On 21/09/2020 18.06, Li Qiang wrote: > Currently the device fuzzer find a more and more issues. > For every fuzz case, we need not only the fixes but also > the corresponding test case. We can analysis the reproducer > for every case and find what happened in where and write > a beautiful test case. However the raw data of reproducer is not > friendly to analysis. It will take a very long time, even far more > than the fixes itself. So let's create a new file to hold all of > the fuzz test cases and just use the raw data to act as the test > case. This way nobody will be afraid of writing a test case for > the fuzz reproducer. > > This patch adds the issue LP#1878263 test case. > > Signed-off-by: Li Qiang <liq...@163.com> > --- > Change since v1: > rename the test function > limit the test to i386/x86_64 arch > using meson build system > > tests/qtest/fuzz-test.c | 51 +++++++++++++++++++++++++++++++++++++++++ > tests/qtest/meson.build | 1 + > 2 files changed, 52 insertions(+) > create mode 100644 tests/qtest/fuzz-test.c > > diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c > new file mode 100644 > index 0000000000..4398ccf137 > --- /dev/null > +++ b/tests/qtest/fuzz-test.c > @@ -0,0 +1,51 @@ > +/* > + * QTest testcase for fuzz case > + * > + * Copyright (c) 2020 Li Qiang <liq...@gmail.com> > + * > + * This work is licensed under the terms of the GNU GPL, version 2 or later. > + * See the COPYING file in the top-level directory. > + */ > + > + > +#include "qemu/osdep.h" > + > +#include "libqos/libqtest.h" > + > +/* > + * This used to trigger the assert in scsi_dma_complete > + * https://bugs.launchpad.net/qemu/+bug/1878263 > + */ > +static void test_lp1878263_megasas_zero_iov_cnt(void) > +{ > + QTestState *s; > + > + s = qtest_init("-nographic -monitor none -serial none " > + "-M q35 -device megasas -device scsi-cd,drive=null0 " > + "-blockdev > driver=null-co,read-zeroes=on,node-name=null0"); > + qtest_outl(s, 0xcf8, 0x80001818); > + qtest_outl(s, 0xcfc, 0xc101); > + qtest_outl(s, 0xcf8, 0x8000181c); > + qtest_outl(s, 0xcf8, 0x80001804); > + qtest_outw(s, 0xcfc, 0x7); > + qtest_outl(s, 0xcf8, 0x8000186a); > + qtest_writeb(s, 0x14, 0xfe); > + qtest_writeb(s, 0x0, 0x02); > + qtest_outb(s, 0xc1c0, 0x17); > + qtest_quit(s); > +} > + > +int main(int argc, char **argv) > +{ > + const char *arch = qtest_get_arch(); > + > + g_test_init(&argc, &argv, NULL); > + > + if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { > + qtest_add_func("fuzz/test_lp1878263_megasas_zero_iov_cnt", > + test_lp1878263_megasas_zero_iov_cnt); > + } > + > + return g_test_run(); > +} > + > diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build > index 874b5be62b..e5de39ffe4 100644 > --- a/tests/qtest/meson.build > +++ b/tests/qtest/meson.build > @@ -54,6 +54,7 @@ qtests_i386 = \ > 'bios-tables-test', > 'rtc-test', > 'i440fx-test', > + 'fuzz-test', > 'fw_cfg-test', > 'device-plug-test', > 'drive_del-test', >
You missed to CC: qemu-devel@nongnu.org ... done now and queued to my qtest-next branch: https://gitlab.com/huth/qemu/-/commits/qtest-next/ Thomas
