diff options
| author | Peter Maydell | 2020-06-05 12:53:37 +0200 |
|---|---|---|
| committer | Peter Maydell | 2020-06-05 12:53:37 +0200 |
| commit | b489f015fbe2bd59d409211f79ea0a8ac5d2a66d (patch) | |
| tree | c305b58c3a342dfdfcf86d3c103b0fb0c24a9767 /tests | |
| parent | Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20200... (diff) | |
| parent | block: Factor out bdrv_run_co() (diff) | |
| download | qemu-b489f015fbe2bd59d409211f79ea0a8ac5d2a66d.tar.gz qemu-b489f015fbe2bd59d409211f79ea0a8ac5d2a66d.tar.xz qemu-b489f015fbe2bd59d409211f79ea0a8ac5d2a66d.zip | |
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Pull request
# gpg: Signature made Fri 05 Jun 2020 10:47:27 BST
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/block-pull-request:
block: Factor out bdrv_run_co()
exec: Rename qemu_ram_writeback() as qemu_ram_msync()
hw/block: Let the NVMe emulated device be target-agnostic
memory: Extract memory_region_msync() from memory_region_writeback()
memory: Rename memory_region_do_writeback -> memory_region_writeback
fuzz: run the main-loop in fork-server process
fuzz: add mangled object name to linker script
fuzz: fix typo in i440fx-qtest-reboot arguments
fuzz: add datadir for oss-fuzz compatability
io_uring: use io_uring_cq_ready() to check for ready cqes
io_uring: retry io_uring_submit() if it fails with errno=EINTR
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/qtest/fuzz/fork_fuzz.ld | 5 | ||||
| -rw-r--r-- | tests/qtest/fuzz/fuzz.c | 15 | ||||
| -rw-r--r-- | tests/qtest/fuzz/i440fx_fuzz.c | 3 | ||||
| -rw-r--r-- | tests/qtest/fuzz/virtio_net_fuzz.c | 2 | ||||
| -rw-r--r-- | tests/qtest/fuzz/virtio_scsi_fuzz.c | 2 |
5 files changed, 26 insertions, 1 deletions
diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld index e086bba873..bfb667ed06 100644 --- a/tests/qtest/fuzz/fork_fuzz.ld +++ b/tests/qtest/fuzz/fork_fuzz.ld @@ -28,6 +28,11 @@ SECTIONS /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */ FuzzerTracePC*(.bss*); + /* + * In case the above line fails, explicitly specify the (mangled) name of + * the object we care about + */ + *(.bss._ZN6fuzzer3TPCE); } .data.fuzz_end : ALIGN(4K) { diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index f5c923852e..33365c3782 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -137,6 +137,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) { char *target_name; + char *dir; /* Initialize qgraph and modules */ qos_graph_init(); @@ -147,6 +148,20 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) target_name = strstr(**argv, "-target-"); if (target_name) { /* The binary name specifies the target */ target_name += strlen("-target-"); + /* + * With oss-fuzz, the executable is kept in the root of a directory (we + * cannot assume the path). All data (including bios binaries) must be + * in the same dir, or a subdir. Thus, we cannot place the pc-bios so + * that it would be in exec_dir/../pc-bios. + * As a workaround, oss-fuzz allows us to use argv[0] to get the + * location of the executable. Using this we add exec_dir/pc-bios to + * the datadirs. + */ + dir = g_build_filename(g_path_get_dirname(**argv), "pc-bios", NULL); + if (g_file_test(dir, G_FILE_TEST_IS_DIR)) { + qemu_add_data_dir(dir); + } + g_free(dir); } else if (*argc > 1) { /* The target is specified as an argument */ target_name = (*argv)[1]; if (!strstr(target_name, "--fuzz-target=")) { diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c index bcd6769b4c..e2f31e56f9 100644 --- a/tests/qtest/fuzz/i440fx_fuzz.c +++ b/tests/qtest/fuzz/i440fx_fuzz.c @@ -151,12 +151,13 @@ static void i440fx_fuzz_qos_fork(QTestState *s, i440fx_fuzz_qos(s, Data, Size); _Exit(0); } else { + flush_events(s); wait(NULL); } } static const char *i440fx_qtest_argv = TARGET_NAME " -machine accel=qtest" - "-m 0 -display none"; + " -m 0 -display none"; static const char *i440fx_argv(FuzzTarget *t) { return i440fx_qtest_argv; diff --git a/tests/qtest/fuzz/virtio_net_fuzz.c b/tests/qtest/fuzz/virtio_net_fuzz.c index d08a47e278..a33bd73067 100644 --- a/tests/qtest/fuzz/virtio_net_fuzz.c +++ b/tests/qtest/fuzz/virtio_net_fuzz.c @@ -122,6 +122,7 @@ static void virtio_net_fork_fuzz(QTestState *s, flush_events(s); _Exit(0); } else { + flush_events(s); wait(NULL); } } @@ -134,6 +135,7 @@ static void virtio_net_fork_fuzz_check_used(QTestState *s, flush_events(s); _Exit(0); } else { + flush_events(s); wait(NULL); } } diff --git a/tests/qtest/fuzz/virtio_scsi_fuzz.c b/tests/qtest/fuzz/virtio_scsi_fuzz.c index 3b95247f12..51dce491ab 100644 --- a/tests/qtest/fuzz/virtio_scsi_fuzz.c +++ b/tests/qtest/fuzz/virtio_scsi_fuzz.c @@ -145,6 +145,7 @@ static void virtio_scsi_fork_fuzz(QTestState *s, flush_events(s); _Exit(0); } else { + flush_events(s); wait(NULL); } } @@ -164,6 +165,7 @@ static void virtio_scsi_with_flag_fuzz(QTestState *s, } _Exit(0); } else { + flush_events(s); wait(NULL); } } |