[Qemu-commits] [qemu/qemu] 7cee36: scripts/oss-fuzz: Limit target list t

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 7cee36: scripts/oss-fuzz: Limit target list t

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] 7cee36: scripts/oss-fuzz: Limit target list to i386-softmmu
Date:	Tue, 21 Jul 2020 06:15:35 -0700
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 7cee363bc2eff06068db0dc3e59cbc5f1906067e
      
https://github.com/qemu/qemu/commit/7cee363bc2eff06068db0dc3e59cbc5f1906067e
  Author: Thomas Huth <thuth@redhat.com>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M scripts/oss-fuzz/build.sh

  Log Message:
  -----------
  scripts/oss-fuzz: Limit target list to i386-softmmu

The build.sh script only copies qemu-fuzz-i386 to the destination folder,
so we can speed up the compilation step quite a bit by not compiling the
other targets here.

Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: bcbad8b05c7f9072cadd3d3ebef2992196b73801
      
https://github.com/qemu/qemu/commit/bcbad8b05c7f9072cadd3d3ebef2992196b73801
  Author: Alexander Bulekov <alxndr@bu.edu>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M tests/qtest/fuzz/fuzz.c

  Log Message:
  -----------
  fuzz: Fix leak when assembling datadir path string

We freed the string containing the final datadir path, but did not free
the path to the executable's directory that we get from
g_path_get_dirname(). Fix that.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200717163523.1591-1-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: 48eac1019769ebc4647ba380a828c25d8014be37
      
https://github.com/qemu/qemu/commit/48eac1019769ebc4647ba380a828c25d8014be37
  Author: Alexander Bulekov <alxndr@bu.edu>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M .gitlab-ci.yml

  Log Message:
  -----------
  gitlab-ci.yml: Add oss-fuzz build tests

This tries to build and run the fuzzers with the same build-script used
by oss-fuzz. This doesn't guarantee that the builds on oss-fuzz will
also succeed, since oss-fuzz provides its own compiler and fuzzer vars,
but it can catch changes that are not compatible with the the
./scripts/oss-fuzz/build.sh script.
The strange way of finding fuzzer binaries stems from the method used by
oss-fuzz:
https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-runner/targets_list

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200720073223.22945-1-thuth@redhat.com>
[thuth: Tweak the "script" to make it work, exclude slirp test, etc.]
Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: dd0162653c11de58331506beb8b3d85c8923149c
      
https://github.com/qemu/qemu/commit/dd0162653c11de58331506beb8b3d85c8923149c
  Author: Alexander Bulekov <alxndr@bu.edu>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M configure

  Log Message:
  -----------
  fuzz: build without AddressSanitizer, by default

We already have a nice --enable-sanitizers option to enable
AddressSanitizer. There is no reason to duplicate and force this
functionality in --enable-fuzzing. In the future, if more sanitizers are
added to --enable-sanitizers, it might be impossible to build with both
--enable-sanitizers and --enable-fuzzing, since not all sanitizers are
compatible with libFuzzer. In that case, we could enable ASAN with
--extra-cflags="-fsanitize=address"

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200706195534.14962-2-alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
[thuth: Added missing $CFLAGS]
Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: ee16da12d7035bffb1c990c794de8fb1a96815d7
      
https://github.com/qemu/qemu/commit/ee16da12d7035bffb1c990c794de8fb1a96815d7
  Author: Alexander Bulekov <alxndr@bu.edu>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M docs/devel/fuzzing.txt

  Log Message:
  -----------
  docs/fuzz: describe building fuzzers with enable-sanitizers

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200706195534.14962-3-alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: 19a91e4af86c578420e9fdfe2efdc3b3b3826222
      
https://github.com/qemu/qemu/commit/19a91e4af86c578420e9fdfe2efdc3b3b3826222
  Author: Alexander Bulekov <alxndr@bu.edu>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M docs/devel/fuzzing.txt

  Log Message:
  -----------
  docs/fuzz: add information about useful libFuzzer flags

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200706195534.14962-4-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: 09a14f586c315b01411dc1ef1bfe99b034b302de
      
https://github.com/qemu/qemu/commit/09a14f586c315b01411dc1ef1bfe99b034b302de
  Author: Alexander Bulekov <alxndr@bu.edu>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M docs/devel/fuzzing.txt

  Log Message:
  -----------
  docs/fuzz: add instructions for generating a coverage report

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200706195534.14962-5-alxndr@bu.edu>
[thuth: Replaced --enable-sanitizers with --enable-fuzzing]
Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: 6184e5fb4221ec5dd6f0c27d05a8e575b81eb89b
      
https://github.com/qemu/qemu/commit/6184e5fb4221ec5dd6f0c27d05a8e575b81eb89b
  Author: Thomas Huth <thuth@redhat.com>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M MAINTAINERS

  Log Message:
  -----------
  MAINTAINERS: Extend the device fuzzing section

The file docs/devel/fuzzing.txt should be in this section, too, and add
myself as a reviewer (since I often take the fuzzer patches through the
qtest-next tree, I should be notified on patches, too).

Message-Id: <20200721053926.17197-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: 2b0650205b71c2aa8bf6f877a8333ef25bf288b2
      
https://github.com/qemu/qemu/commit/2b0650205b71c2aa8bf6f877a8333ef25bf288b2
  Author: Markus Armbruster <armbru@redhat.com>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M hw/arm/msf2-soc.c

  Log Message:
  -----------
  msf2: Unbreak device-list-properties for "msf-soc"

Watch this:

    $ qemu-system-aarch64 -M ast2600-evb -S -display none -qmp stdio
    {"QMP": {"version": {"qemu": {"micro": 50, "minor": 0, "major": 5}, 
"package": "v5.0.0-2464-g3a9163af4e"}, "capabilities": ["oob"]}}
    {"execute": "qmp_capabilities"}
    {"return": {}}
    {"execute": "device-list-properties", "arguments": {"typename": "msf2-soc"}}
    Unsupported NIC model: ftgmac100
    armbru@dusky:~/work/images$ echo $?
    1

This is what breaks "make check SPEED=slow".

Root cause is m2sxxx_soc_initfn()'s messing with nd_table[] via
qemu_check_nic_model().  That's wrong.

We fixed the exact same bug for device "allwinner-a10" in commit
8aabc5437b "hw/arm/allwinner-a10: Do not use nd_table in instance_init
function".  Fix this instance the same way: move the offending code to
m2sxxx_soc_realize(), where it's less wrong, and add a FIXME comment.

Fixes: 05b7374a58 ("msf2: Add EMAC block to SmartFusion2 SoC")
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200715140440.3540942-2-armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: 7ad36e2e241bd924f774a1f9fb208c102da58e50
      
https://github.com/qemu/qemu/commit/7ad36e2e241bd924f774a1f9fb208c102da58e50
  Author: Markus Armbruster <armbru@redhat.com>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M hw/arm/allwinner-h3.c
    M hw/arm/xlnx-versal.c
    M hw/arm/xlnx-zynqmp.c
    M hw/dma/sparc32_dma.c
    M hw/riscv/sifive_u.c

  Log Message:
  -----------
  hw: Mark nd_table[] misuse in realize methods FIXME

nd_table[] contains NIC configuration for boards to pick up.  Device
code has no business looking there.  Several devices do it anyway.
Two of them already have a suitable FIXME comment: "allwinner-a10" and
"msf2-soc".  Copy it to the others: "allwinner-h3", "xlnx-versal",
"xlnx,zynqmp", "sparc32-ledma", "riscv.sifive.u.soc".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200715140440.3540942-3-armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>


  Commit: 90218a9a393c7925f330e7dcc08658e2a01d3bd4
      
https://github.com/qemu/qemu/commit/90218a9a393c7925f330e7dcc08658e2a01d3bd4
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2020-07-21 (Tue, 21 Jul 2020)

  Changed paths:
    M .gitlab-ci.yml
    M MAINTAINERS
    M configure
    M docs/devel/fuzzing.txt
    M hw/arm/allwinner-h3.c
    M hw/arm/msf2-soc.c
    M hw/arm/xlnx-versal.c
    M hw/arm/xlnx-zynqmp.c
    M hw/dma/sparc32_dma.c
    M hw/riscv/sifive_u.c
    M scripts/oss-fuzz/build.sh
    M tests/qtest/fuzz/fuzz.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/huth-gitlab/tags/pull-request-2020-07-21' into staging

* Fix memory leak in fuzzer
* Fuzzer documentation updates
* Some other minor fuzzer updates
* Fix "make check-qtest SPEED=slow" (bug in msf2 instance_init)

# gpg: Signature made Tue 21 Jul 2020 07:48:10 BST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2020-07-21:
  hw: Mark nd_table[] misuse in realize methods FIXME
  msf2: Unbreak device-list-properties for "msf-soc"
  MAINTAINERS: Extend the device fuzzing section
  docs/fuzz: add instructions for generating a coverage report
  docs/fuzz: add information about useful libFuzzer flags
  docs/fuzz: describe building fuzzers with enable-sanitizers
  fuzz: build without AddressSanitizer, by default
  gitlab-ci.yml: Add oss-fuzz build tests
  fuzz: Fix leak when assembling datadir path string
  scripts/oss-fuzz: Limit target list to i386-softmmu

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/af3d69058e09...90218a9a393c
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 7cee36: scripts/oss-fuzz: Limit target list to i386-softmmu, Peter Maydell <=
Prev by Date: [Qemu-commits] [qemu/qemu] 6f4e14: hw/arm/virt: Enable MTE via a machine property
Next by Date: [Qemu-commits] [qemu/qemu] 662d0c: block/crypto: disallow write sharing by default
Previous by thread: [Qemu-commits] [qemu/qemu] 6f4e14: hw/arm/virt: Enable MTE via a machine property
Next by thread: [Qemu-commits] [qemu/qemu] 662d0c: block/crypto: disallow write sharing by default
Index(es):
- Date
- Thread