned_mem_read(mr, addr, size); return MEMTX_DECODE_ERROR; @@ -3285,8 +3285,7 @@ void memory_region_init_rom_device(MemoryRegion *mr, #ifdef CONFIG_FUZZ void __attribute__((weak)) fuzz_dma_read_cb(size_t addr, size_t len, - MemoryRegion *mr, - bool is_write) + MemoryRegion *mr) { } #endif -- cgit v1.2.3