[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 02/16] fuzz: Add general virtual-device fuzzer
|
From: |
Alexander Bulekov |
|
Subject: |
Re: [PATCH v3 02/16] fuzz: Add general virtual-device fuzzer |
|
Date: |
Tue, 22 Sep 2020 10:03:50 -0400 |
On 200920 2224, Alexander Bulekov wrote:
[snip]
> +static int locate_fuzz_memory_regions(Object *child, void *opaque)
> +{
> + const char *name;
> + MemoryRegion *mr;
> + if (object_dynamic_cast(child, TYPE_MEMORY_REGION)) {
> + mr = MEMORY_REGION(child);
> + if ((memory_region_is_ram(mr) ||
> + memory_region_is_ram_device(mr) ||
> + memory_region_is_rom(mr) ||
> + memory_region_is_romd(mr)) == false) {
> + name = object_get_canonical_path_component(child);
This isn't a great way to check whether MRs have ops with code that is
interesting to fuzz (for example the pflash MemoryRegions do not pass
these checks, so you can't fuzz the pflash device). Need to think of
some better checks to identify MRs that we are interested in fuzzing.
-Alex
> + /*
> + * We don't want duplicate pointers to the same MemoryRegion, so
> + * try to remove copies of the pointer, before adding it.
> + */
> + g_hash_table_insert(fuzzable_memoryregions, mr, (gpointer)true);
> + }
> + }
> + return 0;
> +}
> +static int locate_fuzz_objects(Object *child, void *opaque)
> +{
> + char *pattern = opaque;
> + if (g_pattern_match_simple(pattern, object_get_typename(child))) {
> + /* Find and save ptrs to any child MemoryRegions */
> + object_child_foreach_recursive(child, locate_fuzz_memory_regions,
> NULL);
> +
> + } else if (object_dynamic_cast(OBJECT(child), TYPE_MEMORY_REGION)) {
> + if (g_pattern_match_simple(pattern,
> + object_get_canonical_path_component(child))) {
> + MemoryRegion *mr;
> + mr = MEMORY_REGION(child);
> + if ((memory_region_is_ram(mr) ||
> + memory_region_is_ram_device(mr) ||
> + memory_region_is_rom(mr) ||
> + memory_region_is_romd(mr)) == false) {
> + g_hash_table_insert(fuzzable_memoryregions, mr,
> (gpointer)true);
> + }
> + }
> + }
> + return 0;
> +}
- [PATCH v3 00/16] Add a General Virtual Device Fuzzer, Alexander Bulekov, 2020/09/20
- [PATCH v3 01/16] memory: Add FlatView foreach function, Alexander Bulekov, 2020/09/20
- [PATCH v3 03/16] fuzz: Add PCI features to the general fuzzer, Alexander Bulekov, 2020/09/20
- [PATCH v3 02/16] fuzz: Add general virtual-device fuzzer, Alexander Bulekov, 2020/09/20
- [PATCH v3 04/16] fuzz: Add DMA support to the generic-fuzzer, Alexander Bulekov, 2020/09/20
- [PATCH v3 06/16] fuzz: Add fuzzer callbacks to DMA-read functions, Alexander Bulekov, 2020/09/20
- [PATCH v3 05/16] fuzz: Declare DMA Read callback function, Alexander Bulekov, 2020/09/20
- [PATCH v3 08/16] fuzz: add a DISABLE_PCI op to general-fuzzer, Alexander Bulekov, 2020/09/20
- [PATCH v3 07/16] fuzz: Add support for custom crossover functions, Alexander Bulekov, 2020/09/20
- [PATCH v3 09/16] fuzz: add a crossover function to generic-fuzzer, Alexander Bulekov, 2020/09/20
- [PATCH v3 10/16] scripts/oss-fuzz: Add wrapper program for generic fuzzer, Alexander Bulekov, 2020/09/20
- [PATCH v3 11/16] scripts/oss-fuzz: Add general-fuzzer build script, Alexander Bulekov, 2020/09/20
- [PATCH v3 13/16] scripts/oss-fuzz: build the general-fuzzer configs, Alexander Bulekov, 2020/09/20
- [PATCH v3 14/16] scripts/oss-fuzz: Add script to reorder a general-fuzzer trace, Alexander Bulekov, 2020/09/20